Fetch process label from service

Change-Id: I961de3bc1aff1a98f9062c881ca75f858319551f
author: Zofia Abramowska <z.abramowska@samsung.com> 2016-09-06 17:01:17 +0200
committer: Zofia Abramowska <z.abramowska@samsung.com> 2016-09-21 12:55:19 +0200
commit: cf910cbc21c0869c98dc99a1745c6de431d81331 (patch)
tree: 3d34cbabd334eab87083b044b530e9c3ba7bca69
parent: 60bba3ef8e016d10c5bee4c90a47f481c6e25acc (diff)
download: security-manager-cf910cbc21c0869c98dc99a1745c6de431d81331.tar.gz
security-manager-cf910cbc21c0869c98dc99a1745c6de431d81331.tar.bz2
security-manager-cf910cbc21c0869c98dc99a1745c6de431d81331.zip
9 files changed, 89 insertions, 8 deletions
diff --git a/src/client/client-common.cpp b/src/client/client-common.cpp
index 72fb94d9..21836935 100644
--- a/src/client/client-common.cpp
+++ b/src/client/client-common.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2000 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Contact: Rafal Krypa <r.krypa@samsung.com>
  *
@@ -37,8 +37,8 @@
 #include <dpl/singleton.h>
 #include <dpl/singleton_safe_impl.h>
 
+#include <connection.h>
 #include <message-buffer.h>
-
 #include <protocols.h>
 
 IMPLEMENT_SAFE_SINGLETON(SecurityManager::Log::LogSystem);
@@ -67,6 +67,28 @@ int try_catch(const std::function<int()>& func)
     return SECURITY_MANAGER_ERROR_UNKNOWN;
 }
 
+int fetchLabelForProcess(const std::string &appName, std::string &label)
+{
+    using namespace SecurityManager;
+
+    MessageBuffer send, recv;
+    Serialization::Serialize(send, (int) SecurityModuleCall::LABEL_FOR_PROCESS, appName);
+    int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+    if (retval != SECURITY_MANAGER_SUCCESS) {
+        LogError("Error in sendToServer. Error code: " << retval);
+        return retval;
+    }
+
+    Deserialization::Deserialize(recv, retval);
+    if (retval != SECURITY_MANAGER_SUCCESS) {
+        LogError("Couldn't get label for process: " << retval);
+        return retval;
+    }
+    Deserialization::Deserialize(recv, label);
+    return SECURITY_MANAGER_SUCCESS;
+}
+
+
 } // namespace SecurityMANAGER
 
 static void init_lib(void) __attribute__ ((constructor));
diff --git a/src/client/client-label-monitor.cpp b/src/client/client-label-monitor.cpp
index b52f655a..b5bb2c80 100644
--- a/src/client/client-label-monitor.cpp
+++ b/src/client/client-label-monitor.cpp
@@ -69,9 +69,17 @@ static lib_retcode apply_relabel_list(const std::string &global_label_file,
         PermissibleSet::readNamesFromPermissibleFile(global_label_file, names);
         PermissibleSet::readNamesFromPermissibleFile(user_label_file, names);
         std::vector<const char*> temp;
-        std::transform(names.begin(), names.end(), std::back_inserter(temp),
-                [] (std::string &label) {label = SmackLabels::generateProcessLabel(label);
-                    return label.c_str();});
+        // FIXME : monitor should store labels instead of app ids
+        for (auto &name : names) {
+            std::string label;
+            int ret = SecurityManager::fetchLabelForProcess(name, label);
+            if (ret != SECURITY_MANAGER_SUCCESS) {
+                LogError("Couldn't fetch label for process");
+                return static_cast<lib_retcode>(ret);
+            }
+            name = label;
+            temp.push_back(name.c_str());
+        }
         if (smack_set_relabel_self(const_cast<const char **>(temp.data()), temp.size()) != 0) {
             LogError("smack_set_relabel_self failed");
             return SECURITY_MANAGER_ERROR_SET_RELABEL_SELF_FAILED;
diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index 6cf0c351..5f30c203 100644
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -387,7 +387,9 @@ int security_manager_set_process_label_from_appid(const char *app_name)
         return SECURITY_MANAGER_SUCCESS;
 
     try {
-        appLabel = SecurityManager::SmackLabels::generateProcessLabel(app_name);
+        ret = fetchLabelForProcess(app_name, appLabel);
+        if (ret != SECURITY_MANAGER_SUCCESS)
+            return ret;
     } catch (...) {
         LogError("Failed to generate smack label for appName: " << app_name);
         return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT;
@@ -544,7 +546,9 @@ static inline int security_manager_sync_threads_internal(const char *app_name)
     uid_t cur_tid = gettid();
     pid_t cur_pid = getpid();
 
-    g_app_label = SecurityManager::SmackLabels::generateProcessLabel(app_name);
+    int ret = fetchLabelForProcess(app_name, g_app_label);
+    if (ret != SECURITY_MANAGER_SUCCESS)
+        return ret;
     g_threads_count = 0;
     g_tid_attr_current_map.clear();
     g_smack_fs_path = smack_smackfs_path() != NULL;
diff --git a/src/client/include/client-common.h b/src/client/include/client-common.h
index b82f6a53..2d776494 100644
--- a/src/client/include/client-common.h
+++ b/src/client/include/client-common.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2000 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Contact: Rafal Krypa <r.krypa@samsung.com>
  *
@@ -39,6 +39,11 @@ namespace SecurityManager {
  */
 int try_catch(const std::function<int()>& func);
 
+/*
+ * Fetching label for application process.
+ */
+int fetchLabelForProcess(const std::string &appName, std::string &label);
+
 } // namespace SecurityManager
 
 #endif // _SECURITY_MANAGER_CLIENT_
diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h
index a8eb4afb..0e2ab973 100644
--- a/src/common/include/protocols.h
+++ b/src/common/include/protocols.h
@@ -87,6 +87,7 @@ enum class SecurityModuleCall
     APP_HAS_PRIVILEGE,
     PATHS_REGISTER,
     GROUPS_FOR_UID,
+    LABEL_FOR_PROCESS,
     NOOP = 0x90,
 };
 
diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index 658c60b1..efabf9f9 100644
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -274,6 +274,16 @@ public:
      * @return API return code, as defined in protocols.h
      */
     int pathsRegister(const Credentials &creds, path_req p_req);
+
+    /**
+     * Generate label for process.
+     *
+     * @param[in] appName application identifier
+     * @param[out] label generated label
+     *
+     * @return API return code, as defined in protocols.h
+     */
+    int labelForProcess(const std::string &appName, std::string &label);
 };
 
 } /* namespace SecurityManager */
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 188cde50..ef6cb038 100644
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -1600,4 +1600,13 @@ int ServiceImpl::pathsRegister(const Credentials &creds, path_req req)
                       req.uid);
 }
 
+int ServiceImpl::labelForProcess(const std::string &appName, std::string &label)
+{
+    LogDebug("Requested label generation for process of application " << appName);
+
+    label = SmackLabels::generateProcessLabel(appName);
+
+    return SECURITY_MANAGER_SUCCESS;
+}
+
 } /* namespace SecurityManager */
diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h
index 8330f5b5..1c91c923 100644
--- a/src/server/service/include/service.h
+++ b/src/server/service/include/service.h
@@ -187,6 +187,14 @@ private:
      * @param  creds  credentials of the requesting process
      */
     void processPathsRegister(MessageBuffer &recv, MessageBuffer &send, const Credentials &creds);
+
+    /**
+     * Generate process label request
+     *
+     * @param  recv   Raw received data buffer
+     * @param  send   Raw data buffer to be sent
+     */
+    void processLabelForProcess(MessageBuffer &buffer, MessageBuffer &send);
 };
 
 } // namespace SecurityManager
diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp
index 5e57f7a0..ef85d8e2 100644
--- a/src/server/service/service.cpp
+++ b/src/server/service/service.cpp
@@ -144,6 +144,9 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer,
                 case SecurityModuleCall::PATHS_REGISTER:
                     processPathsRegister(buffer, send, creds);
                     break;
+                case SecurityModuleCall::LABEL_FOR_PROCESS:
+                    processLabelForProcess(buffer, send);
+                    break;
                 default:
                     LogError("Invalid call: " << call_type_int);
                     Throw(ServiceException::InvalidAction);
@@ -392,4 +395,15 @@ void Service::processPathsRegister(MessageBuffer &recv, MessageBuffer &send, con
     int ret = serviceImpl.pathsRegister(creds, std::move(req));
     Serialization::Serialize(send, ret);
 }
+
+void Service::processLabelForProcess(MessageBuffer &buffer, MessageBuffer &send)
+{
+    std::string appName;
+    Deserialization::Deserialize(buffer, appName);
+    std::string label;
+    int ret = serviceImpl.labelForProcess(appName, label);
+    Serialization::Serialize(send, ret);
+    if (ret == SECURITY_MANAGER_SUCCESS)
+        Serialization::Serialize(send, label);
+}
 } // namespace SecurityManager
author	Zofia Abramowska <z.abramowska@samsung.com>	2016-09-06 17:01:17 +0200
committer	Zofia Abramowska <z.abramowska@samsung.com>	2016-09-21 12:55:19 +0200
commit	cf910cbc21c0869c98dc99a1745c6de431d81331 (patch)
tree	3d34cbabd334eab87083b044b530e9c3ba7bca69
parent	60bba3ef8e016d10c5bee4c90a47f481c6e25acc (diff)
download	security-manager-cf910cbc21c0869c98dc99a1745c6de431d81331.tar.gz security-manager-cf910cbc21c0869c98dc99a1745c6de431d81331.tar.bz2 security-manager-cf910cbc21c0869c98dc99a1745c6de431d81331.zip