From 81b5b465c7fe73023725a08946a0661b74e76fb1 Mon Sep 17 00:00:00 2001 From: KyungwooNoh Date: Wed, 26 Jun 2013 19:40:25 +0900 Subject: change fine naming rule Change-Id: I65b7084b94c791470784823d9ee07b4436996efa Signed-off-by: KyungwooNoh --- include/ss_manager.h | 2 + server/src/ss_server_main.c | 514 +++++++++++++++++++------------------------- 2 files changed, 229 insertions(+), 287 deletions(-) diff --git a/include/ss_manager.h b/include/ss_manager.h index f9e277c..1d14ca4 100755 --- a/include/ss_manager.h +++ b/include/ss_manager.h @@ -45,6 +45,8 @@ typedef enum { SSM_FLAG_SECRET_PRESERVE, // for preserved operation SSM_FLAG_SECRET_OPERATION, // for oma drm , wifi addr, divx and bt addr SSM_FLAG_WIDGET, // for wiget encryption/decryption + SSM_FLAG_WEB_APP, + SSM_FLAG_PRELOADED_WEB_APP, SSM_FLAG_MAX } ssm_flag; diff --git a/server/src/ss_server_main.c b/server/src/ss_server_main.c index 5d66f16..25f3048 100755 --- a/server/src/ss_server_main.c +++ b/server/src/ss_server_main.c @@ -113,7 +113,7 @@ char* get_preserved_dir() int IsSmackEnabled() { FILE *file = NULL; - if(file = fopen("/smack/load2", "r")) + if((file = fopen("/smack/load2", "r"))) { fclose(file); return 1; @@ -186,7 +186,7 @@ unsigned short GetHashCode(const unsigned char* pString) return hash; } -int IsDirExist(char* dirpath) +int IsDirExist(const char* dirpath) { DIR* dp = NULL; @@ -204,300 +204,194 @@ int IsDirExist(char* dirpath) return -1; } -int check_privilege(const char* cookie, const char* group_id) +int check_privilege_by_sockfd(int sockfd, const char* object, const char* access_rights) { -// int ret = -1; // if success, return 0 -// int gid = -1; - -// if(!strncmp(group_id, "NOTUSED", 7)) // group_id is NULL -// return 0; -// else -// { -// gid = security_server_get_gid(group_id); -// ret = security_server_check_privilege(cookie, gid); -// } - -// return ret; - return 0; // success always + if(!IsSmackEnabled()) + return 0; + + int ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights); + SLOGD("object : %s, access_rights : %s, ret : %d", object, access_rights, ret); + return ret; } -int check_privilege_by_sockfd(int sockfd, const char* object, const char* access_rights) +/* convert normal file path to secure storage file path */ +int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag, const char* group_id) { - int ret = -1; // if success, return 0 - const char* private_group_id = "NOTUSED"; - char* default_smack_label = NULL; - const char* group_id = object; + char s[33+1]; + const char* dir = group_id; + char* preserved_dir = NULL; + int is_dir_exist = -1; - if(!IsSmackEnabled()) + if(!dest || !src) { - return 0; + SLOGE("Parameter error in ConvertFileName()...\n"); + return SS_FILE_OPEN_ERROR; // file related error } - if(!strncmp(group_id, private_group_id, strlen(private_group_id))) + // get top-dir path + if(flag == SSM_FLAG_SECRET_PRESERVE) { - SLOGD("requested default group_id. get smack label"); - default_smack_label = security_server_get_smacklabel_sockfd(sockfd); - if(default_smack_label) + preserved_dir = get_preserved_dir(); + if(preserved_dir == NULL) // fail to get preserved directory { - SLOGD("defined smack label : %s", default_smack_label); - group_id = default_smack_label; + SLOGE("fail to get preserved dir\n"); + return SS_FILE_OPEN_ERROR; } - else + + strncpy(dest, preserved_dir, strlen(preserved_dir)); //dest <= /csa + free(preserved_dir); + } + else // SSM_FLAG_SECRET_DATA || SSM_FLAG_SECRET_OPERATION || SSM_FLAG_PRELOADED_WEB_APP + { + if(CreateStorageDir(SS_STORAGE_DEFAULT_PATH) < 0) { - SLOGD("failed to get smack label"); - return -1; + return SS_FILE_OPEN_ERROR; } + // TBD + strncpy(dest, SS_STORAGE_DEFAULT_PATH, strlen(SS_STORAGE_DEFAULT_PATH)); } - SLOGD("object : %s, access_rights : %s", group_id, access_rights); - ret = security_server_check_privilege_by_sockfd(sockfd, group_id, access_rights); + strncat(dest, dir, (strlen(dir))); // add top-dir + dir(label) + strncat(dest, "/", 1); - if(default_smack_label) + if(CreateStorageDir(dest) < 0) { - free(default_smack_label); + return SS_FILE_OPEN_ERROR; } - return ret; -} + strncat(dest, "_", 1); // /top-dir/label/_ -/* convert normal file path to secure storage file path */ -int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag, const char* group_id) -{ - char* if_pointer = NULL; - unsigned short h_code = 0; - unsigned short h_code2 = 0; - unsigned char path_hash[SHA_DIGEST_LENGTH + 1]; - char s[33+1]; - const char* dir = NULL; - char tmp_cmd[32] = {0, }; - char tmp_buf[10] = {0, }; - const unsigned char exe_path[256] = {0, }; - FILE* fp_proc = NULL; - char* preserved_dir = NULL; - int is_dir_exist = -1; + GetPathHash(src, s); + strncat(dest, s, strlen(s)); // /top-dir/label/_hash + strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX)); // /top-dir/label/_hash.e - if(!dest || !src) - { - SLOGE("Parameter error in ConvertFileName()...\n"); - return SS_FILE_OPEN_ERROR; // file related error - } + SLOGD("final dest : %s", dest); + + return 1; +} - memset(tmp_cmd, 0x00, 32); - snprintf(tmp_cmd, 32, "/proc/%d/cmdline", sender_pid); +int GetProcessExecPath(int pid, char* buffer) +{ + char tmp_cmd[32] = {0,}; + FILE *fp_proc = NULL; + snprintf(tmp_cmd, 32, "/proc/%d/cmdline", pid); if(!(fp_proc = fopen(tmp_cmd, "r"))) { SLOGE("file open error: [%s]", tmp_cmd); return SS_FILE_OPEN_ERROR; } - - fgets((char*)exe_path, 256, fp_proc); + + fgets((char*)buffer, 256, fp_proc); fclose(fp_proc); - if(!strncmp(group_id, "NOTUSED", 7)) // don't share + return 0; +} + +int GetProcessSmackLabel(int sockfd, char* proc_smack_label) +{ + char* smack_label = security_server_get_smacklabel_sockfd(sockfd); + if(smack_label) { - h_code2 = GetHashCode(exe_path); - memset(tmp_buf, 0x00, 10); - snprintf(tmp_buf, 10, "%u", h_code2); - dir = tmp_buf; + strncpy(proc_smack_label, smack_label, strlen(smack_label)); + free(smack_label); } - else // share - dir = group_id; - - if_pointer = strrchr(src, '/'); - - if(flag == SSM_FLAG_DATA) // /opt/share/secure-storage/* + else { - // check whether directory is exist or not - is_dir_exist = IsDirExist(SS_STORAGE_DEFAULT_PATH); - - if (is_dir_exist == 0) // SS_STORAGE_FILE_PATH is not exist - { - SLOGI("directory [%s] is making now.\n", SS_STORAGE_DEFAULT_PATH); - if(mkdir(SS_STORAGE_DEFAULT_PATH, 0700) < 0) // fail to make directory - { - SLOGE("[%s] cannot be made\n", SS_STORAGE_DEFAULT_PATH); - return SS_FILE_OPEN_ERROR; - } - } - else if (is_dir_exist == -1) // Unknown error - { - SLOGE("Unknown error in the function IsDirExist().\n"); - return SS_PARAM_ERROR; - } + SLOGE("failed to get smack label"); + return -1; // SS_SECURITY_SERVER_ERROR? + } + SLOGD("defined smack label : %s", proc_smack_label); + return 0; +} - // TBD - strncpy(dest, SS_STORAGE_DEFAULT_PATH, MAX_FILENAME_LEN - 1); - strncat(dest, dir, (strlen(dest) - 1)); - strncat(dest, "/", 1); +int GetPathHash(const char *src, char *output) +{ + unsigned short h_code = 0; + unsigned char path_hash[SHA_DIGEST_LENGTH + 1]; - // make directory - dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + 2] = '\0'; - is_dir_exist = IsDirExist(dest); + SHA1((unsigned char*)src, (size_t)strlen(src), path_hash); + h_code = GetHashCode(path_hash); + memset(output, 0x00, 34); + snprintf(output, 34, "%u", h_code); - if(is_dir_exist == 0) // not exist - { - SLOGI("%s is making now.\n", dest); - if(mkdir(dest, 0700) < 0) // fail to make directory - { - SLOGE("[%s] cannot be made\n", dest); - return SS_FILE_OPEN_ERROR; - } - } - - int length_of_file = 0; - if(if_pointer != NULL) - { - length_of_file = strlen(if_pointer); - strncat(dest, if_pointer + 1, length_of_file + 1); - } - strncat(dest, "_", 1); + SLOGD("hashing src : %s to output : %s", src, output); - SHA1((unsigned char*)src, (size_t)strlen(src), path_hash); - h_code = GetHashCode(path_hash); - memset(s, 0x00, 34); - snprintf(s, 34, "%u", h_code); - strncat(dest, s, strlen(s)); - strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX)); + return 0; +} - dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + length_of_file + strlen(s) + strlen(SS_FILE_POSTFIX) + 4] = '\0'; - } - else if(flag == SSM_FLAG_SECRET_PRESERVE) // /tmp/csa/ + +int CreateStorageDir(const char* path) +{ + int is_dir_exist = IsDirExist(path); + + if (is_dir_exist == 0) // path directory is not exist { - preserved_dir = get_preserved_dir(); - if(preserved_dir == NULL) // fail to get preserved directory + SLOGI("directory [%s] is making now.\n", path); + if(mkdir(path, 0700) < 0) // fail to make directory { - SLOGE("fail to get preserved dir\n"); - return SS_FILE_OPEN_ERROR; + SLOGE("[%s] cannot be made\n", SS_STORAGE_DEFAULT_PATH); + return -SS_FILE_OPEN_ERROR; } - - if(strncmp(src, preserved_dir, strlen(preserved_dir)) == 0) //src[0] == '/') - { - strncpy(dest, src, MAX_FILENAME_LEN - 1); - strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX)); + } - dest[strlen(src) + strlen(SS_FILE_POSTFIX)] = '\0'; - } - else if(if_pointer != NULL) // absolute path == file - { - strncpy(dest, preserved_dir, MAX_FILENAME_LEN - 1); - strncat(dest, if_pointer + 1, strlen(if_pointer) + 1); - strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX)); - dest[strlen(preserved_dir) + strlen(if_pointer) + strlen(SS_FILE_POSTFIX) + 1] = '\0'; - } - else // relative path == buffer - { - strncpy(dest, preserved_dir, MAX_FILENAME_LEN - 1); - strncat(dest, src, strlen(src)); - strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX)); - dest[strlen(preserved_dir) + strlen(src) + strlen(SS_FILE_POSTFIX)] = '\0'; - } + return 0; +} - free(preserved_dir); +/* + * if group_id is given, use group_id + * + * if NULL group_id is given + * smack enable : use process smack label + * smack disable : use process exec path + * + */ +int GetProcessStorageDir(int sockfd, int sender_pid, const char* group_id, char* output) +{ + char *object = group_id; + char proc_smack_label[MAX_GROUP_ID_LEN+1] = {0,}; + char hash_buf[10] = {0, }; + int is_shared = strncmp(group_id, "NOTUSED", 7) ? 1 : 0; - } - else if(flag == SSM_FLAG_SECRET_OPERATION) // /opt/share/secure-storage/ +#ifdef SMACK_GROUP_ID + if(IsSmackEnabled()) { - if(if_pointer != NULL) // absolute path == input is a file + if(!is_shared) // don't share, use process smack label { - // check whether directory is exist or not - is_dir_exist = IsDirExist(SS_STORAGE_DEFAULT_PATH); - - if (is_dir_exist == 0) // SS_STORAGE_FILE_PATH is not exist + if(GetProcessSmackLabel(sockfd, proc_smack_label) != 0) { - SLOGI("%s is making now.\n", SS_STORAGE_DEFAULT_PATH); - if(mkdir(SS_STORAGE_DEFAULT_PATH, 0700) < 0) // fail to make directory - { - SLOGE("[%s] cannnot be made\n", SS_STORAGE_DEFAULT_PATH); - return SS_FILE_OPEN_ERROR; - } + return -SS_SECURE_STORAGE_ERROR; } - else if (is_dir_exist == -1) // Unknown error - { - SLOGE("Unknown error in the function IsDirExist().\n"); - return SS_PARAM_ERROR; - } - - strncpy(dest, SS_STORAGE_DEFAULT_PATH, MAX_FILENAME_LEN - 1); - strncat(dest, dir, strlen(dir)); - strncat(dest, "/", 1); - - // make directory - dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + 2] = '\0'; - is_dir_exist = IsDirExist(dest); - - if(is_dir_exist == 0) // not exist - { - SLOGI("%s is making now.\n", dest); - if(mkdir(dest, 0700) < 0) - { - SLOGE("[%s] cannot be made\n", dest); - return SS_FILE_OPEN_ERROR; - } - } - - strncat(dest, if_pointer + 1, strlen(if_pointer) + 1); - strncat(dest, "_", 1); - SHA1((unsigned char*)src, (size_t)strlen(src), path_hash); - h_code = GetHashCode(path_hash); - memset(s, 0x00, 34); - snprintf(s, 34, "%u", h_code); - strncat(dest, s, strlen(s)); - strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX)); - - dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + strlen(if_pointer) + strlen(s) + strlen(SS_FILE_POSTFIX) + 4] = '\0'; + object = proc_smack_label; } - else // relative path == input is a buffer - { - // check whether directory is exist or not - is_dir_exist = IsDirExist(SS_STORAGE_DEFAULT_PATH); - - if (is_dir_exist == 0) // SS_STORAGE_BUFFER_PATH is not exist - { - SLOGI("%s is making now.\n", SS_STORAGE_DEFAULT_PATH); - if(mkdir(SS_STORAGE_DEFAULT_PATH, 0700) < 0) - { - SLOGE("[%s] cannot be made\n", SS_STORAGE_DEFAULT_PATH); - return SS_FILE_OPEN_ERROR; - } - } - else if (is_dir_exist == -1) // Unknown error - { - SLOGE("Unknown error in the function IsDirExist().\n"); - return SS_PARAM_ERROR; - } - - strncpy(dest, SS_STORAGE_DEFAULT_PATH, MAX_FILENAME_LEN - 1); - strncat(dest, dir, strlen(dir)); - strncat(dest, "/", 1); - - // make directory - dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + 2] = '\0'; - is_dir_exist = IsDirExist(dest); + } + else{ +#endif + char exe_path[256] = {0,}; + int h_code2 = 0; - if(is_dir_exist == 0) // not exist + if(!is_shared) // don't share + { + if(GetProcessExecPath(sender_pid, exe_path) != 0) { - SLOGI("%s is making now.\n", dest); - if(mkdir(dest, 0700) < 0) - { - SLOGE("[%s] cannot be made\n", dest); - return SS_FILE_OPEN_ERROR; - } + return -SS_SECURE_STORAGE_ERROR; } - - strncat(dest, src, strlen(src)); - strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX)); - - dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + strlen(src) + strlen(SS_FILE_POSTFIX) + 2] = '\0'; + h_code2 = GetHashCode(exe_path); + snprintf(hash_buf, 10, "%u", h_code2); + object = hash_buf; } +#ifdef SMACK_GROUP_ID } - else - { - SLOGE("flag mispatch. cannot convert file name.\n"); - return SS_PARAM_ERROR; - } +#endif + strncpy(output, object, strlen(object)); + return 0; +} - return 1; +void SetMetaData(ssm_file_info_convert_t* sfic, unsigned int orig_size, unsigned int stored_size, int flag) +{ + sfic->fInfoStruct.originSize = (unsigned int)orig_size; + sfic->fInfoStruct.storedSize = (unsigned int)stored_size; + sfic->fInfoStruct.reserved[0] = flag & 0x000000ff; } /* aes crypto function wrapper - p_text : plain text, c_text : cipher text, aes_key : from GetKey, mode : ENCRYPT/DECRYPT, size : data size */ @@ -538,25 +432,35 @@ int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_fla FILE* fd_out = NULL; struct stat file_info; ssm_file_info_convert_t sfic; - int res = -1; unsigned char p_text[ENCRYPT_SIZE]= {0, }; unsigned char e_text[ENCRYPT_SIZE]= {0, }; size_t read = 0, rest = 0; + int res = -1; //0. privilege check and get directory name + char dir[MAX_GROUP_ID_LEN] = {0,}; + if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0) + { + SLOGE("Failed to get storage dir\n"); + return SS_SECURE_STORAGE_ERROR; + } + #ifdef SMACK_GROUP_ID - if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0) + if(flag != SSM_FLAG_PRELOADED_WEB_APP) { - SLOGE("[%s] permission denied\n", group_id); - return SS_PERMISSION_DENIED; + if(check_privilege_by_sockfd(sockfd, dir, "w") < 0) + { + SLOGE("Permission denied\n"); + return SS_PERMISSION_DENIED; + } } #endif // 1. create out file name - ConvertFileName(sender_pid, out_filepath, in_filepath, flag, group_id); - + ConvertFileName(sender_pid, out_filepath, in_filepath, flag, dir); + // 2. file open if(!(fd_in = fopen(in_filepath, "rb"))) { @@ -582,9 +486,7 @@ int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_fla // 3. write metadata if(!stat(in_filepath, &file_info)) { - sfic.fInfoStruct.originSize = (unsigned int)file_info.st_size; - sfic.fInfoStruct.storedSize = (unsigned int)(sfic.fInfoStruct.originSize/AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE; - sfic.fInfoStruct.reserved[0] = flag & 0x000000ff; + SetMetaData(&sfic, file_info.st_size, (file_info.st_size/AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE, flag); } else { @@ -647,15 +549,15 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen { char key[16] = {0, }; unsigned char iv[16] = {0, }; - char out_filepath[MAX_FILENAME_LEN+1]; + char out_filepath[MAX_FILENAME_LEN+1] = {0,}; char *buffer = NULL; unsigned int writeLen = 0, loop, rest, count; FILE *fd_out = NULL; ssm_file_info_convert_t sfic; - unsigned char p_text[ENCRYPT_SIZE]= {0, }; - unsigned char e_text[ENCRYPT_SIZE]= {0, }; + unsigned char p_text[ENCRYPT_SIZE] = {0, }; + unsigned char e_text[ENCRYPT_SIZE] = {0, }; int res = -1; - + writeLen = (unsigned int)(bufLen / AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE; buffer = (char*)malloc(writeLen + 1); if(!buffer) @@ -666,18 +568,27 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen memset(buffer, 0x00, writeLen); memcpy(buffer, writebuffer, bufLen); - //0. privilege check and get directory name + //0. get directory name and privilege check + char dir[MAX_GROUP_ID_LEN] = {0,}; + if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0) + { + SLOGE("Failed to get storage dir\n"); + return SS_SECURE_STORAGE_ERROR; + } + #ifdef SMACK_GROUP_ID - if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0) + if(flag != SSM_FLAG_PRELOADED_WEB_APP) { - SLOGE("permission denied\n"); - free(buffer); - return SS_PERMISSION_DENIED; + if(check_privilege_by_sockfd(sockfd, dir, "w") < 0) + { + SLOGE("Permission denied\n"); + return SS_PERMISSION_DENIED; + } } #endif - + // create file path from filename - ConvertFileName(sender_pid, out_filepath, filename, flag, group_id); + ConvertFileName(sender_pid, out_filepath, filename, flag, dir); // open a file with write mode if(!(fd_out = fopen(out_filepath, "wb"))) @@ -696,9 +607,7 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen } // write metadata - sfic.fInfoStruct.originSize = (unsigned int)bufLen; - sfic.fInfoStruct.storedSize = writeLen; - sfic.fInfoStruct.reserved[0] = flag & 0x000000ff; + SetMetaData(&sfic, bufLen, writeLen, flag); fwrite(sfic.fInfoArray, 1, sizeof(ssm_file_info_t), fd_out); @@ -738,9 +647,9 @@ int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen SLOGI("success to execute fsync(). loop=[%d], rest=[%d]\n", loop, rest); } - fclose(fd_out); + fclose(fd_out); free(buffer); - + return 1; } @@ -763,12 +672,22 @@ int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, u *readLen = 0; - //0. privilege check and get directory name + //0. get directory name and privilege check + char dir[MAX_GROUP_ID_LEN] = {0,}; + if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0) + { + SLOGE("Failed to get storage dir\n"); + return SS_SECURE_STORAGE_ERROR; + } + #ifdef SMACK_GROUP_ID - if(check_privilege_by_sockfd(sockfd, group_id, "r") != 0) + if(flag != SSM_FLAG_PRELOADED_WEB_APP) { - SLOGE("permission denied\n"); - return SS_PERMISSION_DENIED; + if(check_privilege_by_sockfd(sockfd, dir, "r") < 0) + { + SLOGE("Permission denied\n"); + return SS_PERMISSION_DENIED; + } } #endif @@ -776,7 +695,7 @@ int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, u if(flag == SSM_FLAG_WIDGET) strncpy(in_filepath, data_filepath, MAX_FILENAME_LEN - 1); else - ConvertFileName(sender_pid, in_filepath, data_filepath, flag, group_id); + ConvertFileName(sender_pid, in_filepath, data_filepath, flag, dir); // 2. open file if(!(fd_in = fopen(in_filepath, "rb"))) @@ -824,10 +743,10 @@ int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, u out_data += read; *readLen += read; Last: - *out_data = '\0'; + *out_data = '\0'; fclose(fd_in); - + return 1; } @@ -840,17 +759,28 @@ int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag, const char* in_filepath = data_filepath; char out_filepath[MAX_FILENAME_LEN] = {0, }; - //0. privilege check and get directory name + //0. get directory name and privilege check + char dir[MAX_GROUP_ID_LEN] = {0,}; + if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0) + { + SLOGE("Failed to get storage dir\n"); + return SS_SECURE_STORAGE_ERROR; + } + #ifdef SMACK_GROUP_ID - if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0) + if(flag != SSM_FLAG_PRELOADED_WEB_APP) { - SLOGE("permission denied\n"); - return SS_PERMISSION_DENIED; + if(check_privilege_by_sockfd(sockfd, dir, "w") < 0) + { + SLOGE("Permission denied\n"); + return SS_PERMISSION_DENIED; + } } #endif - // 1. create out file name - ConvertFileName(sender_pid, out_filepath, in_filepath, flag, group_id); - + + // create file path from filename + ConvertFileName(sender_pid, out_filepath, in_filepath, flag, dir); + // 2. delete designated file if(unlink(out_filepath) != 0) // unlink fail? { @@ -871,21 +801,31 @@ int SsServerGetInfo(int sender_pid, const char* data_filepath, char* file_info, FILE *fd_in = NULL; char in_filepath[MAX_FILENAME_LEN] = {0, }; - //0. privilege check and get directory name + //0. get directory name and privilege check + char dir[MAX_GROUP_ID_LEN] = {0,}; + if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0) + { + SLOGE("Failed to get storage dir\n"); + return SS_SECURE_STORAGE_ERROR; + } + #ifdef SMACK_GROUP_ID - if(check_privilege_by_sockfd(sockfd, group_id, "r") != 0) + if(flag != SSM_FLAG_PRELOADED_WEB_APP) { - SLOGE("permission denied, [%s]\n", group_id); - return SS_PERMISSION_DENIED; + if(check_privilege_by_sockfd(sockfd, dir, "r") < 0) + { + SLOGE("Permission denied\n"); + return SS_PERMISSION_DENIED; + } } #endif - + // 1. create in file name : convert file name in order to access secure storage if(flag == SSM_FLAG_WIDGET) strncpy(in_filepath, data_filepath, MAX_FILENAME_LEN - 1); else - ConvertFileName(sender_pid, in_filepath, data_filepath, flag, group_id); - + ConvertFileName(sender_pid, in_filepath, data_filepath, flag, dir); + // 1. open file if(!(fd_in = fopen( in_filepath, "rb"))) { -- cgit v1.2.3