diff options
| author | Bartlomiej Grzelewski <b.grzelewski@samsung.com> | 2016-06-13 12:05:46 +0200 |
|---|---|---|
| committer | Gerrit Code Review <gerrit@review.vlan103.tizen.org> | 2016-11-24 09:10:46 -0800 |
| commit | 082a1731302c5e161e5d52eace72cfe46e7794ea (patch) | |
| tree | 7bd066f35252a2002db84903724a996f5f4f64b6 | |
| parent | 4ab0422b6019eeb811f45943d3f518566bbe67d2 (diff) | |
| download | security-manager-082a1731302c5e161e5d52eace72cfe46e7794ea.tar.gz security-manager-082a1731302c5e161e5d52eace72cfe46e7794ea.tar.bz2 security-manager-082a1731302c5e161e5d52eace72cfe46e7794ea.zip | |
Modify SmackLabels module
Added:
* getSmackLabelFromFd - extracts smack label from file descriptor
* setSmackLabelForFd - sets smack label for file connected with fd
Modify:
* pathSetSmack - use libsmack instead of lsetxattr
Change-Id: Ia5ceda42afc98dde0c8b7db2c0d0a0827efc4fa2
| -rw-r--r-- | src/common/include/smack-labels.h | 16 | ||||
| -rw-r--r-- | src/common/permissible-set.cpp | 4 | ||||
| -rw-r--r-- | src/common/service_impl.cpp | 4 | ||||
| -rw-r--r-- | src/common/smack-labels.cpp | 20 |
4 files changed, 38 insertions, 6 deletions
diff --git a/src/common/include/smack-labels.h b/src/common/include/smack-labels.h index 8c67e092..17bce2d4 100644 --- a/src/common/include/smack-labels.h +++ b/src/common/include/smack-labels.h @@ -152,6 +152,14 @@ std::string getSmackLabelFromPid(pid_t pid); std::string getSmackLabelFromPath(const std::string &path); /** + * Returns smack label for given file descriptor + * + * @param[in] fd file descriptor + * @return resulting Smack label + */ +std::string getSmackLabelFromFd(int fd); + +/** * Returns smack label for current process * * @param[in] sock socket file descriptor @@ -159,5 +167,13 @@ std::string getSmackLabelFromPath(const std::string &path); */ std::string getSmackLabelFromSelf(void); +/** + * Set up smack label for given file descriptor + * + * @param[in] fd file descriptor + * @param[in] label new smack label for file + */ +void setSmackLabelForFd(int fd, const std::string &label); + } // namespace SmackLabels } // namespace SecurityManager diff --git a/src/common/permissible-set.cpp b/src/common/permissible-set.cpp index 96ef8832..570dd22c 100644 --- a/src/common/permissible-set.cpp +++ b/src/common/permissible-set.cpp @@ -157,9 +157,7 @@ void initializeUserPermissibleFile(uid_t uid) std::ofstream fstream; openAndLockNameFile(nameFile, fstream); - if (smack_set_label_for_file(getFd(fstream), XATTR_NAME_SMACK, "_") != 0) - ThrowMsg(PermissibleSetException::FileInitError, - "Unable to set Smack label for user permissible file"); + SmackLabels::setSmackLabelForFd(getFd(fstream), "_"); markPermissibleFileValid(getFd(fstream), nameFile, true); } diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index a0d0cec3..a8ac5896 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -48,6 +48,7 @@ #include "privilege_db.h" #include "cynara.h" #include "permissible-set.h" +#include "smack-exceptions.h" #include "smack-rules.h" #include "smack-labels.h" #include "security-manager.h" @@ -861,6 +862,9 @@ int ServiceImpl::userAdd(const Credentials &creds, uid_t uidAdded, int userType) } catch (const PermissibleSet::PermissibleSetException::FileInitError &e) { LogError("Error while adding user: " << e.DumpToString()); return SECURITY_MANAGER_ERROR_SETTING_FILE_LABEL_FAILED; + } catch (const SmackException::FileError &e) { + LogError("Error while adding user: " << e.DumpToString()); + return SECURITY_MANAGER_ERROR_SETTING_FILE_LABEL_FAILED; } catch (const std::exception &e) { LogError("Memory allocation error while adding user: " << e.what()); return SECURITY_MANAGER_ERROR_SERVER_ERROR; diff --git a/src/common/smack-labels.cpp b/src/common/smack-labels.cpp index 4c5af0b9..8bfd4534 100644 --- a/src/common/smack-labels.cpp +++ b/src/common/smack-labels.cpp @@ -75,9 +75,10 @@ static bool labelExecs(const FTSENT *ftsent) static inline void pathSetSmack(const char *path, const std::string &label, const char *xattr_name) { - if (lsetxattr(path, xattr_name, label.c_str(), label.length(), 0)) { - LogError("lsetxattr failed."); - ThrowMsg(SmackException::FileError, "lsetxattr failed."); + if (smack_set_label_for_path(path, xattr_name, 0, label.c_str())) { + LogError("smack_set_label_for_path failed. Path: " << path << " Label:" << label); + ThrowMsg(SmackException::FileError, + "smack_set_label_for_path failed failed. Path: " << path << " Label: " << label); } } @@ -287,6 +288,11 @@ std::string getSmackLabelFromPath(const std::string &path) return getSmackLabel(&smack_new_label_from_path, path.c_str(), XATTR_NAME_SMACK, true); } +std::string getSmackLabelFromFd(int fd) +{ + return getSmackLabel(&smack_new_label_from_file, fd, XATTR_NAME_SMACK); +} + std::string getSmackLabelFromSelf(void) { return getSmackLabel(&smack_new_label_from_self); @@ -307,5 +313,13 @@ std::string generatePathTrustedLabel(const int authorId) return "User::Author::" + std::to_string(authorId); } +void setSmackLabelForFd(int fd, const std::string &label) +{ + if (smack_set_label_for_file(fd, XATTR_NAME_SMACK, label.c_str())) { + LogError("smack_set_label_for_file failed."); + ThrowMsg(SmackException::FileError, "smack_set_label_for_file failed."); + } +} + } // namespace SmackLabels } // namespace SecurityManager |