diff options
| author | taeyoung <ty317.kim@samsung.com> | 2016-09-29 17:19:43 +0900 |
|---|---|---|
| committer | taeyoung <ty317.kim@samsung.com> | 2016-09-29 18:56:07 +0900 |
| commit | 3a5116d9488380f897162fa7fbe4aff832906388 (patch) | |
| tree | 4d5e5b602061f42359e77febed79501e3509fa4e | |
| parent | 84c185f9fa0837ed9b940416359f9e828e3cfeed (diff) | |
| download | deviced-3a5116d9488380f897162fa7fbe4aff832906388.tar.gz deviced-3a5116d9488380f897162fa7fbe4aff832906388.tar.bz2 deviced-3a5116d9488380f897162fa7fbe4aff832906388.zip | |
tzip: fix privilege issuesubmit/tizen/20160929.102549accepted/tizen/wearable/20160929.234307accepted/tizen/tv/20160929.234258accepted/tizen/mobile/20160929.234409accepted/tizen/ivi/20160929.234350accepted/tizen/common/20160930.174616
- Just apps who have "System" smack label are permitted
to use TZIP
- Just TZ_SYS_HOME and TZ_SYS_RW_APP are permitted
to mount TZIP
Change-Id: I4531577b423a478243038c86571fcc0b4d4c7331
Signed-off-by: taeyoung <ty317.kim@samsung.com>
| -rw-r--r-- | src/tzip/tzip.c | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/src/tzip/tzip.c b/src/tzip/tzip.c index cdd9cb78..d1654043 100644 --- a/src/tzip/tzip.c +++ b/src/tzip/tzip.c @@ -37,10 +37,14 @@ #include <sys/stat.h> #include <assert.h> #include <attr/xattr.h> +#include <linux/limits.h> +#include <tzplatform_config.h> #include "tzip.h" #include "tzip-utility.h" +#define APP_ATTR_PATH "/proc/%d/attr/current" + static pthread_t thread; static pthread_t mount_thread; static pthread_attr_t attr; @@ -48,6 +52,73 @@ static struct fuse *fuse_handle = NULL; static struct fuse_chan *channel = NULL; static GAsyncQueue *async_queue; +static int check_smack_label(pid_t pid) +{ + char path[PATH_MAX]; + char attr[64]; + size_t len; + FILE *fp; + + snprintf(path, sizeof(path), APP_ATTR_PATH, pid); + + fp = fopen(path, "r"); + if (!fp) + return 0; + + len = fread(attr, 1, sizeof(attr) - 1, fp); + fclose(fp); + if (len == 0) + return 0; + + attr[len] = '\0'; + + if (!strncmp("System", attr, len + 1)) + return 1; + + if (!strncmp("User", attr, len + 1)) + return 1; + + if (!strncmp("System::Privileged", attr, len + 1)) + return 1; + + return 0; +} + +static int check_path_available(char *mountpath) +{ + size_t len; + + if (!mountpath) + return 0; + + len = strlen(mountpath); + + if (!strncmp(mountpath, tzplatform_getenv(TZ_SYS_HOME), len)) + return 1; + + if (!strncmp(mountpath, tzplatform_getenv(TZ_SYS_RW_APP), len)) + return 1; + + return 0; +} + +static int is_app_privileged(pid_t pid, char *mountpath) +{ + int priv; + + priv = check_path_available(mountpath); + if (priv == 0) { + _E("TZIP mount path is invalid (%s)", mountpath); + return priv; + } + + priv = check_smack_label(pid); + if (priv == 0) + _E("PID (%d) cannot use TZIP due to smack label"); + + return priv; +} + static int tzip_getattr(const char *path, struct stat *stbuf) { int res = 0; @@ -615,6 +686,7 @@ static DBusMessage *edbus_request_mount_tzip(E_DBus_Object *obj, DBusMessage *ms char *smack; int ret; struct tzip_msg_data *msgdata = NULL; + pid_t pid; dbus_error_init(&err); @@ -634,6 +706,13 @@ static DBusMessage *edbus_request_mount_tzip(E_DBus_Object *obj, DBusMessage *ms goto out; } + pid = get_edbus_sender_pid(msg); + if (!is_app_privileged(pid, mountpath)) { + _E("PID (%d) is not privileged to use tzip", pid); + ret = -EPERM; + goto out; + } + if (!fuse_handle) tzip_server_init(); @@ -693,6 +772,7 @@ static DBusMessage *edbus_request_unmount_tzip(E_DBus_Object *obj, DBusMessage * char *mountpath; int ret; struct tzip_msg_data *msgdata = NULL; + pid_t pid; dbus_error_init(&err); @@ -709,6 +789,13 @@ static DBusMessage *edbus_request_unmount_tzip(E_DBus_Object *obj, DBusMessage * goto out; } + pid = get_edbus_sender_pid(msg); + if (!is_app_privileged(pid, mountpath)) { + _E("PID (%d) is not privileged to use tzip", pid); + ret = -EPERM; + goto out; + } + if (!fuse_handle) tzip_server_init(); |