summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authorjc815.lee <jc815.lee@samsung.com>2013-05-02 21:33:08 +0900
committerjc815.lee <jc815.lee@samsung.com>2013-05-02 21:33:08 +0900
commitaf8aca1e5fc1d77463d824da78b0600b42a64b6f (patch)
tree7817fcd826af57c0915d01104a2f27c0c6123e99 /server
parent56fa0c93675f1d7de78046abdf3a549de4d56fc3 (diff)
downloadsecure-storage-af8aca1e5fc1d77463d824da78b0600b42a64b6f.tar.gz
secure-storage-af8aca1e5fc1d77463d824da78b0600b42a64b6f.tar.bz2
secure-storage-af8aca1e5fc1d77463d824da78b0600b42a64b6f.zip
add code for group_id with smack label
Signed-off-by: jc815.lee <jc815.lee@samsung.com>
Diffstat (limited to 'server')
-rw-r--r--server/include/ss_server_main.h16
-rw-r--r--server/src/ss_server_ipc.c25
-rw-r--r--server/src/ss_server_main.c94
3 files changed, 122 insertions, 13 deletions
diff --git a/server/include/ss_server_main.h b/server/include/ss_server_main.h
index 2d84c41..c549d58 100644
--- a/server/include/ss_server_main.h
+++ b/server/include/ss_server_main.h
@@ -30,8 +30,13 @@
* - filepath
* @return type: int
*/
+#ifndef SMACK_GROUP_ID
int SsServerDataStoreFromFile(int sender_pid, const char* filepath, ssm_flag flag, const char* cookie, const char* group_id);
int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, const char* cookie, const char* group_id);
+#else
+int SsServerDataStoreFromFile(int sender_pid, const char* filepath, ssm_flag flag, int sockfd, const char* group_id);
+int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, int sockfd, const char* group_id);
+#endif
/*
* Declare new function
@@ -45,8 +50,11 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen
* - redLen
* @return type: int
*/
+#ifndef SMACK_GROUP_ID
int SsServerDataRead(int sender_pid, const char* filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, const char* cookie, const char* group_id);
-
+#else
+int SsServerDataRead(int sender_pid, const char* filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, int sockfd, const char* group_id);
+#endif
/*
* Declare new function
*
@@ -57,5 +65,11 @@ int SsServerDataRead(int sender_pid, const char* filepath, char* pRetBuf, unsign
* - file_info
* @return type: int
*/
+
+#ifndef SMACK_GROUP_ID
int SsServerGetInfo(int sender_pid, const char* filepath, char* file_info, ssm_flag flag, const char* cookie, const char* group_id);
int SsServerDeleteFile(int sender_pid, const char* filepath, ssm_flag flag, const char* cookie, const char* group_id);
+#else
+int SsServerGetInfo(int sender_pid, const char* filepath, char* file_info, ssm_flag flag, int sockfd, const char* group_id);
+int SsServerDeleteFile(int sender_pid, const char* filepath, ssm_flag flag, int sockfd, const char* group_id);
+#endif
diff --git a/server/src/ss_server_ipc.c b/server/src/ss_server_ipc.c
index bba503e..93006d1 100644
--- a/server/src/ss_server_ipc.c
+++ b/server/src/ss_server_ipc.c
@@ -261,7 +261,11 @@ void SsServerComm(void)
switch(recv_data.req_type)
{
case 1:
+#ifndef SMACK_GROUP_ID
send_data.rsp_type = SsServerDataStoreFromFile(cr.pid, recv_data.data_infilepath, recv_data.flag, recv_data.cookie, recv_data.group_id);
+#else
+ send_data.rsp_type = SsServerDataStoreFromFile(cr.pid, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id);
+#endif
if(send_data.rsp_type == 1)
{
@@ -277,7 +281,11 @@ void SsServerComm(void)
write(client_sockfd, (char*)&send_data, sizeof(send_data));
break;
case 2:
+#ifndef SMACK_GROUP_ID
send_data.rsp_type = SsServerDataStoreFromBuffer(cr.pid, recv_data.buffer, recv_data.count, recv_data.data_infilepath, recv_data.flag, recv_data.cookie, recv_data.group_id);
+#else
+ send_data.rsp_type = SsServerDataStoreFromBuffer(cr.pid, recv_data.buffer, recv_data.count, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id);
+#endif
if(send_data.rsp_type == 1)
{
@@ -293,8 +301,11 @@ void SsServerComm(void)
write(client_sockfd, (char*)&send_data, sizeof(send_data));
break;
case 3:
+#ifndef SMACK_GROUP_ID
send_data.rsp_type = SsServerDataRead(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.count, &(send_data.readLen), recv_data.flag, recv_data.cookie, recv_data.group_id);
-
+#else
+ send_data.rsp_type = SsServerDataRead(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.count, &(send_data.readLen), recv_data.flag, client_sockfd, recv_data.group_id);
+#endif
if(send_data.rsp_type == 1)
{
strncpy(send_data.data_filepath, recv_data.data_infilepath, MAX_FILENAME_LEN - 1);
@@ -308,9 +319,13 @@ void SsServerComm(void)
write(client_sockfd, (char*)&send_data, sizeof(send_data));
break;
- case 4:
+ case 4:
+#ifndef SMACK_GROUP_ID
send_data.rsp_type = SsServerGetInfo(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.flag, recv_data.cookie, recv_data.group_id);
-
+#else
+ send_data.rsp_type = SsServerGetInfo(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.flag, client_sockfd /*recv_data.cookie*/, recv_data.group_id);
+#endif
+
if(send_data.rsp_type == 1)
{
strncpy(send_data.data_filepath, recv_data.data_infilepath, MAX_FILENAME_LEN - 1);
@@ -325,7 +340,11 @@ void SsServerComm(void)
write(client_sockfd, (char*)&send_data, sizeof(send_data));
break;
case 10:
+#ifndef SMACK_GROUP_ID
send_data.rsp_type = SsServerDeleteFile(cr.pid, recv_data.data_infilepath, recv_data.flag, recv_data.cookie, recv_data.group_id);
+#else
+ send_data.rsp_type = SsServerDeleteFile(cr.pid, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id);
+#endif
if(send_data.rsp_type == 1)
{
diff --git a/server/src/ss_server_main.c b/server/src/ss_server_main.c
index 18b4ddb..33cedf7 100644
--- a/server/src/ss_server_main.c
+++ b/server/src/ss_server_main.c
@@ -47,6 +47,7 @@
#include "secure_storage.h"
#include "ss_server_main.h"
#include "ss_server_ipc.h"
+#include <security-server/security-server.h>
#ifdef USE_KEY_FILE
#define CONF_FILE_PATH "/usr/share/secure-storage/config"
@@ -108,6 +109,17 @@ char* get_preserved_dir()
return retbuf;
}
+int IsSmackEnabled()
+{
+ FILE *file = NULL;
+ if(file = fopen("/smack/load2", "r"))
+ {
+ fclose(file);
+ return 1;
+ }
+ return 0;
+}
+
/* get key from hardware( ex. OMAP e-fuse random key ) */
void GetKey(char* key, unsigned char* iv)
{
@@ -208,6 +220,38 @@ int check_privilege(const char* cookie, const char* group_id)
return 0; // success always
}
+int check_privilege_by_sockfd(int sockfd, const char* object, const char* access_rights)
+{
+ int ret = -1; // if success, return 0
+ const char* private_group_id = "NOTUSED";
+
+ if(!IsSmackEnabled())
+ {
+ return 0;
+ }
+
+ if(!strncmp(object,"NOTUSED", strlen(private_group_id)))
+ {
+ SLOGD("requested default group_id :%s. get smack label", object);
+ char* client_process_smack_label = security_server_get_smacklabel_sockfd(sockfd);
+ if(client_process_smack_label)
+ {
+ SLOGD("defined smack label : %s", client_process_smack_label);
+ strncpy(object, client_process_smack_label, strlen(client_process_smack_label));
+ }
+ else
+ {
+ SLOGD("failed to get smack label");
+ return -1;
+ }
+ }
+
+ SLOGD("object : %s, access_rights : %s", object, access_rights);
+ ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
+
+ return ret;
+}
+
/* convert normal file path to secure storage file path */
int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag, const char* group_id)
{
@@ -293,7 +337,11 @@ int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag,
}
}
- strncat(dest, if_pointer + 1, strlen(if_pointer) + 1);
+ int length_of_file = 0;
+ if(if_pointer != NULL)
+ {
+ strncat(dest, if_pointer + 1, strlen(if_pointer) + 1);
+ }
strncat(dest, "_", 1);
SHA1((unsigned char*)src, (size_t)strlen(src), path_hash);
@@ -303,7 +351,7 @@ int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag,
strncat(dest, s, strlen(s));
strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX));
- dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + strlen(if_pointer) + strlen(s) + strlen(SS_FILE_POSTFIX) + 4] = '\0';
+ dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + length_of_file + strlen(s) + strlen(SS_FILE_POSTFIX) + 4] = '\0';
}
else if(flag == SSM_FLAG_SECRET_PRESERVE) // /tmp/csa/
{
@@ -467,8 +515,11 @@ unsigned char* AES_Crypto(unsigned char* p_text, unsigned char* c_text, char* ae
/***************************************************************************
* Function Definition
**************************************************************************/
-
+#ifndef SMACK_GROUP_ID
int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_flag flag, const char* cookie, const char* group_id)
+#else
+int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_flag flag, int sockfd, const char* group_id)
+#endif
{
char key[16] = {0, };
unsigned char iv[16] = {0, };
@@ -486,11 +537,13 @@ int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_fla
size_t read = 0, rest = 0;
//0. privilege check and get directory name
- if(check_privilege(cookie, group_id) != 0)
+#ifdef SMACK_GROUP_ID
+ if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0)
{
SLOGE("[%s] permission denied\n", group_id);
return SS_PERMISSION_DENIED;
}
+#endif
// 1. create out file name
ConvertFileName(sender_pid, out_filepath, in_filepath, flag, group_id);
@@ -577,7 +630,11 @@ int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_fla
return 1;
}
+#ifndef SMACK_GROUP_ID
int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, const char* cookie, const char* group_id)
+#else
+int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, int sockfd, const char* group_id)
+#endif
{
char key[16] = {0, };
unsigned char iv[16] = {0, };
@@ -601,12 +658,14 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen
memcpy(buffer, writebuffer, bufLen);
//0. privilege check and get directory name
- if(check_privilege(cookie, group_id) != 0)
+#ifdef SMACK_GROUP_ID
+ if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0)
{
SLOGE("permission denied\n");
free(buffer);
return SS_PERMISSION_DENIED;
}
+#endif
// create file path from filename
ConvertFileName(sender_pid, out_filepath, filename, flag, group_id);
@@ -676,7 +735,11 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen
return 1;
}
+#ifndef SMACK_GROUP_ID
int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, const char* cookie, const char* group_id)
+#else
+int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, int sockfd, const char* group_id)
+#endif
{
unsigned int offset = count * MAX_RECV_DATA_LEN;
char key[16] = {0, };
@@ -692,11 +755,13 @@ int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, u
*readLen = 0;
//0. privilege check and get directory name
- if(check_privilege(cookie, group_id) != 0)
+#ifdef SMACK_GROUP_ID
+ if(check_privilege_by_sockfd(sockfd, group_id, "r") != 0)
{
SLOGE("permission denied\n");
return SS_PERMISSION_DENIED;
}
+#endif
// 1. create in file name : convert file name in order to access secure storage
if(flag == SSM_FLAG_WIDGET)
@@ -757,18 +822,23 @@ Last:
return 1;
}
+#ifndef SMACK_GROUP_ID
int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag, const char* cookie, const char* group_id)
+#else
+int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag, int sockfd, const char* group_id)
+#endif
{
const char* in_filepath = data_filepath;
char out_filepath[MAX_FILENAME_LEN] = {0, };
//0. privilege check and get directory name
- if(check_privilege(cookie, group_id) != 0)
+#ifdef SMACK_GROUP_ID
+ if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0)
{
SLOGE("permission denied\n");
return SS_PERMISSION_DENIED;
}
-
+#endif
// 1. create out file name
ConvertFileName(sender_pid, out_filepath, in_filepath, flag, group_id);
@@ -782,18 +852,24 @@ int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag,
return 1;
}
+#ifndef SMACK_GROUP_ID
int SsServerGetInfo(int sender_pid, const char* data_filepath, char* file_info, ssm_flag flag, const char* cookie, const char* group_id)
+#else
+int SsServerGetInfo(int sender_pid, const char* data_filepath, char* file_info, ssm_flag flag, int sockfd, const char* group_id)
+#endif
{
size_t read = 0;
FILE *fd_in = NULL;
char in_filepath[MAX_FILENAME_LEN] = {0, };
//0. privilege check and get directory name
- if(check_privilege(cookie, group_id) != 0)
+#ifdef SMACK_GROUP_ID
+ if(check_privilege_by_sockfd(sockfd, group_id, "r") != 0)
{
SLOGE("permission denied, [%s]\n", group_id);
return SS_PERMISSION_DENIED;
}
+#endif
// 1. create in file name : convert file name in order to access secure storage
if(flag == SSM_FLAG_WIDGET)