diff options
author | Tomasz Swierczek <t.swierczek@samsung.com> | 2022-03-30 13:40:54 +0200 |
---|---|---|
committer | Konrad Lipinski <k.lipinski2@samsung.com> | 2022-07-15 10:29:12 +0200 |
commit | 4a9f132ae366297585596e6af3a03ce6fb789696 (patch) | |
tree | a9e11987bbd059a37d9a3180f7a377eb8a913e39 | |
parent | 2cdc1596fc1d71b19edc5be1293912f9b7e808f4 (diff) | |
download | security-manager-4a9f132ae366297585596e6af3a03ce6fb789696.tar.gz security-manager-4a9f132ae366297585596e6af3a03ce6fb789696.tar.bz2 security-manager-4a9f132ae366297585596e6af3a03ce6fb789696.zip |
Basic integration with sessiond
Allow ~/subsession/$light_username/apps_rw/$pkgName as legal package
directories as needed by the lightweight multiuser feature.
New paths are in force ONLY for local app installation
(for SM_APP_INSTALL_LOCAL install type in security-manager's API).
Lacks bind-mounting per-user relevant datadirs (separation of user
data). This is supposed to be added at later stage.
Change-Id: Ia042e608781c139651578475c94d4283ddf70a47
-rw-r--r-- | packaging/security-manager.spec | 1 | ||||
-rw-r--r-- | src/common/CMakeLists.txt | 3 | ||||
-rw-r--r-- | src/common/include/utils.h | 8 | ||||
-rw-r--r-- | src/common/service_impl_utils.cpp | 23 | ||||
-rw-r--r-- | test/CMakeLists.txt | 3 | ||||
-rw-r--r-- | test/test_misc.cpp | 16 |
6 files changed, 48 insertions, 6 deletions
diff --git a/packaging/security-manager.spec b/packaging/security-manager.spec index de4f4535..5f3951d6 100644 --- a/packaging/security-manager.spec +++ b/packaging/security-manager.spec @@ -41,6 +41,7 @@ BuildRequires: pkgconfig(security-privilege-manager) BuildRequires: pkgconfig(openssl1.1) BuildRequires: pkgconfig(mount) BuildRequires: boost-devel +BuildRequires: pkgconfig(libsessiond) %if "%{build_type}" == "COVERAGE" BuildRequires: lcov %endif diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt index 194f27f9..ac1b2ff6 100644 --- a/src/common/CMakeLists.txt +++ b/src/common/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved. +# Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved. # # This file is licensed under the terms of MIT License or the Apache License # Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -25,6 +25,7 @@ SET(COMMON_VERSION ${COMMON_VERSION_MAJOR}.0.2) PKG_CHECK_MODULES(COMMON_DEP REQUIRED libcap + libsessiond libsystemd libsmack sqlite3 diff --git a/src/common/include/utils.h b/src/common/include/utils.h index 13418073..099a9fdd 100644 --- a/src/common/include/utils.h +++ b/src/common/include/utils.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2021 Samsung Electronics Co., Ltd. All rights reserved + * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -94,7 +94,6 @@ std::unique_ptr<T> makeUnique(size_t size) return std::unique_ptr<T>(new typename std::remove_extent<T>::type[size]); } - template <typename T> static void vectorRemoveDuplicates(std::vector<T> &vec) { @@ -102,6 +101,11 @@ static void vectorRemoveDuplicates(std::vector<T> &vec) vec.erase(std::unique(vec.begin(), vec.end()), vec.end()); } +template <size_t N> +auto possiblyUnterminatedArrayToString(const char (&array)[N]) { + return std::string(array, strnlen(array, N)); +} + } /* namespace SecurityManager */ template <class...T> diff --git a/src/common/service_impl_utils.cpp b/src/common/service_impl_utils.cpp index aed8567f..967a909c 100644 --- a/src/common/service_impl_utils.cpp +++ b/src/common/service_impl_utils.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2019-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -31,6 +31,7 @@ #include <dpl/errno_string.h> #include "config.h" +#include "sessiond.h" #include "tzplatform-config.h" #include "utils.h" @@ -179,6 +180,26 @@ int getLegalPkgBaseDirs(const uid_t &uid, legalPkgDirs.push_back(std::move(sharedROPath)); } + if (SM_APP_INSTALL_LOCAL == installType) { + subsession_user_t *userList = nullptr; + int userCount; + + if (SUBSESSION_ERROR_NONE != subsession_get_user_list(uid, &userList, &userCount)) { + LogError("Can't determine list of users for session"); + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + const auto userListGuard = makeUnique(userList, free); + const auto allowedLocalPath = homePath + "subsession/"; + + for (int i = 0; i < userCount; i++) { + std::string newPath = allowedLocalPath + + possiblyUnterminatedArrayToString(userList[i]) + "/apps_rw/" + pkgName; + LogDebug("Adding new allowed path: " << newPath); + legalPkgDirs.emplace_back(std::move(newPath)); + } + } + return SECURITY_MANAGER_SUCCESS; } diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 75e85c96..11e79554 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved. +# Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved. # # This file is licensed under the terms of MIT License or the Apache License # Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -21,6 +21,7 @@ PKG_CHECK_MODULES(COMMON_DEP REQUIRED libtzplatform-config + libsessiond libsystemd libsmack sqlite3 diff --git a/test/test_misc.cpp b/test/test_misc.cpp index a511463b..80716a0f 100644 --- a/test/test_misc.cpp +++ b/test/test_misc.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2020-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -172,4 +172,18 @@ POSITIVE_TEST_CASE(T292_exception_class) BOOST_REQUIRE_NO_THROW(Exception::DisplayUnknownException()); } +POSITIVE_TEST_CASE(T293_possiblyUnterminatedArrayToString) +{ + char a[] = {'k', 'o', 't', 'a'}; + BOOST_REQUIRE_EQUAL("kota", possiblyUnterminatedArrayToString(a)); + a[3] = '\0'; + BOOST_REQUIRE_EQUAL("kot", possiblyUnterminatedArrayToString(a)); + a[2] = '\0'; + BOOST_REQUIRE_EQUAL("ko", possiblyUnterminatedArrayToString(a)); + a[1] = '\0'; + BOOST_REQUIRE_EQUAL("k", possiblyUnterminatedArrayToString(a)); + a[0] = '\0'; + BOOST_REQUIRE_EQUAL("", possiblyUnterminatedArrayToString(a)); +} + BOOST_AUTO_TEST_SUITE_END() |