diff options
author | jc815.lee <jc815.lee@samsung.com> | 2013-05-02 21:33:08 +0900 |
---|---|---|
committer | jc815.lee <jc815.lee@samsung.com> | 2013-05-02 21:33:08 +0900 |
commit | af8aca1e5fc1d77463d824da78b0600b42a64b6f (patch) | |
tree | 7817fcd826af57c0915d01104a2f27c0c6123e99 /server | |
parent | 56fa0c93675f1d7de78046abdf3a549de4d56fc3 (diff) | |
download | secure-storage-af8aca1e5fc1d77463d824da78b0600b42a64b6f.tar.gz secure-storage-af8aca1e5fc1d77463d824da78b0600b42a64b6f.tar.bz2 secure-storage-af8aca1e5fc1d77463d824da78b0600b42a64b6f.zip |
add code for group_id with smack label
Signed-off-by: jc815.lee <jc815.lee@samsung.com>
Diffstat (limited to 'server')
-rw-r--r-- | server/include/ss_server_main.h | 16 | ||||
-rw-r--r-- | server/src/ss_server_ipc.c | 25 | ||||
-rw-r--r-- | server/src/ss_server_main.c | 94 |
3 files changed, 122 insertions, 13 deletions
diff --git a/server/include/ss_server_main.h b/server/include/ss_server_main.h index 2d84c41..c549d58 100644 --- a/server/include/ss_server_main.h +++ b/server/include/ss_server_main.h @@ -30,8 +30,13 @@ * - filepath * @return type: int */ +#ifndef SMACK_GROUP_ID int SsServerDataStoreFromFile(int sender_pid, const char* filepath, ssm_flag flag, const char* cookie, const char* group_id); int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, const char* cookie, const char* group_id); +#else +int SsServerDataStoreFromFile(int sender_pid, const char* filepath, ssm_flag flag, int sockfd, const char* group_id); +int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, int sockfd, const char* group_id); +#endif /* * Declare new function @@ -45,8 +50,11 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen * - redLen * @return type: int */ +#ifndef SMACK_GROUP_ID int SsServerDataRead(int sender_pid, const char* filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, const char* cookie, const char* group_id); - +#else +int SsServerDataRead(int sender_pid, const char* filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, int sockfd, const char* group_id); +#endif /* * Declare new function * @@ -57,5 +65,11 @@ int SsServerDataRead(int sender_pid, const char* filepath, char* pRetBuf, unsign * - file_info * @return type: int */ + +#ifndef SMACK_GROUP_ID int SsServerGetInfo(int sender_pid, const char* filepath, char* file_info, ssm_flag flag, const char* cookie, const char* group_id); int SsServerDeleteFile(int sender_pid, const char* filepath, ssm_flag flag, const char* cookie, const char* group_id); +#else +int SsServerGetInfo(int sender_pid, const char* filepath, char* file_info, ssm_flag flag, int sockfd, const char* group_id); +int SsServerDeleteFile(int sender_pid, const char* filepath, ssm_flag flag, int sockfd, const char* group_id); +#endif diff --git a/server/src/ss_server_ipc.c b/server/src/ss_server_ipc.c index bba503e..93006d1 100644 --- a/server/src/ss_server_ipc.c +++ b/server/src/ss_server_ipc.c @@ -261,7 +261,11 @@ void SsServerComm(void) switch(recv_data.req_type) { case 1: +#ifndef SMACK_GROUP_ID send_data.rsp_type = SsServerDataStoreFromFile(cr.pid, recv_data.data_infilepath, recv_data.flag, recv_data.cookie, recv_data.group_id); +#else + send_data.rsp_type = SsServerDataStoreFromFile(cr.pid, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id); +#endif if(send_data.rsp_type == 1) { @@ -277,7 +281,11 @@ void SsServerComm(void) write(client_sockfd, (char*)&send_data, sizeof(send_data)); break; case 2: +#ifndef SMACK_GROUP_ID send_data.rsp_type = SsServerDataStoreFromBuffer(cr.pid, recv_data.buffer, recv_data.count, recv_data.data_infilepath, recv_data.flag, recv_data.cookie, recv_data.group_id); +#else + send_data.rsp_type = SsServerDataStoreFromBuffer(cr.pid, recv_data.buffer, recv_data.count, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id); +#endif if(send_data.rsp_type == 1) { @@ -293,8 +301,11 @@ void SsServerComm(void) write(client_sockfd, (char*)&send_data, sizeof(send_data)); break; case 3: +#ifndef SMACK_GROUP_ID send_data.rsp_type = SsServerDataRead(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.count, &(send_data.readLen), recv_data.flag, recv_data.cookie, recv_data.group_id); - +#else + send_data.rsp_type = SsServerDataRead(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.count, &(send_data.readLen), recv_data.flag, client_sockfd, recv_data.group_id); +#endif if(send_data.rsp_type == 1) { strncpy(send_data.data_filepath, recv_data.data_infilepath, MAX_FILENAME_LEN - 1); @@ -308,9 +319,13 @@ void SsServerComm(void) write(client_sockfd, (char*)&send_data, sizeof(send_data)); break; - case 4: + case 4: +#ifndef SMACK_GROUP_ID send_data.rsp_type = SsServerGetInfo(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.flag, recv_data.cookie, recv_data.group_id); - +#else + send_data.rsp_type = SsServerGetInfo(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.flag, client_sockfd /*recv_data.cookie*/, recv_data.group_id); +#endif + if(send_data.rsp_type == 1) { strncpy(send_data.data_filepath, recv_data.data_infilepath, MAX_FILENAME_LEN - 1); @@ -325,7 +340,11 @@ void SsServerComm(void) write(client_sockfd, (char*)&send_data, sizeof(send_data)); break; case 10: +#ifndef SMACK_GROUP_ID send_data.rsp_type = SsServerDeleteFile(cr.pid, recv_data.data_infilepath, recv_data.flag, recv_data.cookie, recv_data.group_id); +#else + send_data.rsp_type = SsServerDeleteFile(cr.pid, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id); +#endif if(send_data.rsp_type == 1) { diff --git a/server/src/ss_server_main.c b/server/src/ss_server_main.c index 18b4ddb..33cedf7 100644 --- a/server/src/ss_server_main.c +++ b/server/src/ss_server_main.c @@ -47,6 +47,7 @@ #include "secure_storage.h" #include "ss_server_main.h" #include "ss_server_ipc.h" +#include <security-server/security-server.h> #ifdef USE_KEY_FILE #define CONF_FILE_PATH "/usr/share/secure-storage/config" @@ -108,6 +109,17 @@ char* get_preserved_dir() return retbuf; } +int IsSmackEnabled() +{ + FILE *file = NULL; + if(file = fopen("/smack/load2", "r")) + { + fclose(file); + return 1; + } + return 0; +} + /* get key from hardware( ex. OMAP e-fuse random key ) */ void GetKey(char* key, unsigned char* iv) { @@ -208,6 +220,38 @@ int check_privilege(const char* cookie, const char* group_id) return 0; // success always } +int check_privilege_by_sockfd(int sockfd, const char* object, const char* access_rights) +{ + int ret = -1; // if success, return 0 + const char* private_group_id = "NOTUSED"; + + if(!IsSmackEnabled()) + { + return 0; + } + + if(!strncmp(object,"NOTUSED", strlen(private_group_id))) + { + SLOGD("requested default group_id :%s. get smack label", object); + char* client_process_smack_label = security_server_get_smacklabel_sockfd(sockfd); + if(client_process_smack_label) + { + SLOGD("defined smack label : %s", client_process_smack_label); + strncpy(object, client_process_smack_label, strlen(client_process_smack_label)); + } + else + { + SLOGD("failed to get smack label"); + return -1; + } + } + + SLOGD("object : %s, access_rights : %s", object, access_rights); + ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights); + + return ret; +} + /* convert normal file path to secure storage file path */ int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag, const char* group_id) { @@ -293,7 +337,11 @@ int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag, } } - strncat(dest, if_pointer + 1, strlen(if_pointer) + 1); + int length_of_file = 0; + if(if_pointer != NULL) + { + strncat(dest, if_pointer + 1, strlen(if_pointer) + 1); + } strncat(dest, "_", 1); SHA1((unsigned char*)src, (size_t)strlen(src), path_hash); @@ -303,7 +351,7 @@ int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag, strncat(dest, s, strlen(s)); strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX)); - dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + strlen(if_pointer) + strlen(s) + strlen(SS_FILE_POSTFIX) + 4] = '\0'; + dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + length_of_file + strlen(s) + strlen(SS_FILE_POSTFIX) + 4] = '\0'; } else if(flag == SSM_FLAG_SECRET_PRESERVE) // /tmp/csa/ { @@ -467,8 +515,11 @@ unsigned char* AES_Crypto(unsigned char* p_text, unsigned char* c_text, char* ae /*************************************************************************** * Function Definition **************************************************************************/ - +#ifndef SMACK_GROUP_ID int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_flag flag, const char* cookie, const char* group_id) +#else +int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_flag flag, int sockfd, const char* group_id) +#endif { char key[16] = {0, }; unsigned char iv[16] = {0, }; @@ -486,11 +537,13 @@ int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_fla size_t read = 0, rest = 0; //0. privilege check and get directory name - if(check_privilege(cookie, group_id) != 0) +#ifdef SMACK_GROUP_ID + if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0) { SLOGE("[%s] permission denied\n", group_id); return SS_PERMISSION_DENIED; } +#endif // 1. create out file name ConvertFileName(sender_pid, out_filepath, in_filepath, flag, group_id); @@ -577,7 +630,11 @@ int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_fla return 1; } +#ifndef SMACK_GROUP_ID int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, const char* cookie, const char* group_id) +#else +int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, int sockfd, const char* group_id) +#endif { char key[16] = {0, }; unsigned char iv[16] = {0, }; @@ -601,12 +658,14 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen memcpy(buffer, writebuffer, bufLen); //0. privilege check and get directory name - if(check_privilege(cookie, group_id) != 0) +#ifdef SMACK_GROUP_ID + if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0) { SLOGE("permission denied\n"); free(buffer); return SS_PERMISSION_DENIED; } +#endif // create file path from filename ConvertFileName(sender_pid, out_filepath, filename, flag, group_id); @@ -676,7 +735,11 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen return 1; } +#ifndef SMACK_GROUP_ID int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, const char* cookie, const char* group_id) +#else +int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, int sockfd, const char* group_id) +#endif { unsigned int offset = count * MAX_RECV_DATA_LEN; char key[16] = {0, }; @@ -692,11 +755,13 @@ int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, u *readLen = 0; //0. privilege check and get directory name - if(check_privilege(cookie, group_id) != 0) +#ifdef SMACK_GROUP_ID + if(check_privilege_by_sockfd(sockfd, group_id, "r") != 0) { SLOGE("permission denied\n"); return SS_PERMISSION_DENIED; } +#endif // 1. create in file name : convert file name in order to access secure storage if(flag == SSM_FLAG_WIDGET) @@ -757,18 +822,23 @@ Last: return 1; } +#ifndef SMACK_GROUP_ID int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag, const char* cookie, const char* group_id) +#else +int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag, int sockfd, const char* group_id) +#endif { const char* in_filepath = data_filepath; char out_filepath[MAX_FILENAME_LEN] = {0, }; //0. privilege check and get directory name - if(check_privilege(cookie, group_id) != 0) +#ifdef SMACK_GROUP_ID + if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0) { SLOGE("permission denied\n"); return SS_PERMISSION_DENIED; } - +#endif // 1. create out file name ConvertFileName(sender_pid, out_filepath, in_filepath, flag, group_id); @@ -782,18 +852,24 @@ int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag, return 1; } +#ifndef SMACK_GROUP_ID int SsServerGetInfo(int sender_pid, const char* data_filepath, char* file_info, ssm_flag flag, const char* cookie, const char* group_id) +#else +int SsServerGetInfo(int sender_pid, const char* data_filepath, char* file_info, ssm_flag flag, int sockfd, const char* group_id) +#endif { size_t read = 0; FILE *fd_in = NULL; char in_filepath[MAX_FILENAME_LEN] = {0, }; //0. privilege check and get directory name - if(check_privilege(cookie, group_id) != 0) +#ifdef SMACK_GROUP_ID + if(check_privilege_by_sockfd(sockfd, group_id, "r") != 0) { SLOGE("permission denied, [%s]\n", group_id); return SS_PERMISSION_DENIED; } +#endif // 1. create in file name : convert file name in order to access secure storage if(flag == SSM_FLAG_WIDGET) |