Modify SmackLabels module

Added:
 * getSmackLabelFromFd - extracts smack label from file descriptor
 * setSmackLabelForFd - sets smack label for file connected with fd
Modify:
 * pathSetSmack - use libsmack instead of lsetxattr

Change-Id: Ia5ceda42afc98dde0c8b7db2c0d0a0827efc4fa2

diff --git a/src/common/include/smack-labels.h b/src/common/include/smack-labels.h
index 8c67e09269c7f9d41a6fbadb61da664dfa1f7889..17bce2d480d002a0fea53a94a10ff46d7d36d922 100644 (file)
--- a/src/common/include/smack-labels.h
+++ b/src/common/include/smack-labels.h
@@ -151,6 +151,14 @@ std::string getSmackLabelFromPid(pid_t pid);
  */
 std::string getSmackLabelFromPath(const std::string &path);
 
+/**
+ * Returns smack label for given file descriptor
+ *
+ * @param[in] fd file descriptor
+ * @return resulting Smack label
+ */
+std::string getSmackLabelFromFd(int fd);
+
 /**
  * Returns smack label for current process
  *
@@ -159,5 +167,13 @@ std::string getSmackLabelFromPath(const std::string &path);
  */
 std::string getSmackLabelFromSelf(void);
 
+/**
+ * Set up smack label for given file descriptor
+ *
+ * @param[in] fd file descriptor
+ * @param[in] label new smack label for file
+ */
+void setSmackLabelForFd(int fd, const std::string &label);
+
 } // namespace SmackLabels
 } // namespace SecurityManager

diff --git a/src/common/permissible-set.cpp b/src/common/permissible-set.cpp
index 96ef8832189f041cde20c642f5e98ce345e35ad6..570dd22cdc13d7d7c6a2e6a185b46068ec749e63 100644 (file)
--- a/src/common/permissible-set.cpp
+++ b/src/common/permissible-set.cpp
@@ -157,9 +157,7 @@ void initializeUserPermissibleFile(uid_t uid)
 
     std::ofstream fstream;
     openAndLockNameFile(nameFile, fstream);
-    if (smack_set_label_for_file(getFd(fstream), XATTR_NAME_SMACK, "_") != 0)
-        ThrowMsg(PermissibleSetException::FileInitError,
-            "Unable to set Smack label for user permissible file");
+    SmackLabels::setSmackLabelForFd(getFd(fstream), "_");
 
     markPermissibleFileValid(getFd(fstream), nameFile, true);
 }

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index a0d0cec372cf61d2fe695fbd4ad6c88b1fb5d0cf..a8ac5896fc403823adff22458993b020f28765c1 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -48,6 +48,7 @@
 #include "privilege_db.h"
 #include "cynara.h"
 #include "permissible-set.h"
+#include "smack-exceptions.h"
 #include "smack-rules.h"
 #include "smack-labels.h"
 #include "security-manager.h"
@@ -861,6 +862,9 @@ int ServiceImpl::userAdd(const Credentials &creds, uid_t uidAdded, int userType)
     } catch (const PermissibleSet::PermissibleSetException::FileInitError &e) {
         LogError("Error while adding user: " << e.DumpToString());
         return SECURITY_MANAGER_ERROR_SETTING_FILE_LABEL_FAILED;
+    } catch (const SmackException::FileError &e) {
+        LogError("Error while adding user: " << e.DumpToString());
+        return SECURITY_MANAGER_ERROR_SETTING_FILE_LABEL_FAILED;
     } catch (const std::exception &e) {
         LogError("Memory allocation error while adding user: " << e.what());
         return SECURITY_MANAGER_ERROR_SERVER_ERROR;

diff --git a/src/common/smack-labels.cpp b/src/common/smack-labels.cpp
index 4c5af0b9580f47d832e604d7048e30c45e012f53..8bfd4534bd74d28ab35fee8b379f6a42177eda85 100644 (file)
--- a/src/common/smack-labels.cpp
+++ b/src/common/smack-labels.cpp
@@ -75,9 +75,10 @@ static bool labelExecs(const FTSENT *ftsent)
 static inline void pathSetSmack(const char *path, const std::string &label,
         const char *xattr_name)
 {
-    if (lsetxattr(path, xattr_name, label.c_str(), label.length(), 0)) {
-        LogError("lsetxattr failed.");
-        ThrowMsg(SmackException::FileError, "lsetxattr failed.");
+    if (smack_set_label_for_path(path, xattr_name, 0, label.c_str())) {
+        LogError("smack_set_label_for_path failed. Path: " << path << " Label:" << label);
+        ThrowMsg(SmackException::FileError,
+            "smack_set_label_for_path failed failed. Path: " << path << " Label: " << label);
     }
 }
 
@@ -287,6 +288,11 @@ std::string getSmackLabelFromPath(const std::string &path)
     return getSmackLabel(&smack_new_label_from_path, path.c_str(), XATTR_NAME_SMACK, true);
 }
 
+std::string getSmackLabelFromFd(int fd)
+{
+    return getSmackLabel(&smack_new_label_from_file, fd, XATTR_NAME_SMACK);
+}
+
 std::string getSmackLabelFromSelf(void)
 {
     return getSmackLabel(&smack_new_label_from_self);
@@ -307,5 +313,13 @@ std::string generatePathTrustedLabel(const int authorId)
     return "User::Author::" + std::to_string(authorId);
 }
 
+void setSmackLabelForFd(int fd, const std::string &label)
+{
+    if (smack_set_label_for_file(fd, XATTR_NAME_SMACK, label.c_str())) {
+        LogError("smack_set_label_for_file failed.");
+        ThrowMsg(SmackException::FileError, "smack_set_label_for_file failed.");
+    }
+}
+
 } // namespace SmackLabels
 } // namespace SecurityManager