Cleanup security context after application termination.

security_manager_prepare_app() and security_manager_cleanup_app()
are a pair of functions to setup/clean security context of application.

Each application is launched in a separate mount namespace and
linked to this namespace.
Such design allows to change privacy privilege status at app runtime.
After application termination this link should be removed.

Change-Id: I96bb6b88d3822d736e2985c750ec5697165abef2
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>

diff --git a/src/launchpad.c b/src/launchpad.c
index 7e79a65..31e6841 100755 (executable)
--- a/src/launchpad.c
+++ b/src/launchpad.c
@@ -113,6 +113,7 @@ static int user_slot_offset;
 static GList *candidate_slot_list;
 static app_labels_monitor *label_monitor;
 static GList *launcher_info_list;
+static GHashTable *__pid_table;
 
 static candidate_process_context_t *__add_slot(int type, int loader_id,
                int caller_pid, const char *loader_path, const char *extra,
@@ -1050,6 +1051,7 @@ static gboolean __handle_sigchild(gpointer data)
        int fd = lc->gpollfd->fd;
        struct signalfd_siginfo siginfo;
        ssize_t s;
+       char *appid;
 
        do {
                s = read(fd, &siginfo, sizeof(struct signalfd_siginfo));
@@ -1060,6 +1062,15 @@ static gboolean __handle_sigchild(gpointer data)
                        break;
 
                _signal_process_sigchld(&siginfo);
+
+               appid = g_hash_table_lookup(__pid_table,
+                               GINT_TO_POINTER(siginfo.ssi_pid));
+               if (appid) {
+                       security_manager_cleanup_app(appid, siginfo.ssi_uid);
+                       g_hash_table_remove(__pid_table,
+                                       GINT_TO_POINTER(siginfo.ssi_pid));
+               }
+
                cpc = __find_slot_from_pid(siginfo.ssi_pid);
                if (cpc != NULL) {
                        __reset_slot(cpc);
@@ -1501,8 +1512,11 @@ end:
        if (clifd != -1)
                close(clifd);
 
-       if (pid > 0)
+       if (pid > 0) {
                _signal_send_app_launch_signal(pid, menu_info->appid);
+               g_hash_table_insert(__pid_table, GINT_TO_POINTER(pid),
+                               strdup(menu_info->appid));
+       }
 
        if (menu_info != NULL)
                _appinfo_free(menu_info);
@@ -1863,11 +1877,21 @@ static int __before_loop(int argc, char **argv)
        if (ret < 0)
                _W("Failed to send cmd(%d) to amd", LAUNCHPAD_LAUNCH_SIGNAL);
 
+       __pid_table = g_hash_table_new_full(g_direct_hash, g_direct_equal,
+                       NULL, free);
+       if (!__pid_table) {
+               _E("Failed to create pid table");
+               return -1;
+       }
+
        return 0;
 }
 
 static void __after_loop(void)
 {
+       if (__pid_table)
+               g_hash_table_destroy(__pid_table);
+
        if (_send_cmd_to_amd(LAUNCHPAD_DEAD_SIGNAL) < 0)
                _W("Failed to send cmd(%d) to amd", LAUNCHPAD_DEAD_SIGNAL);