diff options
author | Zofia Abramowska <z.abramowska@samsung.com> | 2016-09-06 17:01:17 +0200 |
---|---|---|
committer | Zofia Abramowska <z.abramowska@samsung.com> | 2016-09-21 12:55:19 +0200 |
commit | cf910cbc21c0869c98dc99a1745c6de431d81331 (patch) | |
tree | 3d34cbabd334eab87083b044b530e9c3ba7bca69 | |
parent | 60bba3ef8e016d10c5bee4c90a47f481c6e25acc (diff) | |
download | security-manager-cf910cbc21c0869c98dc99a1745c6de431d81331.tar.gz security-manager-cf910cbc21c0869c98dc99a1745c6de431d81331.tar.bz2 security-manager-cf910cbc21c0869c98dc99a1745c6de431d81331.zip |
Fetch process label from service
Change-Id: I961de3bc1aff1a98f9062c881ca75f858319551f
-rw-r--r-- | src/client/client-common.cpp | 26 | ||||
-rw-r--r-- | src/client/client-label-monitor.cpp | 14 | ||||
-rw-r--r-- | src/client/client-security-manager.cpp | 8 | ||||
-rw-r--r-- | src/client/include/client-common.h | 7 | ||||
-rw-r--r-- | src/common/include/protocols.h | 1 | ||||
-rw-r--r-- | src/common/include/service_impl.h | 10 | ||||
-rw-r--r-- | src/common/service_impl.cpp | 9 | ||||
-rw-r--r-- | src/server/service/include/service.h | 8 | ||||
-rw-r--r-- | src/server/service/service.cpp | 14 |
9 files changed, 89 insertions, 8 deletions
diff --git a/src/client/client-common.cpp b/src/client/client-common.cpp index 72fb94d9..21836935 100644 --- a/src/client/client-common.cpp +++ b/src/client/client-common.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Rafal Krypa <r.krypa@samsung.com> * @@ -37,8 +37,8 @@ #include <dpl/singleton.h> #include <dpl/singleton_safe_impl.h> +#include <connection.h> #include <message-buffer.h> - #include <protocols.h> IMPLEMENT_SAFE_SINGLETON(SecurityManager::Log::LogSystem); @@ -67,6 +67,28 @@ int try_catch(const std::function<int()>& func) return SECURITY_MANAGER_ERROR_UNKNOWN; } +int fetchLabelForProcess(const std::string &appName, std::string &label) +{ + using namespace SecurityManager; + + MessageBuffer send, recv; + Serialization::Serialize(send, (int) SecurityModuleCall::LABEL_FOR_PROCESS, appName); + int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); + if (retval != SECURITY_MANAGER_SUCCESS) { + LogError("Error in sendToServer. Error code: " << retval); + return retval; + } + + Deserialization::Deserialize(recv, retval); + if (retval != SECURITY_MANAGER_SUCCESS) { + LogError("Couldn't get label for process: " << retval); + return retval; + } + Deserialization::Deserialize(recv, label); + return SECURITY_MANAGER_SUCCESS; +} + + } // namespace SecurityMANAGER static void init_lib(void) __attribute__ ((constructor)); diff --git a/src/client/client-label-monitor.cpp b/src/client/client-label-monitor.cpp index b52f655a..b5bb2c80 100644 --- a/src/client/client-label-monitor.cpp +++ b/src/client/client-label-monitor.cpp @@ -69,9 +69,17 @@ static lib_retcode apply_relabel_list(const std::string &global_label_file, PermissibleSet::readNamesFromPermissibleFile(global_label_file, names); PermissibleSet::readNamesFromPermissibleFile(user_label_file, names); std::vector<const char*> temp; - std::transform(names.begin(), names.end(), std::back_inserter(temp), - [] (std::string &label) {label = SmackLabels::generateProcessLabel(label); - return label.c_str();}); + // FIXME : monitor should store labels instead of app ids + for (auto &name : names) { + std::string label; + int ret = SecurityManager::fetchLabelForProcess(name, label); + if (ret != SECURITY_MANAGER_SUCCESS) { + LogError("Couldn't fetch label for process"); + return static_cast<lib_retcode>(ret); + } + name = label; + temp.push_back(name.c_str()); + } if (smack_set_relabel_self(const_cast<const char **>(temp.data()), temp.size()) != 0) { LogError("smack_set_relabel_self failed"); return SECURITY_MANAGER_ERROR_SET_RELABEL_SELF_FAILED; diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index 6cf0c351..5f30c203 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -387,7 +387,9 @@ int security_manager_set_process_label_from_appid(const char *app_name) return SECURITY_MANAGER_SUCCESS; try { - appLabel = SecurityManager::SmackLabels::generateProcessLabel(app_name); + ret = fetchLabelForProcess(app_name, appLabel); + if (ret != SECURITY_MANAGER_SUCCESS) + return ret; } catch (...) { LogError("Failed to generate smack label for appName: " << app_name); return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT; @@ -544,7 +546,9 @@ static inline int security_manager_sync_threads_internal(const char *app_name) uid_t cur_tid = gettid(); pid_t cur_pid = getpid(); - g_app_label = SecurityManager::SmackLabels::generateProcessLabel(app_name); + int ret = fetchLabelForProcess(app_name, g_app_label); + if (ret != SECURITY_MANAGER_SUCCESS) + return ret; g_threads_count = 0; g_tid_attr_current_map.clear(); g_smack_fs_path = smack_smackfs_path() != NULL; diff --git a/src/client/include/client-common.h b/src/client/include/client-common.h index b82f6a53..2d776494 100644 --- a/src/client/include/client-common.h +++ b/src/client/include/client-common.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Rafal Krypa <r.krypa@samsung.com> * @@ -39,6 +39,11 @@ namespace SecurityManager { */ int try_catch(const std::function<int()>& func); +/* + * Fetching label for application process. + */ +int fetchLabelForProcess(const std::string &appName, std::string &label); + } // namespace SecurityManager #endif // _SECURITY_MANAGER_CLIENT_ diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h index a8eb4afb..0e2ab973 100644 --- a/src/common/include/protocols.h +++ b/src/common/include/protocols.h @@ -87,6 +87,7 @@ enum class SecurityModuleCall APP_HAS_PRIVILEGE, PATHS_REGISTER, GROUPS_FOR_UID, + LABEL_FOR_PROCESS, NOOP = 0x90, }; diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h index 658c60b1..efabf9f9 100644 --- a/src/common/include/service_impl.h +++ b/src/common/include/service_impl.h @@ -274,6 +274,16 @@ public: * @return API return code, as defined in protocols.h */ int pathsRegister(const Credentials &creds, path_req p_req); + + /** + * Generate label for process. + * + * @param[in] appName application identifier + * @param[out] label generated label + * + * @return API return code, as defined in protocols.h + */ + int labelForProcess(const std::string &appName, std::string &label); }; } /* namespace SecurityManager */ diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index 188cde50..ef6cb038 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -1600,4 +1600,13 @@ int ServiceImpl::pathsRegister(const Credentials &creds, path_req req) req.uid); } +int ServiceImpl::labelForProcess(const std::string &appName, std::string &label) +{ + LogDebug("Requested label generation for process of application " << appName); + + label = SmackLabels::generateProcessLabel(appName); + + return SECURITY_MANAGER_SUCCESS; +} + } /* namespace SecurityManager */ diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h index 8330f5b5..1c91c923 100644 --- a/src/server/service/include/service.h +++ b/src/server/service/include/service.h @@ -187,6 +187,14 @@ private: * @param creds credentials of the requesting process */ void processPathsRegister(MessageBuffer &recv, MessageBuffer &send, const Credentials &creds); + + /** + * Generate process label request + * + * @param recv Raw received data buffer + * @param send Raw data buffer to be sent + */ + void processLabelForProcess(MessageBuffer &buffer, MessageBuffer &send); }; } // namespace SecurityManager diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index 5e57f7a0..ef85d8e2 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -144,6 +144,9 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, case SecurityModuleCall::PATHS_REGISTER: processPathsRegister(buffer, send, creds); break; + case SecurityModuleCall::LABEL_FOR_PROCESS: + processLabelForProcess(buffer, send); + break; default: LogError("Invalid call: " << call_type_int); Throw(ServiceException::InvalidAction); @@ -392,4 +395,15 @@ void Service::processPathsRegister(MessageBuffer &recv, MessageBuffer &send, con int ret = serviceImpl.pathsRegister(creds, std::move(req)); Serialization::Serialize(send, ret); } + +void Service::processLabelForProcess(MessageBuffer &buffer, MessageBuffer &send) +{ + std::string appName; + Deserialization::Deserialize(buffer, appName); + std::string label; + int ret = serviceImpl.labelForProcess(appName, label); + Serialization::Serialize(send, ret); + if (ret == SECURITY_MANAGER_SUCCESS) + Serialization::Serialize(send, label); +} } // namespace SecurityManager |