diff options
| author | Changjoon Baek <joon.c.baek@samsung.com> | 2017-03-07 15:45:15 +0900 |
|---|---|---|
| committer | Changjoon Baek <joon.c.baek@samsung.com> | 2017-03-08 14:23:42 +0900 |
| commit | e55386a10232c50189d19f869cd31cc0b905c5f4 (patch) | |
| tree | 6847e1862b70f9cc3888c668febc8e98f7fd67e8 | |
| parent | 890e4d4c07f07fbac0933500bf3623de48ef9e72 (diff) | |
| download | ttrace-e55386a10232c50189d19f869cd31cc0b905c5f4.tar.gz ttrace-e55386a10232c50189d19f869cd31cc0b905c5f4.tar.bz2 ttrace-e55386a10232c50189d19f869cd31cc0b905c5f4.zip | |
Apply Tizen 3.0 Smack policy to ttrace pkg
Change smack labeling to using systemd tmpfiles
instead of set_smacklabel() initializing
Change-Id: I0e44ea62200929804c745175f73cd469b9b4623e
Signed-off-by: Changjoon Baek <joon.c.baek@samsung.com>
| -rwxr-xr-x | packaging/exec-ttrace-marker | 131 | ||||
| -rw-r--r--[-rwxr-xr-x] | packaging/ttrace-marker.service | 1 | ||||
| -rw-r--r-- | packaging/ttrace.conf | 45 | ||||
| -rw-r--r--[-rwxr-xr-x] | packaging/ttrace.spec | 6 | ||||
| -rwxr-xr-x | src/atrace/atrace.cpp | 90 |
5 files changed, 51 insertions, 222 deletions
diff --git a/packaging/exec-ttrace-marker b/packaging/exec-ttrace-marker deleted file mode 100755 index ef52ffb..0000000 --- a/packaging/exec-ttrace-marker +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -# Note: This file has been deprecated -tag="/tmp/ttrace_tag" -conf="/etc/ttrace.conf" -change_permission="--update" - -function init_perms(){ - chown root:developer /tmp/ttrace_tag - chmod 0664 /tmp/ttrace_tag - chsmack -a '*' /tmp/ttrace_tag - - chmod 0755 /sys/kernel/debug - chown root:developer /sys/kernel/debug/tracing/trace_marker - chmod 0222 /sys/kernel/debug/tracing/trace_marker - chsmack -a '*' /sys/kernel/debug/tracing/trace_marker - - chown root:developer /sys/kernel/debug/tracing/trace_clock - chmod 0664 /sys/kernel/debug/tracing/trace_clock - chsmack -a '*' /sys/kernel/debug/tracing/trace_clock - - chown root:developer /sys/kernel/debug/tracing/buffer_size_kb - chmod 0664 /sys/kernel/debug/tracing/buffer_size_kb - chsmack -a '*' /sys/kernel/debug/tracing/buffer_size_kb - - chown root:developer /sys/kernel/debug/tracing/options/overwrite - chmod 0664 /sys/kernel/debug/tracing/options/overwrite - chsmack -a '*' /sys/kernel/debug/tracing/options/overwrite - - chown root:developer /sys/kernel/debug/tracing/options/print-tgid - chmod 0664 /sys/kernel/debug/tracing/options/print-tgid - chsmack -a '*' /sys/kernel/debug/tracing/options/print-tgid - - chown root:developer /sys/kernel/debug/tracing/events/sched/sched_switch/enable - chmod 0664 /sys/kernel/debug/tracing/events/sched/sched_switch/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/sched/sched_switch/enable - - chown root:developer /sys/kernel/debug/tracing/events/sched/sched_wakeup/enable - chmod 0664 /sys/kernel/debug/tracing/events/sched/sched_wakeup/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/sched/sched_wakeup/enable - - chown root:developer /sys/kernel/debug/tracing/events/power/cpu_frequency/enable - chmod 0664 /sys/kernel/debug/tracing/events/power/cpu_frequency/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/power/cpu_frequency/enable - - chown root:developer /sys/kernel/debug/tracing/events/power/clock_set_rate/enable - chmod 0664 /sys/kernel/debug/tracing/events/power/clock_set_rate/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/power/clock_set_rate/enable - - chown root:developer /sys/kernel/debug/tracing/events/cpufreq_interactive/enable - chmod 0664 /sys/kernel/debug/tracing/events/cpufreq_interactive/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/cpufreq_interactive/enable - - chown root:developer /sys/kernel/debug/tracing/events/power/cpu_idle/enable - chmod 0664 /sys/kernel/debug/tracing/events/power/cpu_idle/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/power/cpu_idle/enable - - chown root:developer /sys/kernel/debug/tracing/events/ext4/ext4_sync_file_enter/enable - chmod 0664 /sys/kernel/debug/tracing/events/ext4/ext4_sync_file_enter/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/ext4/ext4_sync_file_enter/enable - - chown root:developer /sys/kernel/debug/tracing/events/ext4/ext4_sync_file_exit/enable - chmod 0664 /sys/kernel/debug/tracing/events/ext4/ext4_sync_file_exit/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/ext4/ext4_sync_file_exit/enable - - chown root:developer /sys/kernel/debug/tracing/events/block/block_rq_issue/enable - chmod 0664 /sys/kernel/debug/tracing/events/block/block_rq_issue/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/block/block_rq_issue/enable - - chown root:developer /sys/kernel/debug/tracing/events/block/block_rq_complete/enable - chmod 0664 /sys/kernel/debug/tracing/events/block/block_rq_complete/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/block/block_rq_complete/enable - - chown root:developer /sys/kernel/debug/tracing/events/mmc/enable - chmod 0664 /sys/kernel/debug/tracing/events/mmc/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/mmc/enable - - chown root:developer /sys/kernel/debug/tracing/events/sync/enable - chmod 0664 /sys/kernel/debug/tracing/events/sync/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/sync/enable - - chown root:developer /sys/kernel/debug/tracing/events/workqueue/enable - chmod 0664 /sys/kernel/debug/tracing/events/workqueue/enable - chsmack -a '*' /sys/kernel/debug/tracing/events/workqueue/enable - - chown root:developer /sys/kernel/debug/tracing/current_tracer - chmod 0664 /sys/kernel/debug/tracing/current_tracer - chsmack -a '*' /sys/kernel/debug/tracing/current_tracer - - chown root:developer /sys/kernel/debug/tracing/tracing_on - chmod 0664 /sys/kernel/debug/tracing/tracing_on - chsmack -a '*' /sys/kernel/debug/tracing/tracing_on - - chown root:developer /sys/kernel/debug/tracing/trace - chmod 0660 /sys/kernel/debug/tracing/trace - chsmack -a '*' /sys/kernel/debug/tracing/trace - - chown root:developer /usr/bin/atrace - chmod 0755 /usr/bin/atrace -} - - -if [ -e "$tag" ] -then - echo "$tag was created already!!!" - exit 0 -else - # create ttrace tag - atrace --init_exec - - # initialize permission, smack rule for ttrace_tag, sysfs nodes - init_perms -fi - -if [ -e "$conf" ] -then - echo "$conf was found!!!" - - while read line - do - options=$line - echo "File name is - $conf" - echo "Options is - $options" - done < "$conf" - # below script is not available on TV profile - change-booting-mode.sh "$change_permission" - $options - rm "$conf" -else - echo "$conf was NOT found!!!" -fi -exit 0 diff --git a/packaging/ttrace-marker.service b/packaging/ttrace-marker.service index 7b8caae..e3f2d47 100755..100644 --- a/packaging/ttrace-marker.service +++ b/packaging/ttrace-marker.service @@ -6,7 +6,6 @@ After=sys-kernel-debug.mount [Service] Type=simple ExecStart=/usr/bin/atrace --init_exec -SmackProcessLabel=System [Install] WantedBy=sys-kernel-debug.mount diff --git a/packaging/ttrace.conf b/packaging/ttrace.conf new file mode 100644 index 0000000..37051bf --- /dev/null +++ b/packaging/ttrace.conf @@ -0,0 +1,45 @@ +z /sys/kernel/debug/ 0755 root users +z /sys/kernel/debug/tracing/ 0755 root users +z /sys/kernel/debug/tracing/trace_marker 0222 root users - +t /sys/kernel/debug/tracing/trace_marker - - - - security.SMACK64="User::App::Shared" +z /sys/kernel/debug/tracing/trace_clock 0664 root users - +t /sys/kernel/debug/tracing/trace_clock - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/buffer_size_kb 0664 root users - +t /sys/kernel/debug/tracing/buffer_size_kb - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/current_tracer 0664 root users - +t /sys/kernel/debug/tracing/current_tracer - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/tracing_on 0664 root users - +t /sys/kernel/debug/tracing/tracing_on - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/trace 0660 root users - +t /sys/kernel/debug/tracing/trace - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/options/overwrite 0664 root users - +t /sys/kernel/debug/tracing/options/overwrite - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/options/print-tgid 0664 root users - +t /sys/kernel/debug/tracing/options/print-tgid - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/sched/sched_switch/enable 0664 root users - +t /sys/kernel/debug/tracing/events/sched/sched_switch/enable - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/sched/sched_wakeup/enable 0664 root users - +t /sys/kernel/debug/tracing/events/sched/sched_wakeup/enable - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/power/cpu_frequency/enable 0664 root users - +t /sys/kernel/debug/tracing/events/power/cpu_frequency/enable - - - - security.SMACK64="User::Shell" +t /sys/kernel/debug/tracing/events/memory_bus/enable - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/power/cpu_idle/enable 0664 root users - +t /sys/kernel/debug/tracing/events/power/cpu_idle/enable - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/ext4/ext4_sync_file_enter/enable 0664 root users - +t /sys/kernel/debug/tracing/events/ext4/ext4_sync_file_enter/enable - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/ext4/ext4_sync_file_exit/enable 0664 root users - +t /sys/kernel/debug/tracing/events/ext4/ext4_sync_file_exit/enable - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/block/block_rq_issue/enable 0664 root users - +t /sys/kernel/debug/tracing/events/block/block_rq_issue/enable - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/block/block_rq_complete/enable 0664 root users - +t /sys/kernel/debug/tracing/events/block/block_rq_complete/enable - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/mmc/enable 0664 root users - +t /sys/kernel/debug/tracing/events/mmc/enable - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/cpufreq_interactive/enable 0664 root users - +t /sys/kernel/debug/tracing/events/cpufreq_interactive/enable - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/sync/enable 0664 root users - +t /sys/kernel/debug/tracing/events/sync/enable - - - - security.SMACK64="User::Shell" +z /sys/kernel/debug/tracing/events/workqueue/enable 0664 root users - +t /sys/kernel/debug/tracing/events/workqueue/enable - - - - security.SMACK64="User::Shell" +z /tmp/ttrace_tag 0664 root users - +t /tmp/ttrace_tag - - - - security.SMACK64="User::App::Shared" diff --git a/packaging/ttrace.spec b/packaging/ttrace.spec index 9fdb4d4..ca05fb6 100755..100644 --- a/packaging/ttrace.spec +++ b/packaging/ttrace.spec @@ -5,6 +5,7 @@ Release: 1 Group: System/Libraries License: Apache-2.0 Source0: %{name}-%{version}.tar.gz +SOURCE100: packaging/ttrace.conf SOURCE102: packaging/ttrace-marker.service SOURCE103: packaging/atrace-bootup.sh @@ -59,8 +60,10 @@ make %{?jobs:-j%jobs} %install rm -rf %{buildroot} %make_install +mkdir -p %{buildroot}/usr/lib/tmpfiles.d install -d %{buildroot}%{_unitdir}/ttrace-marker.service.wants -install -m0644 %{SOURCE102} %{buildroot}%{_unitdir} +install -m 0644 %{SOURCE100} %{buildroot}/usr/lib/tmpfiles.d/ttrace.conf +install -m 0644 %{SOURCE102} %{buildroot}%{_unitdir} mkdir -p %{buildroot}%{_bindir} cp %{SOURCE103} %{buildroot}%{_bindir} mkdir -p %{buildroot}/usr/share/license @@ -82,6 +85,7 @@ cp LICENSE %{buildroot}/usr/share/license/%{name} %{_unitdir}/sys-kernel-debug.mount.wants/ttrace-marker.service %attr(755,root,root) %{_bindir}/atrace-bootup.sh /usr/share/license/%{name} +/usr/lib/tmpfiles.d/ttrace.conf %files devel %defattr(-,root,root,-) diff --git a/src/atrace/atrace.cpp b/src/atrace/atrace.cpp index fff7369..2639795 100755 --- a/src/atrace/atrace.cpp +++ b/src/atrace/atrace.cpp @@ -33,7 +33,6 @@ #include <sys/file.h> #include <sys/stat.h> #include <sys/smack.h> -#include <linux/xattr.h> #include <unistd.h> #include "ttrace.h" #define TTRACE_TAG_NONE 9999 @@ -53,46 +52,6 @@ typedef enum { OPT, REQ } requiredness ; char str_error[256] = ""; -struct CommonNode { - const char* path; - const mode_t perms; -}; - -typedef enum { - TTRACE_TAG_IDX = 0, - DEBUG_FS_IDX, - TRACING_FS_IDX, - TRACE_MARKER_IDX, - ESSENCE_NODE_IDX -} commonNodeIdx; - -static const CommonNode commonNodes[] = { - { ENABLED_TAG_FILE, 0664 }, - { "/sys/kernel/debug", 0755 }, - { "/sys/kernel/debug/tracing", 0755 }, - { "/sys/kernel/debug/tracing/trace_marker", 0222 }, - { "/sys/kernel/debug/tracing/trace_clock", 0666 }, - { "/sys/kernel/debug/tracing/buffer_size_kb", 0666 }, - { "/sys/kernel/debug/tracing/current_tracer", 0666 }, - { "/sys/kernel/debug/tracing/tracing_on", 0666 }, - { "/sys/kernel/debug/tracing/trace", 0666 }, - { "/sys/kernel/debug/tracing/options/overwrite", 0666 }, - { "/sys/kernel/debug/tracing/options/print-tgid", 0666 }, - { "/sys/kernel/debug/tracing/events/sched/sched_switch/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/sched/sched_wakeup/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/power/cpu_frequency/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/memory_bus/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/power/cpu_idle/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/ext4/ext4_sync_file_enter/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/ext4/ext4_sync_file_exit/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/block/block_rq_issue/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/block/block_rq_complete/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/mmc/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/cpufreq_interactive/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/sync/enable", 0666 }, - { "/sys/kernel/debug/tracing/events/workqueue/enable", 0666 }, -}; - struct TracingCategory { // The name identifying the category. const char* name; @@ -252,39 +211,6 @@ static bool fileIsWritable(const char* filename) { return access(filename, W_OK) != -1; } -static bool setFilePermission (const char *path, const mode_t perms) { - //fprintf(stderr, "path: %s, perms: %d, gid: %d\n", path,perms, group_dev.gr_gid); - if (0 > chown(path, 0, group_dev.gr_gid)) return false; - if (0 > chmod(path, perms)) return false; - if (0 > smack_set_label_for_path(path, XATTR_NAME_SMACK, false, "*")) return false; - - return true; -} - -static bool initSysfsPermission() { - for (int i = TTRACE_TAG_IDX + 1 ; i < NELEM(commonNodes); i++) { - const CommonNode &node = commonNodes[i]; - printf("initsysfsperm: path- %s, perms- %d\n", node.path, node.perms); - if (fileExists(node.path)) { - if (i == DEBUG_FS_IDX || i == TRACING_FS_IDX) { - if(0 > chmod(node.path, node.perms)) - return false; - } - else { - if (!setFilePermission(node.path, node.perms)) - return false; - } - } - else { - if(i < ESSENCE_NODE_IDX) - { - return false; - } - } - } - return true; -} - // Truncate a file. static bool truncateFile(const char* path) { @@ -445,7 +371,6 @@ static bool setTagsProperty(uint64_t tags) { uint64_t *sm_for_enabled_tag = NULL; int fd = -1; - const CommonNode &tag_node = commonNodes[TTRACE_TAG_IDX]; //atrace "--init_exec" mode if(g_init_exec) { @@ -494,13 +419,6 @@ static bool setTagsProperty(uint64_t tags) fprintf(stderr, "Fail to open enabled_tag file: %s(%d)\n", strerror_r(errno, str_error, sizeof(str_error)), errno); return false; } - //set file permission, smack label to "/tmp/tmp_tag" and then change it's name to "/tmp/ttrace_tag" - if (!setFilePermission("/tmp/tmp_tag", tag_node.perms)) - { - fprintf(stderr, "setFilePermission failed(%s): /tmp/tmp_tag\n", strerror_r(errno, str_error, sizeof(str_error))); - close(fd); - return false; - } if (ftruncate(fd, sizeof(uint64_t)) < 0) { fprintf(stderr, "ftruncate() failed(%s)\n", strerror_r(errno, str_error, sizeof(str_error))); @@ -516,15 +434,9 @@ static bool setTagsProperty(uint64_t tags) } //for auto-mounting tracingfs (>= linux 4.1.x) system("/usr/bin/ls -al /sys/kernel/debug/tracing > /dev/null 2>&1"); - if(!initSysfsPermission()) { - fprintf(stderr, "Fail to init sysfs permisions: %s(%d)\n", strerror_r(errno, str_error, sizeof(str_error)), errno); - munmap(sm_for_enabled_tag, sizeof(uint64_t)); - close(fd); - return false; - } memset(sm_for_enabled_tag, 0, sizeof(uint64_t)); - if(-1 == rename("/tmp/tmp_tag", tag_node.path)) { + if(-1 == rename("/tmp/tmp_tag", ENABLED_TAG_FILE)) { fprintf(stderr, "Fail to rename enabled_tag file: %s(%d)\n", strerror_r(errno, str_error, sizeof(str_error)), errno); } |