1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
/*
* Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved.
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
* See the LICENSE file or the notice below for Apache License Version 2.0
* details.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* @file security-manager-cleanup.cpp
* @author Zofia Abramowska (z.abramowska@samsung.com)
* @version 1.0
* @brief Implementation of security-manager cleanup service
*/
#include <cstdlib>
#include <cstring>
#include <fcntl.h>
#include <iostream>
#include <unistd.h>
#include <sys/stat.h>
#include <privilege_db.h>
#include <smack-labels.h>
#include <dpl/errno_string.h>
#include <filesystem.h>
namespace {
const std::string tmp_flag = "/tmp/sm-cleanup-tmp-flag";
bool createFile(const std::string &path)
{
int fd;
mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
fd = TEMP_FAILURE_RETRY(creat(path.c_str(), mode));
if (fd == -1) {
std::cerr << "Creating file " << path << " failed with " << SecurityManager::GetErrnoString(errno);
return false;
}
close(fd);
return true;
}
} //namespace anonymous
int main(void)
{
using namespace SecurityManager;
if (FS::fileExists(tmp_flag))
return EXIT_SUCCESS;
try {
std::map<std::string, std::vector<std::string>> appPathMap;
PrivilegeDb db(Offline::no);
db.GetAllPrivateSharing(appPathMap);
for (auto &appPaths : appPathMap) {
try {
std::string pkgName;
db.GetAppPkgName(appPaths.first, pkgName);
for (const auto &path : appPaths.second) {
//FIXME Make this service run as slave and master
SmackLabels::setupPath(pkgName, path, SECURITY_MANAGER_PATH_RW);
}
} catch (const SecurityManager::Exception &e) {
LogError("Got SecurityManager exception: " << e.GetMessage() << ", ignoring");
} catch (const std::exception &e) {
LogError("Got std::exception : " << e.what() << ", ignoring");
} catch (...) {
LogError("Got unknown exception, ignoring");
}
}
db.ClearPrivateSharing();
} catch (const SecurityManager::Exception &e) {
std::cerr << "Exception throw, msg: " << e.GetMessage() << std::endl;
} catch (...) {
std::cerr << "Unknown exception thrown" << std::endl;
}
try {
if (!createFile(tmp_flag))
return EXIT_FAILURE;
} catch(...) {
std::cerr << "Exception thrown while cleanup";
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
|