# @brief Cmake for app encryption tests
#
-################################################################################
-# common
-INCLUDE_DIRECTORIES(
- ${CMAKE_SOURCE_DIR}/src/include/
-)
-
SET(APP_ENCRYPTION_DIR ${DATA_ROOT_DIR}/app_encryption)
-################################################################################
-# common
-
SET(TARGET_ENCRYPTION_COMMON "encryption_common")
-SET(ENCRYPTION_COMMON_SOURCES
- ${CMAKE_CURRENT_SOURCE_DIR}/common.cpp
-)
-
-ADD_LIBRARY(${TARGET_ENCRYPTION_COMMON} SHARED ${ENCRYPTION_COMMON_SOURCES})
-
-INSTALL(TARGETS ${TARGET_ENCRYPTION_COMMON} DESTINATION ${APP_ENCRYPTION_DIR})
-
SET(ENCRYPTION_COMMON_LDFLAGS "-Wl,--rpath=${APP_ENCRYPTION_DIR}")
-################################################################################
-# launcher
-
-SET(TARGET_LAUNCHER "launcher")
-
-SET(LAUNCHER_SOURCES
- ${CMAKE_CURRENT_SOURCE_DIR}/launcher.cpp
-)
-
-ADD_EXECUTABLE(${TARGET_LAUNCHER} ${LAUNCHER_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_LAUNCHER}
- ${TARGET_CLIENT}
- ${TARGET_ENCRYPTION_COMMON}
- ${ENCRYPTION_COMMON_LDFLAGS}
-)
-
-SET_TARGET_PROPERTIES(${TARGET_LAUNCHER} PROPERTIES INSTALL_RPATH ${APP_ENCRYPTION_DIR})
-
-INSTALL(TARGETS ${TARGET_LAUNCHER} DESTINATION ${APP_ENCRYPTION_DIR})
-
-################################################################################
-# launcher_user
-SET(TARGET_LAUNCHER_USER "launcher_user")
-
-SET(LAUNCHER_USER_SOURCES
- ${CMAKE_CURRENT_SOURCE_DIR}/launcher_user.cpp
-)
-
-ADD_EXECUTABLE(${TARGET_LAUNCHER_USER} ${LAUNCHER_USER_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_LAUNCHER_USER}
- ${TARGET_CLIENT}
- ${TARGET_ENCRYPTION_COMMON}
- ${ENCRYPTION_COMMON_LDFLAGS}
-)
-
-SET_TARGET_PROPERTIES(${TARGET_LAUNCHER_USER} PROPERTIES INSTALL_RPATH ${APP_ENCRYPTION_DIR})
-
-INSTALL(TARGETS ${TARGET_LAUNCHER_USER} DESTINATION ${APP_ENCRYPTION_DIR})
-
-################################################################################
-# encryption_setting
-SET(TARGET_ENCRYPTION_SETTING "encryption_setting")
-
-SET(ENCRYPTION_SETTING_SOURCES
- ${CMAKE_CURRENT_SOURCE_DIR}/encryption_setting.cpp
-)
-
-ADD_EXECUTABLE(${TARGET_ENCRYPTION_SETTING} ${ENCRYPTION_SETTING_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_ENCRYPTION_SETTING}
- ${TARGET_CLIENT}
- ${TARGET_ENCRYPTION_COMMON}
- ${ENCRYPTION_COMMON_LDFLAGS}
+INCLUDE_DIRECTORIES(
+ ${CMAKE_SOURCE_DIR}/src/include/
+ ${CMAKE_CURRENT_SOURCE_DIR}/common/
)
-SET_TARGET_PROPERTIES(${TARGET_ENCRYPTION_SETTING} PROPERTIES INSTALL_RPATH ${APP_ENCRYPTION_DIR})
-
-INSTALL(TARGETS ${TARGET_ENCRYPTION_SETTING} DESTINATION ${APP_ENCRYPTION_DIR})
-
-################################################################################
-# scripts
-
-FILE(GLOB APP_ENCRYPTION_SCRIPTS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/*.sh)
-INSTALL(FILES ${APP_ENCRYPTION_SCRIPTS} DESTINATION ${APP_ENCRYPTION_DIR}
- PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
+ADD_SUBDIRECTORY(common)
+ADD_SUBDIRECTORY(launcher)
+ADD_SUBDIRECTORY(encryption_setting)
+ADD_SUBDIRECTORY(scripts)
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file common.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include "common.h"
-
-#include <stdexcept>
-
-const char* OWNER = "owner";
-
-// TODO remove it when EFL popup is ready
-const char* gPasswords[] = { NULL, NULL, NULL };
-bool gTimeout = false;
-
-std::string Popup::getPassword(const std::string &, PasswordType type)
-{
- // TODO replace it with real EFL popup
-
- if (gTimeout)
- throw std::runtime_error("Popup timeout");
-
- if(type < PasswordType::OLD || type > PasswordType::CURRENT)
- throw std::runtime_error("Unexpected password type");
-
- if (gPasswords[type] == NULL)
- return std::string();
-
- return gPasswords[type];
-}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file common.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#pragma once
-
-#include <string>
-
-extern const char* OWNER;
-extern const char* gPasswords[];
-
-class Popup {
-public:
- enum PasswordType {
- OLD,
- NEW,
- CURRENT
- };
-
- // empty password = user canceled the popup
- std::string getPassword(const std::string &app, PasswordType type);
-};
--- /dev/null
+# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
+# @brief Cmake for app encryption commons
+#
+
+SET(ENCRYPTION_COMMON_SOURCES
+ ${CMAKE_CURRENT_SOURCE_DIR}/common.cpp
+)
+
+ADD_LIBRARY(${TARGET_ENCRYPTION_COMMON} SHARED ${ENCRYPTION_COMMON_SOURCES})
+
+INSTALL(TARGETS ${TARGET_ENCRYPTION_COMMON} DESTINATION ${APP_ENCRYPTION_DIR})
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file common.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#include "common.h"
+
+#include <stdexcept>
+
+const char* OWNER = "owner";
+
+// TODO remove it when EFL popup is ready
+const char* gPasswords[] = { NULL, NULL, NULL };
+bool gTimeout = false;
+
+std::string Popup::getPassword(const std::string &, PasswordType type)
+{
+ // TODO replace it with real EFL popup
+
+ if (gTimeout)
+ throw std::runtime_error("Popup timeout");
+
+ if(type < PasswordType::OLD || type > PasswordType::CURRENT)
+ throw std::runtime_error("Unexpected password type");
+
+ if (gPasswords[type] == NULL)
+ return std::string();
+
+ return gPasswords[type];
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file common.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#pragma once
+
+#include <string>
+
+extern const char* OWNER;
+extern const char* gPasswords[];
+
+class Popup {
+public:
+ enum PasswordType {
+ OLD,
+ NEW,
+ CURRENT
+ };
+
+ // empty password = user canceled the popup
+ std::string getPassword(const std::string &app, PasswordType type);
+};
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file encryption_setting.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <iostream>
-#include <stdexcept>
-
-#include <cstring>
-
-#include "security-manager.h"
-
-#include "common.h"
-
-void usage()
-{
- std::cerr << "Usage: encryption_setting app_id action [-o old_password] [-n new_password]" << std::endl << std::endl <<
- " Actions:" << std::endl <<
- " -e Enable encryption. Requires -n option." << std::endl <<
- " -d Disable encryption. Requires -o option." << std::endl <<
- " -c Change encryption password. Requires both -n and -o option." << std::endl << std::endl <<
- " Options:" << std::endl <<
- " -o old_password Password that is currently set. Don't use this option if you want to enable encryption." << std::endl <<
- " -n new_password New password to be set. Don't use this option if you want to disable encryption." << std::endl;
-}
-
-enum class Action {
- ENABLE_ENCRYPTION,
- DISABLE_ENCRYPTION,
- CHANGE_PASSWORD,
-};
-
-int main(int argc, char* argv[])
-{
- if (argc < 4) {
- usage();
- return 1;
- }
-
- const char* app = argv[1];
- app_encryption_status status;
- int ret;
-
- ret = security_manager_app_get_encryption_status(app, &status);
- if (ret != SECURITY_MANAGER_SUCCESS) {
- std::cerr << "Getting app encryption status failed " << ret << std::endl;
- return 1;
- }
-
- Action act;
- if (strcmp(argv[2],"-e") == 0) {
- if ((status & SM_APP_ENCR_HAS_PASSWORD) != 0) {
- std::cerr << "Application already has password. Aborting." << std::endl;
- return 1;
- }
- if ((status & SM_APP_ENCR_HAS_SENSITIVE_DIRS) == 0) {
- std::cerr << "Application has no sensitive dirs. Aborting." << std::endl;
- return 1;
- }
-
- act = Action::ENABLE_ENCRYPTION;
- } else if (strcmp(argv[2],"-d") == 0) {
- if ((status & SM_APP_ENCR_HAS_PASSWORD) == 0) {
- std::cerr << "Application already has no password. Aborting." << std::endl;
- return 1;
- }
-
- act = Action::DISABLE_ENCRYPTION;
- } else if (strcmp(argv[2],"-c") == 0) {
- if ((status & SM_APP_ENCR_HAS_PASSWORD) == 0) {
- std::cerr << "Application has no password. Aborting." << std::endl;
- return 1;
- }
-
- act = Action::CHANGE_PASSWORD;
- } else {
- usage();
- return 1;
- }
-
- for (int i=3; i<argc; i++) {
- if ((act == Action::DISABLE_ENCRYPTION || act == Action::CHANGE_PASSWORD) &&
- strcmp(argv[i], "-o") == 0 && argc > i+1) {
- i++;
- gPasswords[Popup::PasswordType::OLD] = argv[i];
- } else if ((act == Action::ENABLE_ENCRYPTION || act == Action::CHANGE_PASSWORD) &&
- strcmp(argv[i], "-n") == 0 && argc > i+1) {
- i++;
- gPasswords[Popup::PasswordType::NEW] = argv[i];
- } else {
- usage();
- return 1;
- }
- }
-
- std::string old_password;
- std::string new_password;
- Popup p;
- try {
- switch (act) {
- case Action::DISABLE_ENCRYPTION:
- old_password = p.getPassword(app, Popup::PasswordType::OLD);
- break;
- case Action::ENABLE_ENCRYPTION:
- new_password = p.getPassword(app, Popup::PasswordType::NEW);
- break;
- case Action::CHANGE_PASSWORD:
- old_password = p.getPassword(app, Popup::PasswordType::OLD);
- new_password = p.getPassword(app, Popup::PasswordType::NEW);
- break;
- default:
- std::cerr << "Unexpected action " << static_cast<int>(act) << std::endl;
- return 1;
- }
- } catch (std::runtime_error& exc) {
- std::cerr << exc.what() << std::endl;
- return 1;
- }
-
- ret = security_manager_app_change_password(
- app,
- old_password.empty() ? NULL : old_password.c_str(),
- new_password.empty() ? NULL : new_password.c_str());
- if (ret != SECURITY_MANAGER_SUCCESS) {
- std::cerr << "Failed to change password " << ret << std::endl;
- return 1;
- }
-
- std::cout << "Password successfully changed" << std::endl;
- return 0;
-}
--- /dev/null
+# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
+# @brief Cmake for app encryption setting
+#
+
+SET(TARGET_ENCRYPTION_SETTING "encryption_setting")
+
+SET(ENCRYPTION_SETTING_SOURCES
+ ${CMAKE_CURRENT_SOURCE_DIR}/encryption_setting.cpp
+)
+
+ADD_EXECUTABLE(${TARGET_ENCRYPTION_SETTING} ${ENCRYPTION_SETTING_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_ENCRYPTION_SETTING}
+ ${TARGET_CLIENT}
+ ${TARGET_ENCRYPTION_COMMON}
+ ${ENCRYPTION_COMMON_LDFLAGS}
+)
+
+INSTALL(TARGETS ${TARGET_ENCRYPTION_SETTING} DESTINATION ${APP_ENCRYPTION_DIR})
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file encryption_setting.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#include <iostream>
+#include <stdexcept>
+
+#include <cstring>
+
+#include "security-manager.h"
+
+#include "common.h"
+
+void usage()
+{
+ std::cerr << "Usage: encryption_setting app_id action [-o old_password] [-n new_password]" << std::endl << std::endl <<
+ " Actions:" << std::endl <<
+ " -e Enable encryption. Requires -n option." << std::endl <<
+ " -d Disable encryption. Requires -o option." << std::endl <<
+ " -c Change encryption password. Requires both -n and -o option." << std::endl << std::endl <<
+ " Options:" << std::endl <<
+ " -o old_password Password that is currently set. Don't use this option if you want to enable encryption." << std::endl <<
+ " -n new_password New password to be set. Don't use this option if you want to disable encryption." << std::endl;
+}
+
+enum class Action {
+ ENABLE_ENCRYPTION,
+ DISABLE_ENCRYPTION,
+ CHANGE_PASSWORD,
+};
+
+int main(int argc, char* argv[])
+{
+ if (argc < 4) {
+ usage();
+ return 1;
+ }
+
+ const char* app = argv[1];
+ app_encryption_status status;
+ int ret;
+
+ ret = security_manager_app_get_encryption_status(app, &status);
+ if (ret != SECURITY_MANAGER_SUCCESS) {
+ std::cerr << "Getting app encryption status failed " << ret << std::endl;
+ return 1;
+ }
+
+ Action act;
+ if (strcmp(argv[2],"-e") == 0) {
+ if ((status & SM_APP_ENCR_HAS_PASSWORD) != 0) {
+ std::cerr << "Application already has password. Aborting." << std::endl;
+ return 1;
+ }
+ if ((status & SM_APP_ENCR_HAS_SENSITIVE_DIRS) == 0) {
+ std::cerr << "Application has no sensitive dirs. Aborting." << std::endl;
+ return 1;
+ }
+
+ act = Action::ENABLE_ENCRYPTION;
+ } else if (strcmp(argv[2],"-d") == 0) {
+ if ((status & SM_APP_ENCR_HAS_PASSWORD) == 0) {
+ std::cerr << "Application already has no password. Aborting." << std::endl;
+ return 1;
+ }
+
+ act = Action::DISABLE_ENCRYPTION;
+ } else if (strcmp(argv[2],"-c") == 0) {
+ if ((status & SM_APP_ENCR_HAS_PASSWORD) == 0) {
+ std::cerr << "Application has no password. Aborting." << std::endl;
+ return 1;
+ }
+
+ act = Action::CHANGE_PASSWORD;
+ } else {
+ usage();
+ return 1;
+ }
+
+ for (int i=3; i<argc; i++) {
+ if ((act == Action::DISABLE_ENCRYPTION || act == Action::CHANGE_PASSWORD) &&
+ strcmp(argv[i], "-o") == 0 && argc > i+1) {
+ i++;
+ gPasswords[Popup::PasswordType::OLD] = argv[i];
+ } else if ((act == Action::ENABLE_ENCRYPTION || act == Action::CHANGE_PASSWORD) &&
+ strcmp(argv[i], "-n") == 0 && argc > i+1) {
+ i++;
+ gPasswords[Popup::PasswordType::NEW] = argv[i];
+ } else {
+ usage();
+ return 1;
+ }
+ }
+
+ std::string old_password;
+ std::string new_password;
+ Popup p;
+ try {
+ switch (act) {
+ case Action::DISABLE_ENCRYPTION:
+ old_password = p.getPassword(app, Popup::PasswordType::OLD);
+ break;
+ case Action::ENABLE_ENCRYPTION:
+ new_password = p.getPassword(app, Popup::PasswordType::NEW);
+ break;
+ case Action::CHANGE_PASSWORD:
+ old_password = p.getPassword(app, Popup::PasswordType::OLD);
+ new_password = p.getPassword(app, Popup::PasswordType::NEW);
+ break;
+ default:
+ std::cerr << "Unexpected action " << static_cast<int>(act) << std::endl;
+ return 1;
+ }
+ } catch (std::runtime_error& exc) {
+ std::cerr << exc.what() << std::endl;
+ return 1;
+ }
+
+ ret = security_manager_app_change_password(
+ app,
+ old_password.empty() ? NULL : old_password.c_str(),
+ new_password.empty() ? NULL : new_password.c_str());
+ if (ret != SECURITY_MANAGER_SUCCESS) {
+ std::cerr << "Failed to change password " << ret << std::endl;
+ return 1;
+ }
+
+ std::cout << "Password successfully changed" << std::endl;
+ return 0;
+}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file launcher.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <iostream>
-#include <fstream>
-#include <string>
-#include <memory>
-#include <stdexcept>
-
-#include <unistd.h>
-#include <pwd.h>
-#include <sys/prctl.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <cstring>
-#include <sys/capability.h>
-
-#include "security-manager.h"
-#include "common.h"
-
-const cap_value_t ADMIN[] = { CAP_SETGID, CAP_DAC_OVERRIDE, CAP_SYS_ADMIN, CAP_MAC_OVERRIDE, CAP_MAC_ADMIN };
-const cap_value_t LIMITED[] = { CAP_SETGID };
-const char* CACHE_DROP = "/proc/sys/vm/drop_caches";
-
-int main(int argc, char* argv[])
-{
- pid_t pid = fork();
- if (pid < 0) {
- std::cerr << "fork() failed" << std::endl;
- exit(1);
- }
-
- if (pid > 0) {
- int status;
- int child;
- do
- child = waitpid(pid, &status, 0);
- while (child != pid);
-
- try {
- sync();
-
- std::ofstream of(CACHE_DROP);
- if (!of) {
- std::cerr << "Failed to open " << CACHE_DROP << std:: endl;
- return 1;
- }
-
- of << 2 << std::endl;;
- } catch (const std::exception& e) {
- std::cerr << e.what() << std::endl;
- return 1;
- } catch (...) {
- std::cerr << "Unknown exception" << std::endl;
- return 1;
- }
- } else {
- // prevent capabilities drop
- if (0 != prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
- std::cerr << "prctl() failed" << std::endl;
- return 1;
- }
-
- // uid / gid (because real uid is not affected by chmod)
- passwd* pw = getpwnam(OWNER);
- if (pw == NULL) {
- std::cerr << "getpwnam() failed" << std::endl;
- return 1;
- }
-
- if (0 != setgid(pw->pw_gid)) {
- std::cerr << "setgid() failed " << std::endl;
- return 1;
- }
-
- if (0 != setuid(pw->pw_uid)) {
- std::cerr << "setuid() failed " << std::endl;
- return 1;
- }
-
- // restore effective caps (setuid drops effective caps to 0)
- std::unique_ptr<_cap_struct, decltype(&cap_free)> capsPtr(cap_get_proc(), cap_free);
- if (0 != cap_set_flag(capsPtr.get(), CAP_EFFECTIVE, sizeof(ADMIN)/sizeof(ADMIN[0]), ADMIN, CAP_SET)) {
- std::cerr << "cap_set_flag() failed" << std::endl;
- return 1;
- }
- if (0 != cap_set_proc(capsPtr.get())) {
- std::cerr << "cap_set_proc() failed" << std::endl;
- return 1;
- }
-
- // relabel self (needs owner uid, CAP_MAC_ADMIN and onlycap)
- app_labels_monitor* monitor = NULL;
- if (SECURITY_MANAGER_SUCCESS != security_manager_app_labels_monitor_init(&monitor)) {
- std::cerr << "Monitor initialization failed" << std::endl;
- return 1;
- }
-
- int ret = security_manager_app_labels_monitor_process(monitor);
- security_manager_app_labels_monitor_finish(monitor);
-
- if (ret != SECURITY_MANAGER_SUCCESS) {
- std::cerr << "Monitor process failed" << std::endl;
- return 1;
- }
-
- // limit caps
- if (0 != cap_set_flag(capsPtr.get(), CAP_INHERITABLE, sizeof(ADMIN)/sizeof(ADMIN[0]), ADMIN, CAP_SET)) {
- std::cerr << "cap_set_flag() failed" << std::endl;
- return 1;
- }
- if (0 != cap_set_flag(capsPtr.get(), CAP_PERMITTED, sizeof(LIMITED)/sizeof(LIMITED[0]), LIMITED, CAP_SET)) {
- std::cerr << "cap_set_flag() failed" << std::endl;
- return 1;
- }
- if (0 != cap_set_flag(capsPtr.get(), CAP_EFFECTIVE, sizeof(LIMITED)/sizeof(LIMITED[0]), LIMITED, CAP_SET)) {
- std::cerr << "cap_set_flag() failed" << std::endl;
- return 1;
- }
-
- if (0 != cap_set_proc(capsPtr.get())) {
- std::cerr << "cap_set_proc() failed" << std::endl;
- return 1;
- }
-
- // launch helper binary with smack exec label = User
- std::string launcher_user = std::string(argv[0]) + "_user";
-
- char* user_argv[argc+1];
- user_argv[0] = strdup(launcher_user.c_str());
- for (int i = 1; i < argc; i++)
- user_argv[i] = argv[i];
- user_argv[argc] = NULL;
-
- char* envp[] = { NULL };
- execve(user_argv[0], user_argv, envp);
- std::cerr << "execve() failed" << std::endl;
- free(user_argv[0]);
- return 1;
- }
- return 0;
-}
--- /dev/null
+# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
+# @brief Cmake for app encryption launcher
+#
+
+################################################################################
+# launcher_user
+SET(TARGET_LAUNCHER_USER "launcher_user")
+
+SET(LAUNCHER_USER_SOURCES
+ ${CMAKE_CURRENT_SOURCE_DIR}/launcher_user.cpp
+)
+
+ADD_EXECUTABLE(${TARGET_LAUNCHER_USER} ${LAUNCHER_USER_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_LAUNCHER_USER}
+ ${TARGET_CLIENT}
+ ${TARGET_ENCRYPTION_COMMON}
+ ${ENCRYPTION_COMMON_LDFLAGS}
+)
+
+INSTALL(TARGETS ${TARGET_LAUNCHER_USER} DESTINATION ${APP_ENCRYPTION_DIR})
+
+
+################################################################################
+# launcher
+
+SET(TARGET_LAUNCHER "launcher")
+
+SET(LAUNCHER_SOURCES
+ ${CMAKE_CURRENT_SOURCE_DIR}/launcher.cpp
+)
+
+ADD_EXECUTABLE(${TARGET_LAUNCHER} ${LAUNCHER_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_LAUNCHER}
+ ${TARGET_CLIENT}
+ ${TARGET_ENCRYPTION_COMMON}
+ ${ENCRYPTION_COMMON_LDFLAGS}
+)
+
+INSTALL(TARGETS ${TARGET_LAUNCHER} DESTINATION ${APP_ENCRYPTION_DIR})
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file launcher.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#include <iostream>
+#include <fstream>
+#include <string>
+#include <memory>
+#include <stdexcept>
+
+#include <unistd.h>
+#include <pwd.h>
+#include <sys/prctl.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <cstring>
+#include <sys/capability.h>
+
+#include "security-manager.h"
+#include "common.h"
+
+const cap_value_t ADMIN[] = { CAP_SETGID, CAP_DAC_OVERRIDE, CAP_SYS_ADMIN, CAP_MAC_OVERRIDE, CAP_MAC_ADMIN };
+const cap_value_t LIMITED[] = { CAP_SETGID };
+const char* CACHE_DROP = "/proc/sys/vm/drop_caches";
+
+int main(int argc, char* argv[])
+{
+ pid_t pid = fork();
+ if (pid < 0) {
+ std::cerr << "fork() failed" << std::endl;
+ exit(1);
+ }
+
+ if (pid > 0) {
+ int status;
+ int child;
+ do
+ child = waitpid(pid, &status, 0);
+ while (child != pid);
+
+ try {
+ sync();
+
+ std::ofstream of(CACHE_DROP);
+ if (!of) {
+ std::cerr << "Failed to open " << CACHE_DROP << std:: endl;
+ return 1;
+ }
+
+ of << 2 << std::endl;;
+ } catch (const std::exception& e) {
+ std::cerr << e.what() << std::endl;
+ return 1;
+ } catch (...) {
+ std::cerr << "Unknown exception" << std::endl;
+ return 1;
+ }
+ } else {
+ // prevent capabilities drop
+ if (0 != prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
+ std::cerr << "prctl() failed" << std::endl;
+ return 1;
+ }
+
+ // uid / gid (because real uid is not affected by chmod)
+ passwd* pw = getpwnam(OWNER);
+ if (pw == NULL) {
+ std::cerr << "getpwnam() failed" << std::endl;
+ return 1;
+ }
+
+ if (0 != setgid(pw->pw_gid)) {
+ std::cerr << "setgid() failed " << std::endl;
+ return 1;
+ }
+
+ if (0 != setuid(pw->pw_uid)) {
+ std::cerr << "setuid() failed " << std::endl;
+ return 1;
+ }
+
+ // restore effective caps (setuid drops effective caps to 0)
+ std::unique_ptr<_cap_struct, decltype(&cap_free)> capsPtr(cap_get_proc(), cap_free);
+ if (0 != cap_set_flag(capsPtr.get(), CAP_EFFECTIVE, sizeof(ADMIN)/sizeof(ADMIN[0]), ADMIN, CAP_SET)) {
+ std::cerr << "cap_set_flag() failed" << std::endl;
+ return 1;
+ }
+ if (0 != cap_set_proc(capsPtr.get())) {
+ std::cerr << "cap_set_proc() failed" << std::endl;
+ return 1;
+ }
+
+ // relabel self (needs owner uid, CAP_MAC_ADMIN and onlycap)
+ app_labels_monitor* monitor = NULL;
+ if (SECURITY_MANAGER_SUCCESS != security_manager_app_labels_monitor_init(&monitor)) {
+ std::cerr << "Monitor initialization failed" << std::endl;
+ return 1;
+ }
+
+ int ret = security_manager_app_labels_monitor_process(monitor);
+ security_manager_app_labels_monitor_finish(monitor);
+
+ if (ret != SECURITY_MANAGER_SUCCESS) {
+ std::cerr << "Monitor process failed" << std::endl;
+ return 1;
+ }
+
+ // limit caps
+ if (0 != cap_set_flag(capsPtr.get(), CAP_INHERITABLE, sizeof(ADMIN)/sizeof(ADMIN[0]), ADMIN, CAP_SET)) {
+ std::cerr << "cap_set_flag() failed" << std::endl;
+ return 1;
+ }
+ if (0 != cap_set_flag(capsPtr.get(), CAP_PERMITTED, sizeof(LIMITED)/sizeof(LIMITED[0]), LIMITED, CAP_SET)) {
+ std::cerr << "cap_set_flag() failed" << std::endl;
+ return 1;
+ }
+ if (0 != cap_set_flag(capsPtr.get(), CAP_EFFECTIVE, sizeof(LIMITED)/sizeof(LIMITED[0]), LIMITED, CAP_SET)) {
+ std::cerr << "cap_set_flag() failed" << std::endl;
+ return 1;
+ }
+
+ if (0 != cap_set_proc(capsPtr.get())) {
+ std::cerr << "cap_set_proc() failed" << std::endl;
+ return 1;
+ }
+
+ // launch helper binary with smack exec label = User
+ std::string launcher_user = std::string(argv[0]) + "_user";
+
+ char* user_argv[argc+1];
+ user_argv[0] = strdup(launcher_user.c_str());
+ for (int i = 1; i < argc; i++)
+ user_argv[i] = argv[i];
+ user_argv[argc] = NULL;
+
+ char* envp[] = { NULL };
+ execve(user_argv[0], user_argv, envp);
+ std::cerr << "execve() failed" << std::endl;
+ free(user_argv[0]);
+ return 1;
+ }
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file launcher_user.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#include <iostream>
+#include <string>
+#include <stdexcept>
+#include <sstream>
+#include <fstream>
+
+#include <cstring>
+#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <cstdio>
+#include <termios.h>
+
+#include "security-manager.h"
+#include "common.h"
+#include "tzplatform-config.h"
+
+void usage()
+{
+ std::cerr << "Usage: launcher app_id [-p password] [-f]" << std::endl << std::endl <<
+ " -p password Password used for encryption/decryption." << std::endl <<
+ " -f First application launch.\n" << std::endl;
+}
+
+int validate_caller()
+{
+ // get uid
+ uid_t uid = getuid();
+
+ passwd* pw = getpwnam(OWNER);
+ if (pw == NULL) {
+ std::cerr << "getpwname() failed" << std::endl;
+ return 1;
+ }
+
+ if (pw->pw_uid != uid) {
+ std::cerr << "Wrong user. Launcher_user binary should be invoked by launcher."
+ << std::endl;
+ return 1;
+ }
+
+ // TODO check smack label as well?
+ return 0;
+}
+
+int prepare_app(const char* app, bool first)
+{
+ app_encryption_status status;
+ int ret = security_manager_app_get_encryption_status(app, &status);
+ if (ret != SECURITY_MANAGER_SUCCESS) {
+ std::cerr << "Geting app encryption status failed " << ret << std::endl;
+ return 1;
+ }
+
+ std::string pass;
+
+ try {
+ // first run
+ if (first) {
+ if ((status & SM_APP_ENCR_HAS_PASSWORD) != 0) {
+ std::cerr << "Application already has a password during first launch. Aborting"
+ << std::endl;
+ return 1;
+ }
+
+ // suggest encryption if app has any sensitive dirs
+ if ((status & SM_APP_ENCR_HAS_SENSITIVE_DIRS) != 0) {
+ Popup p;
+ pass = p.getPassword(app, Popup::PasswordType::NEW);
+
+ // user doesn't want to encrypt the app
+ if (!pass.empty()) {
+ // setup new encryption password
+ ret = security_manager_app_change_password(app, NULL, pass.c_str());
+ if (ret != SECURITY_MANAGER_SUCCESS) {
+ std::cerr << "Enabling encryption failed " << ret << std::endl;
+ return 1;
+ }
+ }
+ }
+ } else if ((status & SM_APP_ENCR_HAS_PASSWORD) != 0) {
+ Popup p;
+ pass = p.getPassword(app, Popup::PasswordType::CURRENT);
+
+ if (pass.empty()) {
+ std::cerr << "Empty password given. Aborting." << std::endl;
+ return 1;
+ }
+ } else {
+ /*
+ * Not a first launch and app has no password.
+ *
+ * TODO This has to be removed. When EFL popup is implemented and app
+ * has no password there will be no possibility to pass it because the
+ * popup won't be shown to the user.
+ */
+ if (gPasswords[Popup::PasswordType::CURRENT] != NULL) {
+ std::cerr << "Application has no password but it was given. Aborting."
+ << std::endl;
+ return 1;
+ }
+ }
+ } catch (const std::runtime_error &exc) {
+ // user did not respond -> abort the launch
+ std::cerr << exc.what() << std::endl;
+ return 1;
+ }
+
+ if (!pass.empty()) {
+ // unlock app
+ ret = security_manager_app_unlock(app, pass.c_str());
+ if (ret != SECURITY_MANAGER_SUCCESS) {
+ std::cerr << "Application unlock failed " << ret << std::endl;
+ return 1;
+ }
+ }
+
+ // prepare application
+ if (SECURITY_MANAGER_SUCCESS != security_manager_prepare_app(app)) {
+ std::cerr << "App preparation failed" << std::endl;
+ return 1;
+ }
+
+ return 0;
+}
+
+int wait_for_key()
+{
+ struct termios oldSettings, newSettings;
+ if (tcgetattr( fileno( stdin ), &oldSettings ) != 0) {
+ std::cerr << "tcgetattr() failed" << std::endl;
+ return 1;
+ }
+ newSettings = oldSettings;
+ newSettings.c_lflag &= (~ICANON & ~ECHO);
+ if (tcsetattr( fileno( stdin ), TCSANOW, &newSettings ) != 0) {
+ std::cerr << "tcsetattr() failed" << std::endl;
+ return 1;
+ }
+
+ std::cout << "Press any key to close it." << std::endl;
+ std::cin.get();
+
+ if (tcsetattr( fileno( stdin ), TCSANOW, &oldSettings ) != 0)
+ std::cerr << "Failed to restore terminal settings" << std::endl;
+
+ return 0;
+}
+
+int run_app(const std::string& pkgName)
+{
+ // try to read / write sensitive file as an application
+ try {
+ SecurityManager::TizenPlatformConfig tpc(getuid());
+ std::string filePath = tpc.makePath(TZ_USER_APP,
+ pkgName,
+ std::string("path_1/sensitive_file"));
+
+ std::fstream fs(filePath, std::ios_base::in | std::ios_base::out | std::ios_base::app);
+ if (!fs) {
+ std::cerr << "Failed to open " << filePath << std::endl;
+ return 1;
+ }
+
+ std::string contents((std::istreambuf_iterator<char>(fs)),
+ std::istreambuf_iterator<char>());
+ std::cout << "Reading data from sensitive file:" << std::endl << contents << std::endl;
+ std::cout << "File size: " << fs.tellg() << "B" << std::endl;
+ std::cout << "Appending '#' to sensitive file" << std::endl;
+ fs << "#";
+ fs.close();
+ } catch (const SecurityManager::TizenPlatformConfig::Exception::Base& e) {
+ std::cerr << "Failed to get variable from tzplatform-config " << e.DumpToString()
+ << std::endl;
+ return 1;
+ } catch (const std::exception& e) {
+ std::cerr << e.what() << std::endl;
+ return 1;
+ } catch (...) {
+ std::cerr << "Unknown exception" << std::endl;
+ return 1;
+ }
+
+ // Quit the app
+ if (wait_for_key() != 0) {
+ std::cout << "Press Enter to close it." << std::endl;
+ std::cin.get();
+ }
+ return 0;
+}
+
+int main(int argc, char* argv[])
+{
+ if (validate_caller() != 0)
+ return 1;
+
+ // parse arguments
+ if (argc < 2) {
+ usage();
+ return 1;
+ }
+
+ bool first = false;
+ const char* app = argv[1];
+
+ for (int i = 2; i < argc; i++) {
+ if (strcmp(argv[i], "-p") == 0 && argc > i+1) {
+ // TODO remove when EFL popup is ready
+ i++;
+ gPasswords[Popup::PasswordType::CURRENT] = argv[i];
+ } else if (strcmp(argv[i], "-f") == 0) {
+ first = true;
+ } else {
+ usage();
+ return 1;
+ }
+ }
+
+ if (first)
+ gPasswords[Popup::PasswordType::NEW] = gPasswords[Popup::PasswordType::CURRENT];
+
+ if (prepare_app(app, first) != 0)
+ return 1;
+
+ std::cout << "Application " << app << " launched successfully." << std::endl;
+
+ return run_app(app);
+}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file launcher_user.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- */
-
-#include <iostream>
-#include <string>
-#include <stdexcept>
-#include <sstream>
-#include <fstream>
-
-#include <cstring>
-#include <unistd.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <cstdio>
-#include <termios.h>
-
-#include "security-manager.h"
-#include "common.h"
-#include "tzplatform-config.h"
-
-void usage()
-{
- std::cerr << "Usage: launcher app_id [-p password] [-f]" << std::endl << std::endl <<
- " -p password Password used for encryption/decryption." << std::endl <<
- " -f First application launch.\n" << std::endl;
-}
-
-int validate_caller()
-{
- // get uid
- uid_t uid = getuid();
-
- passwd* pw = getpwnam(OWNER);
- if (pw == NULL) {
- std::cerr << "getpwname() failed" << std::endl;
- return 1;
- }
-
- if (pw->pw_uid != uid) {
- std::cerr << "Wrong user. Launcher_user binary should be invoked by launcher."
- << std::endl;
- return 1;
- }
-
- // TODO check smack label as well?
- return 0;
-}
-
-int prepare_app(const char* app, bool first)
-{
- app_encryption_status status;
- int ret = security_manager_app_get_encryption_status(app, &status);
- if (ret != SECURITY_MANAGER_SUCCESS) {
- std::cerr << "Geting app encryption status failed " << ret << std::endl;
- return 1;
- }
-
- std::string pass;
-
- try {
- // first run
- if (first) {
- if ((status & SM_APP_ENCR_HAS_PASSWORD) != 0) {
- std::cerr << "Application already has a password during first launch. Aborting"
- << std::endl;
- return 1;
- }
-
- // suggest encryption if app has any sensitive dirs
- if ((status & SM_APP_ENCR_HAS_SENSITIVE_DIRS) != 0) {
- Popup p;
- pass = p.getPassword(app, Popup::PasswordType::NEW);
-
- // user doesn't want to encrypt the app
- if (!pass.empty()) {
- // setup new encryption password
- ret = security_manager_app_change_password(app, NULL, pass.c_str());
- if (ret != SECURITY_MANAGER_SUCCESS) {
- std::cerr << "Enabling encryption failed " << ret << std::endl;
- return 1;
- }
- }
- }
- } else if ((status & SM_APP_ENCR_HAS_PASSWORD) != 0) {
- Popup p;
- pass = p.getPassword(app, Popup::PasswordType::CURRENT);
-
- if (pass.empty()) {
- std::cerr << "Empty password given. Aborting." << std::endl;
- return 1;
- }
- } else {
- /*
- * Not a first launch and app has no password.
- *
- * TODO This has to be removed. When EFL popup is implemented and app
- * has no password there will be no possibility to pass it because the
- * popup won't be shown to the user.
- */
- if (gPasswords[Popup::PasswordType::CURRENT] != NULL) {
- std::cerr << "Application has no password but it was given. Aborting."
- << std::endl;
- return 1;
- }
- }
- } catch (const std::runtime_error &exc) {
- // user did not respond -> abort the launch
- std::cerr << exc.what() << std::endl;
- return 1;
- }
-
- if (!pass.empty()) {
- // unlock app
- ret = security_manager_app_unlock(app, pass.c_str());
- if (ret != SECURITY_MANAGER_SUCCESS) {
- std::cerr << "Application unlock failed " << ret << std::endl;
- return 1;
- }
- }
-
- // prepare application
- if (SECURITY_MANAGER_SUCCESS != security_manager_prepare_app(app)) {
- std::cerr << "App preparation failed" << std::endl;
- return 1;
- }
-
- return 0;
-}
-
-int wait_for_key()
-{
- struct termios oldSettings, newSettings;
- if (tcgetattr( fileno( stdin ), &oldSettings ) != 0) {
- std::cerr << "tcgetattr() failed" << std::endl;
- return 1;
- }
- newSettings = oldSettings;
- newSettings.c_lflag &= (~ICANON & ~ECHO);
- if (tcsetattr( fileno( stdin ), TCSANOW, &newSettings ) != 0) {
- std::cerr << "tcsetattr() failed" << std::endl;
- return 1;
- }
-
- std::cout << "Press any key to close it." << std::endl;
- std::cin.get();
-
- if (tcsetattr( fileno( stdin ), TCSANOW, &oldSettings ) != 0)
- std::cerr << "Failed to restore terminal settings" << std::endl;
-
- return 0;
-}
-
-int run_app(const std::string& pkgName)
-{
- // try to read / write sensitive file as an application
- try {
- SecurityManager::TizenPlatformConfig tpc(getuid());
- std::string filePath = tpc.makePath(TZ_USER_APP,
- pkgName,
- std::string("path_1/sensitive_file"));
-
- std::fstream fs(filePath, std::ios_base::in | std::ios_base::out | std::ios_base::app);
- if (!fs) {
- std::cerr << "Failed to open " << filePath << std::endl;
- return 1;
- }
-
- std::string contents((std::istreambuf_iterator<char>(fs)),
- std::istreambuf_iterator<char>());
- std::cout << "Reading data from sensitive file:" << std::endl << contents << std::endl;
- std::cout << "File size: " << fs.tellg() << "B" << std::endl;
- std::cout << "Appending '#' to sensitive file" << std::endl;
- fs << "#";
- fs.close();
- } catch (const SecurityManager::TizenPlatformConfig::Exception::Base& e) {
- std::cerr << "Failed to get variable from tzplatform-config " << e.DumpToString()
- << std::endl;
- return 1;
- } catch (const std::exception& e) {
- std::cerr << e.what() << std::endl;
- return 1;
- } catch (...) {
- std::cerr << "Unknown exception" << std::endl;
- return 1;
- }
-
- // Quit the app
- if (wait_for_key() != 0) {
- std::cout << "Press Enter to close it." << std::endl;
- std::cin.get();
- }
- return 0;
-}
-
-int main(int argc, char* argv[])
-{
- if (validate_caller() != 0)
- return 1;
-
- // parse arguments
- if (argc < 2) {
- usage();
- return 1;
- }
-
- bool first = false;
- const char* app = argv[1];
-
- for (int i = 2; i < argc; i++) {
- if (strcmp(argv[i], "-p") == 0 && argc > i+1) {
- // TODO remove when EFL popup is ready
- i++;
- gPasswords[Popup::PasswordType::CURRENT] = argv[i];
- } else if (strcmp(argv[i], "-f") == 0) {
- first = true;
- } else {
- usage();
- return 1;
- }
- }
-
- if (first)
- gPasswords[Popup::PasswordType::NEW] = gPasswords[Popup::PasswordType::CURRENT];
-
- if (prepare_app(app, first) != 0)
- return 1;
-
- std::cout << "Application " << app << " launched successfully." << std::endl;
-
- return run_app(app);
-}
--- /dev/null
+# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
+# @brief Cmake for app encryption scripts
+#
+
+FILE(GLOB APP_ENCRYPTION_SCRIPTS ${CMAKE_CURRENT_SOURCE_DIR}/*.sh)
+INSTALL(FILES ${APP_ENCRYPTION_SCRIPTS} DESTINATION ${APP_ENCRYPTION_DIR}
+ PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE
+ GROUP_READ GROUP_EXECUTE
+ WORLD_READ WORLD_EXECUTE)
projects / platform / core / security / security-manager.git / commitdiff