From 7372be701ca36747cea699c6d2ecac3524a2cffa Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Tue, 10 Nov 2015 11:53:18 +0900 Subject: Remove MDFPP related code Change-Id: I4b2078f2f2ebc8ebbd31fb3b7995eb1807fc3a49 Signed-off-by: Kyungwook Tak --- CMakeLists.txt | 7 --- packaging/key-manager.spec | 6 +-- src/CMakeLists.txt | 1 - src/listener/CMakeLists.txt | 2 - src/listener/listener-daemon.cpp | 97 +++++++++------------------------- src/manager/service/access-control.cpp | 54 +++++-------------- tools/ckm_db_tool/CMakeLists.txt | 1 - 7 files changed, 38 insertions(+), 130 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ab1548cf..73720b1e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -58,13 +58,6 @@ IF (CMAKE_BUILD_TYPE MATCHES "DEBUG") ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG") ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG") -IF (DEFINED SECURITY_MDFPP_STATE_ENABLE) - MESSAGE("SECURITY_MDFPP_STATE_ENABLE ENABLED !") - ADD_DEFINITIONS("-DSECURITY_MDFPP_STATE_ENABLE") -ELSE (DEFINED SECURITY_MDFPP_STATE_ENABLE) - MESSAGE("SECURITY_MDFPP_STATE_ENABLE DISABLED !") -ENDIF (DEFINED SECURITY_MDFPP_STATE_ENABLE) - IF (DEFINED SYSTEMD_ENV_FILE) ADD_DEFINITIONS(-DSYSTEMD_ENV_FILE="${SYSTEMD_ENV_FILE}") ENDIF (DEFINED SYSTEMD_ENV_FILE) diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index a054ff67..23b89b0a 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -17,7 +17,6 @@ BuildRequires: pkgconfig(openssl) BuildRequires: libattr-devel BuildRequires: pkgconfig(libsmack) BuildRequires: pkgconfig(libsystemd-daemon) -BuildRequires: pkgconfig(vconf) BuildRequires: pkgconfig(libsystemd-journal) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(capi-system-info) @@ -36,8 +35,8 @@ application to sign and verify (DSA/RSA/ECDSA) signatures. %package -n key-manager-listener Summary: Package with listener daemon Group: System/Security -BuildRequires: pkgconfig(vconf) BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(capi-appfw-package-manager) Requires: libkey-manager-client = %{version}-%{release} @@ -120,9 +119,6 @@ export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions " %cmake . -DVERSION=%{version} \ -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \ -DCMAKE_VERBOSE_MAKEFILE=ON \ -%if "%{sec_product_feature_security_mdfpp_enable}" == "1" - -DSECURITY_MDFPP_STATE_ENABLE=1 \ -%endif -DSYSTEMD_UNIT_DIR=%{_unitdir} \ -DSYSTEMD_ENV_FILE="/etc/sysconfig/central-key-manager" \ -DMOCKUP_SM=%{?mockup_sm:%mockup_sm}%{!?mockup_sm:OFF} diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 131e6d43..aa72fb78 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -7,7 +7,6 @@ PKG_CHECK_MODULES(KEY_MANAGER_DEP libsystemd-daemon capi-base-common capi-system-info - vconf libxml-2.0 security-manager cynara-client-async diff --git a/src/listener/CMakeLists.txt b/src/listener/CMakeLists.txt index 25e92eb4..1518c423 100644 --- a/src/listener/CMakeLists.txt +++ b/src/listener/CMakeLists.txt @@ -3,8 +3,6 @@ PKG_CHECK_MODULES(LISTENER_DEP dlog glib-2.0 capi-appfw-package-manager - libsystemd-daemon - vconf ) SET(LISTENER_SOURCES ${PROJECT_SOURCE_DIR}/src/listener/listener-daemon.cpp) diff --git a/src/listener/listener-daemon.cpp b/src/listener/listener-daemon.cpp index 0568c77c..4521bbd9 100644 --- a/src/listener/listener-daemon.cpp +++ b/src/listener/listener-daemon.cpp @@ -29,15 +29,10 @@ #include #include -#ifdef SECURITY_MDFPP_STATE_ENABLE -#include -#endif - -#define CKM_LISTENER_TAG "CKM_LISTENER" - -#if defined(SECURITY_MDFPP_STATE_ENABLE) && !defined(VCONFKEY_SECURITY_MDPP_STATE) -#define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state" +#ifdef LOG_TAG +#undef LOG_TAG #endif +#define LOG_TAG "CKM_LISTENER" namespace { const char* const CKM_LOCK = "/var/run/key-manager.pid"; @@ -56,30 +51,6 @@ bool isCkmRunning() return (0 != ret); } -#ifdef SECURITY_MDFPP_STATE_ENABLE -void callUpdateCCMode() -{ - if(!isCkmRunning()) - return; - - auto control = CKM::Control::create(); - int ret = control->updateCCMode(); - - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "Callback caller process id : %d\n", getpid()); - - if ( ret != CKM_API_SUCCESS ) - SLOG(LOG_ERROR, CKM_LISTENER_TAG, "CKM::Control::updateCCMode error. ret : %d\n", ret); - else - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "CKM::Control::updateCCMode success.\n"); -} - -void ccModeChangedEventCallback(keynode_t*, void*) -{ - callUpdateCCMode(); -} -#endif - - void packageUninstalledEventCallback( const char *type, const char *package, @@ -96,59 +67,41 @@ void packageUninstalledEventCallback( if (eventType != PACKAGE_MANAGER_EVENT_TYPE_UNINSTALL || eventState != PACKAGE_MANAGER_EVENT_STATE_STARTED || - package == NULL) { - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "PackageUninstalled Callback error of Invalid Param"); - } - else { - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "PackageUninstalled Callback. Uninstalation of: %s", package); - auto control = CKM::Control::create(); - int ret = 0; - if ( CKM_API_SUCCESS != (ret = control->removeApplicationData(std::string(package))) ) { - SLOG(LOG_ERROR, CKM_LISTENER_TAG, "CKM::Control::removeApplicationData error. ret : %d\n", ret); - } - else { - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, - "CKM::Control::removeApplicationData success. Uninstallation package : %s\n", package); - } + package == NULL) + return; + + SLOGD("PackageUninstalled Callback. Uninstalation of: %s", package); + + if (!isCkmRunning()) { + SLOGE("package uninstall event recieved but ckm isn't running!"); + return; } + + auto control = CKM::Control::create(); + int ret = control->removeApplicationData(std::string(package)); + if (ret != CKM_API_SUCCESS) + SLOGE("CKM::Control::removeApplicationData error. ret : %d", ret); + else + SLOGD("CKM::Control::removeApplicationData success. Uninstallation package : %s", package); } -int main(void) { - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "%s", "Start!"); +int main(void) +{ + SLOGD("Start!"); - // Let's start to listen GMainLoop *main_loop = g_main_loop_new(NULL, FALSE); package_manager_h request; package_manager_create(&request); - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register uninstalledApp event callback start"); + SLOGD("register uninstalledApp event callback start"); if (0 != package_manager_set_event_cb(request, packageUninstalledEventCallback, NULL)) { - SLOG(LOG_ERROR, CKM_LISTENER_TAG, "%s", "Error in package_manager_set_event_cb"); + SLOGE("Error in package_manager_set_event_cb"); exit(-1); } - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register uninstalledApp event callback success"); - -#ifdef SECURITY_MDFPP_STATE_ENABLE - int ret = 0; - char *mdpp_state = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE); - if ( mdpp_state ) { // Update cc mode and register event callback only when mdpp vconf key exists - callUpdateCCMode(); - - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register vconfCCModeChanged event callback start"); - if ( 0 != (ret = vconf_notify_key_changed(VCONFKEY_SECURITY_MDPP_STATE, ccModeChangedEventCallback, NULL)) ) { - SLOG(LOG_ERROR, CKM_LISTENER_TAG, "Error in vconf_notify_key_changed. ret : %d", ret); - exit(-1); - } - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register vconfCCModeChanged event callback success"); - } - else - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, - "vconfCCModeChanged event callback is not registered. No vconf key exists : %s", VCONFKEY_SECURITY_MDPP_STATE); -#endif - - SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "%s", "Ready to listen!"); + SLOGD("Ready to listen!"); g_main_loop_run(main_loop); + return 0; } diff --git a/src/manager/service/access-control.cpp b/src/manager/service/access-control.cpp index decd92cb..e5eba2b9 100644 --- a/src/manager/service/access-control.cpp +++ b/src/manager/service/access-control.cpp @@ -25,58 +25,28 @@ #include #include -#ifdef SECURITY_MDFPP_STATE_ENABLE -#include -#endif - -#if defined(SECURITY_MDFPP_STATE_ENABLE) && !defined(VCONFKEY_SECURITY_MDPP_STATE) -#define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state" -#endif - namespace { -const char* const MDPP_MODE_ENFORCING = "Enforcing"; -const char* const MDPP_MODE_ENABLED = "Enabled"; -const char* const MDPP_MODE_DISABLED = "Disabled"; -const uid_t SYSTEM_SVC_MAX_UID = (5000 - 1); +const uid_t SYSTEM_SVC_MAX_UID = (5000 - 1); } // anonymous namespace namespace CKM { -void AccessControl::updateCCMode() { - int fipsModeStatus = 0; - int rc = 0; - bool newMode; - -#ifdef SECURITY_MDFPP_STATE_ENABLE - char *mdppState = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE); -#else - char *mdppState = NULL; -#endif - newMode = ( mdppState && (!strcmp(mdppState, MDPP_MODE_ENABLED) || - !strcmp(mdppState, MDPP_MODE_ENFORCING) || - !strcmp(mdppState, MDPP_MODE_DISABLED))); +void AccessControl::updateCCMode() +{ + /* newMode should be extracted from global property like buxton in product */ + bool newMode = false; + if (newMode == m_ccMode) return; - m_ccMode = newMode; + int iNewMode = newMode ? 1 : 0; - fipsModeStatus = FIPS_mode(); - - if(m_ccMode) { - if(fipsModeStatus == 0) { // If FIPS mode off - rc = FIPS_mode_set(1); // Change FIPS_mode from off to on - if(rc == 0) { - LogError("Error in FIPS_mode_set function"); - } - } - } else { - if(fipsModeStatus == 1) { // If FIPS mode on - rc = FIPS_mode_set(0); // Change FIPS_mode from on to off - if(rc == 0) { - LogError("Error in FIPS_mode_set function"); - } - } + if (FIPS_mode_set(iNewMode) == 0) { + LogError("Error to FIPS_mode_set with param " << iNewMode); + return; } + + m_ccMode = newMode; } bool AccessControl::isCCMode() const diff --git a/tools/ckm_db_tool/CMakeLists.txt b/tools/ckm_db_tool/CMakeLists.txt index c8fb53cd..8309d5dc 100644 --- a/tools/ckm_db_tool/CMakeLists.txt +++ b/tools/ckm_db_tool/CMakeLists.txt @@ -8,7 +8,6 @@ PKG_CHECK_MODULES(CKM_DB_TOOL_DEP libcrypto capi-base-common capi-system-info - vconf libxml-2.0 cynara-client-async cynara-creds-socket -- cgit v1.2.3