4 * Copyright (c) 2015 Samsung Electronics Co., Ltd. All rights reserved.
6 * Contact: Yong Yeon Kim <yy9875.kim@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
23 * This file contains Cynara integration code
25 * @file media-util-cynara.c
26 * @author Jacek Bukarewicz (j.bukarewicz@samsung.com)
37 #include <sys/socket.h>
40 #include <media-util-cynara.h>
41 #include <media-util-dbg.h>
42 #include <media-util-err.h>
43 #include <media-util-ipc.h>
44 #include <media-util-internal.h>
46 #include <cynara-client.h>
47 #include <cynara-session.h>
48 #include <cynara-error.h>
49 #include <cynara-creds-socket.h>
52 /* this definition is missing in glibc headers (version 2.21). It was introduced in kernel version 2.6.17 */
54 #define SCM_SECURITY 0x03
57 static cynara *_cynara = NULL;
58 static cynara_configuration *_p_conf = NULL;
59 G_LOCK_DEFINE_STATIC(cynara_mutex);
61 static void ms_cynara_dbg_err(const char *prefix, int error_code)
63 char error_buffer[256];
65 error_buffer[0] = '\0';
67 err = cynara_strerror(error_code, error_buffer, sizeof(error_buffer));
68 if (err == CYNARA_API_SUCCESS) {
69 MSAPI_DBG_ERR("%s: %s", prefix, error_buffer);
71 MSAPI_DBG_ERR("%s: error code %i", prefix, error_code);
75 int ms_cynara_initialize(void)
79 ret = cynara_configuration_create(&_p_conf);
80 if (ret != CYNARA_API_SUCCESS) {
81 ms_cynara_dbg_err("cynara_configuration_create", ret);
82 return MS_MEDIA_ERR_INTERNAL;
84 ret = cynara_configuration_set_cache_size(_p_conf, 100);
85 if (ret != CYNARA_API_SUCCESS) {
86 ms_cynara_dbg_err("cynara_configuration_set_cache_size", ret);
87 return MS_MEDIA_ERR_INTERNAL;
89 ret = cynara_initialize(&_cynara, _p_conf);
90 if (ret != CYNARA_API_SUCCESS) {
91 ms_cynara_dbg_err("cynara_initialize", ret);
92 return MS_MEDIA_ERR_INTERNAL;
95 cynara_configuration_destroy(_p_conf);
97 return MS_MEDIA_ERR_NONE;
100 void ms_cynara_finish(void)
102 cynara_finish(_cynara);
106 int ms_cynara_receive_untrusted_message(int sockfd, ms_comm_msg_s *recv_msg, ms_peer_credentials *credentials)
109 int recv_msg_size = 0;
111 if (!recv_msg || !credentials)
112 return MS_MEDIA_ERR_INVALID_PARAMETER;
114 if ((recv_msg_size = read(sockfd, recv_msg, sizeof(ms_comm_msg_s))) < 0) {
115 if (errno == EWOULDBLOCK) {
116 MSAPI_DBG_ERR("Timeout. Can't try any more");
117 return MS_MEDIA_ERR_SOCKET_RECEIVE_TIMEOUT;
119 MSAPI_DBG_ERR("recv failed");
120 return MS_MEDIA_ERR_SOCKET_RECEIVE;
124 MSAPI_DBG_SLOG("receive msg from [%d] %d, %s", recv_msg->pid, recv_msg->msg_type, recv_msg->msg);
126 if (!(recv_msg->msg_size > 0 && recv_msg->msg_size < MAX_MSG_SIZE)) {
127 MSAPI_DBG_ERR("IPC message is wrong. message size is %d", recv_msg->msg_size);
128 return MS_MEDIA_ERR_INVALID_IPC_MESSAGE;
131 ret = cynara_creds_socket_get_pid(sockfd, &(credentials->pid));
133 MSAPI_DBG_ERR("cynara_creds_socket_get_pid failed");
134 return MS_MEDIA_ERR_INTERNAL;
137 ret = cynara_creds_socket_get_user(sockfd, USER_METHOD_UID, &(credentials->uid));
139 MSAPI_DBG_ERR("cynara_creds_socket_get_user failed");
140 return MS_MEDIA_ERR_INTERNAL;
143 ret = cynara_creds_socket_get_client(sockfd, CLIENT_METHOD_SMACK, &(credentials->smack));
145 MSAPI_DBG_ERR("cynara_creds_socket_get_client failed");
146 return MS_MEDIA_ERR_INTERNAL;
149 // MSAPI_DBG_ERR("cynara_creds_info : P[%d]U[%s]S[%s]", credentials->pid, credentials->uid, credentials->smack);
151 return MS_MEDIA_ERR_NONE;
154 int ms_cynara_receive_untrusted_message_thumb(int sockfd, thumbMsg *recv_msg, ms_peer_credentials *credentials)
158 int recv_msg_size = 0;
159 unsigned char *buf = NULL;
161 if (!recv_msg || !credentials)
162 return MS_MEDIA_ERR_INVALID_PARAMETER;
164 header_size = sizeof(thumbMsg) -(MAX_FILEPATH_LEN * 2) - sizeof(unsigned char *);
165 MS_MALLOC(buf, header_size);
167 if ((recv_msg_size = recv(sockfd, buf, header_size, 0)) < 0) {
168 if (errno == EWOULDBLOCK) {
169 MSAPI_DBG_ERR("Timeout. Can't try any more");
171 return MS_MEDIA_ERR_SOCKET_RECEIVE_TIMEOUT;
173 MSAPI_DBG_ERR("recv failed");
175 return MS_MEDIA_ERR_SOCKET_RECEIVE;
179 memcpy(recv_msg, buf, header_size);
183 if (recv_msg->origin_path_size <= 0) {
185 MSAPI_DBG_ERR("msg->origin_path_size is invalid %d", recv_msg->origin_path_size);
186 return MS_MEDIA_ERR_INVALID_PARAMETER;
189 MS_MALLOC(buf, (unsigned int)(recv_msg->origin_path_size));
191 MSAPI_DBG_STRERROR("malloc failed");
192 return MS_MEDIA_ERR_OUT_OF_MEMORY;
195 if ((recv_msg_size = recv(sockfd, buf, recv_msg->origin_path_size, 0)) < 0) {
197 if (errno == EWOULDBLOCK) {
198 MSAPI_DBG_ERR("Timeout. Can't try any more");
199 return MS_MEDIA_ERR_SOCKET_RECEIVE_TIMEOUT;
201 MSAPI_DBG_ERR("recv failed");
202 return MS_MEDIA_ERR_SOCKET_RECEIVE;
207 strncpy(recv_msg->org_path, (char*)buf, recv_msg->origin_path_size);
210 if (recv_msg->dest_path_size <= 0) {
212 MSAPI_DBG_ERR("msg->origin_path_size is invalid %d", recv_msg->dest_path_size);
213 return MS_MEDIA_ERR_INVALID_PARAMETER;
216 MS_MALLOC(buf, (unsigned int)(recv_msg->dest_path_size));
218 MSAPI_DBG_STRERROR("malloc failed");
219 return MS_MEDIA_ERR_OUT_OF_MEMORY;
222 if ((recv_msg_size = recv(sockfd, buf, recv_msg->dest_path_size, 0)) < 0) {
224 if (errno == EWOULDBLOCK) {
225 MSAPI_DBG_ERR("Timeout. Can't try any more");
226 return MS_MEDIA_ERR_SOCKET_RECEIVE_TIMEOUT;
228 MSAPI_DBG_ERR("recv failed");
229 return MS_MEDIA_ERR_SOCKET_RECEIVE;
234 strncpy(recv_msg->dst_path, (char*)buf, recv_msg->dest_path_size);
238 ret = cynara_creds_socket_get_pid(sockfd, &(credentials->pid));
240 MSAPI_DBG_ERR("cynara_creds_socket_get_pid failed");
241 return MS_MEDIA_ERR_INTERNAL;
244 ret = cynara_creds_socket_get_user(sockfd, USER_METHOD_UID, &(credentials->uid));
246 MSAPI_DBG_ERR("cynara_creds_socket_get_user failed");
247 return MS_MEDIA_ERR_INTERNAL;
250 ret = cynara_creds_socket_get_client(sockfd, CLIENT_METHOD_SMACK, &(credentials->smack));
252 MSAPI_DBG_ERR("cynara_creds_socket_get_client failed");
253 return MS_MEDIA_ERR_INTERNAL;
256 // MSAPI_DBG_ERR("cynara_creds_info : P[%d]U[%s]S[%s]", credentials->pid, credentials->uid, credentials->smack);
258 return MS_MEDIA_ERR_NONE;
261 int ms_cynara_check(const ms_peer_credentials *creds, const char *privilege)
266 if (!creds || !privilege)
267 return MS_MEDIA_ERR_INVALID_PARAMETER;
269 session = cynara_session_from_pid(creds->pid);
270 if (session == NULL) {
271 MSAPI_DBG_ERR("cynara_session_from_pid failed");
272 return MS_MEDIA_ERR_INTERNAL;
275 G_LOCK(cynara_mutex);
276 result = cynara_check(_cynara, creds->smack, session, creds->uid, privilege);
277 G_UNLOCK(cynara_mutex);
279 if (result != CYNARA_API_ACCESS_ALLOWED)
280 ms_cynara_dbg_err("cynara_check", result);
282 MS_SAFE_FREE(session);
283 return result == CYNARA_API_ACCESS_ALLOWED ? MS_MEDIA_ERR_NONE : MS_MEDIA_ERR_PERMISSION_DENIED;
286 int ms_cynara_enable_credentials_passing(int fd)
288 const int optval = 1;
291 err = setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &optval, sizeof(optval));
293 MSAPI_DBG_ERR("Failed to set SO_PASSSEC socket option");
294 return MS_MEDIA_ERR_SOCKET_INTERNAL;
297 err = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &optval, sizeof(optval));
299 MSAPI_DBG_ERR("Failed to set SO_PASSCRED socket option");
300 return MS_MEDIA_ERR_SOCKET_INTERNAL;
303 return MS_MEDIA_ERR_NONE;
projects / platform / core / multimedia / media-server.git / blob