summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeungha Son <seungha.son@samsung.com>2017-05-23 11:07:29 +0900
committerSeungha Son <seungha.son@samsung.com>2017-05-23 11:14:26 +0900
commitc207de353fb9731b4641ab783014075504c782c1 (patch)
tree25ca8dc568b41193302d84a70d43494e5debef87
parent8076321f9d0c4a5b95aa4267f83b1bfc31bd793c (diff)
downloadbadge-c207de353fb9731b4641ab783014075504c782c1.tar.gz
badge-c207de353fb9731b4641ab783014075504c782c1.tar.bz2
badge-c207de353fb9731b4641ab783014075504c782c1.zip
Add logic to check smack label
If the daemon requests the operation of the badge, it is allowed Check the smack label if it is a daemon. Signed-off-by: Seungha Son <seungha.son@samsung.com> Change-Id: Id5b0cbcb6a4c2c43003b4c78d0816213db0ea475
-rwxr-xr-xCMakeLists.txt1
-rwxr-xr-xinclude/badge_db.h4
-rwxr-xr-xinclude/badge_internal.h4
-rwxr-xr-xpackaging/badge.spec1
-rwxr-xr-xsrc/badge_db.c8
-rwxr-xr-xsrc/badge_internal.c43
6 files changed, 48 insertions, 13 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index c71e161..1fa0c6a 100755
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -51,6 +51,7 @@ pkg_check_modules(pkgs REQUIRED
db-util
libtzplatform-config
pkgmgr-info
+ libsmack
)
FOREACH(flag ${pkgs_CFLAGS})
diff --git a/include/badge_db.h b/include/badge_db.h
index 85bdbda..1f342cf 100755
--- a/include/badge_db.h
+++ b/include/badge_db.h
@@ -34,9 +34,9 @@ extern "C" {
#define BADGE_SETTING_DB_TABLE "badge_setting"
int badge_db_insert(const char *pkgname, const char *writable_pkg, const char *caller, uid_t uid);
-int badge_db_delete(const char *pkgname, const char *caller_pkg, uid_t uid);
+int badge_db_delete(const char *pkgname, const char *caller_pkg, uid_t uid, pid_t pid);
int badge_db_delete_by_pkgname(const char *pkgname, uid_t uid);
-int badge_db_set_count(const char *pkgname, const char *caller_pkg, unsigned int count, uid_t uid);
+int badge_db_set_count(const char *pkgname, const char *caller_pkg, unsigned int count, uid_t uid, pid_t pid);
int badge_db_get_count(const char *pkgname, unsigned int *count, uid_t uid);
int badge_db_set_display_option(const char *pkgname, unsigned int is_display, uid_t uid);
int badge_db_get_display_option(const char *pkgname, unsigned int *is_display, uid_t uid);
diff --git a/include/badge_internal.h b/include/badge_internal.h
index 4fca569..64e55f0 100755
--- a/include/badge_internal.h
+++ b/include/badge_internal.h
@@ -141,12 +141,12 @@ int _badge_get_list(GList **badge_list, uid_t uid);
int _badge_insert(badge_h *badge, uid_t uid);
-int _badge_remove(const char *caller, const char *pkgname, uid_t uid);
+int _badge_remove(const char *caller, const char *pkgname, uid_t uid, pid_t pid);
int _badge_remove_by_pkgname(const char *pkgname, uid_t uid);
int _badge_set_count(const char *caller, const char *pkgname,
- unsigned int count, uid_t uid);
+ unsigned int count, uid_t uid, pid_t pid);
int _badge_get_count(const char *pkgname, unsigned int *count, uid_t uid);
diff --git a/packaging/badge.spec b/packaging/badge.spec
index ac8f15a..a2db5ed 100755
--- a/packaging/badge.spec
+++ b/packaging/badge.spec
@@ -14,6 +14,7 @@ BuildRequires: pkgconfig(capi-appfw-package-manager)
BuildRequires: pkgconfig(db-util)
BuildRequires: pkgconfig(libtzplatform-config)
BuildRequires: pkgconfig(pkgmgr-info)
+BuildRequires: pkgconfig(libsmack)
BuildRequires: cmake
Requires(post): /sbin/ldconfig
requires(postun): /sbin/ldconfig
diff --git a/src/badge_db.c b/src/badge_db.c
index cc31605..fdd2ee5 100755
--- a/src/badge_db.c
+++ b/src/badge_db.c
@@ -141,9 +141,9 @@ int badge_db_insert(const char *pkgname, const char *writable_pkg, const char *c
}
EXPORT_API
-int badge_db_delete(const char *pkgname, const char *caller, uid_t uid)
+int badge_db_delete(const char *pkgname, const char *caller, uid_t uid, pid_t pid)
{
- return _badge_remove(caller, pkgname, uid);
+ return _badge_remove(caller, pkgname, uid, pid);
}
EXPORT_API
@@ -153,9 +153,9 @@ int badge_db_delete_by_pkgname(const char *pkgname, uid_t uid)
}
EXPORT_API
-int badge_db_set_count(const char *pkgname, const char *caller, unsigned int count, uid_t uid)
+int badge_db_set_count(const char *pkgname, const char *caller, unsigned int count, uid_t uid, pid_t pid)
{
- return _badge_set_count(caller, pkgname, count, uid);
+ return _badge_set_count(caller, pkgname, count, uid, pid);
}
EXPORT_API
diff --git a/src/badge_internal.c b/src/badge_internal.c
index 467f517..f9f2ab7 100755
--- a/src/badge_internal.c
+++ b/src/badge_internal.c
@@ -29,6 +29,7 @@
#include <db-util.h>
#include <package_manager.h>
#include <tzplatform_config.h>
+#include <sys/smack.h>
#include "badge_log.h"
#include "badge_error.h"
@@ -253,8 +254,37 @@ static int _is_same_certinfo(const char *caller, const char *pkgname)
return 0;
}
+static bool __check_label(pid_t pid)
+{
+#define SMACK_LABEL_LEN 255
+#define COMPARE_LABEL_COUNT 3
+
+ bool ret = false;
+ int i;
+ ssize_t len;
+ char *label = NULL;
+ char check_label[COMPARE_LABEL_COUNT][SMACK_LABEL_LEN+1] = { "System", "System::Privileged", "User"};
+
+ len = smack_new_label_from_process(pid, &label);
+ if (len < 0 || label == NULL)
+ goto out;
+
+ for (i = 0; i < COMPARE_LABEL_COUNT; i++) {
+ if (g_strcmp0(label, check_label[i]) == 0) {
+ ret = true;
+ goto out;
+ }
+ }
+
+out:
+ if (label)
+ free(label);
+
+ return ret;
+}
+
static int _badge_check_writable(const char *caller,
- const char *pkgname, sqlite3 *db, uid_t uid)
+ const char *pkgname, sqlite3 *db, uid_t uid, pid_t pid)
{
sqlite3_stmt *stmt = NULL;
int count = 0;
@@ -268,6 +298,9 @@ static int _badge_check_writable(const char *caller,
if (g_strcmp0(caller, pkgname) == 0)
return BADGE_ERROR_NONE;
+ if (__check_label(pid) == true)
+ return BADGE_ERROR_NONE;
+
/* LCOV_EXCL_START */
if (_is_same_certinfo(caller, pkgname) == 1)
return BADGE_ERROR_NONE;
@@ -535,7 +568,7 @@ return_close_db:
return result;
}
-int _badge_remove(const char *caller, const char *pkgname, uid_t uid)
+int _badge_remove(const char *caller, const char *pkgname, uid_t uid, pid_t pid)
{
int ret = BADGE_ERROR_NONE;
int result = BADGE_ERROR_NONE;
@@ -560,7 +593,7 @@ int _badge_remove(const char *caller, const char *pkgname, uid_t uid)
goto return_close_db;
}
- ret = _badge_check_writable(caller, pkgname, db, uid);
+ ret = _badge_check_writable(caller, pkgname, db, uid, pid);
if (ret != BADGE_ERROR_NONE) {
result = ret;
goto return_close_db;
@@ -791,7 +824,7 @@ out:
}
int _badge_set_count(const char *caller, const char *pkgname,
- unsigned int count, uid_t uid)
+ unsigned int count, uid_t uid, pid_t pid)
{
int ret = BADGE_ERROR_NONE;
int result = BADGE_ERROR_NONE;
@@ -816,7 +849,7 @@ int _badge_set_count(const char *caller, const char *pkgname,
goto return_close_db;
}
- ret = _badge_check_writable(caller, pkgname, db, uid);
+ ret = _badge_check_writable(caller, pkgname, db, uid, pid);
if (ret != BADGE_ERROR_NONE) {
result = ret;
goto return_close_db;