summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xinclude/ss_manager.h2
-rwxr-xr-xserver/src/ss_server_main.c514
2 files changed, 229 insertions, 287 deletions
diff --git a/include/ss_manager.h b/include/ss_manager.h
index f9e277c..1d14ca4 100755
--- a/include/ss_manager.h
+++ b/include/ss_manager.h
@@ -45,6 +45,8 @@ typedef enum {
SSM_FLAG_SECRET_PRESERVE, // for preserved operation
SSM_FLAG_SECRET_OPERATION, // for oma drm , wifi addr, divx and bt addr
SSM_FLAG_WIDGET, // for wiget encryption/decryption
+ SSM_FLAG_WEB_APP,
+ SSM_FLAG_PRELOADED_WEB_APP,
SSM_FLAG_MAX
} ssm_flag;
diff --git a/server/src/ss_server_main.c b/server/src/ss_server_main.c
index 5d66f16..25f3048 100755
--- a/server/src/ss_server_main.c
+++ b/server/src/ss_server_main.c
@@ -113,7 +113,7 @@ char* get_preserved_dir()
int IsSmackEnabled()
{
FILE *file = NULL;
- if(file = fopen("/smack/load2", "r"))
+ if((file = fopen("/smack/load2", "r")))
{
fclose(file);
return 1;
@@ -186,7 +186,7 @@ unsigned short GetHashCode(const unsigned char* pString)
return hash;
}
-int IsDirExist(char* dirpath)
+int IsDirExist(const char* dirpath)
{
DIR* dp = NULL;
@@ -204,300 +204,194 @@ int IsDirExist(char* dirpath)
return -1;
}
-int check_privilege(const char* cookie, const char* group_id)
+int check_privilege_by_sockfd(int sockfd, const char* object, const char* access_rights)
{
-// int ret = -1; // if success, return 0
-// int gid = -1;
-
-// if(!strncmp(group_id, "NOTUSED", 7)) // group_id is NULL
-// return 0;
-// else
-// {
-// gid = security_server_get_gid(group_id);
-// ret = security_server_check_privilege(cookie, gid);
-// }
-
-// return ret;
- return 0; // success always
+ if(!IsSmackEnabled())
+ return 0;
+
+ int ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
+ SLOGD("object : %s, access_rights : %s, ret : %d", object, access_rights, ret);
+ return ret;
}
-int check_privilege_by_sockfd(int sockfd, const char* object, const char* access_rights)
+/* convert normal file path to secure storage file path */
+int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag, const char* group_id)
{
- int ret = -1; // if success, return 0
- const char* private_group_id = "NOTUSED";
- char* default_smack_label = NULL;
- const char* group_id = object;
+ char s[33+1];
+ const char* dir = group_id;
+ char* preserved_dir = NULL;
+ int is_dir_exist = -1;
- if(!IsSmackEnabled())
+ if(!dest || !src)
{
- return 0;
+ SLOGE("Parameter error in ConvertFileName()...\n");
+ return SS_FILE_OPEN_ERROR; // file related error
}
- if(!strncmp(group_id, private_group_id, strlen(private_group_id)))
+ // get top-dir path
+ if(flag == SSM_FLAG_SECRET_PRESERVE)
{
- SLOGD("requested default group_id. get smack label");
- default_smack_label = security_server_get_smacklabel_sockfd(sockfd);
- if(default_smack_label)
+ preserved_dir = get_preserved_dir();
+ if(preserved_dir == NULL) // fail to get preserved directory
{
- SLOGD("defined smack label : %s", default_smack_label);
- group_id = default_smack_label;
+ SLOGE("fail to get preserved dir\n");
+ return SS_FILE_OPEN_ERROR;
}
- else
+
+ strncpy(dest, preserved_dir, strlen(preserved_dir)); //dest <= /csa
+ free(preserved_dir);
+ }
+ else // SSM_FLAG_SECRET_DATA || SSM_FLAG_SECRET_OPERATION || SSM_FLAG_PRELOADED_WEB_APP
+ {
+ if(CreateStorageDir(SS_STORAGE_DEFAULT_PATH) < 0)
{
- SLOGD("failed to get smack label");
- return -1;
+ return SS_FILE_OPEN_ERROR;
}
+ // TBD
+ strncpy(dest, SS_STORAGE_DEFAULT_PATH, strlen(SS_STORAGE_DEFAULT_PATH));
}
- SLOGD("object : %s, access_rights : %s", group_id, access_rights);
- ret = security_server_check_privilege_by_sockfd(sockfd, group_id, access_rights);
+ strncat(dest, dir, (strlen(dir))); // add top-dir + dir(label)
+ strncat(dest, "/", 1);
- if(default_smack_label)
+ if(CreateStorageDir(dest) < 0)
{
- free(default_smack_label);
+ return SS_FILE_OPEN_ERROR;
}
- return ret;
-}
+ strncat(dest, "_", 1); // /top-dir/label/_
-/* convert normal file path to secure storage file path */
-int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag, const char* group_id)
-{
- char* if_pointer = NULL;
- unsigned short h_code = 0;
- unsigned short h_code2 = 0;
- unsigned char path_hash[SHA_DIGEST_LENGTH + 1];
- char s[33+1];
- const char* dir = NULL;
- char tmp_cmd[32] = {0, };
- char tmp_buf[10] = {0, };
- const unsigned char exe_path[256] = {0, };
- FILE* fp_proc = NULL;
- char* preserved_dir = NULL;
- int is_dir_exist = -1;
+ GetPathHash(src, s);
+ strncat(dest, s, strlen(s)); // /top-dir/label/_hash
+ strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX)); // /top-dir/label/_hash.e
- if(!dest || !src)
- {
- SLOGE("Parameter error in ConvertFileName()...\n");
- return SS_FILE_OPEN_ERROR; // file related error
- }
+ SLOGD("final dest : %s", dest);
+
+ return 1;
+}
- memset(tmp_cmd, 0x00, 32);
- snprintf(tmp_cmd, 32, "/proc/%d/cmdline", sender_pid);
+int GetProcessExecPath(int pid, char* buffer)
+{
+ char tmp_cmd[32] = {0,};
+ FILE *fp_proc = NULL;
+ snprintf(tmp_cmd, 32, "/proc/%d/cmdline", pid);
if(!(fp_proc = fopen(tmp_cmd, "r")))
{
SLOGE("file open error: [%s]", tmp_cmd);
return SS_FILE_OPEN_ERROR;
}
-
- fgets((char*)exe_path, 256, fp_proc);
+
+ fgets((char*)buffer, 256, fp_proc);
fclose(fp_proc);
- if(!strncmp(group_id, "NOTUSED", 7)) // don't share
+ return 0;
+}
+
+int GetProcessSmackLabel(int sockfd, char* proc_smack_label)
+{
+ char* smack_label = security_server_get_smacklabel_sockfd(sockfd);
+ if(smack_label)
{
- h_code2 = GetHashCode(exe_path);
- memset(tmp_buf, 0x00, 10);
- snprintf(tmp_buf, 10, "%u", h_code2);
- dir = tmp_buf;
+ strncpy(proc_smack_label, smack_label, strlen(smack_label));
+ free(smack_label);
}
- else // share
- dir = group_id;
-
- if_pointer = strrchr(src, '/');
-
- if(flag == SSM_FLAG_DATA) // /opt/share/secure-storage/*
+ else
{
- // check whether directory is exist or not
- is_dir_exist = IsDirExist(SS_STORAGE_DEFAULT_PATH);
-
- if (is_dir_exist == 0) // SS_STORAGE_FILE_PATH is not exist
- {
- SLOGI("directory [%s] is making now.\n", SS_STORAGE_DEFAULT_PATH);
- if(mkdir(SS_STORAGE_DEFAULT_PATH, 0700) < 0) // fail to make directory
- {
- SLOGE("[%s] cannot be made\n", SS_STORAGE_DEFAULT_PATH);
- return SS_FILE_OPEN_ERROR;
- }
- }
- else if (is_dir_exist == -1) // Unknown error
- {
- SLOGE("Unknown error in the function IsDirExist().\n");
- return SS_PARAM_ERROR;
- }
+ SLOGE("failed to get smack label");
+ return -1; // SS_SECURITY_SERVER_ERROR?
+ }
+ SLOGD("defined smack label : %s", proc_smack_label);
+ return 0;
+}
- // TBD
- strncpy(dest, SS_STORAGE_DEFAULT_PATH, MAX_FILENAME_LEN - 1);
- strncat(dest, dir, (strlen(dest) - 1));
- strncat(dest, "/", 1);
+int GetPathHash(const char *src, char *output)
+{
+ unsigned short h_code = 0;
+ unsigned char path_hash[SHA_DIGEST_LENGTH + 1];
- // make directory
- dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + 2] = '\0';
- is_dir_exist = IsDirExist(dest);
+ SHA1((unsigned char*)src, (size_t)strlen(src), path_hash);
+ h_code = GetHashCode(path_hash);
+ memset(output, 0x00, 34);
+ snprintf(output, 34, "%u", h_code);
- if(is_dir_exist == 0) // not exist
- {
- SLOGI("%s is making now.\n", dest);
- if(mkdir(dest, 0700) < 0) // fail to make directory
- {
- SLOGE("[%s] cannot be made\n", dest);
- return SS_FILE_OPEN_ERROR;
- }
- }
-
- int length_of_file = 0;
- if(if_pointer != NULL)
- {
- length_of_file = strlen(if_pointer);
- strncat(dest, if_pointer + 1, length_of_file + 1);
- }
- strncat(dest, "_", 1);
+ SLOGD("hashing src : %s to output : %s", src, output);
- SHA1((unsigned char*)src, (size_t)strlen(src), path_hash);
- h_code = GetHashCode(path_hash);
- memset(s, 0x00, 34);
- snprintf(s, 34, "%u", h_code);
- strncat(dest, s, strlen(s));
- strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX));
+ return 0;
+}
- dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + length_of_file + strlen(s) + strlen(SS_FILE_POSTFIX) + 4] = '\0';
- }
- else if(flag == SSM_FLAG_SECRET_PRESERVE) // /tmp/csa/
+
+int CreateStorageDir(const char* path)
+{
+ int is_dir_exist = IsDirExist(path);
+
+ if (is_dir_exist == 0) // path directory is not exist
{
- preserved_dir = get_preserved_dir();
- if(preserved_dir == NULL) // fail to get preserved directory
+ SLOGI("directory [%s] is making now.\n", path);
+ if(mkdir(path, 0700) < 0) // fail to make directory
{
- SLOGE("fail to get preserved dir\n");
- return SS_FILE_OPEN_ERROR;
+ SLOGE("[%s] cannot be made\n", SS_STORAGE_DEFAULT_PATH);
+ return -SS_FILE_OPEN_ERROR;
}
-
- if(strncmp(src, preserved_dir, strlen(preserved_dir)) == 0) //src[0] == '/')
- {
- strncpy(dest, src, MAX_FILENAME_LEN - 1);
- strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX));
+ }
- dest[strlen(src) + strlen(SS_FILE_POSTFIX)] = '\0';
- }
- else if(if_pointer != NULL) // absolute path == file
- {
- strncpy(dest, preserved_dir, MAX_FILENAME_LEN - 1);
- strncat(dest, if_pointer + 1, strlen(if_pointer) + 1);
- strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX));
- dest[strlen(preserved_dir) + strlen(if_pointer) + strlen(SS_FILE_POSTFIX) + 1] = '\0';
- }
- else // relative path == buffer
- {
- strncpy(dest, preserved_dir, MAX_FILENAME_LEN - 1);
- strncat(dest, src, strlen(src));
- strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX));
- dest[strlen(preserved_dir) + strlen(src) + strlen(SS_FILE_POSTFIX)] = '\0';
- }
+ return 0;
+}
- free(preserved_dir);
+/*
+ * if group_id is given, use group_id
+ *
+ * if NULL group_id is given
+ * smack enable : use process smack label
+ * smack disable : use process exec path
+ *
+ */
+int GetProcessStorageDir(int sockfd, int sender_pid, const char* group_id, char* output)
+{
+ char *object = group_id;
+ char proc_smack_label[MAX_GROUP_ID_LEN+1] = {0,};
+ char hash_buf[10] = {0, };
+ int is_shared = strncmp(group_id, "NOTUSED", 7) ? 1 : 0;
- }
- else if(flag == SSM_FLAG_SECRET_OPERATION) // /opt/share/secure-storage/
+#ifdef SMACK_GROUP_ID
+ if(IsSmackEnabled())
{
- if(if_pointer != NULL) // absolute path == input is a file
+ if(!is_shared) // don't share, use process smack label
{
- // check whether directory is exist or not
- is_dir_exist = IsDirExist(SS_STORAGE_DEFAULT_PATH);
-
- if (is_dir_exist == 0) // SS_STORAGE_FILE_PATH is not exist
+ if(GetProcessSmackLabel(sockfd, proc_smack_label) != 0)
{
- SLOGI("%s is making now.\n", SS_STORAGE_DEFAULT_PATH);
- if(mkdir(SS_STORAGE_DEFAULT_PATH, 0700) < 0) // fail to make directory
- {
- SLOGE("[%s] cannnot be made\n", SS_STORAGE_DEFAULT_PATH);
- return SS_FILE_OPEN_ERROR;
- }
+ return -SS_SECURE_STORAGE_ERROR;
}
- else if (is_dir_exist == -1) // Unknown error
- {
- SLOGE("Unknown error in the function IsDirExist().\n");
- return SS_PARAM_ERROR;
- }
-
- strncpy(dest, SS_STORAGE_DEFAULT_PATH, MAX_FILENAME_LEN - 1);
- strncat(dest, dir, strlen(dir));
- strncat(dest, "/", 1);
-
- // make directory
- dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + 2] = '\0';
- is_dir_exist = IsDirExist(dest);
-
- if(is_dir_exist == 0) // not exist
- {
- SLOGI("%s is making now.\n", dest);
- if(mkdir(dest, 0700) < 0)
- {
- SLOGE("[%s] cannot be made\n", dest);
- return SS_FILE_OPEN_ERROR;
- }
- }
-
- strncat(dest, if_pointer + 1, strlen(if_pointer) + 1);
- strncat(dest, "_", 1);
- SHA1((unsigned char*)src, (size_t)strlen(src), path_hash);
- h_code = GetHashCode(path_hash);
- memset(s, 0x00, 34);
- snprintf(s, 34, "%u", h_code);
- strncat(dest, s, strlen(s));
- strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX));
-
- dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + strlen(if_pointer) + strlen(s) + strlen(SS_FILE_POSTFIX) + 4] = '\0';
+ object = proc_smack_label;
}
- else // relative path == input is a buffer
- {
- // check whether directory is exist or not
- is_dir_exist = IsDirExist(SS_STORAGE_DEFAULT_PATH);
-
- if (is_dir_exist == 0) // SS_STORAGE_BUFFER_PATH is not exist
- {
- SLOGI("%s is making now.\n", SS_STORAGE_DEFAULT_PATH);
- if(mkdir(SS_STORAGE_DEFAULT_PATH, 0700) < 0)
- {
- SLOGE("[%s] cannot be made\n", SS_STORAGE_DEFAULT_PATH);
- return SS_FILE_OPEN_ERROR;
- }
- }
- else if (is_dir_exist == -1) // Unknown error
- {
- SLOGE("Unknown error in the function IsDirExist().\n");
- return SS_PARAM_ERROR;
- }
-
- strncpy(dest, SS_STORAGE_DEFAULT_PATH, MAX_FILENAME_LEN - 1);
- strncat(dest, dir, strlen(dir));
- strncat(dest, "/", 1);
-
- // make directory
- dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + 2] = '\0';
- is_dir_exist = IsDirExist(dest);
+ }
+ else{
+#endif
+ char exe_path[256] = {0,};
+ int h_code2 = 0;
- if(is_dir_exist == 0) // not exist
+ if(!is_shared) // don't share
+ {
+ if(GetProcessExecPath(sender_pid, exe_path) != 0)
{
- SLOGI("%s is making now.\n", dest);
- if(mkdir(dest, 0700) < 0)
- {
- SLOGE("[%s] cannot be made\n", dest);
- return SS_FILE_OPEN_ERROR;
- }
+ return -SS_SECURE_STORAGE_ERROR;
}
-
- strncat(dest, src, strlen(src));
- strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX));
-
- dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + strlen(src) + strlen(SS_FILE_POSTFIX) + 2] = '\0';
+ h_code2 = GetHashCode(exe_path);
+ snprintf(hash_buf, 10, "%u", h_code2);
+ object = hash_buf;
}
+#ifdef SMACK_GROUP_ID
}
- else
- {
- SLOGE("flag mispatch. cannot convert file name.\n");
- return SS_PARAM_ERROR;
- }
+#endif
+ strncpy(output, object, strlen(object));
+ return 0;
+}
- return 1;
+void SetMetaData(ssm_file_info_convert_t* sfic, unsigned int orig_size, unsigned int stored_size, int flag)
+{
+ sfic->fInfoStruct.originSize = (unsigned int)orig_size;
+ sfic->fInfoStruct.storedSize = (unsigned int)stored_size;
+ sfic->fInfoStruct.reserved[0] = flag & 0x000000ff;
}
/* aes crypto function wrapper - p_text : plain text, c_text : cipher text, aes_key : from GetKey, mode : ENCRYPT/DECRYPT, size : data size */
@@ -538,25 +432,35 @@ int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_fla
FILE* fd_out = NULL;
struct stat file_info;
ssm_file_info_convert_t sfic;
- int res = -1;
unsigned char p_text[ENCRYPT_SIZE]= {0, };
unsigned char e_text[ENCRYPT_SIZE]= {0, };
size_t read = 0, rest = 0;
+ int res = -1;
//0. privilege check and get directory name
+ char dir[MAX_GROUP_ID_LEN] = {0,};
+ if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0)
+ {
+ SLOGE("Failed to get storage dir\n");
+ return SS_SECURE_STORAGE_ERROR;
+ }
+
#ifdef SMACK_GROUP_ID
- if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0)
+ if(flag != SSM_FLAG_PRELOADED_WEB_APP)
{
- SLOGE("[%s] permission denied\n", group_id);
- return SS_PERMISSION_DENIED;
+ if(check_privilege_by_sockfd(sockfd, dir, "w") < 0)
+ {
+ SLOGE("Permission denied\n");
+ return SS_PERMISSION_DENIED;
+ }
}
#endif
// 1. create out file name
- ConvertFileName(sender_pid, out_filepath, in_filepath, flag, group_id);
-
+ ConvertFileName(sender_pid, out_filepath, in_filepath, flag, dir);
+
// 2. file open
if(!(fd_in = fopen(in_filepath, "rb")))
{
@@ -582,9 +486,7 @@ int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_fla
// 3. write metadata
if(!stat(in_filepath, &file_info))
{
- sfic.fInfoStruct.originSize = (unsigned int)file_info.st_size;
- sfic.fInfoStruct.storedSize = (unsigned int)(sfic.fInfoStruct.originSize/AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE;
- sfic.fInfoStruct.reserved[0] = flag & 0x000000ff;
+ SetMetaData(&sfic, file_info.st_size, (file_info.st_size/AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE, flag);
}
else
{
@@ -647,15 +549,15 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen
{
char key[16] = {0, };
unsigned char iv[16] = {0, };
- char out_filepath[MAX_FILENAME_LEN+1];
+ char out_filepath[MAX_FILENAME_LEN+1] = {0,};
char *buffer = NULL;
unsigned int writeLen = 0, loop, rest, count;
FILE *fd_out = NULL;
ssm_file_info_convert_t sfic;
- unsigned char p_text[ENCRYPT_SIZE]= {0, };
- unsigned char e_text[ENCRYPT_SIZE]= {0, };
+ unsigned char p_text[ENCRYPT_SIZE] = {0, };
+ unsigned char e_text[ENCRYPT_SIZE] = {0, };
int res = -1;
-
+
writeLen = (unsigned int)(bufLen / AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE;
buffer = (char*)malloc(writeLen + 1);
if(!buffer)
@@ -666,18 +568,27 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen
memset(buffer, 0x00, writeLen);
memcpy(buffer, writebuffer, bufLen);
- //0. privilege check and get directory name
+ //0. get directory name and privilege check
+ char dir[MAX_GROUP_ID_LEN] = {0,};
+ if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0)
+ {
+ SLOGE("Failed to get storage dir\n");
+ return SS_SECURE_STORAGE_ERROR;
+ }
+
#ifdef SMACK_GROUP_ID
- if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0)
+ if(flag != SSM_FLAG_PRELOADED_WEB_APP)
{
- SLOGE("permission denied\n");
- free(buffer);
- return SS_PERMISSION_DENIED;
+ if(check_privilege_by_sockfd(sockfd, dir, "w") < 0)
+ {
+ SLOGE("Permission denied\n");
+ return SS_PERMISSION_DENIED;
+ }
}
#endif
-
+
// create file path from filename
- ConvertFileName(sender_pid, out_filepath, filename, flag, group_id);
+ ConvertFileName(sender_pid, out_filepath, filename, flag, dir);
// open a file with write mode
if(!(fd_out = fopen(out_filepath, "wb")))
@@ -696,9 +607,7 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen
}
// write metadata
- sfic.fInfoStruct.originSize = (unsigned int)bufLen;
- sfic.fInfoStruct.storedSize = writeLen;
- sfic.fInfoStruct.reserved[0] = flag & 0x000000ff;
+ SetMetaData(&sfic, bufLen, writeLen, flag);
fwrite(sfic.fInfoArray, 1, sizeof(ssm_file_info_t), fd_out);
@@ -738,9 +647,9 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen
SLOGI("success to execute fsync(). loop=[%d], rest=[%d]\n", loop, rest);
}
- fclose(fd_out);
+ fclose(fd_out);
free(buffer);
-
+
return 1;
}
@@ -763,12 +672,22 @@ int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, u
*readLen = 0;
- //0. privilege check and get directory name
+ //0. get directory name and privilege check
+ char dir[MAX_GROUP_ID_LEN] = {0,};
+ if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0)
+ {
+ SLOGE("Failed to get storage dir\n");
+ return SS_SECURE_STORAGE_ERROR;
+ }
+
#ifdef SMACK_GROUP_ID
- if(check_privilege_by_sockfd(sockfd, group_id, "r") != 0)
+ if(flag != SSM_FLAG_PRELOADED_WEB_APP)
{
- SLOGE("permission denied\n");
- return SS_PERMISSION_DENIED;
+ if(check_privilege_by_sockfd(sockfd, dir, "r") < 0)
+ {
+ SLOGE("Permission denied\n");
+ return SS_PERMISSION_DENIED;
+ }
}
#endif
@@ -776,7 +695,7 @@ int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, u
if(flag == SSM_FLAG_WIDGET)
strncpy(in_filepath, data_filepath, MAX_FILENAME_LEN - 1);
else
- ConvertFileName(sender_pid, in_filepath, data_filepath, flag, group_id);
+ ConvertFileName(sender_pid, in_filepath, data_filepath, flag, dir);
// 2. open file
if(!(fd_in = fopen(in_filepath, "rb")))
@@ -824,10 +743,10 @@ int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, u
out_data += read;
*readLen += read;
Last:
- *out_data = '\0';
+ *out_data = '\0';
fclose(fd_in);
-
+
return 1;
}
@@ -840,17 +759,28 @@ int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag,
const char* in_filepath = data_filepath;
char out_filepath[MAX_FILENAME_LEN] = {0, };
- //0. privilege check and get directory name
+ //0. get directory name and privilege check
+ char dir[MAX_GROUP_ID_LEN] = {0,};
+ if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0)
+ {
+ SLOGE("Failed to get storage dir\n");
+ return SS_SECURE_STORAGE_ERROR;
+ }
+
#ifdef SMACK_GROUP_ID
- if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0)
+ if(flag != SSM_FLAG_PRELOADED_WEB_APP)
{
- SLOGE("permission denied\n");
- return SS_PERMISSION_DENIED;
+ if(check_privilege_by_sockfd(sockfd, dir, "w") < 0)
+ {
+ SLOGE("Permission denied\n");
+ return SS_PERMISSION_DENIED;
+ }
}
#endif
- // 1. create out file name
- ConvertFileName(sender_pid, out_filepath, in_filepath, flag, group_id);
-
+
+ // create file path from filename
+ ConvertFileName(sender_pid, out_filepath, in_filepath, flag, dir);
+
// 2. delete designated file
if(unlink(out_filepath) != 0) // unlink fail?
{
@@ -871,21 +801,31 @@ int SsServerGetInfo(int sender_pid, const char* data_filepath, char* file_info,
FILE *fd_in = NULL;
char in_filepath[MAX_FILENAME_LEN] = {0, };
- //0. privilege check and get directory name
+ //0. get directory name and privilege check
+ char dir[MAX_GROUP_ID_LEN] = {0,};
+ if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0)
+ {
+ SLOGE("Failed to get storage dir\n");
+ return SS_SECURE_STORAGE_ERROR;
+ }
+
#ifdef SMACK_GROUP_ID
- if(check_privilege_by_sockfd(sockfd, group_id, "r") != 0)
+ if(flag != SSM_FLAG_PRELOADED_WEB_APP)
{
- SLOGE("permission denied, [%s]\n", group_id);
- return SS_PERMISSION_DENIED;
+ if(check_privilege_by_sockfd(sockfd, dir, "r") < 0)
+ {
+ SLOGE("Permission denied\n");
+ return SS_PERMISSION_DENIED;
+ }
}
#endif
-
+
// 1. create in file name : convert file name in order to access secure storage
if(flag == SSM_FLAG_WIDGET)
strncpy(in_filepath, data_filepath, MAX_FILENAME_LEN - 1);
else
- ConvertFileName(sender_pid, in_filepath, data_filepath, flag, group_id);
-
+ ConvertFileName(sender_pid, in_filepath, data_filepath, flag, dir);
+
// 1. open file
if(!(fd_in = fopen( in_filepath, "rb")))
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 15:11:55 +0000