int _wait_tep_mount(bundle *b);
int _prepare_app_socket(void);
int _enable_external_pkg(bundle *b, const char *pkgid, uid_t pkg_uid);
+int _verify_proc_caps(void);
#endif /* __LAUNCHPAD_COMMON_H__ */
</request>
<assign>
<filesystem path="/usr/bin/launchpad-process-pool" exec_label="System::Privileged" />
- <filesystem path="/usr/bin/launchpad-loader" exec_label="User" />
+ <filesystem path="/usr/bin/launchpad-loader" label="User" exec_label="User" />
</assign>
</manifest>
#include <sys/un.h>
#include <linux/limits.h>
#include <unistd.h>
+#include <sys/capability.h>
#include <tzplatform_config.h>
#include <stdio.h>
#include <stdbool.h>
return result;
}
+
+int _verify_proc_caps(void)
+{
+ cap_t cap_d;
+ cap_flag_value_t eff_state;
+ cap_flag_value_t inh_state;
+ cap_value_t values[] = {CAP_SETGID, CAP_SYS_ADMIN};
+ int i;
+ int r;
+
+ cap_d = cap_get_proc();
+ if (!cap_d) {
+ _E("Failed to get cap from proc. pid(%d)", getpid());
+ return -1;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(values); i++) {
+ r = cap_get_flag(cap_d, values[i], CAP_INHERITABLE, &inh_state);
+ if (r != 0) {
+ _E("Failed to get cap inh - errno(%d)", errno);
+ cap_free(cap_d);
+ return -1;
+ }
+
+ r = cap_get_flag(cap_d, values[i], CAP_EFFECTIVE, &eff_state);
+ if (r != 0) {
+ _E("Failed to get cap eff - errno(%d)", errno);
+ cap_free(cap_d);
+ return -1;
+ }
+
+ if ((inh_state != CAP_SET) || (eff_state != CAP_SET)) {
+ _E("The process(%d) doesn't have %d cap",
+ getpid(), values[i]);
+ cap_free(cap_d);
+ return -1;
+ }
+ }
+ cap_free(cap_d);
+
+ return 0;
+}
int ret = -1;
bundle *extra = NULL;
+ if (_verify_proc_caps() < 0)
+ return -1;
+
__preexec_init(argc, argv);
/* Set new session ID & new process group ID*/
__argc = argc;
__argv = argv;
- if (__before_loop(argc, argv) != 0)
+ if (__before_loop(argc, argv) != 0) {
+ _E("Failed to prepare running loader. type(%d)", __loader_type);
return -1;
+ }
_D("[candidate] ecore main loop begin");
__loader_adapter->loop_begin(__loader_user_data);