Usage: gbs <your favourite flags> --define "dev_wos 1".
In the permissive mode, the smack label of a client will be set to "/System".
So no sandboxing is applied to data stored in key-manager.
If flag is not set, is disabled by default.
Change-Id: I0d13049f6bc0cf74b88c15633f2564593bdcdb56
ADD_DEFINITIONS("-DCA_CERTS_DIR=\"${CA_CERTS_DIR}\"")
ADD_DEFINITIONS("-DSYSTEMD_ENV_FILE=\"${SYSTEMD_ENV_FILE}\"")
+IF(CKM_PERMISSIVE_MODE)
+ ADD_DEFINITIONS("-DCKM_PERMISSIVE_MODE")
+ENDIF(CKM_PERMISSIVE_MODE)
+
SET(KEY_MANAGER_PATH ${PROJECT_SOURCE_DIR}/src/manager)
IF(NOT DEFINED COVERAGE_DIR)
%global initial_values_dir_rw %{rw_data_dir}/initial_values
%global ca_certs_dir %{?TZ_SYS_CA_CERTS:%TZ_SYS_CA_CERTS}%{!?TZ_SYS_CA_CERTS:%ro_etc_dir/ssl/certs}
%global dump_legacy_db_libname key-manager-dump-legacy-database
+%global ckm_permissive_mode %{?dev_wos:%dev_wos}%{!?dev_wos:0}
%description
Central Key Manager daemon could be used as secure storage
-DCOVERAGE_DIR=%{coverage_dir} \
%if %{coverage_only}
-DCOVERAGE_ONLY=ON \
+%endif
+%if %{ckm_permissive_mode} == 1
+ -DCKM_PERMISSIVE_MODE="ON" \
%endif
-DDUMP_LEGACY_DB_LIBNAME=%{dump_legacy_db_libname}
namespace CKM {
+#ifndef CKM_PERMISSIVE_MODE
namespace {
int getPkgIdFromSocket(int sock, std::string &pkgId)
return assignToString(result, length, res);
}
+#endif
void Socket2Id::mapToDomainClient(std::string &pkgId)
{
m_stringMap.clear();
}
-int Socket2Id::translate(int sock, std::string &result)
+int Socket2Id::translate(__attribute__((unused)) int sock, std::string &result)
{
+#ifdef CKM_PERMISSIVE_MODE
+ result = "/System";
+ return 0;
+#else
std::string smack;
if (0 > getCredentialsFromSocket(sock, smack))
result = pkgId;
m_stringMap.emplace(std::move(smack), std::move(pkgId));
return 0;
+#endif
}
} // namespace CKM
projects / platform / core / security / key-manager.git / commitdiff