From eb3625009f2c5ed45c4eda13ce712b599843b782 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Thu, 4 Feb 2016 16:38:37 +0100 Subject: Remove master and slave mode. Change-Id: Ia02b2ba10deef665eea203a0147cce301d46db8c --- src/server/CMakeLists.txt | 4 - src/server/main/server-main.cpp | 80 +---- src/server/service/include/master-service.h | 160 ---------- src/server/service/include/service.h | 3 +- src/server/service/master-service.cpp | 464 ---------------------------- src/server/service/service.cpp | 71 ++--- 6 files changed, 32 insertions(+), 750 deletions(-) delete mode 100644 src/server/service/include/master-service.h delete mode 100644 src/server/service/master-service.cpp (limited to 'src/server') diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt index 97eaaaaf..f2d09573 100644 --- a/src/server/CMakeLists.txt +++ b/src/server/CMakeLists.txt @@ -4,12 +4,10 @@ PKG_CHECK_MODULES(SERVER_DEP cynara-client ) -FIND_PACKAGE(Boost REQUIRED COMPONENTS program_options) FIND_PACKAGE(Threads REQUIRED) INCLUDE_DIRECTORIES(SYSTEM ${SERVER_DEP_INCLUDE_DIRS} - ${Boost_INCLUDE_DIRS} ${Threads_INCLUDE_DIRS} ) @@ -29,7 +27,6 @@ SET(SERVER_SOURCES ${SERVER_PATH}/main/server-main.cpp ${SERVER_PATH}/service/base-service.cpp ${SERVER_PATH}/service/service.cpp - ${SERVER_PATH}/service/master-service.cpp ) ADD_EXECUTABLE(${TARGET_SERVER} ${SERVER_SOURCES}) @@ -42,7 +39,6 @@ TARGET_LINK_LIBRARIES(${TARGET_SERVER} ${TARGET_COMMON} ${CMAKE_THREAD_LIBS_INIT} ${SERVER_DEP_LIBRARIES} - ${Boost_LIBRARIES} "-pie" ) diff --git a/src/server/main/server-main.cpp b/src/server/main/server-main.cpp index f8e1f713..d80f39ea 100644 --- a/src/server/main/server-main.cpp +++ b/src/server/main/server-main.cpp @@ -28,30 +28,25 @@ #include #include -#include #include #include #include #include -#include - -namespace po = boost::program_options; IMPLEMENT_SAFE_SINGLETON(SecurityManager::Log::LogSystem); -#define REGISTER_SOCKET_SERVICE(manager, service, allocator) \ - registerSocketService(manager, #service, allocator) +#define REGISTER_SOCKET_SERVICE(manager, service) \ + registerSocketService(manager, #service) template bool registerSocketService(SecurityManager::SocketManager &manager, - const std::string& serviceName, - const std::function& serviceAllocator) + const std::string& serviceName) { T *service = NULL; try { - service = serviceAllocator(); + service = new T(); service->Create(); manager.RegisterSocketService(service); return true; @@ -70,61 +65,14 @@ bool registerSocketService(SecurityManager::SocketManager &manager, return false; } -int main(int argc, char* argv[]) +int main() { UNHANDLED_EXCEPTION_HANDLER_BEGIN { // initialize logging SecurityManager::Singleton::Instance().SetTag("SECURITY_MANAGER"); - // parse arguments - bool masterMode = false, slaveMode = false; - po::options_description optDesc("Allowed options"); - - optDesc.add_options() - ("help,h", "Print this help message") - ("master,m", "Enable master mode") - ("slave,s", "Enable slave mode") - ; - - po::variables_map vm; - po::basic_parsed_options parsed = - po::command_line_parser(argc, argv).options(optDesc).allow_unregistered().run(); - - std::vector unrecognizedOptions = - po::collect_unrecognized(parsed.options, po::include_positional); - - if (!unrecognizedOptions.empty()) { - std::cerr << "Unrecognized options: "; - - for (auto& uo : unrecognizedOptions) { - std::cerr << ' ' << uo; - } - - std::cerr << std::endl << std::endl; - std::cerr << optDesc << std::endl; - - return EXIT_FAILURE; - } - - po::store(parsed, vm); - po::notify(vm); - - if (vm.count("help")) { - std::cout << optDesc << std::endl; - return EXIT_SUCCESS; - } - - masterMode = vm.count("master") > 0; - slaveMode = vm.count("slave") > 0; - - if (masterMode && slaveMode) { - LogError("Cannot be both master and slave!"); - return EXIT_FAILURE; - } - - SecurityManager::FileLocker serviceLock(SecurityManager::SERVICE_LOCK_FILE, - true); + SecurityManager::FileLocker serviceLock(SecurityManager::SERVICE_LOCK_FILE, true); sigset_t mask; sigemptyset(&mask); @@ -138,18 +86,10 @@ int main(int argc, char* argv[]) LogInfo("Start!"); SecurityManager::SocketManager manager; - if (masterMode) { - if (!REGISTER_SOCKET_SERVICE(manager, SecurityManager::MasterService, - []() { return new SecurityManager::MasterService(); } )) { - LogError("Unable to create master socket service. Exiting."); - return EXIT_FAILURE; - } - } else { - if (!REGISTER_SOCKET_SERVICE(manager, SecurityManager::Service, - [&slaveMode]() { return new SecurityManager::Service(slaveMode); } )) { - LogError("Unable to create socket service. Exiting."); - return EXIT_FAILURE; - } + if (!REGISTER_SOCKET_SERVICE(manager, SecurityManager::Service)) + { + LogError("Unable to create socket service. Exiting."); + return EXIT_FAILURE; } manager.MainLoop(); diff --git a/src/server/service/include/master-service.h b/src/server/service/include/master-service.h deleted file mode 100644 index 3d630641..00000000 --- a/src/server/service/include/master-service.h +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Rafal Krypa - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file master-service.h - * @author Lukasz Kostyra - * @author Rafal Krypa - * @brief Implementation of security-manager master service - */ - -#ifndef _SECURITY_MANAGER_MASTER_SERVICE_ -#define _SECURITY_MANAGER_MASTER_SERVICE_ - -#include "base-service.h" -#include "service_impl.h" - -namespace SecurityManager { - -class MasterServiceException -{ -public: - DECLARE_EXCEPTION_TYPE(SecurityManager::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, InvalidAction) -}; - -class MasterService : - public SecurityManager::BaseService -{ -public: - MasterService(); - ServiceDescriptionVector GetServiceDescription(); - -private: - ServiceImpl serviceImpl; - - /** - * Handle request from a client - * - * @param conn Socket connection information - * @param buffer Raw received data buffer - * @param interfaceID identifier used to distinguish source socket - * @return true on success - */ - bool processOne(const ConnectionID &conn, MessageBuffer &buffer, InterfaceID interfaceID); - - /** - * Process Cynara policy update during app installation/uninstallation - * - * @param buffer Raw received data buffer - * @param send Raw data buffer to be sent - * @param zoneId ID of zone which requested the call - */ - void processCynaraUpdatePolicy(MessageBuffer &buffer, MessageBuffer &send, - const std::string &zoneId); - - /** - * Process Cynara user initialization - * - * @param buffer Raw received data buffer - * @param send Raw data buffer to be sent - */ - void processCynaraUserInit(MessageBuffer &buffer, MessageBuffer &send); - - /** - * Process Cynara user removal - * - * @param buffer Raw received data buffer - * @param send Raw data buffer to be sent - */ - void processCynaraUserRemove(MessageBuffer &buffer, MessageBuffer &send); - - /** - * Process policy update - * - * @param buffer Raw received data buffer - * @param send Raw data buffer to be sent - */ - void processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &send); - - /** - * Process configured policy acquisition - * - * @param buffer Raw received data buffer - * @param send Raw data buffer to be sent - */ - void processGetConfiguredPolicy(MessageBuffer &buffer, MessageBuffer &send); - - /** - * Process policy acquisition from Master - * - * @param buffer Raw received data buffer - * @param send Raw data buffer to be sent - */ - // FIXME this function is not yet implemented. - void processGetPolicy(MessageBuffer &buffer, MessageBuffer &send); - - /** - * Process policy descriptions list acquisition - * - * @param send Raw data buffer to be sent - */ - void processPolicyGetDesc(MessageBuffer &send); - - /** - * Process SMACK rules installation for package. Map rules using Smack Namespaces. - * - * @param buffer Raw received data buffer - * @param send Raw data buffer to be sent - * @param zoneId ID of zone which requested the call - */ - void processSmackInstallRules(MessageBuffer &buffer, MessageBuffer &send, - const std::string &zoneId); - - /** - * Process SMACK rules uninstallation - * - * @param buffer Raw received data buffer - * @param send Raw data buffer to be sent - * @param zoneId ID of zone which requested the call - */ - void processSmackUninstallRules(MessageBuffer &buffer, MessageBuffer &send, - const std::string &zoneId); - - /** - * Process SMACK rules apply private path sharing - * - * @param buffer Raw received data buffer - * @param send Raw data buffer to be sent - * @param zoneId ID of zone which requested the call - */ - void processSmackApplySharingRules(MessageBuffer &buffer, MessageBuffer &send, - const std::string &zoneId); - /** - * Process SMACK rules drop private path sharing - * - * @param buffer Raw received data buffer - * @param send Raw data buffer to be sent - * @param zoneId ID of zone which requested the call - */ - void processSmackDropSharingRules(MessageBuffer &buffer, MessageBuffer &send, - const std::string &zoneId); -}; - -} // namespace SecurityManager - -#endif // _SECURITY_MANAGER_MASTER_SERVICE_ diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h index 3c23037f..4d851c16 100644 --- a/src/server/service/include/service.h +++ b/src/server/service/include/service.h @@ -41,11 +41,10 @@ class Service : public SecurityManager::BaseService { public: - Service(const bool isSlave); + Service(); ServiceDescriptionVector GetServiceDescription(); private: - const bool m_isSlave; ServiceImpl serviceImpl; /** diff --git a/src/server/service/master-service.cpp b/src/server/service/master-service.cpp deleted file mode 100644 index d462afa9..00000000 --- a/src/server/service/master-service.cpp +++ /dev/null @@ -1,464 +0,0 @@ -/* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Rafal Krypa - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -/* - * @file master-service.cpp - * @author Lukasz Kostyra - * @author Rafal Krypa - * @brief Implementation of security-manager master service. - */ - -#include - -#include -#include - -#include "protocols.h" -#include "zone-utils.h" -#include "cynara.h" -#include "master-service.h" -#include "smack-rules.h" -#include "smack-labels.h" -#include "service_impl.h" - -namespace SecurityManager { - -const InterfaceID IFACE = 1; - -MasterService::MasterService() -{ -} - -GenericSocketService::ServiceDescriptionVector MasterService::GetServiceDescription() -{ - return ServiceDescriptionVector { - {MASTER_SERVICE_SOCKET, "security-manager-master", IFACE}, - }; -} - -bool MasterService::processOne(const ConnectionID &conn, MessageBuffer &buffer, - InterfaceID interfaceID) -{ - LogDebug("Iteration begin. Interface = " << interfaceID); - - //waiting for all data - if (!buffer.Ready()) { - return false; - } - - MessageBuffer send; - bool retval = false; - - uid_t uid; - pid_t pid; - std::string smackLabel; - - if (!getPeerID(conn.sock, uid, pid, smackLabel)) { - LogError("Closing socket because of error: unable to get peer's uid and pid"); - m_serviceManager->Close(conn); - return false; - } - - // FIXME this part needs to be updated when Vasum is added to OBS. See zone-utils.h - std::string vsmZoneId; - if (!getZoneIdFromPid(pid, vsmZoneId)) { - LogError("Failed to extract Zone ID! Closing socket."); - m_serviceManager->Close(conn); - return false; - } - - if (vsmZoneId == ZONE_HOST) { - LogError("Connection came from host - in master mode this should not happen! Closing."); - m_serviceManager->Close(conn); - return false; - } - - LogInfo("Connection came from Zone " << vsmZoneId); - - if (IFACE == interfaceID) { - Try { - // deserialize API call type - int call_type_int; - Deserialization::Deserialize(buffer, call_type_int); - MasterSecurityModuleCall call_type = static_cast(call_type_int); - - switch (call_type) { - case MasterSecurityModuleCall::CYNARA_UPDATE_POLICY: - LogDebug("call type MasterSecurityModuleCall::CYNARA_UPDATE_POLICY"); - processCynaraUpdatePolicy(buffer, send, vsmZoneId); - break; - case MasterSecurityModuleCall::CYNARA_USER_INIT: - LogDebug("call type MasterSecurityModuleCall::CYNARA_USER_INIT"); - processCynaraUserInit(buffer, send); - break; - case MasterSecurityModuleCall::CYNARA_USER_REMOVE: - LogDebug("call type MasterSecurityModuleCall::CYNARA_USER_REMOVE"); - processCynaraUserRemove(buffer, send); - break; - case MasterSecurityModuleCall::POLICY_UPDATE: - LogDebug("call type MasterSecurityModuleCall::POLICY_UPDATE"); - processPolicyUpdate(buffer, send); - break; - case MasterSecurityModuleCall::GET_CONFIGURED_POLICY: - LogDebug("call type MasterSecurityModuleCall::GET_CONFIGURED_POLICY"); - processGetConfiguredPolicy(buffer, send); - break; - case MasterSecurityModuleCall::GET_POLICY: - LogDebug("call type MasterSecurityModuleCall::GET_POLICY"); - processGetPolicy(buffer, send); - break; - case MasterSecurityModuleCall::POLICY_GET_DESC: - LogDebug("call type MasterSecurityModuleCall::POLICY_GET_DESC"); - processPolicyGetDesc(send); - break; - case MasterSecurityModuleCall::SMACK_INSTALL_RULES: - LogDebug("call type MasterSecurityModuleCall::SMACK_INSTALL_RULES"); - processSmackInstallRules(buffer, send, vsmZoneId); - break; - case MasterSecurityModuleCall::SMACK_UNINSTALL_RULES: - LogDebug("call type MasterSecurityModuleCall::SMACK_UNINSTALL_RULES"); - processSmackUninstallRules(buffer, send, vsmZoneId); - break; - case MasterSecurityModuleCall::SMACK_APPLY_PRIVATE_SHARING_RULES: - processSmackApplySharingRules(buffer, send, vsmZoneId); - break; - case MasterSecurityModuleCall::SMACK_DROP_PRIVATE_SHARING_RULES: - processSmackDropSharingRules(buffer, send, vsmZoneId); - break; - default: - LogError("Invalid call: " << call_type_int); - Throw(MasterServiceException::InvalidAction); - } - // if we reach this point, the protocol is OK - retval = true; - } Catch (MessageBuffer::Exception::Base) { - LogError("Broken protocol."); - } Catch (MasterServiceException::Base) { - LogError("Broken protocol."); - } catch (const std::exception &e) { - LogError("STD exception " << e.what()); - } catch (...) { - LogError("Unknown exception"); - } - } - else { - LogError("Wrong interface"); - } - - if (retval) { - //send response - m_serviceManager->Write(conn, send.Pop()); - } else { - LogError("Closing socket because of error"); - m_serviceManager->Close(conn); - } - - return retval; -} - -void MasterService::processCynaraUpdatePolicy(MessageBuffer &buffer, MessageBuffer &send, - const std::string &zoneId) -{ - int ret = SECURITY_MANAGER_API_ERROR_SERVER_ERROR; - std::string appId; - std::string uidstr; - std::string appLabel; - std::vector privileges; - - Deserialization::Deserialize(buffer, appId); - Deserialization::Deserialize(buffer, uidstr); - Deserialization::Deserialize(buffer, privileges); - - appLabel = zoneSmackLabelGenerate(SmackLabels::generateAppLabel(appId), zoneId); - - try { - CynaraAdmin::getInstance().UpdateAppPolicy(appLabel, uidstr, privileges); - } catch (const CynaraException::Base &e) { - LogError("Error while setting Cynara rules for application: " << e.DumpToString()); - goto out; - } catch (const std::bad_alloc &e) { - LogError("Memory allocation while setting Cynara rules for application: " << e.what()); - ret = SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY; - goto out; - } - - ret = SECURITY_MANAGER_API_SUCCESS; - -out: - Serialization::Serialize(send, ret); -} - -void MasterService::processCynaraUserInit(MessageBuffer &buffer, MessageBuffer &send) -{ - int ret = SECURITY_MANAGER_API_ERROR_INPUT_PARAM; - uid_t uidAdded; - int userType; - - Deserialization::Deserialize(buffer, uidAdded); - Deserialization::Deserialize(buffer, userType); - - try { - CynaraAdmin::getInstance().UserInit(uidAdded, - static_cast(userType)); - } catch (CynaraException::InvalidParam &e) { - goto out; - } - - ret = SECURITY_MANAGER_API_SUCCESS; -out: - Serialization::Serialize(send, ret); -} - -void MasterService::processCynaraUserRemove(MessageBuffer &buffer, MessageBuffer &send) -{ - int ret = SECURITY_MANAGER_API_ERROR_INPUT_PARAM; - uid_t uidDeleted; - - Deserialization::Deserialize(buffer, uidDeleted); - - try { - CynaraAdmin::getInstance().UserRemove(uidDeleted); - } catch (CynaraException::InvalidParam &e) { - goto out; - } - - ret = SECURITY_MANAGER_API_SUCCESS; -out: - Serialization::Serialize(send, ret); -} - -void MasterService::processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &send) -{ - int ret = SECURITY_MANAGER_API_ERROR_SERVER_ERROR; - std::vector policyEntries; - uid_t uid; - pid_t pid; - std::string smackLabel; - - Deserialization::Deserialize(buffer, policyEntries); - Deserialization::Deserialize(buffer, uid); - Deserialization::Deserialize(buffer, pid); - Deserialization::Deserialize(buffer, smackLabel); - - ret = serviceImpl.policyUpdate(policyEntries, uid, pid, smackLabel); - Serialization::Serialize(send, ret); -} - -void MasterService::processGetConfiguredPolicy(MessageBuffer &buffer, MessageBuffer &send) -{ - int ret = SECURITY_MANAGER_API_ERROR_SERVER_ERROR; - bool forAdmin; - policy_entry filter; - uid_t uid; - pid_t pid; - std::string smackLabel; - std::vector policyEntries; - - Deserialization::Deserialize(buffer, forAdmin); - Deserialization::Deserialize(buffer, filter); - Deserialization::Deserialize(buffer, uid); - Deserialization::Deserialize(buffer, pid); - Deserialization::Deserialize(buffer, smackLabel); - - ret = serviceImpl.getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries); - Serialization::Serialize(send, ret); - if (ret == SECURITY_MANAGER_API_SUCCESS) - Serialization::Serialize(send, policyEntries); -} - -void MasterService::processGetPolicy(MessageBuffer &buffer, MessageBuffer &send) -{ - (void) buffer; - int ret = SECURITY_MANAGER_API_ERROR_BAD_REQUEST; - - // FIXME getPolicy is not ready to work in Master mode. Uncomment below code when getPolicy will - // be implemented for Master. - /* - policy_entry filter; - uid_t uid; - pid_t pid; - std::string smackLabel; - std::vector policyEntries; - - Deserialization::Deserialize(buffer, filter); - Deserialization::Deserialize(buffer, uid); - Deserialization::Deserialize(buffer, pid); - Deserialization::Deserialize(buffer, smackLabel); - - ret = serviceImpl.getPolicy(filter, uid, pid, smackLabel, policyEntries);*/ - Serialization::Serialize(send, ret); - /*if (ret == SECURITY_MANAGER_API_SUCCESS) - Serialization::Serialize(send, policyEntries);*/ -} - -void MasterService::processPolicyGetDesc(MessageBuffer &send) -{ - int ret = SECURITY_MANAGER_API_ERROR_SERVER_ERROR; - std::vector descriptions; - - ret = serviceImpl.policyGetDesc(descriptions); - Serialization::Serialize(send, ret); - if (ret == SECURITY_MANAGER_API_SUCCESS) - Serialization::Serialize(send, descriptions); -} - -void MasterService::processSmackInstallRules(MessageBuffer &buffer, MessageBuffer &send, - const std::string &zoneId) -{ - int ret = SECURITY_MANAGER_API_ERROR_SERVER_ERROR; - std::string appId, pkgId, authorId; - std::vector pkgContents, appsGranted, accessPackages; - - Deserialization::Deserialize(buffer, appId); - Deserialization::Deserialize(buffer, pkgId); - Deserialization::Deserialize(buffer, authorId); - Deserialization::Deserialize(buffer, pkgContents); - Deserialization::Deserialize(buffer, appsGranted); - Deserialization::Deserialize(buffer, accessPackages); - - try { - LogDebug("Adding Smack rules for new appId: " << appId << " with pkgId: " - << pkgId << ". Applications in package: " << pkgContents.size() - << ". Other Tizen 2.X applications: " << appsGranted.size()); - - SmackRules::installApplicationRules(appId, pkgId, authorId, pkgContents, appsGranted, accessPackages, zoneId); - - // FIXME implement zoneSmackLabelMap and check if works when Smack Namespaces are implemented - std::string zoneAppLabel = SmackLabels::generateAppLabel(appId); - std::string zonePkgLabel = SmackLabels::generatePkgLabel(pkgId); - std::string hostAppLabel = zoneSmackLabelGenerate(zoneAppLabel, zoneId); - std::string hostPkgLabel = zoneSmackLabelGenerate(zonePkgLabel, zoneId); - - if (!zoneSmackLabelMap(hostAppLabel, zoneId, zoneAppLabel)) { - LogError("Failed to apply Smack label mapping for application " << appId); - goto out; - } - - if (!zoneSmackLabelMap(hostPkgLabel, zoneId, zonePkgLabel)) { - LogError("Failed to apply Smack label mapping for package " << pkgId); - goto out; - } - } catch (const SmackException::Base &e) { - LogError("Error while adding Smack rules for application: " << e.DumpToString()); - ret = SECURITY_MANAGER_API_ERROR_SETTING_FILE_LABEL_FAILED; - goto out; - } catch (const std::bad_alloc &e) { - LogError("Memory allocation error: " << e.what()); - ret = SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY; - goto out; - } - - ret = SECURITY_MANAGER_API_SUCCESS; -out: - Serialization::Serialize(send, ret); -} - -void MasterService::processSmackUninstallRules(MessageBuffer &buffer, MessageBuffer &send, - const std::string &zoneId) -{ - std::string appId, pkgId; - std::vector pkgContents, appsGranted; - bool removeApp = false; - bool removePkg = false; - - Deserialization::Deserialize(buffer, appId); - Deserialization::Deserialize(buffer, pkgId); - Deserialization::Deserialize(buffer, pkgContents); - Deserialization::Deserialize(buffer, appsGranted); - Deserialization::Deserialize(buffer, removeApp); - Deserialization::Deserialize(buffer, removePkg); - - try { - if (removeApp) { - LogDebug("Removing smack rules for deleted appId " << appId); - SmackRules::uninstallApplicationRules(appId, pkgId, pkgContents, appsGranted, zoneId); - - std::string zoneAppLabel = SmackLabels::generateAppLabel(appId); - std::string hostAppLabel = zoneSmackLabelGenerate(zoneAppLabel, zoneId); - // FIXME zoneSmackLabelUnmap should throw exception on error, not return false - // FIXME implement zoneSmackLabelUnmap and check if works when Smack Namespaces are implemented - if (!zoneSmackLabelUnmap(hostAppLabel, zoneId)) { - LogError("Failed to unmap Smack labels for application " << appId); - Serialization::Serialize(send, SECURITY_MANAGER_API_ERROR_SERVER_ERROR); - return; - } - } - - if (removePkg) { - LogDebug("Removing Smack rules for deleted pkgId " << pkgId); - SmackRules::uninstallPackageRules(pkgId); - - std::string zonePkgLabel = SmackLabels::generatePkgLabel(pkgId); - std::string hostPkgLabel = zoneSmackLabelGenerate(zonePkgLabel, zoneId); - if (!zoneSmackLabelUnmap(hostPkgLabel, zoneId)) { - LogError("Failed to unmap Smack label for package " << pkgId); - Serialization::Serialize(send, SECURITY_MANAGER_API_ERROR_SERVER_ERROR); - return; - } - } - } catch (const SmackException::Base &e) { - LogError("Error while removing Smack rules for application: " << e.DumpToString()); - Serialization::Serialize(send, SECURITY_MANAGER_API_ERROR_SETTING_FILE_LABEL_FAILED); - return; - } catch (const std::bad_alloc &e) { - LogError("Memory allocation error: " << e.what()); - Serialization::Serialize(send, SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY); - return; - } - - Serialization::Serialize(send, SECURITY_MANAGER_API_SUCCESS); -} - -void MasterService::processSmackApplySharingRules(MessageBuffer &buffer, MessageBuffer &send, - const std::string &zoneId) -{ - std::string ownerPkgId, targetAppId, path; - std::vector pkgContents; - int ownerTargetCount, pathCount; - - Deserialization::Deserialize(buffer, ownerPkgId); - Deserialization::Deserialize(buffer, pkgContents); - Deserialization::Deserialize(buffer, targetAppId); - Deserialization::Deserialize(buffer, path); - Deserialization::Deserialize(buffer, ownerTargetCount); - Deserialization::Deserialize(buffer, pathCount); - - (void)zoneId; - - Serialization::Serialize(send, SECURITY_MANAGER_API_SUCCESS); -} - -void MasterService::processSmackDropSharingRules(MessageBuffer &buffer, MessageBuffer &send, - const std::string &zoneId) -{ - std::string ownerPkgId, targetAppId, path; - std::vector pkgContents; - int ownerTargetCount, pathCount; - - Deserialization::Deserialize(buffer, ownerPkgId); - Deserialization::Deserialize(buffer, pkgContents); - Deserialization::Deserialize(buffer, targetAppId); - Deserialization::Deserialize(buffer, path); - Deserialization::Deserialize(buffer, ownerTargetCount); - Deserialization::Deserialize(buffer, pathCount); - - (void)zoneId; - - Serialization::Serialize(send, SECURITY_MANAGER_API_SUCCESS); -} - -} // namespace SecurityManager diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index 58a975cb..aa9424b4 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -33,35 +33,22 @@ #include "protocols.h" #include "service.h" #include "service_impl.h" -#include "master-req.h" namespace SecurityManager { const InterfaceID IFACE = 1; -Service::Service(const bool isSlave): - m_isSlave(isSlave) -{ -} +Service::Service(){} GenericSocketService::ServiceDescriptionVector Service::GetServiceDescription() { - if (m_isSlave) - return ServiceDescriptionVector { - {SLAVE_SERVICE_SOCKET, /* path */ - "*", /* smackLabel label (not used, we rely on systemd) */ - IFACE, /* InterfaceID */ - false, /* useSendMsg */ - true}, /* systemdOnly */ - }; - else - return ServiceDescriptionVector { - {SERVICE_SOCKET, /* path */ - "*", /* smackLabel label (not used, we rely on systemd) */ - IFACE, /* InterfaceID */ - false, /* useSendMsg */ - true}, /* systemdOnly */ - }; + return ServiceDescriptionVector { + {SERVICE_SOCKET, /* path */ + "*", /* smackLabel label (not used, we rely on systemd) */ + IFACE, /* InterfaceID */ + false, /* useSendMsg */ + true}, /* systemdOnly */ + }; } bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, @@ -188,7 +175,7 @@ void Service::processAppInstall(MessageBuffer &buffer, MessageBuffer &send, uid_ Deserialization::Deserialize(buffer, req.uid); Deserialization::Deserialize(buffer, req.tizenVersion); Deserialization::Deserialize(buffer, req.authorId); - Serialization::Serialize(send, serviceImpl.appInstall(req, uid, m_isSlave)); + Serialization::Serialize(send, serviceImpl.appInstall(req, uid)); } void Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid) @@ -196,7 +183,7 @@ void Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, ui std::string appId; Deserialization::Deserialize(buffer, appId); - Serialization::Serialize(send, serviceImpl.appUninstall(appId, uid, m_isSlave)); + Serialization::Serialize(send, serviceImpl.appUninstall(appId, uid)); } void Service::processGetPkgId(MessageBuffer &buffer, MessageBuffer &send) @@ -219,7 +206,7 @@ void Service::processGetAppGroups(MessageBuffer &buffer, MessageBuffer &send, ui int ret; Deserialization::Deserialize(buffer, appId); - ret = serviceImpl.getAppGroups(appId, uid, pid, m_isSlave, gids); + ret = serviceImpl.getAppGroups(appId, uid, pid, gids); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) { Serialization::Serialize(send, static_cast(gids.size())); @@ -238,7 +225,7 @@ void Service::processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t u Deserialization::Deserialize(buffer, uidAdded); Deserialization::Deserialize(buffer, userType); - ret = serviceImpl.userAdd(uidAdded, userType, uid, m_isSlave); + ret = serviceImpl.userAdd(uidAdded, userType, uid); Serialization::Serialize(send, ret); } @@ -249,7 +236,7 @@ void Service::processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_ Deserialization::Deserialize(buffer, uidRemoved); - ret = serviceImpl.userDelete(uidRemoved, uid, m_isSlave); + ret = serviceImpl.userDelete(uidRemoved, uid); Serialization::Serialize(send, ret); } @@ -260,11 +247,7 @@ void Service::processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &send, ui Deserialization::Deserialize(buffer, policyEntries); - if (m_isSlave) { - ret = MasterReq::PolicyUpdate(policyEntries, uid, pid, smackLabel); - } else { - ret = serviceImpl.policyUpdate(policyEntries, uid, pid, smackLabel); - } + ret = serviceImpl.policyUpdate(policyEntries, uid, pid, smackLabel); Serialization::Serialize(send, ret); } @@ -275,12 +258,7 @@ void Service::processGetConfiguredPolicy(MessageBuffer &buffer, MessageBuffer &s Deserialization::Deserialize(buffer, filter); std::vector policyEntries; - if (m_isSlave) { - ret = MasterReq::GetConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries); - } else { - ret = serviceImpl.getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, - policyEntries); - } + ret = serviceImpl.getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries); Serialization::Serialize(send, ret); Serialization::Serialize(send, static_cast(policyEntries.size())); @@ -296,11 +274,7 @@ void Service::processGetPolicy(MessageBuffer &buffer, MessageBuffer &send, uid_t Deserialization::Deserialize(buffer, filter); std::vector policyEntries; - if (m_isSlave) { - ret = MasterReq::GetPolicy(filter, uid, pid, smackLabel, policyEntries); - } else { - ret = serviceImpl.getPolicy(filter, uid, pid, smackLabel, policyEntries); - } + ret = serviceImpl.getPolicy(filter, uid, pid, smackLabel, policyEntries); Serialization::Serialize(send, ret); Serialization::Serialize(send, static_cast(policyEntries.size())); @@ -314,11 +288,8 @@ void Service::processPolicyGetDesc(MessageBuffer &send) int ret; std::vector descriptions; - if (m_isSlave) { - ret = MasterReq::PolicyGetDesc(descriptions); - } else { - ret = serviceImpl.policyGetDesc(descriptions); - } + ret = serviceImpl.policyGetDesc(descriptions); + Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) { Serialization::Serialize(send, static_cast(descriptions.size())); @@ -351,7 +322,7 @@ void Service::processAppHasPrivilege(MessageBuffer &recv, MessageBuffer &send) Deserialization::Deserialize(recv, uid); bool result; - int ret = serviceImpl.appHasPrivilege(appId, privilege, uid, m_isSlave, result); + int ret = serviceImpl.appHasPrivilege(appId, privilege, uid, result); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) @@ -365,7 +336,7 @@ void Service::processApplyPrivateSharing(MessageBuffer &recv, MessageBuffer &sen Deserialization::Deserialize(recv, ownerAppId); Deserialization::Deserialize(recv, targetAppId); Deserialization::Deserialize(recv, paths); - int ret = serviceImpl.applyPrivatePathSharing(ownerAppId, targetAppId, paths, m_isSlave); + int ret = serviceImpl.applyPrivatePathSharing(ownerAppId, targetAppId, paths); Serialization::Serialize(send, ret); } @@ -376,7 +347,7 @@ void Service::processDropPrivateSharing(MessageBuffer &recv, MessageBuffer &send Deserialization::Deserialize(recv, ownerAppId); Deserialization::Deserialize(recv, targetAppId); Deserialization::Deserialize(recv, paths); - int ret = serviceImpl.dropPrivatePathSharing(ownerAppId, targetAppId, paths, m_isSlave); + int ret = serviceImpl.dropPrivatePathSharing(ownerAppId, targetAppId, paths); Serialization::Serialize(send, ret); } } // namespace SecurityManager -- cgit v1.2.3