Add krate-mount service

[platform/core/security/krate.git] / module / krate-builder.cpp

/*
 *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License
 */
#include <fcntl.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>

#include "krate-builder.h"

#include <klay/exception.h>
#include <klay/namespace.h>
#include <klay/filesystem.h>

#define CGROUP_SUBSYSTEM "krate"

KrateBuilder::KrateBuilder(const runtime::User& user) :
        user(user)
{
        runtime::File data(getManifestPath());
        if (data.exists()) {
                manifest.reset(xml::Parser::parseFile(data.getPath()));
        }
}

KrateBuilder::~KrateBuilder()
{
}

std::string KrateBuilder::getManifestPath()
{
        return "/home/" + user.getName() + "/.config/krate/krate.xml";
}

void KrateBuilder::bindFilesystemNode(const std::string& source, const std::string& target,
                                                                         const std::string& type, const std::string& options,
                                                                         bool create)
{
        if (create) {
                runtime::File dir(target);
                if (!dir.exists()) {
                        dir.makeDirectory(true, user.getUid(), user.getGid());
                }
        }

        runtime::Mount::mountEntry(source, target, type, options);
}

void KrateBuilder::mountOwnFilesystem()
{
        if (manifest.get()) {
                xml::Node::NodeList entries = manifest->evaluate("/manifest/filesystem/entry");
                for (const xml::Node& entry : entries) {
                        bindFilesystemNode(entry.getProp("source"), entry.getProp("target"),
                                                           entry.getProp("type"), entry.getProp("options"));
                }
        }

        bindFilesystemNode("/home/" + user.getName(),
                                           "/home/" + user.getName() + "/.krate/" + user.getName(),
                                           "none", "rw,bind");

        bindFilesystemNode("/home/" + user.getName() + "/.krate", "/home",
                                           "none", "rw,rbind");
}

void KrateBuilder::enterKrate()
{
        std::string path = CGROUP_SUBSYSTEM "/" + user.getName();
        pid_t pid = 0;

        if (runtime::Cgroup::exist(CGROUP_SUBSYSTEM, path)) {
                auto pids = runtime::Cgroup::getProcessList(CGROUP_SUBSYSTEM, path);
                if (pids.size() > 0) {
                        pid  = pids[0];
                }
        } else {
                runtime::Cgroup::create(CGROUP_SUBSYSTEM, path);
        }

        if (pid == 0) {
                runtime::Cgroup::addProcess(CGROUP_SUBSYSTEM, path, ::getpid());
                runtime::Namespace::unshare(CLONE_NEWNS | CLONE_NEWIPC);
        } else {
                runtime::Namespace::attach(pid);
        }
}

void KrateBuilder::exitKrate()
{
        std::string path =  CGROUP_SUBSYSTEM "/" + user.getName();
        auto pids = runtime::Cgroup::getProcessList(CGROUP_SUBSYSTEM, path);
        if (pids.size() <= 1) {
                runtime::Cgroup::destroy(CGROUP_SUBSYSTEM, path);
        }
}