BuildRequires: pkgconfig(cynara-client)
BuildRequires: pkgconfig(cynara-session)
BuildRequires: pkgconfig(cynara-creds-socket)
-BuildRequires: pkgconfig(libtzplatform-config)
BuildRequires: pkgconfig(security-manager)
BuildRequires: pkgconfig(libsystemd-daemon)
BuildRequires: pkgconfig(tef-libteec)
cynara-creds-socket
security-manager
libsystemd-daemon
- libtzplatform-config
dlog
)
~SecurityContext();
/**
- * This function tries to find TA by name in directories,
- * which are allowed for CA according to security policies
- *
- * @param taName Name of ta to connect for.
- * @param allowedPath Out parameter, if function returns true, it
- * contains found path to TA with given name,
- * otherwise it's empty.
- * @return true if TA was found, otherwise false.
- */
- bool findRequestedTa(const std::string &taName, std::string& allowedPath);
-
-/**
* Check if client has Tizen permission for use TEE.
*
* @param privilege Privilege to be checked for client.
TAFactory();
bool checkIfTARunning(string TAUUID);
TAInstancePtr createUninitalizedTAInstance(string TAUUID, ISession* session);
- bool launchTA(string TAPath, string TAUUID, std::stringstream& str, bool debug, pid_t& pid);
+ bool launchTA(string TAUUID, std::stringstream& str, bool debug, pid_t& pid);
static void* waitForChild(void *pid);
void cleanupTAInstance(pid_t PID);
~TAFactory();
#include "SecurityContext.h"
#include <cynara/cynara-creds-socket.h>
#include <cynara/cynara-session.h>
-#include <security-manager/app-runtime.h>
#include <memory>
#include "log.h"
-#include <boost/filesystem.hpp>
#include <pthread.h>
#include <stdexcept>
-#include <tzplatform_config.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
using p_char = std::unique_ptr<char, std::function<void(void*)>>;
using p_cynara_conf = std::unique_ptr<cynara_configuration, std::function<void(cynara_configuration*)>>;
-using p_tzplatform_context = std::unique_ptr<tzplatform_context, std::function<void(tzplatform_context*)>>;
-
-namespace fs = boost::filesystem;
constexpr const char* SecurityContext::sysTaPaths[];
pthread_mutex_t cynara_mutex = PTHREAD_MUTEX_INITIALIZER;
-#define FILE_WAS_FOUND 1
-#define MAX_OPENED_FD 5
-#define MAX_PATH_LENGTH 100
#define BOOST_FILESYSTEM_VERSION 3
#define RETURN_UNLOCK(ret, mtx) {pthread_mutex_unlock(&mtx); return ret;}
-std::string SecurityContext::getCaFullPathFromPkgId(char* pkgid) {
- std::string path;
-
- tzplatform_variable ids[3] = {TZ_USER_APP, TZ_SYS_RW_APP, TZ_SYS_RO_APP};
- tzplatform_context *ctx;
- if (tzplatform_context_create(&ctx) != 0) {
- LOGE(SIM_DAEMON, "Can't create tizen context");
- return "";
- }
-
- p_tzplatform_context p_ctx(ctx, &tzplatform_context_destroy);
-
- socklen_t len = (socklen_t) sizeof(struct ucred);
- struct ucred ucred;
-
- if (getsockopt(connFd, SOL_SOCKET, SO_PEERCRED, &ucred, &len) == -1) {
- LOGE(SIM_DAEMON, "Can't get uid of client");
- return "";
- }
-
- auto clientUID = ucred.uid;
-
- if (tzplatform_context_set_user(p_ctx.get(), clientUID) != 0) {
- LOGE(SIM_DAEMON, "Can not set user for context");
- return "";
- }
-
- for (auto &id : ids) {
- path = std::move(tzplatform_context_getenv(p_ctx.get(), id));
- LOGD(SIM_DAEMON, "Path is : %s", path.c_str());
- if (!path.empty()) break;
- }
-
- if (!fs::exists(path)) {
- LOGE(SIM_DAEMON, "Path doesn't exist: %s", path.c_str());
- return "";
- }
- if (fs::is_symlink(path)) {
- path = fs::read_symlink(path).string();
- }
- if (path.empty()) {
- LOGE(SIM_DAEMON, "Bad CA path. Does this directory exist: %s ?", path.c_str());
- }
-
- path += "/" + std::string(pkgid) + TA_LOCAL_PATH;
- LOGD(SIM_DAEMON, "Path: %s", path.c_str());
- if (!fs::exists(path)) {
- LOGE(SIM_DAEMON, "Path: %s not found", path.c_str());
- return "";
- }
-
- return path;
-}
-
-
-bool SecurityContext::findRequestedTa(const std::string &ta_name, std::string &allowed_path) {
- LOGD(SIM_DAEMON, "Entry");
- std::string ta_full_path;
- /* Check if any of system ta directories contains our ta */
- for (const std::string& path : sysTaPaths) {
- ta_full_path = path + ta_name;
- if (fs::exists(ta_full_path)){
- allowed_path = path;
- return true;
- }
- }
- return false;
-}
-
-
bool SecurityContext::clientHasCynaraPermission(const std::string &privelege) {
int ret = -1;
* Include files
*-----------------------------------------------------------------------------*/
#include "TABinaryManager.h"
+#include "Config.h"
#include <iostream>
#include <fstream>
#include <stdio.h>
}
/**
- * This function add TA at given path to BinaryManager if it exists.
+ * This function add TA to BinaryManager if it exists.
* @return On successful completion of above operations returns true else false.
*/
-bool TABinaryManager::initTAatPath(const string &path, const string &uuid) {
+bool TABinaryManager::initTA(const string &uuid) {
LOGD(SIM_DAEMON, "Entry");
pthread_rwlock_wrlock(&binaryMapLock);
bool res = false;
StructBinaryInfo info;
- if (boost::filesystem::exists(path + uuid)) {
+ if (boost::filesystem::exists(TA_STORE_PATH + uuid)) {
pthread_mutex_lock(&taLock);
try {
- if (unpackBinary(uuid, path, info)) {
+ if (unpackBinary(uuid, info)) {
binaryMap[uuid] = info;
res = true;
}
* It is very important to check for return value from this function.
*/
-bool TABinaryManager::unpackBinary(const string &uuid, const string &path, StructBinaryInfo& info) {
+bool TABinaryManager::unpackBinary(const string &uuid, StructBinaryInfo& info) {
TAUnpack* unpacker = TAUnpack::getInstance();
bool ret = false;
- LOGD(SIM_DAEMON, "Unpacking TA %s in %s", uuid.c_str(), path.c_str());
- if (0 == unpacker->unpackTA(path, uuid)) {
+ if (0 == unpacker->unpackTA(string(TA_STORE_PATH), uuid)) {
LOGD(SIM_DAEMON, "Unpacked, filling info");
// 1. Set binary info
- info.path = path + uuid;
- info.extractpath = path + uuid + "-ext/";
+ info.path = string(TA_STORE_PATH)+ uuid;
+ info.extractpath = string(TA_STORE_PATH) + uuid + "-ext/";
info.imagePath = info.extractpath + uuid + ".image";
info.manifestPath = info.extractpath + uuid + ".manifest";
// 2. Parse manifest and store results
// map < string uuid, StructBinaryInfo>
map<string, StructBinaryInfo> binaryMap;
TABinaryManager();
- bool unpackBinary(const string &uuid, const string &path, StructBinaryInfo& info);
+ bool unpackBinary(const string &uuid, StructBinaryInfo& info);
template<typename T>
std::string IntToHex(T i, int width = sizeof(T) * 2) {
std::stringstream stream;
*/
pthread_mutex_t taLock;
static TABinaryManager* getInstance();
- bool initTAatPath(const string &path, const string &uuid);
+ bool initTA (const string &uuid);
/*
* Query functions on Binary Manager
str << TAUUID << "-";
str << InstID;
- string allowedTAPath;
- if(!session->getSecurityContext().findRequestedTa(TAUUID, allowedTAPath)) {
- LOGE(SIM_DAEMON, "Access for TA %s forbidden", TAUUID.c_str());
- return TAInstancePtr();
- }
- if (launchTA(allowedTAPath, TAUUID, str, debug, pid)) {
+ if (launchTA(TAUUID, str, debug, pid)) {
// TA is launched successfully, Create a new instance of TAInstance class
/* Check if TA is to be keep alive and accordingly set TAInstance's
* @param debug debug flag
* @param pid PID to be update for launched TA
*/
-bool TAFactory::launchTA(string path, string TAUUID, std::stringstream& str, bool debug,
+bool TAFactory::launchTA(string TAUUID, std::stringstream& str, bool debug,
pid_t& pid) {
int32_t result = -1;
pthread_t thread;
LOGD(SIM_DAEMON, "Entry");
- LOGD(SIM_DAEMON, "Path: %s", path.c_str());
// Get TABinaryManager instance
TABinaryManager *TABin = TABinaryManager::getInstance();
// Get TA Image path for launching
string argvPath = "";
- if (TABin->initTAatPath(path, TAUUID)) {
- argvPath = TABin->getImagePath(TAUUID);
- LOGD(SIM_DAEMON, "argvPath: ", argvPath.c_str());
+ if (TABin->initTA(TAUUID)) {
+ argvPath = TABin->getImagePath(TAUUID);
}
+
if ("" == argvPath) {
LOGE(SIM_DAEMON, "Trusted Application does not exist");
return false;