2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
20 * @author Michal Witanowski <m.witanowski@samsung.com>
21 * @author Jacek Bukarewicz <j.bukarewicz@samsung.com>
22 * @author Rafal Krypa <r.krypa@samsung.com>
23 * @brief Implementation of security-manager service.
26 #include <sys/socket.h>
28 #include <dpl/log/log.h>
29 #include <dpl/serialization.h>
31 #include "protocols.h"
33 #include "service_impl.h"
35 namespace SecurityManager {
37 const InterfaceID IFACE = 1;
43 GenericSocketService::ServiceDescriptionVector Service::GetServiceDescription()
45 return ServiceDescriptionVector {
46 {SERVICE_SOCKET, /* path */
47 "*", /* smackLabel label (not used, we rely on systemd) */
48 IFACE, /* InterfaceID */
49 false, /* useSendMsg */
50 true}, /* systemdOnly */
54 static bool getPeerID(int sock, uid_t &uid, pid_t &pid) {
56 socklen_t len = sizeof(cr);
58 if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) {
67 bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer,
68 InterfaceID interfaceID)
70 LogDebug("Iteration begin. Interface = " << interfaceID);
72 //waiting for all data
73 if (!buffer.Ready()) {
83 if (!getPeerID(conn.sock, uid, pid)) {
84 LogError("Closing socket because of error: unable to get peer's uid and pid");
85 m_serviceManager->Close(conn);
89 if (IFACE == interfaceID) {
91 // deserialize API call type
93 Deserialization::Deserialize(buffer, call_type_int);
94 SecurityModuleCall call_type = static_cast<SecurityModuleCall>(call_type_int);
97 case SecurityModuleCall::APP_INSTALL:
98 LogDebug("call_type: SecurityModuleCall::APP_INSTALL");
99 processAppInstall(buffer, send, uid);
101 case SecurityModuleCall::APP_UNINSTALL:
102 LogDebug("call_type: SecurityModuleCall::APP_UNINSTALL");
103 processAppUninstall(buffer, send, uid);
105 case SecurityModuleCall::APP_GET_PKGID:
106 processGetPkgId(buffer, send);
108 case SecurityModuleCall::APP_GET_GROUPS:
109 processGetAppGroups(buffer, send, uid, pid);
111 case SecurityModuleCall::USER_ADD:
112 processUserAdd(buffer, send, uid);
114 case SecurityModuleCall::USER_DELETE:
115 processUserDelete(buffer, send, uid);
118 LogError("Invalid call: " << call_type_int);
119 Throw(ServiceException::InvalidAction);
121 // if we reach this point, the protocol is OK
123 } Catch (MessageBuffer::Exception::Base) {
124 LogError("Broken protocol.");
125 } Catch (ServiceException::Base) {
126 LogError("Broken protocol.");
127 } catch (const std::exception &e) {
128 LogError("STD exception " << e.what());
130 LogError("Unknown exception");
134 LogError("Wrong interface");
139 m_serviceManager->Write(conn, send.Pop());
141 LogError("Closing socket because of error");
142 m_serviceManager->Close(conn);
148 void Service::processAppInstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
152 Deserialization::Deserialize(buffer, req.appId);
153 Deserialization::Deserialize(buffer, req.pkgId);
154 Deserialization::Deserialize(buffer, req.privileges);
155 Deserialization::Deserialize(buffer, req.appPaths);
156 Deserialization::Deserialize(buffer, req.uid);
157 Serialization::Serialize(send, ServiceImpl::appInstall(req, uid));
160 void Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
164 Deserialization::Deserialize(buffer, appId);
165 Serialization::Serialize(send, ServiceImpl::appUninstall(appId, uid));
168 void Service::processGetPkgId(MessageBuffer &buffer, MessageBuffer &send)
174 Deserialization::Deserialize(buffer, appId);
175 ret = ServiceImpl::getPkgId(appId, pkgId);
176 Serialization::Serialize(send, ret);
177 if (ret == SECURITY_MANAGER_API_SUCCESS)
178 Serialization::Serialize(send, pkgId);
181 void Service::processGetAppGroups(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid)
184 std::unordered_set<gid_t> gids;
187 Deserialization::Deserialize(buffer, appId);
188 ret = ServiceImpl::getAppGroups(appId, uid, pid, gids);
189 Serialization::Serialize(send, ret);
190 if (ret == SECURITY_MANAGER_API_SUCCESS) {
191 Serialization::Serialize(send, static_cast<int>(gids.size()));
192 for (const auto &gid : gids) {
193 Serialization::Serialize(send, gid);
198 void Service::processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
204 Deserialization::Deserialize(buffer, uidAdded);
205 Deserialization::Deserialize(buffer, userType);
207 ret = ServiceImpl::userAdd(uidAdded, userType, uid);
208 Serialization::Serialize(send, ret);
211 void Service::processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
216 Deserialization::Deserialize(buffer, uidRemoved);
218 ret = ServiceImpl::userDelete(uidRemoved, uid);
219 Serialization::Serialize(send, ret);
223 } // namespace SecurityManager