Prevent loader execution by any process

The loader library checks capabilities to checks
whether the process is executed by launchpad-process-pool or not.
The access smack label is added on loader executable file.

Change-Id: I1943ff4076a8296a78891fc4eb3434b4578c6057
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 782f03d..4c77152 100755 (executable)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -36,6 +36,7 @@ PKG_CHECK_MODULES(${this_target_loader} REQUIRED
        libsystemd
        gio-2.0
        dbus-1
+       libcap
        )
 
 FOREACH(flag ${${this_target_loader}_CFLAGS})
@@ -50,6 +51,7 @@ PKG_CHECK_MODULES(${this_target_lib} REQUIRED
        libtzplatform-config
        tanchor
        dbus-1
+       libcap
        )
 
 FOREACH(flag ${${this_target_lib}_CFLAGS})

diff --git a/inc/launchpad_common.h b/inc/launchpad_common.h
index f842b76..3b789f5 100644 (file)
--- a/inc/launchpad_common.h
+++ b/inc/launchpad_common.h
@@ -128,6 +128,7 @@ int _set_priority(int prio);
 int _wait_tep_mount(bundle *b);
 int _prepare_app_socket(void);
 int _enable_external_pkg(bundle *b, const char *pkgid, uid_t pkg_uid);
+int _verify_proc_caps(void);
 
 #endif /* __LAUNCHPAD_COMMON_H__ */
 

diff --git a/launchpad.manifest b/launchpad.manifest
index 9f9511c..ca22179 100644 (file)
--- a/launchpad.manifest
+++ b/launchpad.manifest
@@ -4,7 +4,7 @@
        </request>
        <assign>
                <filesystem path="/usr/bin/launchpad-process-pool" exec_label="System::Privileged" />
-               <filesystem path="/usr/bin/launchpad-loader" exec_label="User" />
+               <filesystem path="/usr/bin/launchpad-loader" label="User" exec_label="User" />
        </assign>
 
 </manifest>

diff --git a/src/launchpad_common.c b/src/launchpad_common.c
index 48f790f..2d7e3b6 100644 (file)
--- a/src/launchpad_common.c
+++ b/src/launchpad_common.c
@@ -30,6 +30,7 @@
 #include <sys/un.h>
 #include <linux/limits.h>
 #include <unistd.h>
+#include <sys/capability.h>
 #include <tzplatform_config.h>
 #include <stdio.h>
 #include <stdbool.h>
@@ -1275,3 +1276,45 @@ int _enable_external_pkg(bundle *b, const char *pkgid, uid_t pkg_uid)
 
        return result;
 }
+
+int _verify_proc_caps(void)
+{
+       cap_t cap_d;
+       cap_flag_value_t eff_state;
+       cap_flag_value_t inh_state;
+       cap_value_t values[] = {CAP_SETGID, CAP_SYS_ADMIN};
+       int i;
+       int r;
+
+       cap_d = cap_get_proc();
+       if (!cap_d) {
+               _E("Failed to get cap from proc. pid(%d)", getpid());
+               return -1;
+       }
+
+       for (i = 0; i < ARRAY_SIZE(values); i++) {
+               r = cap_get_flag(cap_d, values[i], CAP_INHERITABLE, &inh_state);
+               if (r != 0) {
+                       _E("Failed to get cap inh - errno(%d)", errno);
+                       cap_free(cap_d);
+                       return -1;
+               }
+
+               r = cap_get_flag(cap_d, values[i], CAP_EFFECTIVE, &eff_state);
+               if (r != 0) {
+                       _E("Failed to get cap eff - errno(%d)", errno);
+                       cap_free(cap_d);
+                       return -1;
+               }
+
+               if ((inh_state != CAP_SET) || (eff_state != CAP_SET)) {
+                       _E("The process(%d) doesn't have %d cap",
+                                       getpid(), values[i]);
+                       cap_free(cap_d);
+                       return -1;
+               }
+       }
+       cap_free(cap_d);
+
+       return 0;
+}

diff --git a/src/launchpad_lib.c b/src/launchpad_lib.c
index 7e3a124..dd7620a 100644 (file)
--- a/src/launchpad_lib.c
+++ b/src/launchpad_lib.c
@@ -315,6 +315,9 @@ static int __before_loop(int argc, char **argv)
        int ret = -1;
        bundle *extra = NULL;
 
+       if (_verify_proc_caps() < 0)
+               return -1;
+
        __preexec_init(argc, argv);
 
        /* Set new session ID & new process group ID*/
@@ -412,8 +415,10 @@ API int launchpad_loader_main(int argc, char **argv,
        __argc = argc;
        __argv = argv;
 
-       if (__before_loop(argc, argv) != 0)
+       if (__before_loop(argc, argv) != 0) {
+               _E("Failed to prepare running loader. type(%d)", __loader_type);
                return -1;
+       }
 
        _D("[candidate] ecore main loop begin");
        __loader_adapter->loop_begin(__loader_user_data);