2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Bumjin Im <bj.im@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
19 * @file client-socket-privilege.cpp
20 * @author Zofia Abramowska (z.abramowska@samsung.com)
22 * @brief This file constains implementation of socket privilege api.
26 #include <sys/socket.h>
27 #include <sys/smack.h>
29 #include <dpl/log/log.h>
30 #include <dpl/exception.h>
32 #include <socket-buffer.h>
33 #include <client-common.h>
34 #include <protocols.h>
35 #include <smack-check.h>
37 #include <security-server.h>
38 #include <security-server-common.h>
40 static int get_exec_path(pid_t pid, std::string &exe)
42 using namespace SecurityServer;
45 SocketBuffer send, recv;
47 ser.Serialize(send, pid);
49 int result = sendToServer(
50 SERVICE_SOCKET_EXEC_PATH,
53 if(result != SECURITY_SERVER_API_SUCCESS)
57 des.Deserialize(recv, result);
58 if(result != SECURITY_SERVER_API_SUCCESS)
61 des.Deserialize(recv, exe);
63 } catch (SocketBuffer::Exception::Base &e) {
64 LogDebug("SecurityServer::SocketBuffer::Exception " << e.DumpToString());
65 } catch (std::exception &e) {
66 LogDebug("STD exception " << e.what());
68 LogDebug("Unknown exception occured");
70 return SECURITY_SERVER_API_ERROR_UNKNOWN;
74 int security_server_check_privilege_by_sockfd(int sockfd,
76 const char *access_rights)
81 std::unique_ptr<char, void (*)(void*)throw ()> subjectPtr(NULL, std::free);
83 //for get socket options
85 size_t len = sizeof(struct ucred);
88 if (!smack_runtime_check())
90 LogDebug("No SMACK support on device");
91 return SECURITY_SERVER_API_SUCCESS;
94 if (sockfd < 0 || !object || !access_rights)
95 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
97 ret = smack_new_label_from_socket(sockfd, &subject);
99 subjectPtr.reset(subject);
102 LogError("Failed to get new label from socket. Object="
103 << object << ", access=" << access_rights
104 << ", error=" << strerror(errno));
105 return SECURITY_SERVER_API_ERROR_SOCKET;
108 ret = getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &len);
110 LogError("Error in getsockopt(). Errno: "
111 << strerror(errno) << ", subject="
112 << (subjectPtr.get() ? subjectPtr.get() : "NULL")
113 << ", object=" << object << ", access=" << access_rights
114 << ", error=" << strerror(errno));
115 return SECURITY_SERVER_API_ERROR_SOCKET;
118 ret = security_server_check_privilege_by_pid(cr.pid, object, access_rights);
120 //Getting path for logs
121 if (SECURITY_SERVER_API_SUCCESS != get_exec_path(cr.pid, path)) {
122 LogError("Failed to read executable path for process " << cr.pid);
125 if (ret == SECURITY_SERVER_API_SUCCESS)
126 LogSecureDebug("SS_SMACK: caller_pid=" << cr.pid << ", subject=" <<
127 (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" <<
128 object << ", access=" << access_rights << ", result=" <<
129 ret << ", caller_path=" << path.c_str());
131 LogSecureWarning("SS_SMACK: caller_pid=" << cr.pid << ", subject=" <<
132 (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" <<
133 object << ", access=" << access_rights << ", result=" <<
134 ret << ", caller_path=" << path.c_str());
140 char *security_server_get_smacklabel_sockfd(int fd)
146 LogDebug("No SMACK support on device");
147 label = (char*) malloc(1);
148 if (label) label[0] = '\0';
152 if (smack_new_label_from_socket(fd, &label) != 0)
154 LogError("Client ERROR: Unable to get socket SMACK label");