diff options
| author | Rafal Krypa <r.krypa@samsung.com> | 2016-01-14 16:48:19 +0100 |
|---|---|---|
| committer | Tomasz Swierczek <t.swierczek@samsung.com> | 2016-06-16 05:16:37 -0700 |
| commit | b1e0fb389d0a8c2230985b3ea7aab7d363a7e403 (patch) | |
| tree | 1688407a4a836ee0bf16fab93b38b72c6f415109 /src/client/include/check-proper-drop.h | |
| parent | 6eef187ab9b81e83744e96bedc9c667598e588f6 (diff) | |
| download | security-manager-b1e0fb389d0a8c2230985b3ea7aab7d363a7e403.tar.gz security-manager-b1e0fb389d0a8c2230985b3ea7aab7d363a7e403.tar.bz2 security-manager-b1e0fb389d0a8c2230985b3ea7aab7d363a7e403.zip | |
Add check if privileges were properly dropped
Check if every thread in process has same stats as thread
calling security_manager_prepare_app() and exit from process
if they do not.
Change-Id: I008c2b8e442edb6a5f9f1d74bf13f95465b6bdca
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Diffstat (limited to 'src/client/include/check-proper-drop.h')
| -rw-r--r-- | src/client/include/check-proper-drop.h | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/src/client/include/check-proper-drop.h b/src/client/include/check-proper-drop.h new file mode 100644 index 00000000..ad1df5b5 --- /dev/null +++ b/src/client/include/check-proper-drop.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Rafal Krypa <r.krypa@samsung.com> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file check-proper-drop.h + * @author Rafal Krypa <r.krypa@samsung.com> + * @version 1.0 + * @brief Definition of proper privilege dropping check utilities + */ + +#ifndef SECURITY_MANAGER_CHECK_PROPER_DROP_ +#define SECURITY_MANAGER_CHECK_PROPER_DROP_ + +#include <dpl/exception.h> + +#include <unistd.h> +#include <proc/readproc.h> + +#include <vector> + +namespace SecurityManager { + +class CheckProperDrop { +public: + class Exception { + public: + DECLARE_EXCEPTION_TYPE(SecurityManager::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, ProcError) + DECLARE_EXCEPTION_TYPE(Base, CapError) + }; + + ~CheckProperDrop(); + CheckProperDrop(pid_t pid = getpid()) : m_pid(pid) {}; + + /** + * Fetch credentials of the process and all its threads. + * Must be called before checkThreads(). + */ + void getThreads(); + + /** + * Check whether all threads of the process has properly aligned + * credentials: + * - uids + * - gids + * - capabilities + * - Smack labels + * + * It will terminate the calling process if any thread has different + * value than the other threads. This prevents security risks associated + * with improperly dropped privileges during application launch. + */ + bool checkThreads(); + +private: + pid_t m_pid; + proc_t *m_proc = nullptr; + std::vector<proc_t*> m_threads; +}; + +} // namespace SecurityManager +#endif /* SECURITY_MANAGER_CHECK_PROPER_DROP_H_ */ |