diff --git a/am_daemon/amd_launch.c b/am_daemon/amd_launch.c index fed2659..26756b0 100755 --- a/am_daemon/amd_launch.c +++ b/am_daemon/amd_launch.c @@ -157,9 +157,21 @@ static void _prepare_exec(const char *appid, bundle *kb) pkg_type = appinfo_get_value(ai, AIT_TYPE); hwacc = appinfo_get_value(ai, AIT_HWACC); + int uid = INHOUSE_UID; + int gid = INHOUSE_GID; + + // temporary code + const char* str = bundle_get_val(kb, AUL_K_UID); + if (str) + uid = atoi(str); + + str = bundle_get_val(kb, AUL_K_GID); + if (str) + gid = atoi(str); + /* SET PRIVILEGES*/ _D("appid : %s / pkg_type : %s / app_path : %s ", appid, pkg_type, app_path); - if ((ret = __set_access(appid, pkg_type, app_path)) < 0) { + if ((ret = __set_access(appid, pkg_type, app_path, uid, gid)) < 0) { _D("fail to set privileges - check your package's credential : %d\n", ret); return; } @@ -626,7 +638,7 @@ static int __nofork_processing(int cmd, int pid, bundle * kb, int clifd) GPollFD *gpollfd; GSource *src; struct reply_info *r_info; - GMainContext *reply_context; + //GMainContext *reply_context; switch (cmd) { case APP_OPEN: @@ -673,7 +685,7 @@ static int __nofork_processing(int cmd, int pid, bundle * kb, int clifd) } -int _start_app(char* appid, bundle* kb, int cmd, int caller_pid, uid_t caller_uid, int fd) +int _start_app(char* appid, bundle* kb, int cmd, int caller_pid, uid_t caller_uid, gid_t caller_gid, int fd) { const struct appinfo *ai; int ret = -1; @@ -696,6 +708,12 @@ int _start_app(char* appid, bundle* kb, int cmd, int caller_pid, uid_t caller_ui snprintf(tmp_pid, MAX_PID_STR_BUFSZ, "%d", caller_pid); bundle_add(kb, AUL_K_CALLER_PID, tmp_pid); + snprintf(tmp_pid, MAX_PID_STR_BUFSZ, "%d", caller_uid); + bundle_add(kb, AUL_K_UID, tmp_pid); + + snprintf(tmp_pid, MAX_PID_STR_BUFSZ, "%d", caller_gid); + bundle_add(kb, AUL_K_GID, tmp_pid); + if (cmd == APP_START_RES) bundle_add(kb, AUL_K_WAIT_RESULT, "1"); diff --git a/am_daemon/amd_launch.h b/am_daemon/amd_launch.h index 8ae7500..1e912ae 100755 --- a/am_daemon/amd_launch.h +++ b/am_daemon/amd_launch.h @@ -30,7 +30,7 @@ int _send_to_sigkill(int pid); int _resume_app(int pid); int _term_app(int pid); int _fake_launch_app(int cmd, int pid, bundle * kb); -int _start_app(char* appid, bundle* kb, int cmd, int caller_pid, uid_t caller_uid, int fd); +int _start_app(char* appid, bundle* kb, int cmd, int caller_pid, uid_t caller_uid, gid_t caller_gid, int fd); void service_release(const char *group); int _start_srv(const struct appinfo *ai, bundle *kb); diff --git a/am_daemon/amd_request.c b/am_daemon/amd_request.c index 7e38a79..ac9b01e 100755 --- a/am_daemon/amd_request.c +++ b/am_daemon/amd_request.c @@ -44,8 +44,6 @@ #include "amd_status.h" -#define INHOUSE_UID 5000 - struct appinfomgr *_raf; struct cginfo *_rcg; @@ -134,10 +132,10 @@ static int __app_process_by_pid(int cmd, if (pkg_name == NULL) return -1; - if ((cr->uid != 0) && (cr->uid != INHOUSE_UID)) { - _E("reject by security rule, your uid is %u\n", cr->uid); - return -1; - } + //if ((cr->uid != 0) && (cr->uid != INHOUSE_UID)) { + // _E("reject by security rule, your uid is %u\n", cr->uid); + // return -1; + //} pid = atoi(pkg_name); if (pid <= 1) { @@ -313,7 +311,7 @@ static gboolean __request_handler(gpointer data) case APP_START_RES: kb = bundle_decode(pkt->data, pkt->len); appid = (char *)bundle_get_val(kb, AUL_K_PKG_NAME); - ret = _start_app(appid, kb, pkt->cmd, cr.pid, cr.uid, clifd); + ret = _start_app(appid, kb, pkt->cmd, cr.pid, cr.uid, cr.gid, clifd); if(ret > 0) { item = calloc(1, sizeof(item_pkt_t)); diff --git a/include/access_control.h b/include/access_control.h index 6ba035c..3850100 100755 --- a/include/access_control.h +++ b/include/access_control.h @@ -25,14 +25,15 @@ #include #define INHOUSE_UID 5000 -static inline int __set_access(const char* pkg_name, const char* pkg_type, const char* app_path) +#define INHOUSE_GID 5000 +static inline int __set_access(const char* pkg_name, const char* pkg_type, const char* app_path, uid_t uid, gid_t gid) { - return set_app_privilege(pkg_name, pkg_type, app_path); + return set_app_privilege_user(pkg_name, pkg_type, app_path, uid, gid); } #else -static inline int __set_access(const char* pkg_name, const char* pkg_type, const char* app_path) +static inline int __set_access(const char* pkg_name, const char* pkg_type, const char* app_path, uid_t uid, gid_t gid) { return 0; } diff --git a/include/aul.h b/include/aul.h index 3864945..460114f 100755 --- a/include/aul.h +++ b/include/aul.h @@ -201,6 +201,10 @@ typedef enum _aul_type{ #define AUL_K_APPID "__AUL_APPID__" /** AUL internal private key */ #define AUL_K_PID "__AUL_PID__" +/** AUL internal private key */ +#define AUL_K_UID "__AUL_UID__" +/** AUL internal private key */ +#define AUL_K_GID "__AUL_GID__" #define PRIVACY_POPUP "tizenprv00.privacy-popup" diff --git a/launchpad_src/launchpad.c b/launchpad_src/launchpad.c index 314ddf9..af947fa 100755 --- a/launchpad_src/launchpad.c +++ b/launchpad_src/launchpad.c @@ -153,9 +153,21 @@ _static_ int __prepare_exec(const char *pkg_name, /* SET PRIVILEGES*/ if(bundle_get_val(kb, AUL_K_PRIVACY_APPID) == NULL) { - _D("pkg_name : %s / pkg_type : %s / app_path : %s ", pkg_name, menu_info->pkg_type, app_path); - if ((ret = __set_access(pkg_name, menu_info->pkg_type, app_path)) < 0) { - _D("fail to set privileges - check your package's credential : %d\n", ret); + _D("pkg_name : %s / pkg_type : %s / app_path : %s ", pkg_name, menu_info->pkg_type, app_path); + + uid_t uid = INHOUSE_UID; + gid_t gid = INHOUSE_GID; + + const char* uid_str = bundle_get_val(kb, AUL_K_UID); + if (uid_str) + uid = atoi(uid_str); + + const char* gid_str = bundle_get_val(kb, AUL_K_GID); + if (gid_str) + gid = atoi(gid_str); + + if ((ret = __set_access(pkg_name, menu_info->pkg_type, app_path, uid, gid)) < 0) { + _D("fail to set privileges - check your package's credential : %d\n", ret); return -1; } }