framework/service/server-service.cpp
framework/service/thread-pool.cpp
framework/service/core-usage.cpp
+ framework/service/fs-utils.cpp
+ framework/service/access-control.cpp
framework/service/file-system.cpp
framework/service/app-deleter.cpp
framework/service/cs-loader.cpp
common/mainloop.cpp
common/service.cpp
common/socket.cpp
+ common/credential.cpp
)
INCLUDE_DIRECTORIES(
return m_socket.getFd();
}
+const Credential &Connection::getCredential()
+{
+ if (m_cred)
+ return *m_cred;
+
+ m_cred = Credential::get(getFd());
+
+ return *m_cred;
+}
+
}
#include "common/socket.h"
#include "common/types.h"
+#include "common/credential.h"
namespace Csr {
void send(const RawBuffer &) const;
RawBuffer receive(void) const;
int getFd(void) const;
+ const Credential &getCredential();
private:
Socket m_socket;
mutable std::mutex m_mSend;
mutable std::mutex m_mRecv;
+
+ std::unique_ptr<Credential> m_cred;
};
using ConnShPtr = std::shared_ptr<Connection>;
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file credential.cpp
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#include "common/credential.h"
+
+#include <vector>
+#include <sys/socket.h>
+#include <sys/smack.h>
+
+#include "common/exception.h"
+
+namespace Csr {
+
+Credential::Credential(uid_t _uid, gid_t _gid, const std::string &_label) :
+ uid(_uid), gid(_gid), label(_label) {}
+
+std::unique_ptr<Credential> Credential::get(int sockfd)
+{
+ std::unique_ptr<Credential> c;
+
+ struct ucred cred;
+ socklen_t lenCred = sizeof(ucred);
+
+ if (getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cred, &lenCred) != 0)
+ ThrowExc(InternalError, "getsockopt peercred failed. errno: " << errno);
+
+ std::vector<char> label(SMACK_LABEL_LEN + 1, '0');
+ socklen_t lenLabel = SMACK_LABEL_LEN;
+
+ if (getsockopt(sockfd, SOL_SOCKET, SO_PEERSEC, label.data(), &lenLabel) != 0)
+ ThrowExc(InternalError, "getsockopt peersec failed. errno: " << errno);
+
+ return std::unique_ptr<Credential>(new Credential(cred.uid, cred.gid,
+ std::string(label.data(), lenLabel)));
+
+}
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file credential.h
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#pragma once
+
+#include <memory>
+#include <string>
+#include <sys/types.h>
+
+namespace Csr {
+
+struct Credential {
+ uid_t uid;
+ gid_t gid;
+ std::string label;
+
+ static std::unique_ptr<Credential> get(int sockfd);
+
+private:
+ explicit Credential(uid_t, gid_t, const std::string &);
+};
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file access-control.cpp
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#include "service/access-control.h"
+
+#include <memory>
+#include <cstring>
+#include <sys/smack.h>
+
+#include "common/audit/logger.h"
+#include "common/exception.h"
+#include "service/fs-utils.h"
+
+namespace Csr {
+
+namespace {
+
+bool hasPermToWriteDac(const Credential &cred, const std::string &filepath)
+{
+ auto statptr = getStat(filepath);
+ return (cred.uid == statptr->st_uid && (statptr->st_mode & S_IWUSR)) ||
+ (cred.gid == statptr->st_gid && (statptr->st_mode & S_IWGRP)) ||
+ (statptr->st_mode & S_IWOTH);
+}
+
+bool hasPermToWriteMac(const Credential &cred, const std::string &filepath)
+{
+ char *label = nullptr;
+ int ret = smack_getlabel(filepath.c_str(), &label, SMACK_LABEL_ACCESS);
+ if (ret != 0)
+ ThrowExc(InternalError, "get smack label failed from file: " << filepath <<
+ " ret: " << ret);
+
+ std::unique_ptr<char, void(*)(void *)> labelptr(label, ::free);
+
+ ret = smack_have_access(cred.label.c_str(), label, "w");
+ if (ret == -1)
+ ThrowExc(InternalError, "smack_have_access err on file: " << filepath <<
+ " errno: " << errno);
+
+ return ret == 1;
+}
+
+} // namespace anonymous
+
+bool hasPermToRemove(const Credential &cred, const std::string &filepath)
+{
+ auto parent = filepath.substr(0, filepath.find_last_of('/'));
+
+ return hasPermToWriteDac(cred, parent) && hasPermToWriteMac(cred, parent);
+
+}
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file access-control.h
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#pragma once
+
+#include <string>
+
+#include "common/credential.h"
+
+namespace Csr {
+
+// filepath should be absolute and not ended with '/'
+bool hasPermToRemove(const Credential &cred, const std::string &filepath);
+
+}
#include <cstdio>
#include <cstring>
#include <cerrno>
-#include <sys/stat.h>
-#include "service/app-deleter.h"
#include "common/audit/logger.h"
#include "common/exception.h"
+#include "service/app-deleter.h"
+#include "service/fs-utils.h"
namespace Csr {
-namespace {
-
-std::unique_ptr<struct stat> getStat(const std::string &target)
-{
- std::unique_ptr<struct stat> statptr(new struct stat);
- memset(statptr.get(), 0x00, sizeof(struct stat));
-
- if (stat(target.c_str(), statptr.get()) != 0) {
- if (errno == ENOENT) {
- WARN("target not exist: " << target);
- } else {
- ERROR("stat() failed on target: " << target << " errno: " << errno);
- }
-
- return nullptr;
- }
-
- return statptr;
-}
-
-} // namespace anonymous
-
const char *APP_DIRS[4] = {
// Tizen 2.4 app directories
"^(/usr/apps/([^/]+))", // /usr/apps/{pkgid}/
//"^(/sdcard/apps/([^/]+)/apps_rw/([^/]+))" // /sdcard/apps/{user}/apps_rw/{pkgid}/
};
-//===========================================================================
-// File
-//===========================================================================
std::vector<std::regex> File::m_regexprs;
File::File(const std::string &fpath) : m_path(fpath), m_inApp(false)
}
}
-bool File::remove()
+bool File::remove() const
{
if (m_inApp)
return AppDeleter::remove(m_appPkgId);
const std::string &getAppUser() const;
const std::string &getAppPkgPath() const;
- bool remove();
+ bool remove() const;
// throws FileNotExist and FileSystemError
static FilePtr create(const std::string &fpath, time_t modifiedSince = -1);
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file fs-utils.cpp
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#include "service/fs-utils.h"
+
+#include <cstring>
+#include <cerrno>
+
+#include "common/audit/logger.h"
+
+namespace Csr {
+
+std::unique_ptr<struct stat> getStat(const std::string &target)
+{
+ std::unique_ptr<struct stat> statptr(new struct stat);
+ memset(statptr.get(), 0x00, sizeof(struct stat));
+
+ if (stat(target.c_str(), statptr.get()) != 0) {
+ if (errno == ENOENT) {
+ WARN("target not exist: " << target);
+ } else {
+ ERROR("stat() failed on target: " << target << " errno: " << errno);
+ }
+
+ return nullptr;
+ }
+
+ return statptr;
+}
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file fs-utils.h
+ * @author Kyungwook Tak (k.tak@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+#pragma once
+
+#include <memory>
+#include <string>
+#include <sys/stat.h>
+
+namespace Csr {
+
+std::unique_ptr<struct stat> getStat(const std::string &target);
+
+}
${CSR_FW_SRC_PATH}/db/statement.cpp
${CSR_FW_SRC_PATH}/db/manager.cpp
${CSR_FW_SRC_PATH}/service/core-usage.cpp
+ ${CSR_FW_SRC_PATH}/service/fs-utils.cpp
+ ${CSR_FW_SRC_PATH}/service/access-control.cpp
${CSR_FW_SRC_PATH}/service/file-system.cpp
${CSR_FW_SRC_PATH}/service/app-deleter.cpp
${CSR_FW_SRC_PATH}/service/cs-loader.cpp