diff options
author | José Bollo <jose.bollo@open.eurogiciel.org> | 2014-09-03 13:26:58 +0200 |
---|---|---|
committer | Rafal Krypa <r.krypa@samsung.com> | 2014-10-27 14:55:06 +0100 |
commit | b1d66a4eb6044bfd17a551c801e56604a2a654df (patch) | |
tree | cd4fdfde303a79b0dee1cd85afc8bddb7c75e7f6 | |
parent | 78096a5c5be875ec3e737553b6b0ffb422d3fb6b (diff) | |
download | security-manager-b1d66a4eb6044bfd17a551c801e56604a2a654df.tar.gz security-manager-b1d66a4eb6044bfd17a551c801e56604a2a654df.tar.bz2 security-manager-b1d66a4eb6044bfd17a551c801e56604a2a654df.zip |
Removal of xattr "security.TIZEN_EXEC_LABEL"
This attribute is a duplication of the SMACKEXEC
mechanism for the links. This duplication is
complicating the security mechanisms that have
to remain simple to be applied and supported
efficiently. The SMACKEXEC mechanism is the only
required mechanism. For the other uses, the function
security_manager_set_process_label_from_appid is
enough.
Change-Id: Ic831547a318942af5603a3609b87f52577109479
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
-rw-r--r-- | src/client/client-common.cpp | 38 | ||||
-rw-r--r-- | src/client/client-security-manager.cpp | 28 | ||||
-rw-r--r-- | src/client/include/client-common.h | 18 | ||||
-rw-r--r-- | src/common/include/smack-common.h | 3 | ||||
-rw-r--r-- | src/include/security-manager.h | 9 | ||||
-rw-r--r-- | src/server/service/smack-labels.cpp | 36 |
6 files changed, 0 insertions, 132 deletions
diff --git a/src/client/client-common.cpp b/src/client/client-common.cpp index a58f7b31..97176e55 100644 --- a/src/client/client-common.cpp +++ b/src/client/client-common.cpp @@ -172,44 +172,6 @@ private: namespace SecurityManager { -int getSmackLabelFromBinary(char **smackLabel, const char *path) -{ - int ret; - struct LabelInfo { - const char *xattr; - int followSymlinks; - }; - const LabelInfo labels[] = { - { XATTR_NAME_SMACKEXEC, 1 }, - { XATTR_NAME_TIZENEXEC, 1 }, - { XATTR_NAME_TIZENEXEC, 0 } - }; - - LogDebug("Entering function: " << __func__ << ". Params: smackLabel=" << smackLabel << - " path=" << path); - - if (smackLabel == NULL) { - LogError("getSmackLabelFromBinary: smackLabel is NULL"); - return SECURITY_MANAGER_API_ERROR_INPUT_PARAM; - } - - if (path == NULL) { - LogError("getSmackLabelFromBinary: path is NULL"); - return SECURITY_MANAGER_API_ERROR_INPUT_PARAM; - } - - for (const auto &l : labels) { - ret = smack_new_label_from_path(path, l.xattr, l.followSymlinks, smackLabel); - if (ret > 0) { - return SECURITY_MANAGER_API_SUCCESS; - } - } - - LogError("Getting exec label from " << path << " failed"); - return SECURITY_MANAGER_API_ERROR_GETTING_FILE_LABEL_FAILED; -} - - int sendToServer(char const * const interface, const RawBuffer &send, MessageBuffer &recv) { int ret; SockRAII sock; diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index 6f3ca71a..51130b65 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -305,34 +305,6 @@ static bool setup_smack(const char *label) } SECURITY_MANAGER_API -int security_manager_set_process_label_from_binary(const char *path) -{ - char *smack_label; - int ret; - - LogDebug("security_manager_set_process_label_from_binary() called"); - - if (smack_smackfs_path() == NULL) - return SECURITY_MANAGER_SUCCESS; - - if (path == NULL) { - LogError("security_manager_set_process_label_from_binary: path is NULL"); - return SECURITY_MANAGER_ERROR_INPUT_PARAM; - } - - ret = SecurityManager::getSmackLabelFromBinary(&smack_label, path); - if (ret == SECURITY_MANAGER_SUCCESS && smack_label != NULL) { - ret = setup_smack(smack_label); - if (ret != SECURITY_MANAGER_SUCCESS) { - LogError("Failed to set smack label " << smack_label << " for current process"); - } - free(smack_label); - } - - return ret; -} - -SECURITY_MANAGER_API int security_manager_set_process_label_from_appid(const char *app_id) { char *pkg_id; diff --git a/src/client/include/client-common.h b/src/client/include/client-common.h index 2b07d77c..c7d18a4b 100644 --- a/src/client/include/client-common.h +++ b/src/client/include/client-common.h @@ -60,24 +60,6 @@ int sendToManagerAncData(char const * const interface, const RawBuffer &send, st */ int try_catch(const std::function<int()>& func); -/** - * Get SMACK label from EXEC labels of a file. - * - * Function attempts to get xattrs from given file in following order - * 1) XATTR_NAME_SMACKEXEC - * 2) XATTR_NAME_TIZENEXEC - * 3) XATTR_NAME_TIZENEXEC (read from symlink, not the file it points to) - * - * If neither of above exists, error is returned. - * - * SMACK label should be freed by caller using free() function. - * - * @param[out] smackLabel pointer that will hold label read from given file - * @param[in] path file path to take label from - * @return SECURITY_MANAGER_API_SUCCESS on success, error code otherwise - */ -int getSmackLabelFromBinary(char **smackLabel, const char *path); - } // namespace SecurityManager #endif // _SECURITY_MANAGER_CLIENT_ diff --git a/src/common/include/smack-common.h b/src/common/include/smack-common.h index 178b16b4..68107649 100644 --- a/src/common/include/smack-common.h +++ b/src/common/include/smack-common.h @@ -29,9 +29,6 @@ #include <linux/xattr.h> namespace SecurityManager { - /* Const defined below is used to label links to executables */ - const char *const XATTR_NAME_TIZENEXEC = XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL"; - /** * Generates label for application with package identifier * read from @ref pkgId and assigns it to @ref label. diff --git a/src/include/security-manager.h b/src/include/security-manager.h index ab34905b..9c54d469 100644 --- a/src/include/security-manager.h +++ b/src/include/security-manager.h @@ -149,15 +149,6 @@ int security_manager_app_uninstall(const app_inst_req *p_req); int security_manager_get_app_pkgid(char **pkg_id, const char *app_id); /** - * Extract smack label from a given binary and set it for - * currently running process - * - * \param[in] Path to binary - * \return API return code or error code - */ -int security_manager_set_process_label_from_binary(const char *path); - -/** * Compute smack label for given application id and set it for * currently running process * diff --git a/src/server/service/smack-labels.cpp b/src/server/service/smack-labels.cpp index ff447ebf..45bab516 100644 --- a/src/server/service/smack-labels.cpp +++ b/src/server/service/smack-labels.cpp @@ -74,34 +74,6 @@ static FileDecision labelExecs(const FTSENT *ftsent) return FileDecision::SKIP; } -static FileDecision labelLinksToExecs(const FTSENT *ftsent) -{ - struct stat buf; - - // check if it's a link - if ( !S_ISLNK(ftsent->fts_statp->st_mode)) - return FileDecision::SKIP; - - std::unique_ptr<char, std::function<void(void*)>> target(realpath(ftsent->fts_path, NULL), free); - - if (!target.get()) { - LogError("Getting link target for " << ftsent->fts_path << " failed (Error = " << strerror(errno) << ")"); - return FileDecision::ERROR; - } - - if (-1 == stat(target.get(), &buf)) { - LogError("stat failed for " << target.get() << " (Error = " << strerror(errno) << ")"); - return FileDecision::ERROR; - } - // skip if link target is not a regular executable file - if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) { - // LogDebug(target.get() << "is not a regular executable file. Skipping."); - return FileDecision::SKIP; - } - - return FileDecision::LABEL; -} - static bool dirSetSmack(const std::string &path, const std::string &label, const char *xattr_name, LabelDecisionFn fn) { @@ -181,14 +153,6 @@ static bool labelDir(const std::string &path, const std::string &label, LogError("dirSetSmack failed (execs)."); return ret; } - - //setting execute label for everything with permission to execute - ret = dirSetSmack(path, label, XATTR_NAME_TIZENEXEC, &labelLinksToExecs); - if (!ret) - { - LogError("dirSetSmack failed (link to execs)."); - return ret; - } } return ret; |