4 * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
6 * Contact: Bumjin Im <bj.im@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License
24 #include <sys/types.h>
29 #include <sys/smack.h>
31 #include <sys/socket.h>
35 #include "smack-check.h"
36 #include "security-server.h"
37 #include "security-server-common.h"
38 #include "security-server-comm.h"
41 void printhex(unsigned char *data, int size)
49 printf("%X ", data[i]);
50 if(((i+1) % 16) == 0 && i != 0)
57 char *read_cmdline_from_proc(pid_t pid)
63 snprintf(path, sizeof(path), "/proc/%d/exe", pid);
68 SEC_SVR_DBG("%s", "Out of memory");
74 bzero(cmdline, memsize);
75 /* readlink() may have security hole in normal symbolic link. *
76 * But this link is located at proc fs that only kernel can change */
77 readlink(path, cmdline, memsize); /* FlawFinder: ignore */
78 SEC_SVR_DBG("pid: %d, cmdline: %s", pid, cmdline);
80 /* Check it's truncated */
81 if(cmdline[memsize -1] != 0)
83 cmdline = (char *)realloc(cmdline, sizeof(char) * (memsize + 32));
87 SEC_SVR_DBG("%s", "Out of memory");
101 /* We may need to filter error code */
102 int convert_to_public_error_code(int err_code)
104 /* Do we need this? */
108 static int send_exec_path_request(int sock_fd, pid_t pid)
112 unsigned char buf[sizeof(hdr) + sizeof(pid)];
114 /* Assemble header */
115 hdr.version = SECURITY_SERVER_MSG_VERSION;
116 hdr.msg_id = SECURITY_SERVER_MSG_TYPE_EXE_PATH_REQUEST;
117 hdr.msg_len = sizeof(pid);
119 memcpy(buf, &hdr, sizeof(hdr));
120 memcpy(buf + sizeof(hdr), &pid, sizeof(pid));
123 retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
124 if(retval == SECURITY_SERVER_ERROR_POLL)
126 SEC_SVR_ERR("%s", "poll() error");
127 return SECURITY_SERVER_ERROR_SEND_FAILED;
129 if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
131 SEC_SVR_ERR("%s", "poll() timeout");
132 return SECURITY_SERVER_ERROR_SEND_FAILED;
136 retval = TEMP_FAILURE_RETRY(write(sock_fd, buf, sizeof(buf)));
137 if(retval < (ssize_t)sizeof(buf))
140 SEC_SVR_ERR("Error on write(): %d", retval);
141 return SECURITY_SERVER_ERROR_SEND_FAILED;
143 return SECURITY_SERVER_SUCCESS;
146 static int recv_exec_path_response(int sockfd, response_header *hdr, char** path)
154 SEC_SVR_ERR("path should be NULL");
155 return SECURITY_SERVER_ERROR_INPUT_PARAM;
158 retval = recv_generic_response(sockfd, hdr);
159 if(retval != SECURITY_SERVER_SUCCESS)
161 SEC_SVR_ERR("Failed to get response: %d", retval);
162 return return_code_to_error_code(hdr->return_code);
165 retval = TEMP_FAILURE_RETRY(read(sockfd, &size, sizeof(size_t)));
166 if(retval < (ssize_t)sizeof(size_t) || size == 0)
168 /* Error on socket */
169 SEC_SVR_ERR("read() failed: %d", retval);
170 return SECURITY_SERVER_ERROR_RECV_FAILED;
172 buf = (char*)malloc((size+1)*sizeof(char));
175 SEC_SVR_ERR("malloc() failed. Size requested: %d", size*sizeof(char));
176 return SECURITY_SERVER_ERROR_OUT_OF_MEMORY;
179 retval = TEMP_FAILURE_RETRY(read(sockfd, buf, size));
180 if(retval < (ssize_t)size)
182 /* Error on socket */
183 SEC_SVR_ERR("read() failed: %d", retval);
185 return SECURITY_SERVER_ERROR_RECV_FAILED;
191 return SECURITY_SERVER_SUCCESS;
194 static int get_exec_path(pid_t pid, char** exe)
200 if (SECURITY_SERVER_SUCCESS != connect_to_server(&sockfd))
203 ret = send_exec_path_request(sockfd, pid);
204 if (ret != SECURITY_SERVER_SUCCESS)
206 /* Error on socket */
207 SEC_SVR_ERR("Client: Send failed: %d", ret);
211 ret = recv_exec_path_response(sockfd, &hdr, &path);
212 if (ret != SECURITY_SERVER_SUCCESS)
214 SEC_SVR_ERR("Client: Recv failed: %d", ret);
218 ret = return_code_to_error_code(hdr.return_code);
219 if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
220 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
221 else if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_EXE_PATH_RESPONSE)
223 SEC_SVR_ERR("Client: Wrong response type.");
224 ret = SECURITY_SERVER_ERROR_BAD_RESPONSE;
231 if (ret == SECURITY_SERVER_SUCCESS)
242 int security_server_get_gid(const char *object)
244 int sockfd = -1, retval, gid;
249 SEC_SVR_ERR("%s", "Client: object is null or object is too big");
250 retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
253 if( strlen(object) > SECURITY_SERVER_MAX_OBJ_NAME )
255 SEC_SVR_ERR("%s", "object is null or object is too big");
256 retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
260 if(strlen(object) == 0)
262 SEC_SVR_ERR("Client: object is is empty");
263 retval = SECURITY_SERVER_API_ERROR_INPUT_PARAM;
267 SEC_SVR_DBG("%s", "Client: security_server_get_gid() is called");
268 retval = connect_to_server(&sockfd);
269 if(retval != SECURITY_SERVER_SUCCESS)
271 /* Error on socket */
272 SEC_SVR_ERR("Connection failed: %d", retval);
275 SEC_SVR_DBG("%s", "Client: Security server has been connected");
277 /* make request packet and send to server*/
278 retval = send_gid_request(sockfd, object);
279 SEC_SVR_DBG("%s", "Client: gid request has been sent");
280 if(retval != SECURITY_SERVER_SUCCESS)
282 /* Error on socket */
283 SEC_SVR_ERR("Send gid request failed: %d", retval);
287 /* Receive response */
288 retval = recv_get_gid_response(sockfd, &hdr, &gid);
289 if(retval != SECURITY_SERVER_SUCCESS)
291 SEC_SVR_ERR("Client: Receive response failed: %d", retval);
294 SEC_SVR_DBG("%s", "Client: get gid response has been received");
296 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_GID_RESPONSE) /* Wrong response */
298 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
300 /* There must be some error */
301 SEC_SVR_ERR("Client: It'll be an error. return code:%d", hdr.return_code);
302 retval = return_code_to_error_code(hdr.return_code);
307 /* Something wrong with response */
308 SEC_SVR_ERR("Client: Something wrong with response:%d", hdr.basic_hdr.msg_id);
309 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
314 SEC_SVR_DBG("received gid is %d", gid);
320 /* If error happened */
322 retval = convert_to_public_error_code(retval);
331 int security_server_get_object_name(gid_t gid, char *object, size_t max_object_size)
333 int sockfd = -1, retval;
338 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
342 retval = connect_to_server(&sockfd);
343 if(retval != SECURITY_SERVER_SUCCESS)
345 /* Error on socket */
346 SEC_SVR_ERR("Client: connect to server failed: %d", retval);
350 /* make request packet */
351 retval = send_object_name_request(sockfd, gid);
352 if(retval != SECURITY_SERVER_SUCCESS)
354 /* Error on socket */
355 SEC_SVR_ERR("Client: cannot send request: %d", retval);
359 retval = recv_get_object_name(sockfd, &hdr, object, max_object_size);
360 if(retval != SECURITY_SERVER_SUCCESS)
362 SEC_SVR_ERR("Client: Receive response failed: %d", retval);
366 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_OBJECT_NAME_RESPONSE) /* Wrong response */
368 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
370 /* There must be some error */
371 SEC_SVR_ERR("Client: There is error on response: return code:%d", hdr.basic_hdr.msg_id);
372 retval = return_code_to_error_code(hdr.return_code);
376 /* Something wrong with response */
377 SEC_SVR_ERR("Client: Some unexpected error happene: return code:%d", hdr.basic_hdr.msg_id);
378 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
387 retval = convert_to_public_error_code(retval);
394 int security_server_request_cookie(char *cookie, size_t max_cookie)
396 int sockfd = -1, retval;
401 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
404 if(max_cookie < SECURITY_SERVER_COOKIE_LEN)
406 retval = SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL;
410 SEC_SVR_DBG("%s", "Client: security_server_request_cookie() is called");
411 retval = connect_to_server(&sockfd);
412 if(retval != SECURITY_SERVER_SUCCESS)
414 /* Error on socket */
415 SEC_SVR_ERR("%s", "Client: connection failed");
419 /* make request packet */
420 retval = send_cookie_request(sockfd);
421 if(retval != SECURITY_SERVER_SUCCESS)
423 /* Error on socket */
424 SEC_SVR_ERR("Client: send cookie failed: %d", retval);
427 SEC_SVR_DBG("%s", "Client: cookie request sent");
428 retval = recv_cookie(sockfd, &hdr, cookie);
430 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_COOKIE_RESPONSE) /* Wrong response */
432 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
434 /* There must be some error */
435 SEC_SVR_ERR("Client ERROR: There is an error on response. return code:%d", hdr.return_code);
436 retval = return_code_to_error_code(hdr.return_code);
440 /* Something wrong with response */
441 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
442 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
446 SEC_SVR_DBG("%s", "Client: cookie received");
452 retval = convert_to_public_error_code(retval);
461 int security_server_check_privilege(const char *cookie, gid_t privilege)
463 int sockfd = -1, retval;
468 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
472 retval = connect_to_server(&sockfd);
473 if(retval != SECURITY_SERVER_SUCCESS)
475 /* Error on socket */
479 /* make request packet */
480 retval = send_privilege_check_request(sockfd, cookie, privilege);
481 if(retval != SECURITY_SERVER_SUCCESS)
483 /* Error on socket */
484 SEC_SVR_ERR("Send failed: %d", retval);
488 retval = recv_privilege_check_response(sockfd, &hdr);
490 retval = return_code_to_error_code(hdr.return_code);
491 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE) /* Wrong response */
493 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
495 /* There must be some error */
496 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
500 /* Something wrong with response */
501 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
502 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
511 retval = convert_to_public_error_code(retval);
517 int security_server_check_privilege_by_cookie(const char *cookie,
519 const char *access_rights)
521 int sockfd = -1, retval;
525 if(cookie == NULL || object == NULL || access_rights == NULL)
527 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
531 olen = strlen(object);
532 alen = strlen(access_rights);
534 if (olen > SMACK_LABEL_LEN || alen > MAX_MODE_STR_LEN)
536 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
540 retval = connect_to_server(&sockfd);
541 if(retval != SECURITY_SERVER_SUCCESS)
543 /* Error on socket */
547 /* make request packet */
548 retval = send_privilege_check_new_request(
549 sockfd, cookie, object, access_rights);
550 if(retval != SECURITY_SERVER_SUCCESS)
552 /* Error on socket */
553 SEC_SVR_ERR("Send failed: %d", retval);
557 retval = recv_privilege_check_new_response(sockfd, &hdr);
559 retval = return_code_to_error_code(hdr.return_code);
560 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE)
563 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
565 /* There must be some error */
566 SEC_SVR_ERR("Client: Error has been received. return code:%d",
571 /* Something wrong with response */
572 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
573 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
582 retval = convert_to_public_error_code(retval);
587 int security_server_check_privilege_by_sockfd(int sockfd,
589 const char *access_rights)
593 SEC_SVR_DBG("%s","No SMACK support on device");
594 return SECURITY_SERVER_API_SUCCESS;
601 //for get socket options
603 unsigned int len = sizeof(cr);
605 //SMACK runtime check
606 if (!smack_runtime_check())
608 SEC_SVR_DBG("%s","No SMACK support on device");
609 return SECURITY_SERVER_API_SUCCESS;
612 ret = smack_new_label_from_socket(sockfd, &subject);
614 return SECURITY_SERVER_API_ERROR_SERVER_ERROR;
617 ret = getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &len);
619 SEC_SVR_ERR("Error in getsockopt(). Errno: %s", strerror(errno));
623 ret = get_exec_path(cr.pid, &path);
624 if (SECURITY_SERVER_SUCCESS != ret)
625 SEC_SVR_ERR("Failed to read executable path for process %d", cr.pid);
627 ret = security_server_check_privilege_by_pid(cr.pid, object, access_rights);
628 if (ret == SECURITY_SERVER_RETURN_CODE_SUCCESS)
635 SEC_SVR_DBG("security_server_check_privilege_by_pid returned %d", ret);
637 SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path);
639 SEC_SVR_ERR("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path);
645 return SECURITY_SERVER_API_SUCCESS;
649 return SECURITY_SERVER_API_ERROR_ACCESS_DENIED;
655 int security_server_get_cookie_size(void)
657 return SECURITY_SERVER_COOKIE_LEN;
663 int security_server_get_cookie_pid(const char *cookie)
665 int sockfd = -1, retval, pid = -1;
670 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
674 retval = connect_to_server(&sockfd);
675 if(retval != SECURITY_SERVER_SUCCESS)
677 /* Error on socket */
681 /* make request packet */
682 retval = send_pid_request(sockfd, cookie);
683 if(retval != SECURITY_SERVER_SUCCESS)
685 /* Error on socket */
686 SEC_SVR_ERR("Client: Send failed: %d", retval);
690 retval = recv_pid_response(sockfd, &hdr, &pid);
692 retval = return_code_to_error_code(hdr.return_code);
693 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_PID_RESPONSE) /* Wrong response */
695 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
697 /* There must be some error */
698 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
702 /* Something wrong with response */
703 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
704 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
708 if(hdr.return_code == SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE)
710 SEC_SVR_ERR("%s"," Client: There is no such cookie exist");
717 retval = convert_to_public_error_code(retval);
727 int security_server_launch_debug_tool(int argc, const char **argv)
729 int sockfd = -1, retval;
732 if(argc < 1 || argv == NULL || argv[0] == NULL)
734 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
740 if(strcmp(argv[0], SECURITY_SERVER_KILL_APP_PATH) != 0)
742 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
747 /* Check the caller is developer shell */
749 if(retval != SECURITY_SERVER_DEVELOPER_UID)
751 SEC_SVR_ERR("Client: It's not allowed to call this API by uid %d", retval);
752 retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
756 retval = connect_to_server(&sockfd);
757 if(retval != SECURITY_SERVER_SUCCESS)
759 /* Error on socket */
763 /* make request packet */
764 retval = send_launch_tool_request(sockfd, argc, argv);
765 if(retval != SECURITY_SERVER_SUCCESS)
767 /* Error on socket */
768 SEC_SVR_ERR("Client: Send failed: %d", retval);
772 retval = recv_generic_response(sockfd, &hdr);
774 retval = return_code_to_error_code(hdr.return_code);
775 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_TOOL_RESPONSE) /* Wrong response */
777 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
779 /* There must be some error */
780 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
784 /* Something wrong with response */
785 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
786 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
795 retval = convert_to_public_error_code(retval);
802 int security_server_is_pwd_valid(unsigned int *current_attempts,
803 unsigned int *max_attempts,
804 unsigned int *valid_secs)
806 int sockfd = -1, retval = SECURITY_SERVER_ERROR_UNKNOWN;
809 if(current_attempts == NULL || max_attempts == NULL ||valid_secs == NULL)
811 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
815 /* Authenticate self that is setting app goes here */
816 /* 1st, check cmdline which is setting app */
817 /* 2nd, check /proc/self/attr/current for the SMACK label */
819 retval = connect_to_server(&sockfd);
820 if(retval != SECURITY_SERVER_SUCCESS)
822 /* Error on socket */
826 /* make request packet */
827 retval = send_valid_pwd_request(sockfd);
828 if(retval != SECURITY_SERVER_SUCCESS)
830 /* Error on socket */
831 SEC_SVR_ERR("Client: Send failed: %d", retval);
835 retval = recv_pwd_response(sockfd, &hdr, current_attempts, max_attempts, valid_secs);
837 retval = return_code_to_error_code(hdr.return_code);
838 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE) /* Wrong response */
840 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_VALID_PWD_RESPONSE)
842 /* There must be some error */
843 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
847 /* Something wrong with response */
848 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
849 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
857 retval = convert_to_public_error_code(retval);
864 int security_server_set_pwd(const char *cur_pwd,
866 const unsigned int max_challenge,
867 const unsigned int valid_period_in_days)
869 int sockfd = -1, retval;
872 if(new_pwd == NULL || strlen(new_pwd) > SECURITY_SERVER_MAX_PASSWORD_LEN)
874 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
878 /* Authenticate self that is setting app goes here */
879 /* 1st, check cmdline which is setting app */
880 /* 2nd, check /proc/self/attr/current for the SMACK label */
882 retval = connect_to_server(&sockfd);
883 if(retval != SECURITY_SERVER_SUCCESS)
885 /* Error on socket */
889 /* make request packet */
890 retval = send_set_pwd_request(sockfd, cur_pwd, new_pwd, max_challenge, valid_period_in_days);
891 if(retval != SECURITY_SERVER_SUCCESS)
893 /* Error on socket */
894 SEC_SVR_ERR("Client: Send failed: %d", retval);
898 retval = recv_generic_response(sockfd, &hdr);
900 retval = return_code_to_error_code(hdr.return_code);
901 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_RESPONSE) /* Wrong response */
903 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
905 /* There must be some error */
906 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
910 /* Something wrong with response */
911 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
912 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
920 retval = convert_to_public_error_code(retval);
926 int security_server_set_pwd_validity(const unsigned int valid_period_in_days)
928 int sockfd = -1, retval;
931 retval = connect_to_server(&sockfd);
932 if(retval != SECURITY_SERVER_SUCCESS)
934 /* Error on socket */
938 /* make request packet */
939 retval = send_set_pwd_validity_request(sockfd, valid_period_in_days);
940 if(retval != SECURITY_SERVER_SUCCESS)
942 /* Error on socket */
943 SEC_SVR_ERR("Client: Send failed: %d", retval);
947 retval = recv_generic_response(sockfd, &hdr);
949 retval = return_code_to_error_code(hdr.return_code);
950 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE) /* Wrong response */
952 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
954 /* There must be some error */
955 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
959 /* Something wrong with response */
960 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
961 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
969 retval = convert_to_public_error_code(retval);
974 int security_server_set_pwd_max_challenge(const unsigned int max_challenge)
976 int sockfd = -1, retval;
979 retval = connect_to_server(&sockfd);
980 if(retval != SECURITY_SERVER_SUCCESS)
982 /* Error on socket */
986 /* make request packet */
987 retval = send_set_pwd_max_challenge_request(sockfd, max_challenge);
988 if(retval != SECURITY_SERVER_SUCCESS)
990 /* Error on socket */
991 SEC_SVR_ERR("Client: Send failed: %d", retval);
995 retval = recv_generic_response(sockfd, &hdr);
997 retval = return_code_to_error_code(hdr.return_code);
998 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE) /* Wrong response */
1000 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
1002 /* There must be some error */
1003 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
1007 /* Something wrong with response */
1008 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
1009 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
1017 retval = convert_to_public_error_code(retval);
1024 int security_server_reset_pwd(const char *new_pwd,
1025 const unsigned int max_challenge,
1026 const unsigned int valid_period_in_days)
1028 int sockfd = -1, retval;
1029 response_header hdr;
1031 if(new_pwd == NULL || strlen(new_pwd) > SECURITY_SERVER_MAX_PASSWORD_LEN)
1033 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
1037 /* Authenticate self that is setting app goes here */
1038 /* 1st, check cmdline which is setting app */
1039 /* 2nd, check /proc/self/attr/current for the SMACK label */
1041 retval = connect_to_server(&sockfd);
1042 if(retval != SECURITY_SERVER_SUCCESS)
1044 /* Error on socket */
1048 /* make request packet */
1049 retval = send_reset_pwd_request(sockfd, new_pwd, max_challenge, valid_period_in_days);
1050 if(retval != SECURITY_SERVER_SUCCESS)
1052 /* Error on socket */
1053 SEC_SVR_ERR("Client: Send failed: %d", retval);
1057 retval = recv_generic_response(sockfd, &hdr);
1059 retval = return_code_to_error_code(hdr.return_code);
1060 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_RESET_PWD_RESPONSE) /* Wrong response */
1062 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
1064 /* There must be some error */
1065 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
1069 /* Something wrong with response */
1070 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
1071 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
1079 retval = convert_to_public_error_code(retval);
1086 int security_server_chk_pwd(const char *challenge,
1087 unsigned int *current_attempt,
1088 unsigned int *max_attempts,
1089 unsigned int *valid_secs)
1091 int sockfd = -1, retval;
1092 response_header hdr;
1094 if(challenge == NULL || strlen(challenge) > SECURITY_SERVER_MAX_PASSWORD_LEN
1095 || current_attempt == NULL || max_attempts == NULL || valid_secs == NULL)
1097 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
1101 /* Authenticate self goes here */
1103 retval = connect_to_server(&sockfd);
1104 if(retval != SECURITY_SERVER_SUCCESS)
1106 /* Error on socket */
1110 /* make request packet */
1111 retval = send_chk_pwd_request(sockfd, challenge);
1112 if(retval != SECURITY_SERVER_SUCCESS)
1114 /* Error on socket */
1115 SEC_SVR_ERR("Client: Send failed: %d", retval);
1119 retval = recv_pwd_response(sockfd, &hdr, current_attempt, max_attempts, valid_secs);
1121 retval = return_code_to_error_code(hdr.return_code);
1122 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHK_PWD_RESPONSE) /* Wrong response */
1124 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
1126 /* There must be some error */
1127 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
1131 /* Something wrong with response */
1132 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
1133 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
1141 retval = convert_to_public_error_code(retval);
1146 int security_server_set_pwd_history(int number_of_history)
1148 int sockfd = -1, retval;
1149 response_header hdr;
1151 if(number_of_history > SECURITY_SERVER_MAX_PASSWORD_HISTORY || number_of_history < 0)
1152 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
1154 /* Authenticate self that is setting app goes here */
1155 /* 1st, check cmdline which is setting app */
1156 /* 2nd, check /proc/self/attr/current for the SMACK label */
1158 retval = connect_to_server(&sockfd);
1159 if(retval != SECURITY_SERVER_SUCCESS)
1161 /* Error on socket */
1165 /* make request packet */
1166 retval = send_set_pwd_history_request(sockfd, number_of_history);
1167 if(retval != SECURITY_SERVER_SUCCESS)
1169 /* Error on socket */
1170 SEC_SVR_ERR("Client: Send failed: %d", retval);
1173 retval = recv_generic_response(sockfd, &hdr);
1175 retval = return_code_to_error_code(hdr.return_code);
1176 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SET_PWD_HISTORY_RESPONSE) /* Wrong response */
1178 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
1180 /* There must be some error */
1181 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
1185 /* Something wrong with response */
1186 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
1187 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
1195 retval = convert_to_public_error_code(retval);
1200 char * security_server_get_smacklabel_cookie(const char * cookie)
1202 char * label = NULL;
1203 int sockfd = -1, retval;
1204 response_header hdr;
1208 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
1212 retval = connect_to_server(&sockfd);
1213 if(retval != SECURITY_SERVER_SUCCESS)
1215 /* Error on socket */
1219 /* make request packet */
1220 retval = send_smack_request(sockfd, cookie);
1221 if(retval != SECURITY_SERVER_SUCCESS)
1223 /* Error on socket */
1224 SEC_SVR_ERR("Client: Send failed: %d", retval);
1228 //allocating buffer for storing SMACK label received from server
1229 label = calloc(SMACK_LABEL_LEN + 1, 1);
1232 SEC_SVR_ERR("Client ERROR: Memory allocation error");
1236 retval = recv_smack_response(sockfd, &hdr, label);
1238 retval = return_code_to_error_code(hdr.return_code);
1239 if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE) /* Wrong response */
1241 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
1243 /* There must be some error */
1244 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
1248 /* Something wrong with response */
1249 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
1250 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
1254 if(hdr.return_code == SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE)
1256 SEC_SVR_ERR("%s"," Client: There is no such cookie exist");
1263 retval = convert_to_public_error_code(retval);
1274 char * security_server_get_smacklabel_sockfd(int fd)
1276 char * label = NULL;
1280 SEC_SVR_DBG("%s","No SMACK support on device");
1281 label = (char*) malloc(1);
1282 if (label) label[0] = '\0';
1286 if (smack_new_label_from_socket(fd, &label) != 0)
1288 SEC_SVR_ERR("Client ERROR: Unable to get socket SMACK label");
1296 int security_server_app_give_access(const char *customer_label, int customer_pid)
1298 int sockfd = -1, retval;
1299 response_header hdr;
1301 if (1 != smack_check())
1302 return SECURITY_SERVER_SUCCESS;
1304 retval = connect_to_server(&sockfd);
1305 if(retval != SECURITY_SERVER_SUCCESS)
1307 /* Error on socket */
1311 retval = send_app_give_access(sockfd, customer_label, customer_pid);
1312 if(retval != SECURITY_SERVER_SUCCESS)
1314 /* Error on socket */
1315 SEC_SVR_ERR("Client: Send failed: %d", retval);
1319 retval = recv_generic_response(sockfd, &hdr);
1321 retval = return_code_to_error_code(hdr.return_code);
1322 if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE) {
1323 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
1324 } else if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_APP_GIVE_ACCESS_RESPONSE) {
1325 SEC_SVR_ERR("Client: Wrong response type.");
1326 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
1332 return convert_to_public_error_code(retval);
1336 int security_server_check_privilege_by_pid(int pid, const char *object, const char *access_rights)
1338 //This function check SMACK privilege betwen subject and object.
1339 //Subject is identified by PID number, object is function parameter.
1343 response_header hdr;
1345 //check for input PID param
1347 retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
1351 SEC_SVR_DBG("%s","Check privilige by PID called");
1352 SEC_SVR_DBG("%s %d","PID", pid);
1353 SEC_SVR_DBG("%s %s", "OBJECT:", object);
1354 SEC_SVR_DBG("%s %s", "ACCESS_RIGHTS", access_rights);
1356 //check if able to connect
1357 retval = connect_to_server(&sockfd);
1358 if (retval != SECURITY_SERVER_SUCCESS)
1362 retval = send_pid_privilege_request(sockfd, pid, object, access_rights);
1363 if (retval != SECURITY_SERVER_SUCCESS) {
1364 /* Error on socket */
1365 SEC_SVR_ERR("Client: Send failed: %d", retval);
1370 retval = recv_pid_privilege_response(sockfd, &hdr);
1372 //convert error code
1373 retval = return_code_to_error_code(hdr.return_code);
1375 //check if frame has correct MSG_ID
1376 if (hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_CHECK_PID_PRIVILEGE_RESPONSE) {
1377 if (hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE) {
1378 /* There must be some error */
1379 SEC_SVR_ERR("Client: Error has been received. return code:%d", hdr.return_code);
1382 /* Something wrong with response */
1383 SEC_SVR_ERR("Client ERROR: Unexpected error occurred:%d", retval);
1384 retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
1389 //debug info about checking result
1391 if (hdr.return_code == SECURITY_SERVER_RETURN_CODE_SUCCESS) {
1392 SEC_SVR_DBG("%s","Client: There is privilege match");
1393 retval = SECURITY_SERVER_SUCCESS;
1395 SEC_SVR_ERR("%s","Client: There is no privilege match");
1396 retval = SECURITY_SERVER_ERROR_ACCESS_DENIED;
1403 retval = convert_to_public_error_code(retval);
projects / framework / security / security-server.git / blob