BuildRequires: zip
BuildRequires: pkgconfig(dlog)
BuildRequires: libattr-devel
+BuildRequires: pkgconfig(capi-system-resource)
BuildRequires: pkgconfig(libsmack)
BuildRequires: pkgconfig(libcap)
BuildRequires: pkgconfig(libsystemd)
#
-# Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved.
+# Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved
#
# This file is licensed under the terms of MIT License or the Apache License
# Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
PKG_CHECK_MODULES(CLIENT_DEP
REQUIRED
+ capi-system-resource
cynara-client-async
libsmack
libcap
/*
- * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
#pragma once
#include <stdexcept>
+#include <cpu-boosting.h>
#include <connection.h>
#include <dpl/log/log.h>
#include <message-buffer.h>
#include <protocols.h>
#include <security-manager-types.h>
+#include <utils.h>
namespace SecurityManager {
class ClientRequest {
+
+ static Priority getPriority() {
+ auto priority = Priority::LOW;
+ resource_pid_t proc_data;
+ cpu_boosting_level_info_t info;
+ proc_data.tid = nullptr;
+ proc_data.pid = 0; // query for current TID - array tid_level gets allocated
+ if (resource_get_cpu_boosting_level(proc_data, &info) != 0) {
+ LogError("resource_get_cpu_boosting_level failed");
+ } else {
+ switch (info.tid_level[0]) {
+ case CPU_BOOSTING_LEVEL_STRONG:
+ priority = Priority::HIGH;
+ break;
+ case CPU_BOOSTING_LEVEL_MEDIUM:
+ priority = Priority::MEDIUM;
+ break;
+ }
+ free(info.tid_level);
+ }
+ return priority;
+ }
public:
ClientRequest(SecurityModuleCall action)
{
m_buffer.InitForStreaming();
+ Serialization::Serialize(m_buffer, underlying(getPriority()));
Serialization::Serialize(m_buffer, static_cast<int>(action));
}
m_sent = true;
+ const auto tid = gettid();
+ if (resource_set_cpu_inheritance(tid, RESOURCE_CPU_DEST_NAME, -1) != 0)
+ LogError("resource_set_cpu_inheritance failed");
m_status = sendToServer(SERVICE_SOCKET, m_buffer);
+ if (resource_clear_cpu_inheritance(tid, RESOURCE_CPU_DEST_NAME) != 0)
+ LogError("resource_clear_cpu_inheritance failed");
if (!failed())
Deserialization::Deserialize(m_buffer, m_status);
else
/*
- * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
namespace SecurityManager {
-extern char const * const SERVICE_SOCKET;
+#define SOCKET_PATH_PREFIX "/run/"
+
+inline constexpr auto SERVICE_SOCKET = SOCKET_PATH_PREFIX "security-manager.socket";
+inline constexpr auto RESOURCE_CPU_DEST_NAME = "SECURITY_MANAGER_DEST";
+
+enum Priority : unsigned char {
+ HIGH,
+ MEDIUM,
+ LOW,
+ END,
+};
enum class SecurityModuleCall
{
template <class E>
constexpr auto underlying(const E &e) {
- return typename std::underlying_type<E>::type(e);
+ return std::underlying_type_t<E>(e);
+}
+
+template <class T, size_t S>
+constexpr size_t arraySize(T (&)[S]) {
+ return S;
}
/*
- * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
namespace SecurityManager {
-#define SOCKET_PATH_PREFIX "/run/"
-
-char const * const SERVICE_SOCKET =
- SOCKET_PATH_PREFIX "security-manager.socket";
-
#define SM_CODE_DESCRIBE(name) case name: return #name
const char * SecurityModuleCallToString(SecurityModuleCall call_num) {
switch (call_num) {
#
-# Copyright (c) 2013-2020 Samsung Electronics Co., Ltd. All rights reserved.
+# Copyright (c) 2013-2022 Samsung Electronics Co., Ltd. All rights reserved
#
# This file is licensed under the terms of MIT License or the Apache License
# Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
PKG_CHECK_MODULES(SERVER_DEP
REQUIRED
+ capi-system-resource
libsystemd
cynara-client
mount
/*
- * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
#include <cassert>
#include <condition_variable>
-#include <dpl/exception.h>
#include <mutex>
#include <queue>
#include <thread>
+#include <dpl/exception.h>
+#include <protocols.h> // Priority
+#include <utils.h>
+
namespace SecurityManager {
template <class DerivedService, class Event>
class ServiceThread {
std::thread m_thread;
std::mutex m_eventQueueMutex;
- std::queue<Event *> m_eventQueue;
+ std::queue<Event *> m_eventQueues[Priority::END];
std::condition_variable m_waitCondition;
bool m_quit = false;
m_thread.join();
// clear the event queue
- while (!m_eventQueue.empty()) {
- delete m_eventQueue.front();
- m_eventQueue.pop();
- }
+ for (auto &queue: m_eventQueues)
+ while (!queue.empty()) {
+ delete queue.front();
+ queue.pop();
+ }
}
template <class...T>
- void PutEvent(T&&...arg) {
+ void PutEvent(Priority priority, T&&...arg) {
+ assert(priority < arraySize(m_eventQueues));
const auto event = new Event{ std::forward<T>(arg)... };
{
std::lock_guard<std::mutex> lock(m_eventQueueMutex);
- m_eventQueue.emplace(event);
+ m_eventQueues[priority].emplace(event);
}
m_waitCondition.notify_one();
}
for (;;) {
if (m_quit)
return;
- if (!m_eventQueue.empty()) {
- event = m_eventQueue.front();
- m_eventQueue.pop();
- break;
- }
+ for (auto &queue: m_eventQueues)
+ if (!queue.empty()) {
+ event = queue.front();
+ queue.pop();
+ goto handleOneEvent;
+ }
m_waitCondition.wait(ulock);
}
}
+ handleOneEvent:
UNHANDLED_EXCEPTION_HANDLER_BEGIN
{
const auto eventGuard = makeUnique(event);
/*
- * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
#include <dpl/log/log.h>
#include <dpl/singleton.h>
+#include <cpu-boosting.h>
#include <iostream>
#include <channel.h>
LogInfo("Start!");
SecurityManager::SocketManager manager;
+ resource_pid_t self_data;
+ self_data.pid = getpid();
+
+ if (resource_register_cpu_inheritance_destination(RESOURCE_CPU_DEST_NAME, self_data) != 0)
+ LogError("resource_register_cpi_inheritance_destination failed");
+
if (!REGISTER_SOCKET_SERVICE(manager, SecurityManager::Service, std::move(channel))) {
LogError("Unable to create socket service. Exiting.");
return EXIT_FAILURE;
}
manager.MainLoop();
+
+ if(resource_unregister_cpu_inheritance_destination(RESOURCE_CPU_DEST_NAME) != 0)
+ LogError("resource_unregister_cpu_inheritance_destination failed");
return 0;
}
/*
- * Copyright (c) 2013-2022 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2013-2022 Samsung Electronics Co., Ltd. All rights reserved
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
#include <time.h>
#include <unistd.h>
+#include <cpu-boosting.h>
#include <systemd/sd-daemon.h>
#include <dpl/log/log.h>
break;
case MessageBuffer::InputResult::Done:
buffer.ModeStreaming();
+
+ if (buffer.DeserializationDone()) {
+ LogError("No priority, closing socket");
+ goto close;
+ }
+ std::underlying_type_t<Priority> priority;
+ Deserialization::Deserialize(buffer, priority);
+ if (priority >= Priority::END) {
+ LogError("Invalid priority: " << priority);
+ goto close;
+ }
+
FD_CLR(sock, &m_readSet); // the one and only call on this socket is complete
- m_service->PutEvent(ConnectionID{sock, desc.counter},
+ m_service->PutEvent(static_cast<Priority>(priority),
+ ConnectionID{sock, desc.counter},
Credentials::getCredentialsFromSocket(sock),
std::move(buffer));
break;
// constexpr const char *dbUpdateScript[dbVersion];
#include "../gen/db.h"
-template <class T, size_t S>
-constexpr size_t arraySize(T (&)[S]) {
- return S;
-}
-
static_assert(dbSchema);
// this ensures that parsing the sql files was done correctly and we have proper
// number of update scripts