Convert ServiceImpl namespace to a class

This class will be used in future patches: - to hold ownership of Cynara and PrivilegeDb objects - to polymorph into basic, slave and off-line versions - to synchronize multiple concurrent clients (multi-threading is coming) Change-Id: I54f0ecda081db17350209c3e56debd91927e364e Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
author: Rafal Krypa <r.krypa@samsung.com> 2015-08-31 10:50:03 +0200
committer: Rafal Krypa <r.krypa@samsung.com> 2015-09-02 17:14:57 +0200
commit: 1afdb1628d5f84a166aa23ff41d52fe246b9c23a (patch)
tree: 3d3a3ebd3c611de20758365967a071dd2acf8a3e
parent: 9b0469f5a7e71f4506883fc3e7fdde7ca2fe3bb5 (diff)
download: security-manager-1afdb1628d5f84a166aa23ff41d52fe246b9c23a.tar.gz
security-manager-1afdb1628d5f84a166aa23ff41d52fe246b9c23a.tar.bz2
security-manager-1afdb1628d5f84a166aa23ff41d52fe246b9c23a.zip
9 files changed, 255 insertions, 232 deletions
diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index a995aa00..3949867b 100644
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -171,7 +171,7 @@ int security_manager_app_install(const app_inst_req *p_req)
         int retval;
         ClientOffline offlineMode;
         if (offlineMode.isOffline()) {
-            retval = SecurityManager::ServiceImpl::appInstall(*p_req, geteuid(), false);
+            retval = SecurityManager::ServiceImpl().appInstall(*p_req, geteuid(), false);
         } else {
             MessageBuffer send, recv;
 
@@ -575,7 +575,7 @@ int security_manager_user_add(const user_req *p_req)
         int retval;
         ClientOffline offlineMode;
         if (offlineMode.isOffline()) {
-            retval = SecurityManager::ServiceImpl::userAdd(p_req->uid, p_req->utype, geteuid(),
+            retval = SecurityManager::ServiceImpl().userAdd(p_req->uid, p_req->utype, geteuid(),
                                                            false);
         } else {
             MessageBuffer send, recv;
diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index 4444f529..0b6e3c63 100644
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -32,166 +32,171 @@
 #include "security-manager.h"
 
 namespace SecurityManager {
-namespace ServiceImpl {
 
-/**
- * Retrieves ID (UID and PID) of peer connected to socket
- *
- * @param[in]  Socket file descriptor
- * @param[out] UID of connected peer. Function does not modify the variable if ID retrieval fails.
- * @param[out] PID of connected peer. Function does not modify the variable if ID retrieval fails.
- *
- * @return True if peer ID was successfully retrieved, false otherwise.
- */
-bool getPeerID(int sock, uid_t &uid, pid_t &pid);
-
-/**
- * Process application installation request.
- *
- * @param[in] req installation request
- * @param[in] uid id of the requesting user
- * @param[in] isSlave Indicates if function should be called under slave mode
- *
- * @return API return code, as defined in protocols.h
- */
-int appInstall(const app_inst_req &req, uid_t uid, bool isSlave);
-
-/**
- * Process application uninstallation request.
- *
- * @param[in] req uninstallation request
- * @param[in] uid id of the requesting user
- * @param[in] isSlave Indicates if function should be called under slave mode
- *
- * @return API return code, as defined in protocols.h
- */
-int appUninstall(const std::string &appId, uid_t uid, bool isSlave);
-
-/**
- * Process package id query.
- * Retrieves the package id associated with given application id.
- *
- * @param[in] appId application identifier
- * @param[out] pkgId returned package identifier
- *
- * @return API return code, as defined in protocols.h
- */
-int getPkgId(const std::string &appId, std::string &pkgId);
-
-/**
- * Process query for supplementary groups allowed for the application.
- * For given appId and uid, calculate allowed privileges that give
- * direct access to file system resources. For each permission Cynara will be
- * queried.
- * Returns set of group ids that are permitted.
- *
- * @param[in]  appId application identifier
- * @param[in]  uid id of the requesting user
- * @param[in]  pid id of the requesting process (to construct Cynara session id)
- * @param[in]  isSlave Indicates if function should be called under slave mode
- * @param[out] gids returned set of allowed group ids
- *
- * @return API return code, as defined in protocols.h
- */
-int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave,
-        std::unordered_set<gid_t> &gids);
-
-/**
- * Process user adding request.
- *
- * @param[in] uidAdded uid of newly created user
- * @param[in] userType type of newly created user
- * @param[in] uid uid of requesting user
- * @param[in] isSlave Indicates if function should be called under slave mode
- *
- * @return API return code, as defined in protocols.h
- */
-int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave);
-
-/**
- * Process user deletion request.
- *
- * @param[in] uidDeleted uid of removed user
- * @param[in] uid uid of requesting user
- * @param[in] isSlave Indicates if function should be called under slave mode
- *
- * @return API return code, as defined in protocols.h
- */
-int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave);
-
-/**
- * Update policy in Cynara - proper privilege: http://tizen.org/privilege/systemsettings.admin
- * is needed for this to succeed
- *
- * @param[in] policyEntries vector of policy chunks with instructions
- * @param[in] uid identifier of requesting user
- * @param[in] pid PID of requesting process
- * @param[in] smackLabel smack label of requesting app
- *
- * @return API return code, as defined in protocols.h
- */
-
-int policyUpdate(const std::vector<policy_entry> &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel);
-/**
- * Fetch all configured privileges from user configurable bucket.
- * Depending on forAdmin value: personal user policies or admin enforced
- * policies are returned.
- *
- * @param[in] forAdmin determines if user is asking as ADMIN or not
- * @param[in] filter filter for limiting the query
- * @param[in] uid identifier of queried user
- * @param[in] pid PID of requesting process
- * @param[out] policyEntries vector of policy entries with result
- *
- * @return API return code, as defined in protocols.h
- */
-int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector<policy_entry> &policyEntries);
-
-/**
- * Fetch all privileges for all apps installed for specific user.
- *
- * @param[in] forAdmin determines if user is asking as ADMIN or not
- * @param[in] filter filter for limiting the query
- * @param[in] uid identifier of queried user
- * @param[in] pid PID of requesting process
- * @param[out] policyEntries vector of policy entries with result
- *
- * @return API return code, as defined in protocols.h
- */
-int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector<policy_entry> &policyEntries);
-
-/**
- * Process getting policy descriptions list.
- *
- * @param[in] descriptions empty vector for descriptions strings
- *
- * @return API return code, as defined in protocols.h
- */
-int policyGetDesc(std::vector<std::string> &descriptions);
-
-/**
- * Process getting privileges mappings from one version to another.
- *
- * @param[in] version_from version to be mapped from
- * @param[in] version_to version to be mapped to
- * @param[in] privileges vector of privileges to be mapped
- * @param[out] mappings mappings of given privileges
- */
-int getPrivilegesMappings(const std::string &version_from,
-                          const std::string &version_to,
-                          const std::vector<std::string> &privileges,
-                          std::vector<std::string> &mappings);
-
-/**
- * Process getting resources group list.
- *
- * @param[out] groups empty vector for group strings
- *
- * @return API return code, as defined in protocols.h
- */
-int policyGetGroups(std::vector<std::string> &groups);
-
-} /* namespace ServiceImpl */
+class ServiceImpl {
+private:
+    static uid_t getGlobalUserId(void);
+
+    static void checkGlobalUser(uid_t &uid, std::string &cynaraUserStr);
+
+    static bool isSubDir(const char *parent, const char *subdir);
+
+    static bool getUserAppDir(const uid_t &uid, std::string &userAppDir);
+
+    static bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath);
+
+    static bool getZoneId(std::string &zoneId);
+
+public:
+    ServiceImpl();
+    virtual ~ServiceImpl();
+
+    /**
+    * Process application installation request.
+    *
+    * @param[in] req installation request
+    * @param[in] uid id of the requesting user
+    * @param[in] isSlave Indicates if function should be called under slave mode
+    *
+    * @return API return code, as defined in protocols.h
+    */
+    int appInstall(const app_inst_req &req, uid_t uid, bool isSlave);
+
+    /**
+    * Process application uninstallation request.
+    *
+    * @param[in] req uninstallation request
+    * @param[in] uid id of the requesting user
+    * @param[in] isSlave Indicates if function should be called under slave mode
+    *
+    * @return API return code, as defined in protocols.h
+    */
+    int appUninstall(const std::string &appId, uid_t uid, bool isSlave);
+
+    /**
+    * Process package id query.
+    * Retrieves the package id associated with given application id.
+    *
+    * @param[in] appId application identifier
+    * @param[out] pkgId returned package identifier
+    *
+    * @return API return code, as defined in protocols.h
+    */
+    int getPkgId(const std::string &appId, std::string &pkgId);
+
+    /**
+    * Process query for supplementary groups allowed for the application.
+    * For given appId and uid, calculate allowed privileges that give
+    * direct access to file system resources. For each permission Cynara will be
+    * queried.
+    * Returns set of group ids that are permitted.
+    *
+    * @param[in]  appId application identifier
+    * @param[in]  uid id of the requesting user
+    * @param[in]  pid id of the requesting process (to construct Cynara session id)
+    * @param[in]  isSlave Indicates if function should be called under slave mode
+    * @param[out] gids returned set of allowed group ids
+    *
+    * @return API return code, as defined in protocols.h
+    */
+    int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave,
+            std::unordered_set<gid_t> &gids);
+
+    /**
+    * Process user adding request.
+    *
+    * @param[in] uidAdded uid of newly created user
+    * @param[in] userType type of newly created user
+    * @param[in] uid uid of requesting user
+    * @param[in] isSlave Indicates if function should be called under slave mode
+    *
+    * @return API return code, as defined in protocols.h
+    */
+    int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave);
+
+    /**
+    * Process user deletion request.
+    *
+    * @param[in] uidDeleted uid of removed user
+    * @param[in] uid uid of requesting user
+    * @param[in] isSlave Indicates if function should be called under slave mode
+    *
+    * @return API return code, as defined in protocols.h
+    */
+    int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave);
+
+    /**
+    * Update policy in Cynara - proper privilege: http://tizen.org/privilege/systemsettings.admin
+    * is needed for this to succeed
+    *
+    * @param[in] policyEntries vector of policy chunks with instructions
+    * @param[in] uid identifier of requesting user
+    * @param[in] pid PID of requesting process
+    * @param[in] smackLabel smack label of requesting app
+    *
+    * @return API return code, as defined in protocols.h
+    */
+
+    int policyUpdate(const std::vector<policy_entry> &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel);
+    /**
+    * Fetch all configured privileges from user configurable bucket.
+    * Depending on forAdmin value: personal user policies or admin enforced
+    * policies are returned.
+    *
+    * @param[in] forAdmin determines if user is asking as ADMIN or not
+    * @param[in] filter filter for limiting the query
+    * @param[in] uid identifier of queried user
+    * @param[in] pid PID of requesting process
+    * @param[out] policyEntries vector of policy entries with result
+    *
+    * @return API return code, as defined in protocols.h
+    */
+    int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector<policy_entry> &policyEntries);
+
+    /**
+    * Fetch all privileges for all apps installed for specific user.
+    *
+    * @param[in] forAdmin determines if user is asking as ADMIN or not
+    * @param[in] filter filter for limiting the query
+    * @param[in] uid identifier of queried user
+    * @param[in] pid PID of requesting process
+    * @param[out] policyEntries vector of policy entries with result
+    *
+    * @return API return code, as defined in protocols.h
+    */
+    int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector<policy_entry> &policyEntries);
+
+    /**
+    * Process getting policy descriptions list.
+    *
+    * @param[in] descriptions empty vector for descriptions strings
+    *
+    * @return API return code, as defined in protocols.h
+    */
+    int policyGetDesc(std::vector<std::string> &descriptions);
+
+    /**
+     * Process getting privileges mappings from one version to another.
+     *
+     * @param[in] version_from version to be mapped from
+     * @param[in] version_to version to be mapped to
+     * @param[in] privileges vector of privileges to be mapped
+     * @param[out] mappings mappings of given privileges
+     */
+    int getPrivilegesMappings(const std::string &version_from,
+                              const std::string &version_to,
+                              const std::vector<std::string> &privileges,
+                              std::vector<std::string> &mappings);
+
+    /**
+     * Process getting resources group list.
+     *
+     * @param[out] groups empty vector for group strings
+     *
+     * @return API return code, as defined in protocols.h
+     */
+    int policyGetGroups(std::vector<std::string> &groups);
+};
 } /* namespace SecurityManager */
 
 #endif /* _SECURITY_MANAGER_SERVICE_IMPL_ */
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 95f09c00..3f959a9a 100644
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -48,7 +48,6 @@
 #include "master-req.h"
 
 namespace SecurityManager {
-namespace ServiceImpl {
 
 static const std::string ADMIN_PRIVILEGE = "http://tizen.org/privilege/systemsettings.admin";
 static const std::string SELF_PRIVILEGE = "http://tizen.org/privilege/systemsettings";
@@ -133,7 +132,15 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr,
 }
 } // end of anonymous namespace
 
-static uid_t getGlobalUserId(void)
+ServiceImpl::ServiceImpl()
+{
+}
+
+ServiceImpl::~ServiceImpl()
+{
+}
+
+uid_t ServiceImpl::getGlobalUserId(void)
 {
     static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
     return globaluid;
@@ -144,7 +151,7 @@ static uid_t getGlobalUserId(void)
  * @param  uid            peer's uid - may be changed during process
  * @param  cynaraUserStr  string to which cynara user parameter will be put
  */
-static void checkGlobalUser(uid_t &uid, std::string &cynaraUserStr)
+void ServiceImpl::checkGlobalUser(uid_t &uid, std::string &cynaraUserStr)
 {
     static uid_t globaluid = getGlobalUserId();
     if (uid == 0 || uid == globaluid) {
@@ -154,7 +161,8 @@ static void checkGlobalUser(uid_t &uid, std::string &cynaraUserStr)
         cynaraUserStr = std::to_string(static_cast<unsigned int>(uid));
     }
 }
-static inline bool isSubDir(const char *parent, const char *subdir)
+
+bool ServiceImpl::isSubDir(const char *parent, const char *subdir)
 {
     while (*parent && *subdir)
         if (*parent++ != *subdir++)
@@ -163,21 +171,7 @@ static inline bool isSubDir(const char *parent, const char *subdir)
     return (*subdir == '/');
 }
 
-bool getPeerID(int sock, uid_t &uid, pid_t &pid)
-{
-    struct ucred cr;
-    socklen_t len = sizeof(cr);
-
-    if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) {
-        uid = cr.uid;
-        pid = cr.pid;
-        return true;
-    }
-
-    return false;
-}
-
-static bool getUserAppDir(const uid_t &uid, std::string &userAppDir)
+bool ServiceImpl::getUserAppDir(const uid_t &uid, std::string &userAppDir)
 {
     struct tzplatform_context *tz_ctx = nullptr;
 
@@ -207,7 +201,7 @@ static bool getUserAppDir(const uid_t &uid, std::string &userAppDir)
     return true;
 }
 
-static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath)
+bool ServiceImpl::installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath)
 {
     std::string userHome;
     std::string userAppDir;
@@ -258,7 +252,7 @@ static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, b
     return true;
 }
 
-static inline bool getZoneId(std::string &zoneId)
+bool ServiceImpl::getZoneId(std::string &zoneId)
 {
     if (!getZoneIdFromPid(getpid(), zoneId)) {
         LogError("Failed to get zone ID from current PID");
@@ -274,7 +268,7 @@ static inline bool getZoneId(std::string &zoneId)
     return true;
 }
 
-int appInstall(const app_inst_req &req, uid_t uid, bool isSlave)
+int ServiceImpl::appInstall(const app_inst_req &req, uid_t uid, bool isSlave)
 {
     std::vector<std::string> addedPermissions;
     std::vector<std::string> removedPermissions;
@@ -408,7 +402,7 @@ int appInstall(const app_inst_req &req, uid_t uid, bool isSlave)
     return SECURITY_MANAGER_API_SUCCESS;
 }
 
-int appUninstall(const std::string &appId, uid_t uid, bool isSlave)
+int ServiceImpl::appUninstall(const std::string &appId, uid_t uid, bool isSlave)
 {
     std::string pkgId;
     std::string smackLabel;
@@ -519,7 +513,7 @@ int appUninstall(const std::string &appId, uid_t uid, bool isSlave)
     return SECURITY_MANAGER_API_SUCCESS;
 }
 
-int getPkgId(const std::string &appId, std::string &pkgId)
+int ServiceImpl::getPkgId(const std::string &appId, std::string &pkgId)
 {
     LogDebug("appId: " << appId);
 
@@ -538,7 +532,7 @@ int getPkgId(const std::string &appId, std::string &pkgId)
     return SECURITY_MANAGER_API_SUCCESS;
 }
 
-int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave,
+int ServiceImpl::getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave,
         std::unordered_set<gid_t> &gids)
 {
     // FIXME Temporary solution, see below
@@ -616,7 +610,7 @@ int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave,
     return SECURITY_MANAGER_API_SUCCESS;
 }
 
-int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave)
+int ServiceImpl::userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave)
 {
     if (uid != 0)
         return SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED;
@@ -639,7 +633,7 @@ int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave)
     return SECURITY_MANAGER_API_SUCCESS;
 }
 
-int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave)
+int ServiceImpl::userDelete(uid_t uidDeleted, uid_t uid, bool isSlave)
 {
     int ret = SECURITY_MANAGER_API_SUCCESS;
     if (uid != 0)
@@ -675,7 +669,7 @@ int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave)
     return ret;
 }
 
-int policyUpdate(const std::vector<policy_entry> &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel)
+int ServiceImpl::policyUpdate(const std::vector<policy_entry> &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel)
 {
     enum {
         NOT_CHECKED,
@@ -735,7 +729,7 @@ int policyUpdate(const std::vector<policy_entry> &policyEntries, uid_t uid, pid_
     return SECURITY_MANAGER_API_SUCCESS;
 }
 
-int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid,
+int ServiceImpl::getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid,
     const std::string &smackLabel, std::vector<policy_entry> &policyEntries)
 {
     try {
@@ -845,7 +839,7 @@ int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pi
     return SECURITY_MANAGER_API_SUCCESS;
 }
 
-int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector<policy_entry> &policyEntries)
+int ServiceImpl::getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector<policy_entry> &policyEntries)
 {
     try {
         std::string uidStr = std::to_string(uid);
@@ -962,7 +956,7 @@ int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::strin
     return SECURITY_MANAGER_API_SUCCESS;
 }
 
-int policyGetDesc(std::vector<std::string> &levels)
+int ServiceImpl::policyGetDesc(std::vector<std::string> &levels)
 {
     int ret = SECURITY_MANAGER_API_SUCCESS;
 
@@ -985,7 +979,7 @@ int policyGetDesc(std::vector<std::string> &levels)
     return ret;
 }
 
-int getPrivilegesMappings(const std::string &version_from,
+int ServiceImpl::getPrivilegesMappings(const std::string &version_from,
                           const std::string &version_to,
                           const std::vector<std::string> &privileges,
                           std::vector<std::string> &mappings)
@@ -1031,7 +1025,8 @@ int getPrivilegesMappings(const std::string &version_from,
     return errorRet;
 }
 
-int policyGetGroups(std::vector<std::string> &groups) {
+int ServiceImpl::policyGetGroups(std::vector<std::string> &groups)
+{
     int ret = SECURITY_MANAGER_API_SUCCESS;
 
     try {
@@ -1044,5 +1039,4 @@ int policyGetGroups(std::vector<std::string> &groups) {
     return ret;
 }
 
-} /* namespace ServiceImpl */
 } /* namespace SecurityManager */
diff --git a/src/server/service/base-service.cpp b/src/server/service/base-service.cpp
index 519c46a3..32360cb3 100644
--- a/src/server/service/base-service.cpp
+++ b/src/server/service/base-service.cpp
@@ -22,6 +22,10 @@
  * @brief       Implementation of security-manager base service.
  */
 
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/smack.h>
+
 #include <cstring>
 #include <unordered_set>
 
@@ -35,6 +39,26 @@ BaseService::BaseService()
 {
 }
 
+bool BaseService::getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel)
+{
+    struct ucred cr;
+    socklen_t len = sizeof(cr);
+
+    if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) {
+        char *smk;
+        ssize_t ret = smack_new_label_from_socket(sock, &smk);
+        if (ret < 0)
+            return false;
+        smackLabel = smk;
+        uid = cr.uid;
+        pid = cr.pid;
+        free(smk);
+        return true;
+    }
+
+    return false;
+}
+
 void BaseService::accept(const AcceptEvent &event)
 {
     LogDebug("Accept event. ConnectionID.sock: " << event.connectionID.sock <<
diff --git a/src/server/service/include/base-service.h b/src/server/service/include/base-service.h
index b2d06f3c..5acb2126 100644
--- a/src/server/service/include/base-service.h
+++ b/src/server/service/include/base-service.h
@@ -29,6 +29,7 @@
 #include <generic-socket-manager.h>
 #include <message-buffer.h>
 #include <connection-info.h>
+#include <service_impl.h>
 
 namespace SecurityManager {
 
@@ -58,9 +59,23 @@ public:
     void close(const CloseEvent &event);
 
 protected:
+    ServiceImpl serviceImpl;
+
     ConnectionInfoMap m_connectionInfoMap;
 
     /**
+     * Retrieves ID (UID and PID) of peer connected to socket
+     *
+     * @param[in]  sock Socket file descriptor
+     * @param[out] uid PID of connected peer.
+     * @param[out] pid PID of connected peer.
+     * @param[out] smackLabel Smack label of connected peer.
+     *
+     * @return True if peer ID was successfully retrieved, false otherwise.
+     */
+    bool getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel);
+
+    /**
      * Handle request from a client
      *
      * @param  conn        Socket connection information
diff --git a/src/server/service/include/master-service.h b/src/server/service/include/master-service.h
index 627cce9c..177b5a93 100644
--- a/src/server/service/include/master-service.h
+++ b/src/server/service/include/master-service.h
@@ -26,6 +26,7 @@
 #define _SECURITY_MANAGER_MASTER_SERVICE_
 
 #include "base-service.h"
+#include "service_impl.h"
 
 namespace SecurityManager {
 
@@ -44,6 +45,7 @@ public:
     ServiceDescriptionVector GetServiceDescription();
 
 private:
+    ServiceImpl serviceImpl;
 
     /**
      * Handle request from a client
diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h
index 80878994..30d6b0f0 100644
--- a/src/server/service/include/service.h
+++ b/src/server/service/include/service.h
@@ -26,6 +26,7 @@
 #define _SECURITY_MANAGER_SERVICE_
 
 #include "base-service.h"
+#include "service_impl.h"
 
 namespace SecurityManager {
 
@@ -45,6 +46,7 @@ public:
 
 private:
     const bool m_isSlave;
+    ServiceImpl serviceImpl;
 
     /**
      * Handle request from a client
diff --git a/src/server/service/master-service.cpp b/src/server/service/master-service.cpp
index f018abb1..2440419f 100644
--- a/src/server/service/master-service.cpp
+++ b/src/server/service/master-service.cpp
@@ -65,8 +65,9 @@ bool MasterService::processOne(const ConnectionID &conn, MessageBuffer &buffer,
 
     uid_t uid;
     pid_t pid;
+    std::string smackLabel;
 
-    if (!ServiceImpl::getPeerID(conn.sock, uid, pid)) {
+    if (!getPeerID(conn.sock, uid, pid, smackLabel)) {
         LogError("Closing socket because of error: unable to get peer's uid and pid");
         m_serviceManager->Close(conn);
         return false;
@@ -249,7 +250,7 @@ void MasterService::processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &se
     Deserialization::Deserialize(buffer, pid);
     Deserialization::Deserialize(buffer, smackLabel);
 
-    ret = ServiceImpl::policyUpdate(policyEntries, uid, pid, smackLabel);
+    ret = serviceImpl.policyUpdate(policyEntries, uid, pid, smackLabel);
     Serialization::Serialize(send, ret);
 }
 
@@ -269,7 +270,7 @@ void MasterService::processGetConfiguredPolicy(MessageBuffer &buffer, MessageBuf
     Deserialization::Deserialize(buffer, pid);
     Deserialization::Deserialize(buffer, smackLabel);
 
-    ret = ServiceImpl::getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries);
+    ret = serviceImpl.getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries);
     Serialization::Serialize(send, ret);
     if (ret == SECURITY_MANAGER_API_SUCCESS)
         Serialization::Serialize(send, policyEntries);
@@ -294,7 +295,7 @@ void MasterService::processGetPolicy(MessageBuffer &buffer, MessageBuffer &send)
     Deserialization::Deserialize(buffer, pid);
     Deserialization::Deserialize(buffer, smackLabel);
 
-    ret = ServiceImpl::getPolicy(filter, uid, pid, smackLabel, policyEntries);*/
+    ret = serviceImpl.getPolicy(filter, uid, pid, smackLabel, policyEntries);*/
     Serialization::Serialize(send, ret);
     /*if (ret == SECURITY_MANAGER_API_SUCCESS)
         Serialization::Serialize(send, policyEntries);*/
@@ -305,7 +306,7 @@ void MasterService::processPolicyGetDesc(MessageBuffer &send)
     int ret = SECURITY_MANAGER_API_ERROR_SERVER_ERROR;
     std::vector<std::string> descriptions;
 
-    ret = ServiceImpl::policyGetDesc(descriptions);
+    ret = serviceImpl.policyGetDesc(descriptions);
     Serialization::Serialize(send, ret);
     if (ret == SECURITY_MANAGER_API_SUCCESS)
         Serialization::Serialize(send, descriptions);
diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp
index 9409ec80..994acd18 100644
--- a/src/server/service/service.cpp
+++ b/src/server/service/service.cpp
@@ -64,26 +64,6 @@ GenericSocketService::ServiceDescriptionVector Service::GetServiceDescription()
         };
 }
 
-static bool getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel)
-{
-    struct ucred cr;
-    socklen_t len = sizeof(cr);
-
-    if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) {
-        char *smk;
-        ssize_t ret = smack_new_label_from_socket(sock, &smk);
-        if (ret < 0)
-            return false;
-        smackLabel = smk;
-        uid = cr.uid;
-        pid = cr.pid;
-        free(smk);
-        return true;
-    }
-
-    return false;
-}
-
 bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer,
                                   InterfaceID interfaceID)
 {
@@ -200,7 +180,7 @@ void Service::processAppInstall(MessageBuffer &buffer, MessageBuffer &send, uid_
     Deserialization::Deserialize(buffer, req.privileges);
     Deserialization::Deserialize(buffer, req.appPaths);
     Deserialization::Deserialize(buffer, req.uid);
-    Serialization::Serialize(send, ServiceImpl::appInstall(req, uid, m_isSlave));
+    Serialization::Serialize(send, serviceImpl.appInstall(req, uid, m_isSlave));
 }
 
 void Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
@@ -208,7 +188,7 @@ void Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, ui
     std::string appId;
 
     Deserialization::Deserialize(buffer, appId);
-    Serialization::Serialize(send, ServiceImpl::appUninstall(appId, uid, m_isSlave));
+    Serialization::Serialize(send, serviceImpl.appUninstall(appId, uid, m_isSlave));
 }
 
 void Service::processGetPkgId(MessageBuffer &buffer, MessageBuffer &send)
@@ -218,7 +198,7 @@ void Service::processGetPkgId(MessageBuffer &buffer, MessageBuffer &send)
     int ret;
 
     Deserialization::Deserialize(buffer, appId);
-    ret = ServiceImpl::getPkgId(appId, pkgId);
+    ret = serviceImpl.getPkgId(appId, pkgId);
     Serialization::Serialize(send, ret);
     if (ret == SECURITY_MANAGER_API_SUCCESS)
         Serialization::Serialize(send, pkgId);
@@ -231,7 +211,7 @@ void Service::processGetAppGroups(MessageBuffer &buffer, MessageBuffer &send, ui
     int ret;
 
     Deserialization::Deserialize(buffer, appId);
-    ret = ServiceImpl::getAppGroups(appId, uid, pid, m_isSlave, gids);
+    ret = serviceImpl.getAppGroups(appId, uid, pid, m_isSlave, gids);
     Serialization::Serialize(send, ret);
     if (ret == SECURITY_MANAGER_API_SUCCESS) {
         Serialization::Serialize(send, static_cast<int>(gids.size()));
@@ -250,7 +230,7 @@ void Service::processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t u
     Deserialization::Deserialize(buffer, uidAdded);
     Deserialization::Deserialize(buffer, userType);
 
-    ret = ServiceImpl::userAdd(uidAdded, userType, uid, m_isSlave);
+    ret = serviceImpl.userAdd(uidAdded, userType, uid, m_isSlave);
     Serialization::Serialize(send, ret);
 }
 
@@ -261,7 +241,7 @@ void Service::processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_
 
     Deserialization::Deserialize(buffer, uidRemoved);
 
-    ret = ServiceImpl::userDelete(uidRemoved, uid, m_isSlave);
+    ret = serviceImpl.userDelete(uidRemoved, uid, m_isSlave);
     Serialization::Serialize(send, ret);
 }
 
@@ -275,7 +255,7 @@ void Service::processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &send, ui
     if (m_isSlave) {
         ret = MasterReq::PolicyUpdate(policyEntries, uid, pid, smackLabel);
     } else {
-        ret = ServiceImpl::policyUpdate(policyEntries, uid, pid, smackLabel);
+        ret = serviceImpl.policyUpdate(policyEntries, uid, pid, smackLabel);
     }
     Serialization::Serialize(send, ret);
 }
@@ -290,7 +270,7 @@ void Service::processGetConfiguredPolicy(MessageBuffer &buffer, MessageBuffer &s
     if (m_isSlave) {
         ret = MasterReq::GetConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries);
     } else {
-        ret = ServiceImpl::getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel,
+        ret = serviceImpl.getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel,
                                                policyEntries);
     }
 
@@ -311,7 +291,7 @@ void Service::processGetPolicy(MessageBuffer &buffer, MessageBuffer &send, uid_t
     if (m_isSlave) {
         ret = MasterReq::GetPolicy(filter, uid, pid, smackLabel, policyEntries);
     } else {
-        ret = ServiceImpl::getPolicy(filter, uid, pid, smackLabel, policyEntries);
+        ret = serviceImpl.getPolicy(filter, uid, pid, smackLabel, policyEntries);
     }
 
     Serialization::Serialize(send, ret);
@@ -329,7 +309,7 @@ void Service::processPolicyGetDesc(MessageBuffer &send)
     if (m_isSlave) {
         ret = MasterReq::PolicyGetDesc(descriptions);
     } else {
-        ret = ServiceImpl::policyGetDesc(descriptions);
+        ret = serviceImpl.policyGetDesc(descriptions);
     }
     Serialization::Serialize(send, ret);
     if (ret == SECURITY_MANAGER_API_SUCCESS) {
@@ -350,7 +330,7 @@ void Service::processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send
     Deserialization::Deserialize(recv, privileges);
 
     std::vector<std::string> mappings;
-    int ret = ServiceImpl::getPrivilegesMappings(version_from, version_to, privileges, mappings);
+    int ret = serviceImpl.getPrivilegesMappings(version_from, version_to, privileges, mappings);
 
     Serialization::Serialize(send, ret);
     Serialization::Serialize(send, mappings);
@@ -359,7 +339,7 @@ void Service::processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send
 void Service::processGroupsGet(MessageBuffer &send)
 {
     std::vector<std::string> groups;
-    int ret = ServiceImpl::policyGetGroups(groups);
+    int ret = serviceImpl.policyGetGroups(groups);
 
     Serialization::Serialize(send, ret);
     if (ret == SECURITY_MANAGER_API_SUCCESS) {
author	Rafal Krypa <r.krypa@samsung.com>	2015-08-31 10:50:03 +0200
committer	Rafal Krypa <r.krypa@samsung.com>	2015-09-02 17:14:57 +0200
commit	1afdb1628d5f84a166aa23ff41d52fe246b9c23a (patch)
tree	3d3a3ebd3c611de20758365967a071dd2acf8a3e
parent	9b0469f5a7e71f4506883fc3e7fdde7ca2fe3bb5 (diff)
download	security-manager-1afdb1628d5f84a166aa23ff41d52fe246b9c23a.tar.gz security-manager-1afdb1628d5f84a166aa23ff41d52fe246b9c23a.tar.bz2 security-manager-1afdb1628d5f84a166aa23ff41d52fe246b9c23a.zip