diff options
| author | Konrad Lipinski <k.lipinski2@samsung.com> | 2022-07-12 16:01:11 +0200 |
|---|---|---|
| committer | Konrad Lipinski <k.lipinski2@samsung.com> | 2022-07-14 14:31:56 +0200 |
| commit | 2cdc1596fc1d71b19edc5be1293912f9b7e808f4 (patch) | |
| tree | a40f885331f029910ee79888ef3676fc5d8c8db4 | |
| parent | 788ee5f1c2ffd0c88d6ee36db913f7cb31563c21 (diff) | |
| download | security-manager-2cdc1596fc1d71b19edc5be1293912f9b7e808f4.tar.gz security-manager-2cdc1596fc1d71b19edc5be1293912f9b7e808f4.tar.bz2 security-manager-2cdc1596fc1d71b19edc5be1293912f9b7e808f4.zip | |
Drop socket manager multi service support
That feature has never been used, it's always been dead weight.
Security manager is a single service so that's unlikely to ever change.
Implications:
* no need to store/check interface ID
* one service per socket manager - less bookkeeping, simpler destructor
* socket descriptors now only apply to accepted sockets
Change-Id: I84ce915f0ff6929df45a40a0a8f5cbf7a4214694
| -rw-r--r-- | src/common/include/connection-info.h | 8 | ||||
| -rw-r--r-- | src/common/include/connection.h | 4 | ||||
| -rw-r--r-- | src/server/main/include/generic-socket-manager.h | 20 | ||||
| -rw-r--r-- | src/server/main/include/socket-manager.h | 29 | ||||
| -rw-r--r-- | src/server/main/socket-manager.cpp | 110 | ||||
| -rw-r--r-- | src/server/service/base-service.cpp | 9 | ||||
| -rw-r--r-- | src/server/service/include/base-service.h | 8 | ||||
| -rw-r--r-- | src/server/service/include/service.h | 7 | ||||
| -rw-r--r-- | src/server/service/service.cpp | 282 |
9 files changed, 189 insertions, 288 deletions
diff --git a/src/common/include/connection-info.h b/src/common/include/connection-info.h index c784526a..d604c81d 100644 --- a/src/common/include/connection-info.h +++ b/src/common/include/connection-info.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -36,12 +36,10 @@ namespace SecurityManager { struct ConnectionInfo { - ConnectionInfo(InterfaceID inter, Credentials crd) - : interfaceID(inter) - , creds(std::move(crd)) + ConnectionInfo(Credentials crd) + : creds(std::move(crd)) {} - InterfaceID interfaceID; Credentials creds; MessageBuffer buffer; }; diff --git a/src/common/include/connection.h b/src/common/include/connection.h index c3562d9d..759c1e3b 100644 --- a/src/common/include/connection.h +++ b/src/common/include/connection.h @@ -35,10 +35,6 @@ #include <message-buffer.h> -extern "C" { - struct msghdr; -} - namespace SecurityManager { typedef std::vector<unsigned char> RawBuffer; diff --git a/src/server/main/include/generic-socket-manager.h b/src/server/main/include/generic-socket-manager.h index 5934ae15..c916c62d 100644 --- a/src/server/main/include/generic-socket-manager.h +++ b/src/server/main/include/generic-socket-manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -38,8 +38,6 @@ namespace SecurityManager { -typedef int InterfaceID; - struct ConnectionID { int sock; // This is decriptor used for connection int counter; // Unique handler per socket @@ -57,31 +55,21 @@ struct GenericSocketService { typedef std::string ServiceHandlerPath; struct ServiceDescription { ServiceDescription(const char *path, - const char *smackLabel, - InterfaceID interfaceID = 0, - bool systemdOnly = false) + const char *smackLabel) : smackLabel(smackLabel) - , interfaceID(interfaceID) , serviceHandlerPath(path) - , systemdOnly(systemdOnly) {} SmackLabel smackLabel; // Smack label for socket - InterfaceID interfaceID; // All data from serviceHandlerPath will be marked with this interfaceHandler ServiceHandlerPath serviceHandlerPath; // Path to file - bool systemdOnly; }; - typedef std::vector<ServiceDescription> ServiceDescriptionVector; - struct AcceptEvent : public GenericEvent { - AcceptEvent(ConnectionID connection, InterfaceID interface, Credentials crd) + AcceptEvent(ConnectionID connection, Credentials crd) : connectionID(connection) - , interfaceID(interface) , creds(std::move(crd)) {} ConnectionID connectionID; - InterfaceID interfaceID; Credentials creds; }; @@ -104,7 +92,7 @@ struct GenericSocketService { m_serviceManager = manager; } - virtual ServiceDescriptionVector GetServiceDescription() = 0; + virtual const ServiceDescription &GetServiceDescription() const = 0; virtual void Event(AcceptEvent &&event) = 0; virtual void Event(WriteEvent &&event) = 0; virtual void Event(ReadEvent &&event) = 0; diff --git a/src/server/main/include/socket-manager.h b/src/server/main/include/socket-manager.h index 9737382f..ffcbba0f 100644 --- a/src/server/main/include/socket-manager.h +++ b/src/server/main/include/socket-manager.h @@ -57,7 +57,6 @@ public: protected: void CreateDomainSocket( - GenericSocketService *service, const GenericSocketService::ServiceDescription &desc); int CreateDomainSocketHelp( const GenericSocketService::ServiceDescription &desc); @@ -66,7 +65,7 @@ protected: void ReadyForRead(int sock); void ReadyForWrite(int sock); - void ReadyForAccept(int sock); + void ReadyForAccept(); bool GotSigTerm() const; void ProcessQueue(void); void NotifyMe(void); @@ -75,27 +74,14 @@ protected: void RegisterFdForReading(int fd); struct SocketDescription { - bool isListen; - bool isOpen; - bool isTimeout; - InterfaceID interfaceID; - GenericSocketService *service; - time_t timeout; + bool isOpen = false; + bool isTimeout = false; + time_t timeout = 0; RawBuffer rawBuffer; - int counter; - - SocketDescription() - : isListen(false) - , isOpen(false) - , isTimeout(false) - , interfaceID(-1) - , service(NULL) - , timeout(0) - , counter(-1) - {} + int counter = -1; }; - SocketDescription& CreateDefaultReadSocketDescription(int sock, bool timeout); + SocketDescription& CreateDefaultReadSocketDescription(int sock); typedef std::vector<SocketDescription> SocketDescriptionVector; @@ -113,10 +99,11 @@ protected: }; SocketDescriptionVector m_socketDescriptionVector; + GenericSocketService *m_service = nullptr; fd_set m_readSet; fd_set m_writeSet; int m_maxDesc = 0; - int m_signalFd, m_notifyMe; + int m_signalFd, m_listenSock = -1, m_notifyMe; int m_counter = 0; std::mutex m_eventQueueMutex; std::queue<WriteBuffer> m_writeBufferQueue; diff --git a/src/server/main/socket-manager.cpp b/src/server/main/socket-manager.cpp index fd945d5c..673ee33d 100644 --- a/src/server/main/socket-manager.cpp +++ b/src/server/main/socket-manager.cpp @@ -26,8 +26,6 @@ * @brief Implementation of SocketManager. */ -#include <set> - #include <errno.h> #include <fcntl.h> #include <linux/xattr.h> @@ -69,30 +67,24 @@ void SocketManager::RegisterFdForReading(int fd) { } SocketManager::SocketDescription& -SocketManager::CreateDefaultReadSocketDescription(int sock, bool timeout) +SocketManager::CreateDefaultReadSocketDescription(int sock) { if ((int)m_socketDescriptionVector.size() <= sock) m_socketDescriptionVector.resize(sock+20); auto &desc = m_socketDescriptionVector[sock]; - desc.isListen = false; desc.isOpen = true; - desc.interfaceID = 0; - desc.service = NULL; + desc.timeout = monotonicNow() + SOCKET_TIMEOUT; desc.counter = ++m_counter; - if (timeout) { - desc.timeout = monotonicNow() + SOCKET_TIMEOUT; - if (false == desc.isTimeout) { - Timeout tm; - tm.time = desc.timeout; - tm.sock = sock; - m_timeoutQueue.push(tm); - } + if (false == desc.isTimeout) { + desc.isTimeout = true; + Timeout tm; + tm.time = desc.timeout; + tm.sock = sock; + m_timeoutQueue.push(tm); } - desc.isTimeout = timeout; - RegisterFdForReading(sock); return desc; } @@ -126,19 +118,9 @@ SocketManager::SocketManager() } SocketManager::~SocketManager() { - std::set<GenericSocketService*> serviceMap; - - // Find all services. Set is used to remove duplicates. - // In this implementation, services are not able to react in any way. - for (size_t i=0; i < m_socketDescriptionVector.size(); ++i) - if (m_socketDescriptionVector[i].isOpen) - serviceMap.insert(m_socketDescriptionVector[i].service); - - // Time to destroy all services. - for (auto it = serviceMap.begin(); it != serviceMap.end(); ++it) { - LogDebug("delete " << (void*)(*it)); - (*it)->Stop(); - delete *it; + if (m_service) { + m_service->Stop(); + delete m_service; } for (size_t i = 0; i < m_socketDescriptionVector.size(); ++i) @@ -147,13 +129,14 @@ SocketManager::~SocketManager() { // All service sockets have been closed. Close internal descriptors. close(m_signalFd); + close(m_listenSock); close(m_notifyMe); } -void SocketManager::ReadyForAccept(int sock) { +void SocketManager::ReadyForAccept() { struct sockaddr_un clientAddr; unsigned int clientLen = sizeof(clientAddr); - int client = accept4(sock, (struct sockaddr*) &clientAddr, &clientLen, SOCK_NONBLOCK); + int client = accept4(m_listenSock, (struct sockaddr*) &clientAddr, &clientLen, SOCK_NONBLOCK); // LogInfo("Accept on sock: " << sock << " Socket opended: " << client); if (-1 == client) { int err = errno; @@ -161,15 +144,12 @@ void SocketManager::ReadyForAccept(int sock) { return; } - auto &desc = CreateDefaultReadSocketDescription(client, true); - desc.interfaceID = m_socketDescriptionVector[sock].interfaceID; - desc.service = m_socketDescriptionVector[sock].service; + auto &desc = CreateDefaultReadSocketDescription(client); GenericSocketService::AcceptEvent event( ConnectionID{client, desc.counter}, - desc.interfaceID, Credentials::getCredentialsFromSocket(client)); - desc.service->Event(std::move(event)); + m_service->Event(std::move(event)); } // true if quit mainloop @@ -198,11 +178,6 @@ bool SocketManager::GotSigTerm() const { } void SocketManager::ReadyForRead(int sock) { - if (m_socketDescriptionVector[sock].isListen) { - ReadyForAccept(sock); - return; - } - GenericSocketService::ReadEvent event; event.connectionID.sock = sock; event.connectionID.counter = m_socketDescriptionVector[sock].counter; @@ -218,7 +193,7 @@ void SocketManager::ReadyForRead(int sock) { CloseSocket(sock); } else if (size >= 0) { event.rawBuffer.resize(size); - desc.service->Event(std::move(event)); + m_service->Event(std::move(event)); } else if (size == -1) { int err = errno; switch (err) { @@ -264,7 +239,7 @@ void SocketManager::ReadyForWrite(int sock) { event.size = result; event.left = desc.rawBuffer.size(); - desc.service->Event(std::move(event)); + m_service->Event(std::move(event)); } void SocketManager::MainLoop() { @@ -369,6 +344,10 @@ void SocketManager::MainLoop() { return; FD_CLR(m_signalFd, &readSet); } + if (FD_ISSET(m_listenSock, &readSet)) { + ReadyForAccept(); + FD_CLR(m_listenSock, &readSet); + } if (FD_ISSET(m_notifyMe, &readSet)) { eventfd_t dummyValue; TEMP_FAILURE_RETRY(eventfd_read(m_notifyMe, &dummyValue)); @@ -394,8 +373,8 @@ int SocketManager::GetSocketFromSystemD( { int fd; - // TODO optimalization - do it once in object constructor - // and remember all information path->sockfd + // TODO optimization - do it once in object constructor + // and remember all information path->sockfd int n = sd_listen_fds(0); LogInfo("sd_listen_fds returns: " << n); @@ -487,24 +466,14 @@ int SocketManager::CreateDomainSocketHelp( } void SocketManager::CreateDomainSocket( - GenericSocketService *service, const GenericSocketService::ServiceDescription &desc) { int sockfd = GetSocketFromSystemD(desc); - if (-1 == sockfd) { - if (desc.systemdOnly) { - LogError("Socket " << desc.serviceHandlerPath << " not provided by systemd."); - ThrowMsg(Exception::InitFailed, "Socket " << desc.serviceHandlerPath << - " must be provided by systemd, but it was not."); - } + if (-1 == sockfd) sockfd = CreateDomainSocketHelp(desc); - } - auto &description = CreateDefaultReadSocketDescription(sockfd, false); - - description.isListen = true; - description.interfaceID = desc.interfaceID; - description.service = service; + m_listenSock = sockfd; + RegisterFdForReading(sockfd); LogDebug("Listen on socket: " << sockfd << " Handler: " << desc.serviceHandlerPath.c_str()); @@ -512,21 +481,8 @@ void SocketManager::CreateDomainSocket( void SocketManager::RegisterSocketService(GenericSocketService *service) { service->SetSocketManager(this); - auto serviceVector = service->GetServiceDescription(); - Try { - for (auto iter = serviceVector.begin(); iter != serviceVector.end(); ++iter) - CreateDomainSocket(service, *iter); - } Catch(Exception::Base) { - for (int i =0; i < (int)m_socketDescriptionVector.size(); ++i) - { - auto &desc = m_socketDescriptionVector[i]; - if (desc.service == service && desc.isOpen) { - close(i); - desc.isOpen = false; - } - } - ReThrow(Exception::Base); - } + CreateDomainSocket(service->GetServiceDescription()); + m_service = service; } void SocketManager::Close(ConnectionID connectionID) { @@ -618,18 +574,10 @@ void SocketManager::CloseSocket(int sock) { GenericSocketService::CloseEvent event; event.connectionID.sock = sock; event.connectionID.counter = desc.counter; - auto service = desc.service; desc.isOpen = false; - desc.service = NULL; - desc.interfaceID = -1; desc.rawBuffer.clear(); - if (service) - service->Event(std::move(event)); - else - LogError("Critical! Service is NULL! This should never happend!"); - close(sock); FD_CLR(sock, &m_readSet); FD_CLR(sock, &m_writeSet); diff --git a/src/server/service/base-service.cpp b/src/server/service/base-service.cpp index 4b51dbc0..8450dfd1 100644 --- a/src/server/service/base-service.cpp +++ b/src/server/service/base-service.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -47,13 +47,12 @@ BaseService::BaseService(Offline offline) void BaseService::accept(AcceptEvent &&event) { LogDebug("Accept event. ConnectionID.sock: " << event.connectionID.sock << - " ConnectionID.counter: " << event.connectionID.counter << - " ServiceID: " << event.interfaceID); + " ConnectionID.counter: " << event.connectionID.counter); m_connectionInfoMap.emplace( std::make_pair( event.connectionID.counter, - ConnectionInfo(event.interfaceID, std::move(event.creds)))); + ConnectionInfo(std::move(event.creds)))); } void BaseService::write(WriteEvent &&event) @@ -74,7 +73,7 @@ void BaseService::process(ReadEvent &&event) // We can get several requests in one package. // Extract and process them all - while (processOne(event.connectionID, info.buffer, info.interfaceID)); + while (processOne(event.connectionID, info.buffer)); } void BaseService::close(CloseEvent &&event) diff --git a/src/server/service/include/base-service.h b/src/server/service/include/base-service.h index 35a21d74..2ca2d39f 100644 --- a/src/server/service/include/base-service.h +++ b/src/server/service/include/base-service.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -50,7 +50,7 @@ class BaseService : public: using Offline = ServiceImpl::Offline; explicit BaseService(Offline offline); - virtual ServiceDescriptionVector GetServiceDescription() = 0; + virtual const ServiceDescription &GetServiceDescription() const = 0; DECLARE_THREAD_EVENT(AcceptEvent, accept) DECLARE_THREAD_EVENT(WriteEvent, write) @@ -75,12 +75,10 @@ protected: * * @param conn Socket connection information * @param buffer Raw received data buffer - * @param interfaceID identifier used to distinguish source socket * @return true on success */ virtual bool processOne(const ConnectionID &conn, - MessageBuffer &buffer, - InterfaceID interfaceID) = 0; + MessageBuffer &buffer) = 0; }; } // namespace SecurityManager diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h index a943642f..b5b66d51 100644 --- a/src/server/service/include/service.h +++ b/src/server/service/include/service.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -48,7 +48,7 @@ class Service : public: using Offline = BaseService::Offline; explicit Service(Offline offline); - ServiceDescriptionVector GetServiceDescription(); + const ServiceDescription &GetServiceDescription() const override; void RegisterChannel(Channel channel) { serviceImpl.RegisterChannel(std::move(channel)); } @@ -59,10 +59,9 @@ private: * * @param conn Socket connection information * @param buffer Raw received data buffer - * @param interfaceID identifier used to distinguish source socket * @return true on success */ - bool processOne(const ConnectionID &conn, MessageBuffer &buffer, InterfaceID interfaceID); + bool processOne(const ConnectionID &conn, MessageBuffer &buffer); /** diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index 0457627c..8eea5068 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -41,24 +41,21 @@ namespace SecurityManager { -const InterfaceID IFACE = 1; - Service::Service(Offline offline) : BaseService(offline) {} -GenericSocketService::ServiceDescriptionVector Service::GetServiceDescription() +static const GenericSocketService::ServiceDescription serviceDesc{ + SERVICE_SOCKET, /* path */ + "*" /* smackLabel label (not used, we rely on systemd) */ +}; + +const GenericSocketService::ServiceDescription &Service::GetServiceDescription() const { - return ServiceDescriptionVector { - {SERVICE_SOCKET, /* path */ - "*", /* smackLabel label (not used, we rely on systemd) */ - IFACE, /* InterfaceID */ - false}, /* systemdOnly */ - }; + return serviceDesc; } -bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, - InterfaceID interfaceID) +bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer) { - LogDebug("Iteration begin. Interface = " << interfaceID); + LogDebug("Iteration begin."); //waiting for all data if (!buffer.Ready()) { @@ -66,145 +63,136 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, } MessageBuffer send; - bool retval = false; - - if (IFACE == interfaceID) { - Try { - Credentials &creds = m_connectionInfoMap.at(conn.counter).creds; - // deserialize API call type - int call_type_int; - Deserialization::Deserialize(buffer, call_type_int); - SecurityModuleCall call_type = static_cast<SecurityModuleCall>(call_type_int); - LOG_EXECUTION_TIME(SecurityModuleCallToString(call_type), creds); - switch (call_type) { - case SecurityModuleCall::NOOP: - LogDebug("call_type: SecurityModuleCall::NOOP"); - Serialization::Serialize(send, static_cast<int>(SECURITY_MANAGER_SUCCESS)); - break; - case SecurityModuleCall::APP_INSTALL: - LogDebug("call_type: SecurityModuleCall::APP_INSTALL"); - processAppInstall(buffer, send, creds); - break; - case SecurityModuleCall::APP_UPDATE: - LogDebug("call_type: SecurityModuleCall::APP_UPDATE"); - processAppUpdate(buffer, send, creds); - break; - case SecurityModuleCall::APP_UNINSTALL: - LogDebug("call_type: SecurityModuleCall::APP_UNINSTALL"); - processAppUninstall(buffer, send, creds); - break; - case SecurityModuleCall::APP_GET_PKG_NAME: - LogDebug("call_type: SecurityModuleCall::APP_GET_PKG_NAME"); - processGetPkgName(buffer, send); - break; - case SecurityModuleCall::USER_ADD: - LogDebug("call_type: SecurityModuleCall::USER_ADD"); - processUserAdd(buffer, send, creds); - break; - case SecurityModuleCall::USER_DELETE: - LogDebug("call_type: SecurityModuleCall::USER_DELETE"); - processUserDelete(buffer, send, creds); - break; - case SecurityModuleCall::POLICY_UPDATE: - LogDebug("call_type: SecurityModuleCall::POLICY_UPDATE"); - processPolicyUpdate(buffer, send, creds); - break; - case SecurityModuleCall::GET_CONF_POLICY_ADMIN: - LogDebug("call_type: SecurityModuleCall::GET_CONF_POLICY_ADMIN"); - processGetConfiguredPolicy(buffer, send, creds, true); - break; - case SecurityModuleCall::GET_CONF_POLICY_SELF: - LogDebug("call_type: SecurityModuleCall::GET_CONF_POLICY_SELF"); - processGetConfiguredPolicy(buffer, send, creds, false); - break; - case SecurityModuleCall::GET_POLICY: - LogDebug("call_type: SecurityModuleCall::GET_POLICY"); - processGetPolicy(buffer, send, creds); - break; - case SecurityModuleCall::POLICY_GET_DESCRIPTIONS: - LogDebug("call_type: SecurityModuleCall::POLICY_GET_DESCRIPTIONS"); - processPolicyGetDesc(send); - break; - case SecurityModuleCall::GROUPS_GET: - LogDebug("call_type: SecurityModuleCall::GROUPS_GET"); - processGetForbiddenAndAllowedGroups(buffer, send, creds); - break; - case SecurityModuleCall::GROUPS_FOR_UID: - processGroupsForUid(buffer, send); - break; - case SecurityModuleCall::APP_HAS_PRIVILEGE: - LogDebug("call_type: SecurityModuleCall::APP_HAS_PRIVILEGE"); - processAppHasPrivilege(buffer, send, creds); - break; - case SecurityModuleCall::APP_APPLY_PRIVATE_SHARING: - LogDebug("call_type: SecurityModuleCall::APP_APPLY_PRIVATE_SHARING"); - processApplyPrivateSharing(buffer, send, creds); - break; - case SecurityModuleCall::APP_DROP_PRIVATE_SHARING: - LogDebug("call_type: SecurityModuleCall::APP_DROP_PRIVATE_SHARING"); - processDropPrivateSharing(buffer, send, creds); - break; - case SecurityModuleCall::PATHS_REGISTER: - processPathsRegister(buffer, send, creds); - break; - case SecurityModuleCall::SHM_APP_NAME: - processShmAppName(buffer, send, creds); - break; - case SecurityModuleCall::GET_APP_DEFINED_PRIVILEGE_PROVIDER: - LogDebug("call_type: SecurityModuleCall::GET_APP_DEFINED_PRIVILEGE_PROVIDER"); - processGetAppDefinedPrivilegeProvider(buffer, send); - break; - case SecurityModuleCall::GET_APP_DEFINED_PRIVILEGE_LICENSE: - LogDebug("call_type: SecurityModuleCall::GET_APP_DEFINED_PRIVILEGE_LICENSE"); - processGetAppDefinedPrivilegeLicense(buffer, send); - break; - case SecurityModuleCall::GET_CLIENT_PRIVILEGE_LICENSE: - LogDebug("call_type: SecurityModuleCall::GET_CLIENT_PRIVILEGE_PROVIDER"); - processGetClientPrivilegeLicense(buffer, send); - break; - case SecurityModuleCall::APP_CLEAN_NAMESPACE: - LogDebug("call_type: SecurityModuleCall::APP_CLEAN_NAMESPACE"); - processAppCleanNamespace(buffer, send, creds); - break; - case SecurityModuleCall::GET_APP_MANIFEST_POLICY: - LogDebug("call_type: SecurityModuleCall::GET_APP_MANIFEST_POLICY"); - processAppGetManifestPolicy(buffer, send, creds); - break; - case SecurityModuleCall::GET_PROCESS_LABEL: - processGetProcessLabel(buffer, send); - break; - case SecurityModuleCall::PREPARE_APP: - prepareApp(buffer, send, creds); - break; - default: - LogError("Invalid call: " << call_type_int); - Throw(ServiceException::InvalidAction); - } - // if we reach this point, the protocol is OK - retval = true; - } Catch(MessageBuffer::Exception::Base) { - LogError("Broken protocol."); - } Catch(ServiceException::Base) { - LogError("Broken protocol."); - } catch (const std::exception &e) { - LogError("STD exception " << e.what()); - } catch (...) { - LogError("Unknown exception"); - } - } else { - LogError("Wrong interface"); - } - if (retval) { - //send response + Try { + Credentials &creds = m_connectionInfoMap.at(conn.counter).creds; + // deserialize API call type + int call_type_int; + Deserialization::Deserialize(buffer, call_type_int); + SecurityModuleCall call_type = static_cast<SecurityModuleCall>(call_type_int); + LOG_EXECUTION_TIME(SecurityModuleCallToString(call_type), creds); + switch (call_type) { + case SecurityModuleCall::NOOP: + LogDebug("call_type: SecurityModuleCall::NOOP"); + Serialization::Serialize(send, static_cast<int>(SECURITY_MANAGER_SUCCESS)); + break; + case SecurityModuleCall::APP_INSTALL: + LogDebug("call_type: SecurityModuleCall::APP_INSTALL"); + processAppInstall(buffer, send, creds); + break; + case SecurityModuleCall::APP_UPDATE: + LogDebug("call_type: SecurityModuleCall::APP_UPDATE"); + processAppUpdate(buffer, send, creds); + break; + case SecurityModuleCall::APP_UNINSTALL: + LogDebug("call_type: SecurityModuleCall::APP_UNINSTALL"); + processAppUninstall(buffer, send, creds); + break; + case SecurityModuleCall::APP_GET_PKG_NAME: + LogDebug("call_type: SecurityModuleCall::APP_GET_PKG_NAME"); + processGetPkgName(buffer, send); + break; + case SecurityModuleCall::USER_ADD: + LogDebug("call_type: SecurityModuleCall::USER_ADD"); + processUserAdd(buffer, send, creds); + break; + case SecurityModuleCall::USER_DELETE: + LogDebug("call_type: SecurityModuleCall::USER_DELETE"); + processUserDelete(buffer, send, creds); + break; + case SecurityModuleCall::POLICY_UPDATE: + LogDebug("call_type: SecurityModuleCall::POLICY_UPDATE"); + processPolicyUpdate(buffer, send, creds); + break; + case SecurityModuleCall::GET_CONF_POLICY_ADMIN: + LogDebug("call_type: SecurityModuleCall::GET_CONF_POLICY_ADMIN"); + processGetConfiguredPolicy(buffer, send, creds, true); + break; + case SecurityModuleCall::GET_CONF_POLICY_SELF: + LogDebug("call_type: SecurityModuleCall::GET_CONF_POLICY_SELF"); + processGetConfiguredPolicy(buffer, send, creds, false); + break; + case SecurityModuleCall::GET_POLICY: + LogDebug("call_type: SecurityModuleCall::GET_POLICY"); + processGetPolicy(buffer, send, creds); + break; + case SecurityModuleCall::POLICY_GET_DESCRIPTIONS: + LogDebug("call_type: SecurityModuleCall::POLICY_GET_DESCRIPTIONS"); + processPolicyGetDesc(send); + break; + case SecurityModuleCall::GROUPS_GET: + LogDebug("call_type: SecurityModuleCall::GROUPS_GET"); + processGetForbiddenAndAllowedGroups(buffer, send, creds); + break; + case SecurityModuleCall::GROUPS_FOR_UID: + processGroupsForUid(buffer, send); + break; + case SecurityModuleCall::APP_HAS_PRIVILEGE: + LogDebug("call_type: SecurityModuleCall::APP_HAS_PRIVILEGE"); + processAppHasPrivilege(buffer, send, creds); + break; + case SecurityModuleCall::APP_APPLY_PRIVATE_SHARING: + LogDebug("call_type: SecurityModuleCall::APP_APPLY_PRIVATE_SHARING"); + processApplyPrivateSharing(buffer, send, creds); + break; + case SecurityModuleCall::APP_DROP_PRIVATE_SHARING: + LogDebug("call_type: SecurityModuleCall::APP_DROP_PRIVATE_SHARING"); + processDropPrivateSharing(buffer, send, creds); + break; + case SecurityModuleCall::PATHS_REGISTER: + processPathsRegister(buffer, send, creds); + break; + case SecurityModuleCall::SHM_APP_NAME: + processShmAppName(buffer, send, creds); + break; + case SecurityModuleCall::GET_APP_DEFINED_PRIVILEGE_PROVIDER: + LogDebug("call_type: SecurityModuleCall::GET_APP_DEFINED_PRIVILEGE_PROVIDER"); + processGetAppDefinedPrivilegeProvider(buffer, send); + break; + case SecurityModuleCall::GET_APP_DEFINED_PRIVILEGE_LICENSE: + LogDebug("call_type: SecurityModuleCall::GET_APP_DEFINED_PRIVILEGE_LICENSE"); + processGetAppDefinedPrivilegeLicense(buffer, send); + break; + case SecurityModuleCall::GET_CLIENT_PRIVILEGE_LICENSE: + LogDebug("call_type: SecurityModuleCall::GET_CLIENT_PRIVILEGE_PROVIDER"); + processGetClientPrivilegeLicense(buffer, send); + break; + case SecurityModuleCall::APP_CLEAN_NAMESPACE: + LogDebug("call_type: SecurityModuleCall::APP_CLEAN_NAMESPACE"); + processAppCleanNamespace(buffer, send, creds); + break; + case SecurityModuleCall::GET_APP_MANIFEST_POLICY: + LogDebug("call_type: SecurityModuleCall::GET_APP_MANIFEST_POLICY"); + processAppGetManifestPolicy(buffer, send, creds); + break; + case SecurityModuleCall::GET_PROCESS_LABEL: + processGetProcessLabel(buffer, send); + break; + case SecurityModuleCall::PREPARE_APP: + prepareApp(buffer, send, creds); + break; + default: + LogError("Invalid call: " << call_type_int); + Throw(ServiceException::InvalidAction); + } + // if we reach this point, the protocol is OK LogDebug("Writing response to client, size of serialized response: " << send.SerializedSize()); m_serviceManager->Write(conn, send.Pop()); - } else { - LogError("Closing socket because of error"); - m_serviceManager->Close(conn); + return true; + } Catch(MessageBuffer::Exception::Base) { + LogError("Broken protocol."); + } Catch(ServiceException::Base) { + LogError("Broken protocol."); + } catch (const std::exception &e) { + LogError("STD exception " << e.what()); + } catch (...) { + LogError("Unknown exception"); } - return retval; + LogError("Closing socket because of error"); + m_serviceManager->Close(conn); + + return false; } void Service::processAppGetManifestPolicy(MessageBuffer &buffer, MessageBuffer &send, const Credentials &creds) |