Set smack label of the socket fd

If the user is root, aul socket sets the smack label to the file
descriptor for amd.

Change-Id: I3f1ce45c28d25903a88f171246e3133d31c0dd76
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>

diff --git a/src/aul/aul_sock.cc b/src/aul/aul_sock.cc
index a6a1ba33732872ef4ece8de72bdd5ab9d1385afa..833a7d494a328d920a614c84643ee0cfeee5d794 100644 (file)
--- a/src/aul/aul_sock.cc
+++ b/src/aul/aul_sock.cc
@@ -24,6 +24,7 @@
 #include <libgen.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/xattr.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <tzplatform_config.h>
@@ -364,6 +365,24 @@ unsigned int GetSocketTimeout(unsigned int timeout) {
   return std::min(std::max(timeout, SOCKET_TIMEOUT_MIN), SOCKET_TIMEOUT_MAX);
 }
 
+int SetSocketLabel(int fd) {
+  if (fsetxattr(fd, "security.SMACK64IPOUT", "@", 1, 0) < 0) {
+    if (errno != EOPNOTSUPP && errno != EPERM) {
+      _E("Failed to set smack label(IPOUT). fd=%d, errno=%d", fd, errno);
+      return -1;
+    }
+  }
+
+  if (fsetxattr(fd, "security.SMACK64IPIN", "*", 1, 0) < 0) {
+    if (errno != EOPNOTSUPP && errno != EPERM) {
+      _E("Failed to set smack label(IPIN). fd=%d, errno=%d", fd, errno);
+      return -1;
+    }
+  }
+
+  return 0;
+}
+
 SocketTimeout socket_timeout;
 SocketLink socket_link;
 
@@ -406,6 +425,13 @@ extern "C" API int aul_sock_create_server(int pid, uid_t uid) {
       return -1;
 
     ServerSocket socket;
+    if (getuid() == 0) {
+      if (SetSocketLabel(socket.GetFd()) != 0) {
+        _E("Failed to set socket label");
+        return -1;
+      }
+    }
+
     socket.Bind(path);
     aul_sock_set_sock_option(socket.GetFd(), 0);
     socket.Listen(128);