Implement setting process label for the given application

This change introduces functions for setting smack label for
application process. They are intended to be used by the app launcher
on application start.

2 variants have been implemented:
1) security_manager_set_process_label_from_binary
   Function extracts smack label from the given application binary and sets
   it for the current process
2) security_manager_set_process_label_from_appid
   Function computes smack label for given application id and sets it for
   current process

Change-Id: I4dfbaf133ec43e292f4ba54023b96a57df439562
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>

12 files changed, 233 insertions, 21 deletions

diff --git a/src/client/CMakeLists.txt b/src/client/CMakeLists.txt
index 9e4ad1c1..a267e871 100644
--- a/src/client/CMakeLists.txt
+++ b/src/client/CMakeLists.txt
@@ -1,3 +1,8 @@
+PKG_CHECK_MODULES(CLIENT_DEP
+    REQUIRED
+    libsmack
+    )
+
 SET(CLIENT_VERSION_MAJOR 0)
 SET(CLIENT_VERSION ${CLIENT_VERSION_MAJOR}.1.0)
 
diff --git a/src/client/client-common.cpp b/src/client/client-common.cpp
index 549f6b84..d43aa94a 100644
--- a/src/client/client-common.cpp
+++ b/src/client/client-common.cpp
@@ -27,6 +27,9 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/un.h>
+#include <sys/smack.h>
+#include <sys/xattr.h>
+#include <linux/xattr.h>
 #include <unistd.h>
 
 #include <dpl/log/log.h>
@@ -35,6 +38,7 @@
 #include <dpl/singleton_safe_impl.h>
 
 #include <message-buffer.h>
+#include <smack-common.h>
 
 #include <security-manager.h>
 
@@ -168,6 +172,43 @@ private:
 
 namespace SecurityManager {
 
+int getSmackLabelFromBinary(char **smackLabel, const char *path)
+{
+    int ret;
+    struct LabelInfo {
+        const char *xattr;
+        int followSymlinks;
+    };
+    const LabelInfo labels[] = {
+            { XATTR_NAME_SMACKEXEC, 1 },
+            { XATTR_NAME_TIZENEXEC, 1 },
+            { XATTR_NAME_TIZENEXEC, 0 }
+    };
+
+    LogDebug("Entering function: " << __func__ << ". Params: smackLabel=" << smackLabel <<
+            " path=" << path);
+
+    if (smackLabel == NULL) {
+        LogError("getSmackLabelFromBinary: smackLabel is NULL");
+        return SECURITY_MANAGER_API_ERROR_INPUT_PARAM;
+    }
+
+    if (path == NULL) {
+        LogError("getSmackLabelFromBinary: path is NULL");
+        return SECURITY_MANAGER_API_ERROR_INPUT_PARAM;
+    }
+
+    for (const auto &l : labels) {
+        ret = smack_new_label_from_path(path, l.xattr, l.followSymlinks, smackLabel);
+        if (ret > 0) {
+            return SECURITY_MANAGER_API_SUCCESS;
+        }
+    }
+
+    LogError("Getting exec label from " << path << " failed");
+    return SECURITY_MANAGER_API_ERROR_GETTING_FILE_LABEL_FAILED;
+}
+
 
 int sendToServer(char const * const interface, const RawBuffer &send, MessageBuffer &recv) {
     int ret;
diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index d83ec66b..1090dcc3 100644
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -27,12 +27,15 @@
 #include <cstdio>
 #include <utility>
 
+#include <sys/smack.h>
+
 #include <dpl/log/log.h>
 #include <dpl/exception.h>
 
 #include <message-buffer.h>
 #include <client-common.h>
 #include <protocols.h>
+#include <smack-common.h>
 
 #include <security-manager.h>
 
@@ -229,7 +232,65 @@ int security_manager_get_app_pkgid(char **pkg_id, const char *app_id)
 
         return SECURITY_MANAGER_SUCCESS;
     });
+}
+
+SECURITY_MANAGER_API
+int security_manager_set_process_label_from_binary(const char *path)
+{
+    char *smack_label;
+    int ret;
+
+    LogDebug("security_manager_set_process_label_from_binary() called");
+
+    if (smack_smackfs_path() == NULL)
+        return SECURITY_MANAGER_SUCCESS;
+
+    if (path == NULL) {
+        LogError("security_manager_set_process_label_from_binary: path is NULL");
+        return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+    }
+
+    ret = SecurityManager::getSmackLabelFromBinary(&smack_label, path);
+    if (ret == SECURITY_MANAGER_SUCCESS && smack_label != NULL) {
+        if (smack_set_label_for_self(smack_label) != 0) {
+            ret = SECURITY_MANAGER_ERROR_UNKNOWN;
+            LogError("Failed to set smack label " << smack_label << " for current process");
+        }
+        free(smack_label);
+    }
+
+    return ret;
+}
+
+SECURITY_MANAGER_API
+int security_manager_set_process_label_from_appid(const char *app_id)
+{
+    char *pkg_id;
+    int ret;
+    std::string appLabel;
+
+    LogDebug("security_manager_set_process_label_from_appid() called");
+
+    if (smack_smackfs_path() == NULL)
+        return SECURITY_MANAGER_SUCCESS;
+
+    ret = security_manager_get_app_pkgid(&pkg_id, app_id);
+    if (ret != SECURITY_MANAGER_SUCCESS) {
+        return ret;
+    }
+
+    if (SecurityManager::generateAppLabel(std::string(pkg_id), appLabel)) {
+        if (smack_set_label_for_self(appLabel.c_str()) != 0) {
+            LogError("Failed to set smack label " << appLabel << " for current process");
+            ret = SECURITY_MANAGER_ERROR_UNKNOWN;
+        }
+    }
+    else {
+        ret = SECURITY_MANAGER_ERROR_UNKNOWN;
+    }
 
+    free(pkg_id);
+    return ret;
 }
 
 
diff --git a/src/client/include/client-common.h b/src/client/include/client-common.h
index c7d18a4b..2b07d77c 100644
--- a/src/client/include/client-common.h
+++ b/src/client/include/client-common.h
@@ -60,6 +60,24 @@ int sendToManagerAncData(char const * const interface, const RawBuffer &send, st
  */
 int try_catch(const std::function<int()>& func);
 
+/**
+ * Get SMACK label from EXEC labels of a file.
+ *
+ * Function attempts to get xattrs from given file in following order
+ *   1) XATTR_NAME_SMACKEXEC
+ *   2) XATTR_NAME_TIZENEXEC
+ *   3) XATTR_NAME_TIZENEXEC (read from symlink, not the file it points to)
+ *
+ * If neither of above exists, error is returned.
+ *
+ * SMACK label should be freed by caller using free() function.
+ *
+ * @param[out] smackLabel pointer that will hold label read from given file
+ * @param[in] path file path to take label from
+ * @return SECURITY_MANAGER_API_SUCCESS on success, error code otherwise
+ */
+int getSmackLabelFromBinary(char **smackLabel, const char *path);
+
 } // namespace SecurityManager
 
 #endif // _SECURITY_MANAGER_CLIENT_
diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
index e62c2220..f599bb1b 100644
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@ -20,6 +20,7 @@ INCLUDE_DIRECTORIES(
 SET(COMMON_SOURCES
     ${COMMON_PATH}/protocols.cpp
     ${COMMON_PATH}/message-buffer.cpp
+    ${COMMON_PATH}/smack-common.cpp
     ${DPL_PATH}/log/src/abstract_log_provider.cpp
 #    ${DPL_PATH}/log/src/dlog_log_provider.cpp
     ${DPL_PATH}/log/src/sd_journal_provider.cpp
diff --git a/src/common/include/smack-common.h b/src/common/include/smack-common.h
new file mode 100644
index 00000000..178b16b4
--- /dev/null
+++ b/src/common/include/smack-common.h
@@ -0,0 +1,47 @@
+/*
+ *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Contact: Rafal Krypa <r.krypa@samsung.com>
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file        smack-common.h
+ * @author      Jacek Bukarewicz <j.bukarewicz@samsung.com>
+ * @author      Jan Cybulski <j.cybulski@samsung.com>
+ * @version     1.0
+ * @brief       Header file for smack-related functions and constants
+ */
+#ifndef _SMACK_COMMON_H_
+#define _SMACK_COMMON_H_
+
+#include <string>
+#include <linux/xattr.h>
+
+namespace SecurityManager {
+    /* Const defined below is used to label links to executables */
+    const char *const XATTR_NAME_TIZENEXEC =  XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
+
+    /**
+     * Generates label for application with package identifier
+     * read from @ref pkgId and assigns it to @ref label.
+     *
+     * @param[in] pkgId application's package identifier
+     * @param[out] label string in which application's label will be stored
+     * @return true on success, false on error.
+    */
+    bool generateAppLabel(const std::string &pkgId, std::string &label);
+}
+
+#endif /* _SMACK_COMMON_H_ */
+
diff --git a/src/common/smack-common.cpp b/src/common/smack-common.cpp
new file mode 100644
index 00000000..173a3688
--- /dev/null
+++ b/src/common/smack-common.cpp
@@ -0,0 +1,38 @@
+/*
+ *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Contact: Rafal Krypa <r.krypa@samsung.com>
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file        smack-common.cpp
+ * @author      Jacek Bukarewicz <j.bukarewicz@samsung.com>
+ * @author      Jan Cybulski <j.cybulski@samsung.com>
+ * @version     1.0
+ * @brief       Implementation of smack-related functions
+ */
+
+#include <smack-common.h>
+
+namespace SecurityManager {
+
+bool generateAppLabel(const std::string &appPkgId, std::string &label)
+{
+    (void) appPkgId; // TODO use pkgId to generate label
+    label = "User";
+    return true;
+}
+
+} // namespace SecurityManager
+
diff --git a/src/include/security-manager.h b/src/include/security-manager.h
index 23de0367..6bc24416 100644
--- a/src/include/security-manager.h
+++ b/src/include/security-manager.h
@@ -212,6 +212,25 @@ int security_manager_app_uninstall(const app_inst_req *p_req);
  */
 int security_manager_get_app_pkgid(char **pkg_id, const char *app_id);
 
+/**
+ * Extract smack label from a given binary and set it for
+ * currently running process
+ *
+ * \param[in] Path to binary
+ * \return API return code or error code
+ */
+int security_manager_set_process_label_from_binary(const char *path);
+
+/**
+ * Compute smack label for given application id and set it for
+ * currently running process
+ *
+ * \param[in] Application identifier
+ * \return API return code or error code
+ */
+int security_manager_set_process_label_from_appid(const char *app_id);
+
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/server/service/include/smack-labels.h b/src/server/service/include/smack-labels.h
index a017991d..955f54f2 100644
--- a/src/server/service/include/smack-labels.h
+++ b/src/server/service/include/smack-labels.h
@@ -34,16 +34,6 @@
 namespace SecurityManager {
 
 /**
- * Generates label for application with package identifier
- * read from @ref pkgId and assigns it to @ref label.
- * @param[in] pkgId application's package identifier.
- * @param[out] label string into which application's label will be stored into.
- *
- * @return true on success, false on error.
-*/
-bool generateAppLabel(const std::string &pkgId, std::string &label);
-
-/**
  * Sets Smack labels on a directory and its contents, recursively.
  *
  * @param pkgId[in] application's package identifier
diff --git a/src/server/service/installer.cpp b/src/server/service/installer.cpp
index 9e8425fa..743d4eae 100644
--- a/src/server/service/installer.cpp
+++ b/src/server/service/installer.cpp
@@ -31,6 +31,7 @@
 #include "installer.h"
 #include "protocols.h"
 #include "security-manager.h"
+#include "smack-common.h"
 #include "smack-rules.h"
 #include "smack-labels.h"
 #include "privilege_db.h"
diff --git a/src/server/service/smack-labels.cpp b/src/server/service/smack-labels.cpp
index 3b88c738..0dba6048 100644
--- a/src/server/service/smack-labels.cpp
+++ b/src/server/service/smack-labels.cpp
@@ -34,6 +34,7 @@
 #include <string>
 
 #include <dpl/log/log.h>
+#include <smack-common.h>
 
 #include "security-manager.h"
 #include "smack-labels.h"
@@ -41,9 +42,6 @@
 namespace SecurityManager {
 
 /* Const defined below is used to label links to executables */
-const char *const XATTR_NAME_TIZENEXEC = XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
-
-/* Const defined below is used to label links to executables */
 const char *const LABEL_FOR_PUBLIC_APP_PATH = "User";
 
 enum class FileDecision {
@@ -54,14 +52,6 @@ enum class FileDecision {
 
 typedef std::function<FileDecision(const FTSENT*)> LabelDecisionFn;
 
-
-bool generateAppLabel(const std::string &appPkgId, std::string &label)
-{
-    (void) appPkgId; // TODO use pkgId to generate label
-    label = "User";
-    return true;
-}
-
 static FileDecision labelAll(const FTSENT *ftsent __attribute__((unused)))
 {
     LogDebug("Entering function: " << __func__);
diff --git a/src/server/service/smack-rules.cpp b/src/server/service/smack-rules.cpp
index f8d4f09d..6281dc27 100644
--- a/src/server/service/smack-rules.cpp
+++ b/src/server/service/smack-rules.cpp
@@ -35,6 +35,7 @@
 #include <dpl/log/log.h>
 #include <tzplatform_config.h>
 
+#include <smack-common.h>
 #include "smack-labels.h"
 #include "smack-rules.h"