2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
20 * @author Michal Witanowski <m.witanowski@samsung.com>
21 * @author Jacek Bukarewicz <j.bukarewicz@samsung.com>
22 * @author Rafal Krypa <r.krypa@samsung.com>
23 * @brief Implementation of security-manager service.
26 #include <sys/socket.h>
28 #include <dpl/log/log.h>
29 #include <dpl/serialization.h>
30 #include <sys/smack.h>
32 #include "protocols.h"
34 #include "service_impl.h"
36 namespace SecurityManager {
38 const InterfaceID IFACE = 1;
44 GenericSocketService::ServiceDescriptionVector Service::GetServiceDescription()
46 return ServiceDescriptionVector {
47 {SERVICE_SOCKET, /* path */
48 "*", /* smackLabel label (not used, we rely on systemd) */
49 IFACE, /* InterfaceID */
50 false, /* useSendMsg */
51 true}, /* systemdOnly */
55 static bool getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel)
58 socklen_t len = sizeof(cr);
60 if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) {
62 ssize_t ret = smack_new_label_from_socket(sock, &smk);
75 bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer,
76 InterfaceID interfaceID)
78 LogDebug("Iteration begin. Interface = " << interfaceID);
80 //waiting for all data
81 if (!buffer.Ready()) {
90 std::string smackLabel;
92 if (!getPeerID(conn.sock, uid, pid, smackLabel)) {
93 LogError("Closing socket because of error: unable to get peer's uid, pid or smack label");
94 m_serviceManager->Close(conn);
98 if (IFACE == interfaceID) {
100 // deserialize API call type
102 Deserialization::Deserialize(buffer, call_type_int);
103 SecurityModuleCall call_type = static_cast<SecurityModuleCall>(call_type_int);
106 case SecurityModuleCall::NOOP:
107 LogDebug("call_type: SecurityModuleCall::NOOP");
108 Serialization::Serialize(send, SECURITY_MANAGER_API_SUCCESS);
110 case SecurityModuleCall::APP_INSTALL:
111 LogDebug("call_type: SecurityModuleCall::APP_INSTALL");
112 processAppInstall(buffer, send, uid);
114 case SecurityModuleCall::APP_UNINSTALL:
115 LogDebug("call_type: SecurityModuleCall::APP_UNINSTALL");
116 processAppUninstall(buffer, send, uid);
118 case SecurityModuleCall::APP_GET_PKGID:
119 processGetPkgId(buffer, send);
121 case SecurityModuleCall::APP_GET_GROUPS:
122 processGetAppGroups(buffer, send, uid, pid);
124 case SecurityModuleCall::USER_ADD:
125 processUserAdd(buffer, send, uid);
127 case SecurityModuleCall::USER_DELETE:
128 processUserDelete(buffer, send, uid);
130 case SecurityModuleCall::POLICY_UPDATE:
131 processPolicyUpdate(buffer, send, uid, pid, smackLabel);
134 LogError("Invalid call: " << call_type_int);
135 Throw(ServiceException::InvalidAction);
137 // if we reach this point, the protocol is OK
139 } Catch (MessageBuffer::Exception::Base) {
140 LogError("Broken protocol.");
141 } Catch (ServiceException::Base) {
142 LogError("Broken protocol.");
143 } catch (const std::exception &e) {
144 LogError("STD exception " << e.what());
146 LogError("Unknown exception");
150 LogError("Wrong interface");
155 m_serviceManager->Write(conn, send.Pop());
157 LogError("Closing socket because of error");
158 m_serviceManager->Close(conn);
164 void Service::processAppInstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
168 Deserialization::Deserialize(buffer, req.appId);
169 Deserialization::Deserialize(buffer, req.pkgId);
170 Deserialization::Deserialize(buffer, req.privileges);
171 Deserialization::Deserialize(buffer, req.appPaths);
172 Deserialization::Deserialize(buffer, req.uid);
173 Serialization::Serialize(send, ServiceImpl::appInstall(req, uid));
176 void Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
180 Deserialization::Deserialize(buffer, appId);
181 Serialization::Serialize(send, ServiceImpl::appUninstall(appId, uid));
184 void Service::processGetPkgId(MessageBuffer &buffer, MessageBuffer &send)
190 Deserialization::Deserialize(buffer, appId);
191 ret = ServiceImpl::getPkgId(appId, pkgId);
192 Serialization::Serialize(send, ret);
193 if (ret == SECURITY_MANAGER_API_SUCCESS)
194 Serialization::Serialize(send, pkgId);
197 void Service::processGetAppGroups(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid)
200 std::unordered_set<gid_t> gids;
203 Deserialization::Deserialize(buffer, appId);
204 ret = ServiceImpl::getAppGroups(appId, uid, pid, gids);
205 Serialization::Serialize(send, ret);
206 if (ret == SECURITY_MANAGER_API_SUCCESS) {
207 Serialization::Serialize(send, static_cast<int>(gids.size()));
208 for (const auto &gid : gids) {
209 Serialization::Serialize(send, gid);
214 void Service::processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
220 Deserialization::Deserialize(buffer, uidAdded);
221 Deserialization::Deserialize(buffer, userType);
223 ret = ServiceImpl::userAdd(uidAdded, userType, uid);
224 Serialization::Serialize(send, ret);
227 void Service::processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
232 Deserialization::Deserialize(buffer, uidRemoved);
234 ret = ServiceImpl::userDelete(uidRemoved, uid);
235 Serialization::Serialize(send, ret);
239 void Service::processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid, const std::string &smackLabel)
242 std::vector<policy_entry> policyEntries;
244 Deserialization::Deserialize(buffer, policyEntries);
246 ret = ServiceImpl::policyUpdate(policyEntries, uid, pid, smackLabel);
247 Serialization::Serialize(send, ret);
250 } // namespace SecurityManager