logger: use named pipes w/ User::App:Shared label

Unnamed pipes use the daemon's label which is `System::Run`,
preventing dlogutil from accessing them when ran without root.

Change-Id: I2f58b6bf0fb1572bfffdf5fe74b9596ee40688d9
Signed-off-by: Michal Bloch <m.bloch@samsung.com>

diff --git a/configs/dlog-run.conf b/configs/dlog-run.conf
index 4a9a528..ebd76f6 100644 (file)
--- a/configs/dlog-run.conf
+++ b/configs/dlog-run.conf
@@ -1 +1,6 @@
 d      /run/dlog       0755    log     log     -       -
+d      /run/dlog/priv  0700    log     log     -       -
+t      /run/dlog/priv  0700    log     log     -       security.SMACK64=System
+d      /run/dlog/priv/fifo     0700    log     log     -       -
+t      /run/dlog/priv/fifo     0700    log     log     -       security.SMACK64TRANSMUTE=TRUE
+t      /run/dlog/priv/fifo     0700    log     log     -       security.SMACK64=User::App::Shared

diff --git a/src/logger/logger.c b/src/logger/logger.c
index bc9a4e4..4a59d26 100755 (executable)
--- a/src/logger/logger.c
+++ b/src/logger/logger.c
@@ -1126,6 +1126,40 @@ static int reader_init_for_logger(struct reader *reader, const char *buf_name, s
        return (reader->read_fd >= 0 ? 0 : -errno);
 }
 
+static int create_fifo_fds(int fifo_id, int *write_fd, int *read_fd)
+{
+       assert(write_fd);
+       assert(read_fd);
+
+       char fifo_path[64];
+       if (snprintf(fifo_path, sizeof fifo_path, "/run/dlog/priv/fifo/%d", fifo_id) < 0)
+               return -errno;
+
+       if (mkfifo(fifo_path, 0600) < 0) {
+               assert(errno != EEXIST);
+               return -errno;
+       }
+
+       int ret = 0;
+
+       *read_fd = open(fifo_path, O_RDONLY | O_NONBLOCK);
+       if (*read_fd < 0) {
+               ret = -errno;
+               goto finish;
+       }
+
+       *write_fd = open(fifo_path, O_WRONLY | O_NONBLOCK);
+       if (*write_fd < 0) {
+               ret = -errno;
+               close(*read_fd);
+               goto finish;
+       }
+
+finish:
+       unlink(fifo_path);
+       return ret;
+}
+
 /**
  * @brief Parse a command line
  * @details Creates a reader from a parsed command line
@@ -1255,15 +1289,14 @@ static int parse_command_line(const char *cmdl, struct writer *wr, struct logger
                if (retval < 0)
                        goto cleanup;
 
-               int fds[2];
-               if (pipe2(fds, O_CLOEXEC | O_NONBLOCK) < 0) {
-                       retval = -errno;
+               int write_fd = -1, read_fd = -1;
+               if (create_fifo_fds(wr->fd_entity.fd, &write_fd, &read_fd) < 0)
                        goto cleanup;
-               }
-               set_write_fd_entity(&reader->fd_entity, fds[1]);
+
+               set_write_fd_entity(&reader->fd_entity, write_fd);
                assert(wr);
-               retval = send_pipe(wr->fd_entity.fd, fds[0], DLOG_FLAG_READ);
-               close(fds[0]);
+               retval = send_pipe(wr->fd_entity.fd, read_fd, DLOG_FLAG_READ);
+               close(read_fd);
                if (retval)
                        goto cleanup;
        }