diff options
| author | Chanwoo Choi <cw00.choi@samsung.com> | 2022-09-01 15:36:41 +0900 |
|---|---|---|
| committer | Chanwoo Choi <cw00.choi@samsung.com> | 2022-09-01 17:37:54 +0900 |
| commit | fccfb02d128c9504e0ba1182416e7e86c8a5a310 (patch) | |
| tree | 137ed9245fa15c37b07fba907c9dde2c1c9268b1 | |
| parent | fac3dcb3501756666b3a987fc299243de123a1ab (diff) | |
| download | pass-fccfb02d128c9504e0ba1182416e7e86c8a5a310.tar.gz pass-fccfb02d128c9504e0ba1182416e7e86c8a5a310.tar.bz2 pass-fccfb02d128c9504e0ba1182416e7e86c8a5a310.zip | |
lib: resource-monitor: Check systemmonitor privilege
In order to prevent the unauthorized client,
check the systemmonitor privilege[1] .
[1] http://tizen.org/privilege/systemmonitor
For example of rejection when don't have systemmonitor privilege
- Connect sdb without root and then executes resource-monitor/resource-monitor-tests.
In result, cannot use the resource monitor. I checked it the log as following:
E/PASS ( 1395): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor
E/PASS ( 1395): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor
(snip)
E/PASS ( 1429): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor-tests
E/PASS ( 1429): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor-tests
Change-Id: I77531ca1717b3592f0803cc585e0f205c46edcee
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
| -rw-r--r-- | lib/CMakeLists.txt | 7 | ||||
| -rw-r--r-- | lib/resource-monitor/resource-monitor.c | 18 | ||||
| -rw-r--r-- | tests/integration-test/CMakeLists.txt | 3 | ||||
| -rw-r--r-- | tools/resource-monitor/CMakeLists.txt | 3 |
4 files changed, 30 insertions, 1 deletions
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt index 78a3b9c..fd2f3d1 100644 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt @@ -17,6 +17,8 @@ SET(PKG_MODULES dlog gio-2.0 glib-2.0 + cynara-client + cynara-session ) INCLUDE(FindPkgConfig) @@ -31,7 +33,10 @@ SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -g -fno-omit-frame-pointer -finstrument-functi SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} -lrt") SET(CMAKE_EXE_LINKER_FLAGS "-pie") -SET(SRCS ./resource-monitor/resource-monitor.c) +SET(SRCS + ${CMAKE_SOURCE_DIR}/src/util/privilege.c + ${CMAKE_SOURCE_DIR}/lib/resource-monitor/resource-monitor.c +) ADD_LIBRARY( ${PROJECT_NAME} SHARED ${SRCS}) TARGET_LINK_LIBRARIES( ${PROJECT_NAME} ${pkgs_LDFLAGS} -ldl -Wl,-z,nodelete,--no-undefined) diff --git a/lib/resource-monitor/resource-monitor.c b/lib/resource-monitor/resource-monitor.c index 062bfad..e7b567e 100644 --- a/lib/resource-monitor/resource-monitor.c +++ b/lib/resource-monitor/resource-monitor.c @@ -23,6 +23,7 @@ #include <util/log.h> #include <monitor/request.h> #include <util/resource.h> +#include <util/privilege.h> #include <stdio.h> #include <string.h> @@ -38,6 +39,8 @@ #include "resource-monitor.h" +#define PRIVILEGE_SYSTEMMONITOR "http://tizen.org/privilege/systemmonitor" + #define REQUEST_SERVER_IP "127.0.0.1" #define REQUEST_SERVER_PORT 10001 @@ -125,6 +128,9 @@ static inline int handle_request(struct request_data *data) if (!data) return TIZEN_ERROR_INVALID_PARAMETER; + if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR)) + return TIZEN_ERROR_PERMISSION_DENIED; + /* Make buffer with struct request_data according to request */ switch (data->request) { case REQUEST_UPDATE_RESOURCE_ALL: @@ -290,6 +296,9 @@ int pass_resource_monitor_init(void) struct sockaddr_in server_addr; int ret = TIZEN_ERROR_NO_DATA; + if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR)) + return TIZEN_ERROR_PERMISSION_DENIED; + client = malloc(sizeof(struct pass_resource_monitor_client)); if (!client) { _E("[libpass] failed to allocate memory"); @@ -334,6 +343,9 @@ int pass_resource_monitor_exit(int id) { struct pass_resource_monitor_client *client; + if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR)) + return TIZEN_ERROR_PERMISSION_DENIED; + client = find_client_by_id(id); if (!client) { _E("[libpass] cannot find client-%d", id); @@ -506,6 +518,9 @@ static int pass_resource_monitor_get_json(int id, char *json_string, int request char *buffer; va_list args; + if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR)) + return TIZEN_ERROR_PERMISSION_DENIED; + buffer = malloc(HUGE_BUFF_MAX + 1); if (!buffer) return TIZEN_ERROR_OUT_OF_MEMORY; @@ -705,6 +720,9 @@ pass_resource_monitor_get_array(int id, int res_id, u_int64_t attr_id, int data_ int response_req; int ret, i; + if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR)) + return TIZEN_ERROR_PERMISSION_DENIED; + buffer = malloc(HUGE_BUFF_MAX + 1); if (!buffer) return TIZEN_ERROR_OUT_OF_MEMORY; diff --git a/tests/integration-test/CMakeLists.txt b/tests/integration-test/CMakeLists.txt index 69ec8ff..24600cd 100644 --- a/tests/integration-test/CMakeLists.txt +++ b/tests/integration-test/CMakeLists.txt @@ -3,6 +3,7 @@ PROJECT(pass C CXX) SET(SRCS ${CMAKE_SOURCE_DIR}/src/pass/pass-hal.c ${CMAKE_SOURCE_DIR}/src/pass/pass-parser.c ${CMAKE_SOURCE_DIR}/src/util/common.c + ${CMAKE_SOURCE_DIR}/src/util/privilege.c ${CMAKE_SOURCE_DIR}/lib/resource-monitor/resource-monitor.c ) @@ -20,6 +21,8 @@ pkg_check_modules(gtest_pkgs REQUIRED dlog json-c hal-api-power + cynara-client + cynara-session ) FOREACH(flag ${gtest_pkgs_CFLAGS}) diff --git a/tools/resource-monitor/CMakeLists.txt b/tools/resource-monitor/CMakeLists.txt index 3e28063..8746e13 100644 --- a/tools/resource-monitor/CMakeLists.txt +++ b/tools/resource-monitor/CMakeLists.txt @@ -2,6 +2,7 @@ PROJECT(pass C CXX) SET(SRCS ${CMAKE_SOURCE_DIR}/src/util/common.c + ${CMAKE_SOURCE_DIR}/src/util/privilege.c ${CMAKE_SOURCE_DIR}/lib/resource-monitor/resource-monitor.c ) @@ -17,6 +18,8 @@ pkg_check_modules(gtest_pkgs REQUIRED gio-2.0 dlog json-c + cynara-client + cynara-session ) FOREACH(flag ${gtest_pkgs_CFLAGS}) |