${SECURITY_SERVER_PATH}/server/security-server-main.c
${SECURITY_SERVER_PATH}/server/security-server-password.c
${SECURITY_SERVER_PATH}/util/security-server-util-common.c
- ${SECURITY_SERVER_PATH}/server/security-server-system-observer.c
- ${SECURITY_SERVER_PATH}/server/security-server-rules-revoker.c
${SECURITY_SERVER_PATH}/util/smack-check.c
${SERVER2_PATH}/main/socket-manager.cpp
${SERVER2_PATH}/main/server2-main.cpp
+++ /dev/null
-/*
- * security-server
- *
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- */
-#ifndef _SECURITY_SERVER_RULES_REVOKER_H_
-#define _SECURITY_SERVER_RULES_REVOKER_H_
-
-#include <linux/cn_proc.h>
-
-void rules_revoker_init(void);
-int rules_revoker_add(int pid, const char *subject, const char *object);
-void rules_revoker_callback(const struct proc_event *event);
-
-#endif // _SECURITY_SERVER_RULES_REVOKER_H_
-
+++ /dev/null
-/*
- * security-server
- *
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- */
-#ifndef _SECURITY_SERVER_SYSTEM_OBSERVER_H_
-#define _SECURITY_SERVER_SYSTEM_OBSERVER_H_
-
-#include <linux/cn_proc.h>
-
-typedef void (*system_observer_callback)(const struct proc_event*);
-
-typedef struct system_observer_config_t {
- system_observer_callback event_callback;
-} system_observer_config;
-
-void *system_observer_main(void *data);
-
-#endif // _SECURITY_SERVER_SYSTEM_OBSERVER_H_
#include <server2-main.h>
#include <privilege-control.h>
-#include <security-server-system-observer.h>
-#include <security-server-rules-revoker.h>
#include "security-server-cookie.h"
#include "security-server-common.h"
return done;
}
-void *system_observer_main_thread(void *data)
-{
- system_observer_main(data);
- SEC_SVR_ERR("%s", "System observer: exit. No garbage collector support.");
- netlink_enabled = 0;
- pthread_detach(pthread_self());
- pthread_exit(NULL);
-}
-
int main(int argc, char *argv[])
{
int res;
(void)argc;
(void)argv;
- // create observer thread only if smack is enabled
- if (smack_check()) {
- pthread_t system_observer;
- system_observer_config so_config;
- so_config.event_callback = rules_revoker_callback;
-
- res = pthread_create(&system_observer, NULL, system_observer_main_thread, (void*)&so_config);
-
- if (res != 0)
- return -1;
- }
- else {
- SEC_SVR_DBG("SMACK is not available. Observer thread disabled.");
- }
-
if (0 != (res = pthread_create(&main_thread, NULL, security_server_main_thread, NULL))) {
SEC_SVR_ERR("Error: Server: Cannot create main security server thread: %s", strerror(res));
return -1;
+++ /dev/null
-/*
- * security-server
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- */
-#include <pthread.h>
-#include <search.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <privilege-control.h>
-
-#include <security-server-rules-revoker.h>
-
-static pthread_mutex_t tree_mutex;
-static void *tree_root = NULL;
-
-typedef struct tree_info_t {
- int pid;
- char *subject;
- char *object;
-} tree_info;
-
-static int tree_cmp(const void *first, const void *second)
-{
- return (((tree_info*)first)->pid) - (((tree_info*)second)->pid);
-}
-
-static int tree_info_push(tree_info *node)
-{
- int ret = 0;
- pthread_mutex_lock(&tree_mutex);
-
- if (NULL != tfind(node, &tree_root, tree_cmp)) {
- ret = -1;
- goto end;
- }
-
- tsearch(node, &tree_root, tree_cmp);
-end:
- pthread_mutex_unlock(&tree_mutex);
- return ret;
-}
-
-
-static int tree_info_add(int pid, const char *subject_param, const char *object_param)
-{
- tree_info *node = malloc(sizeof(tree_info));
- char *subject = strdup(subject_param);
- char *object = strdup(object_param);
-
- if (!node || !subject || !object)
- goto error;
-
- node->pid = pid;
- node->subject = subject;
- node->object = object;
-
- if (0 == tree_info_push(node))
- return 0;
-
-error:
- free(node);
- free(subject);
- free(object);
- return -1;
-}
-
-static tree_info *tree_info_pop_new(int pid)
-{
- tree_info search, *node = NULL;
- void *wtf;
- search.pid = pid;
-
- pthread_mutex_lock(&tree_mutex);
-
- wtf = tfind(&search, &tree_root, tree_cmp);
- if (!wtf)
- goto end;
-
- node = *(tree_info**)wtf;
- if (!node)
- goto end;
-
- tdelete(node, &tree_root, tree_cmp);
-end:
- pthread_mutex_unlock(&tree_mutex);
- return node;
-}
-
-static int rules_revoker_pid(int pid)
-{
- tree_info *node = NULL;
- int ret = 0;
-
- node = tree_info_pop_new(pid);
- if (!node)
- return 0;
-
- if (PC_OPERATION_SUCCESS != app_revoke_access(node->subject, node->object))
- ret = -1;
-
- free(node->subject);
- free(node->object);
- free(node);
- return ret;
-}
-
-void rules_revoker_init(void)
-{
- pthread_mutex_init(&tree_mutex, NULL);
-}
-
-int rules_revoker_add(int pid, const char *subject, const char *object)
-{
- return tree_info_add(pid, subject, object);
-}
-
-void rules_revoker_callback(const struct proc_event *event)
-{
- if (PROC_EVENT_EXIT != event->what)
- return;
- rules_revoker_pid(event->event_data.exit.process_pid);
-}
-
+++ /dev/null
-/*
- * security-server
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- */
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <linux/netlink.h>
-#include <linux/connector.h>
-#include <linux/cn_proc.h>
-
-#include <unistd.h>
-#include <string.h>
-#include <strings.h>
-#include <stdio.h>
-#include <errno.h>
-
-#include <security-server-common.h>
-#include <security-server-system-observer.h>
-
-#define NL_MESSAGE_SIZE (sizeof(struct nlmsghdr) + sizeof(struct cn_msg) + \
- sizeof(int))
-
-static int nl_sock;
-
-int connect_to_netlink()
-{
- struct sockaddr_nl sa_nl; /* netlink interface info */
- char buff[NL_MESSAGE_SIZE];
- struct nlmsghdr *hdr; /* for telling netlink what we want */
- struct cn_msg *msg; /* the actual connector message */
-
- /* connect to netlink socket */
- nl_sock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR);
-
- if (-1 == nl_sock) {
- SEC_SVR_ERR("socket failed: %s", strerror(errno));
- return SECURITY_SERVER_ERROR_SOCKET;
- }
-
- bzero(&sa_nl, sizeof(sa_nl));
- sa_nl.nl_family = AF_NETLINK;
- sa_nl.nl_groups = CN_IDX_PROC;
- sa_nl.nl_pid = getpid();
-
- if (-1 == bind(nl_sock, (struct sockaddr*)&sa_nl, sizeof(sa_nl))) {
- SEC_SVR_ERR("bind failed: %s", strerror(errno));
- close(nl_sock);
- return SECURITY_SERVER_ERROR_SOCKET;
- }
-
- /* Fill header */
- hdr = (struct nlmsghdr*)buff;
- hdr->nlmsg_len = NL_MESSAGE_SIZE;
- hdr->nlmsg_type = NLMSG_DONE;
- hdr->nlmsg_flags = 0;
- hdr->nlmsg_seq = 0;
- hdr->nlmsg_pid = getpid();
-
- /* Fill message */
- msg = (struct cn_msg*)NLMSG_DATA(hdr);
- msg->id.idx = CN_IDX_PROC; /* Connecting to process information */
- msg->id.val = CN_VAL_PROC;
- msg->seq = 0;
- msg->ack = 0;
- msg->flags = 0;
- msg->len = sizeof(int);
- *(int*)msg->data = PROC_CN_MCAST_LISTEN;
-
- if (-1 == send(nl_sock, hdr, hdr->nlmsg_len, 0)) {
- SEC_SVR_ERR("send failed: %s", strerror(errno));
- close(nl_sock);
- return SECURITY_SERVER_ERROR_SOCKET;
- }
-
- return SECURITY_SERVER_SUCCESS;
-}
-
-void handle_events(system_observer_config *data)
-{
- char buff[CONNECTOR_MAX_MSG_SIZE];
- struct nlmsghdr *hdr;
- struct proc_event *event;
-
- fd_set fds;
-
- while (1) {
- FD_ZERO(&fds);
- FD_SET(nl_sock, &fds);
-
- if (0 > select(nl_sock + 1, &fds, NULL, NULL, NULL)) {
- SEC_SVR_ERR("select failed: %s", strerror(errno));
- return;
- }
-
- /* If there were no events detected, return */
- if (!FD_ISSET(nl_sock, &fds)) {
- return;
- }
-
- /* if there are events, make calls */
- if (-1 == recv(nl_sock, buff, sizeof(buff), 0)) {
- SEC_SVR_ERR("recv failed: %s", strerror(errno));
- return;
- }
-
- hdr = (struct nlmsghdr*)buff;
-
- if (NLMSG_ERROR == hdr->nlmsg_type) {
- SEC_SVR_ERR("%s", "NLMSG_ERROR");
- } else if (NLMSG_DONE == hdr->nlmsg_type) {
- event = (struct proc_event*)((struct cn_msg*)NLMSG_DATA(hdr))->data;
- if (data->event_callback)
- (data->event_callback)(event);
- }
- }
-}
-
-void *system_observer_main(void *data)
-{
- if (SECURITY_SERVER_SUCCESS == connect_to_netlink()) {
- handle_events((system_observer_config*)data);
- close(nl_sock);
- }
- return NULL;
-}
-