projects / platform / core / security / security-manager.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b84c0fd) | patch
Improve threads' privilege synchronisation 96/296096/3
authorTomasz Swierczek <t.swierczek@samsung.com>
Thu, 13 Jul 2023 14:55:50 +0000 (16:55 +0200)
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Fri, 21 Jul 2023 08:57:18 +0000 (10:57 +0200)
commit6b198521bb3b3ebaa8beab74f5fdc6dbdfe057e0
tree13c84d4dc134dc98b9cbdb8796dbdcf99b97eecatree | snapshot
parentb84c0fde00879a5507193297f8b59fc572d01a22commit | diff
Improve threads' privilege synchronisation

* Drop the caps after the threads have been listed for a second time
  (after the sync). This is to avoid errors during accessing /proc for
  newly spawned threads as a unprivileged process.
* Check if newly spawned threads have correct labels.
* Retry the privileges sync twice for all remaining privileged threads.
* Retry listing of /proc/self/task/ in case of failure.
* Use set instead of vector for easier tid checks.
* Omit main thread from the list.

Change-Id: I21e7e5dd3d5efb70fe51a1597bd7bc4ccf1099e8
src/client/check-proper-drop.cpp diff | blob | history
src/client/client-security-manager.cpp diff | blob | history
src/common/include/check-proper-drop.h diff | blob | history
Domain: Security / Access Control;