Add security usertype

For security-container user, add new usertype.
This usertype has indivisual uid range, and can't listup to any normal user.

Change-Id: Ib48aa4715439639bb879732d943f2444fb1362e1
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>

diff --git a/data/tizen/etc/gumd/gumd-tizen-common.conf b/data/tizen/etc/gumd/gumd-tizen-common.conf
index e7324dc..5cf7d39 100644 (file)
--- a/data/tizen/etc/gumd/gumd-tizen-common.conf
+++ b/data/tizen/etc/gumd/gumd-tizen-common.conf
@@ -58,6 +58,7 @@ DEFAULT_ADMIN_GROUPS=audio,video,display
 
 # Path to user shell executable. Default value is '/bin/bash'
 #SHELL=/bin/bash
+SEC_SHELL=/sbin/nologin
 
 # Path to skeleton folder. When new users are created, contents of the skel
 # folder is copied to user home directory. Default value is '/etc/skel'
@@ -82,6 +83,14 @@ SYS_UID_MIN=100
 # is: 999
 SYS_UID_MAX=499
 
+# Minimum value for the automatic uid selection for security user. Default
+# value is: 60001
+SEC_UID_MIN=60001
+
+# Maximum value for the automatic uid selection for security user. Default value
+# is: 60100
+SEC_UID_MAX=60100
+
 # Minimum value for the automatic gid selection. Default value is: 1000
 GID_MIN=5001
 

diff --git a/include/gum/common/gum-config-general.h b/include/gum/common/gum-config-general.h
index 7a8f3f2..b000f72 100644 (file)
--- a/include/gum/common/gum-config-general.h
+++ b/include/gum/common/gum-config-general.h
@@ -146,6 +146,14 @@
                                               "/SHELL"
 
 /**
+ * GUM_CONFIG_GENERAL_SEC_SHELL:
+ *
+ * Path to security user shell executable. Default value is '/bin/bash'
+ */
+#define GUM_CONFIG_GENERAL_SEC_SHELL            GUM_CONFIG_GENERAL \
+                                              "/SEC_SHELL"
+
+/**
  * GUM_CONFIG_GENERAL_SKEL_DIR:
  *
  * Path to skeleton folder. When new users are created, contents of the skel
@@ -200,6 +208,22 @@
                                               "/SYS_UID_MAX"
 
 /**
+ * GUM_CONFIG_GENERAL_SEC_UID_MIN:
+ *
+ * Minimum value for the automatic uid selection. Default value is: 60001
+ */
+#define GUM_CONFIG_GENERAL_SEC_UID_MIN      GUM_CONFIG_GENERAL \
+                                              "/SEC_UID_MIN"
+
+/**
+ * GUM_CONFIG_GENERAL_SEC_UID_MAX:
+ *
+ * Maximum value for the automatic uid selection. Default value is: 60100
+ */
+#define GUM_CONFIG_GENERAL_SEC_UID_MAX      GUM_CONFIG_GENERAL \
+                                              "/SEC_UID_MAX"
+
+/**
  * GUM_CONFIG_GENERAL_GID_MIN:
  *
  * Minimum value for the automatic gid selection. Default value is: 2000

diff --git a/include/gum/common/gum-user-types.h b/include/gum/common/gum-user-types.h
index 1b6bde7..d574c35 100644 (file)
--- a/include/gum/common/gum-user-types.h
+++ b/include/gum/common/gum-user-types.h
@@ -68,7 +68,7 @@ G_BEGIN_DECLS
  *
  * Defines total number of types of the users.
  */
-#define GUM_USERTYPE_COUNT   5
+#define GUM_USERTYPE_COUNT   6
 
 /**
  * GUM_USERTYPE_MAX_VALUE:
@@ -82,7 +82,8 @@ typedef enum {
     GUM_USERTYPE_SYSTEM = 0x01,
     GUM_USERTYPE_ADMIN = 0x02,
     GUM_USERTYPE_GUEST = 0x04,
-    GUM_USERTYPE_NORMAL = 0x08
+    GUM_USERTYPE_NORMAL = 0x08,
+    GUM_USERTYPE_SECURITY = 0x10
 } GumUserType;
 
 const gchar *

diff --git a/src/common/gum-config.c b/src/common/gum-config.c
index c604ffd..7ef69f3 100755 (executable)
--- a/src/common/gum-config.c
+++ b/src/common/gum-config.c
@@ -113,6 +113,9 @@ G_DEFINE_TYPE (GumConfig, gum_config, G_TYPE_OBJECT);
 #define UID_MAX      60000
 #define SYS_UID_MIN  100
 #define SYS_UID_MAX  999
+#define SEC_UID_MIN  60001
+#define SEC_UID_MAX  60100
+
 #define GID_MIN      1000
 #define GID_MAX      60000
 #define SYS_GID_MIN  100
@@ -369,6 +372,8 @@ _load_config (
                     g_strcmp0 (GUM_CONFIG_GENERAL_UID_MAX, key) == 0 ||
                     g_strcmp0 (GUM_CONFIG_GENERAL_SYS_UID_MIN, key) == 0 ||
                     g_strcmp0 (GUM_CONFIG_GENERAL_SYS_UID_MAX, key) == 0 ||
+                    g_strcmp0 (GUM_CONFIG_GENERAL_SEC_UID_MIN, key) == 0 ||
+                    g_strcmp0 (GUM_CONFIG_GENERAL_SEC_UID_MAX, key) == 0 ||
                     g_strcmp0 (GUM_CONFIG_GENERAL_GID_MIN, key) == 0 ||
                     g_strcmp0 (GUM_CONFIG_GENERAL_GID_MAX, key) == 0 ||
                     g_strcmp0 (GUM_CONFIG_GENERAL_SYS_GID_MIN, key) == 0 ||
@@ -639,12 +644,15 @@ _gum_config_initialize (
     }
 
     gum_config_set_string (self, GUM_CONFIG_GENERAL_SHELL, GUM_SHELL);
+    gum_config_set_string (self, GUM_CONFIG_GENERAL_SEC_SHELL, GUM_SHELL);
     gum_config_set_string (self, GUM_CONFIG_GENERAL_SKEL_DIR, GUM_SKEL_DIR);
 
     gum_config_set_uint (self, GUM_CONFIG_GENERAL_UID_MIN, UID_MIN);
     gum_config_set_uint (self, GUM_CONFIG_GENERAL_UID_MAX, UID_MAX);
     gum_config_set_uint (self, GUM_CONFIG_GENERAL_SYS_UID_MIN, SYS_UID_MIN);
     gum_config_set_uint (self, GUM_CONFIG_GENERAL_SYS_UID_MAX, SYS_UID_MAX);
+    gum_config_set_uint (self, GUM_CONFIG_GENERAL_SEC_UID_MIN, SEC_UID_MIN);
+    gum_config_set_uint (self, GUM_CONFIG_GENERAL_SEC_UID_MAX, SEC_UID_MAX);
 
     gum_config_set_uint (self, GUM_CONFIG_GENERAL_GID_MIN, GID_MIN);
     gum_config_set_uint (self, GUM_CONFIG_GENERAL_GID_MAX, GID_MAX);

diff --git a/src/common/gum-user-types.c b/src/common/gum-user-types.c
index b60a064..bd91679 100644 (file)
--- a/src/common/gum-user-types.c
+++ b/src/common/gum-user-types.c
@@ -48,7 +48,8 @@ GumUserTypeString user_type_strings[GUM_USERTYPE_COUNT] = {
         {GUM_USERTYPE_SYSTEM, "system"},
         {GUM_USERTYPE_ADMIN, "admin"},
         {GUM_USERTYPE_GUEST, "guest"},
-        {GUM_USERTYPE_NORMAL, "normal"}
+        {GUM_USERTYPE_NORMAL, "normal"},
+        {GUM_USERTYPE_SECURITY, "security"}
 };
 
 gint16

diff --git a/src/daemon/core/gumd-daemon-user.c b/src/daemon/core/gumd-daemon-user.c
index b22b912..6258fcb 100644 (file)
--- a/src/daemon/core/gumd-daemon-user.c
+++ b/src/daemon/core/gumd-daemon-user.c
@@ -785,6 +785,9 @@ _get_default_uid_range (
     if (ut == GUM_USERTYPE_SYSTEM)
         *min = (uid_t) gum_config_get_uint (config,
                 GUM_CONFIG_GENERAL_SYS_UID_MIN, GUM_USER_INVALID_UID);
+    else if (ut == GUM_USERTYPE_SECURITY)
+        *min = (uid_t) gum_config_get_uint (config,
+                GUM_CONFIG_GENERAL_SEC_UID_MIN, GUM_USER_INVALID_UID);
     else
         *min = (uid_t) gum_config_get_uint (config,
                 GUM_CONFIG_GENERAL_UID_MIN, GUM_USER_INVALID_UID);
@@ -792,6 +795,9 @@ _get_default_uid_range (
     if (ut == GUM_USERTYPE_SYSTEM)
         *max = (uid_t) gum_config_get_uint (config,
                 GUM_CONFIG_GENERAL_SYS_UID_MAX, GUM_USER_INVALID_UID);
+    else if (ut == GUM_USERTYPE_SECURITY)
+        *max = (uid_t) gum_config_get_uint (config,
+                GUM_CONFIG_GENERAL_SEC_UID_MAX, GUM_USER_INVALID_UID);
     else
         *max = (uid_t) gum_config_get_uint (config,
                 GUM_CONFIG_GENERAL_UID_MAX, GUM_USER_INVALID_UID);
@@ -1683,6 +1689,7 @@ gumd_daemon_user_add (
         uid_t *uid,
         GError **error)
 {
+    GumUserType usertype = GUM_USERTYPE_NONE;
     DBG ("");
 
     /* reset uid if set
@@ -1701,14 +1708,21 @@ gumd_daemon_user_add (
      *** copy skel files and set permissions
      * unlock db
      */
-    if (_get_usertype_from_gecos (self->priv->pw) == GUM_USERTYPE_NONE) {
+    usertype = _get_usertype_from_gecos (self->priv->pw);
+    if (usertype == GUM_USERTYPE_NONE) {
         GUM_RETURN_WITH_ERROR (GUM_ERROR_USER_INVALID_USER_TYPE,
                             "Invalid user type", error, FALSE);
     }
 
     if (!self->priv->pw->pw_shell) {
-        _set_shell_property (self, gum_config_get_string (self->priv->config,
+        if (usertype == GUM_USERTYPE_SECURITY)  {
+            _set_shell_property (self, gum_config_get_string (self->priv->config,
+                GUM_CONFIG_GENERAL_SEC_SHELL));
+        }
+        else    {
+            _set_shell_property (self, gum_config_get_string (self->priv->config,
                 GUM_CONFIG_GENERAL_SHELL));
+        }
     }
 
     if (!gum_lock_pwdf_lock ()) {