2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Bumjin Im <bj.im@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
19 * @file client-socket-privilege.cpp
20 * @author Zofia Abramowska (z.abramowska@samsung.com)
22 * @brief This file constains implementation of socket privilege api.
26 #include <sys/socket.h>
27 #include <sys/smack.h>
29 #include <dpl/log/log.h>
30 #include <dpl/exception.h>
32 #include <message-buffer.h>
33 #include <client-common.h>
34 #include <protocols.h>
35 #include <smack-check.h>
37 #include <security-server.h>
40 int security_server_check_privilege_by_sockfd(int sockfd,
42 const char *access_rights)
47 std::unique_ptr<char, void (*)(void*)throw ()> subjectPtr(NULL, std::free);
49 //for get socket options
51 size_t len = sizeof(struct ucred);
54 if (!SecurityServer::smack_runtime_check())
56 LogDebug("No SMACK support on device");
57 return SECURITY_SERVER_API_SUCCESS;
60 if (sockfd < 0 || !object || !access_rights)
61 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
63 ret = smack_new_label_from_socket(sockfd, &subject);
65 subjectPtr.reset(subject);
68 LogError("Failed to get new label from socket. Object="
69 << object << ", access=" << access_rights
70 << ", error=" << strerror(errno));
71 return SECURITY_SERVER_API_ERROR_SOCKET;
74 ret = getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &len);
76 LogError("Error in getsockopt(). Errno: "
77 << strerror(errno) << ", subject="
78 << (subjectPtr.get() ? subjectPtr.get() : "NULL")
79 << ", object=" << object << ", access=" << access_rights
80 << ", error=" << strerror(errno));
81 return SECURITY_SERVER_API_ERROR_SOCKET;
84 return security_server_check_privilege_by_pid(cr.pid, object, access_rights);
88 char *security_server_get_smacklabel_sockfd(int fd)
92 if (!SecurityServer::smack_check())
94 LogDebug("No SMACK support on device");
95 label = (char*) malloc(1);
96 if (label) label[0] = '\0';
100 if (smack_new_label_from_socket(fd, &label) < 0)
102 LogError("Client ERROR: Unable to get socket SMACK label");