/*
- * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2016-2023 Samsung Electronics Co., Ltd. All rights reserved.
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
}
public:
- TaskData(const ::std::string &taskId, BitFlags checkProperDropFlags)
- : m_label(SmackLabels::getSmackLabelFromPid(::std::stoul(taskId)))
- {
+ TaskData() {}
+
+ void initialize(const ::std::string &taskId, BitFlags checkProperDropFlags) {
+ m_label = SmackLabels::getSmackLabelFromPid(::std::stoul(taskId));
::std::string taskRoot = "/proc/self/task/" + taskId + "/";
fillStatus(taskRoot);
fillNs(taskRoot, checkProperDropFlags);
checkCaps(m_capEff);
}
+
+ TaskData(const ::std::string &taskId, BitFlags checkProperDropFlags)
+ {
+ initialize(taskId, checkProperDropFlags);
+ }
+
+
void checkSameAs(const TaskData &other) const {
checkSame(m_label, other.m_label, "label");
checkSame(m_uid, other.m_uid, "uid");
if (taskIds.empty())
ThrowMsg(DropError, "no tasks found");
- TaskData lastTaskData(taskIds.back(), checkProperDropFlags);
+ TaskData lastTaskData;
+ try {
+ lastTaskData.initialize(taskIds.back(), checkProperDropFlags);
+ } catch (...) {
+ LogError("Offending taskId is: " << taskIds.back());
+ throw;
+ }
+
taskIds.pop_back();
for (const auto &taskId : taskIds)
- TaskData(taskId, checkProperDropFlags).checkSameAs(lastTaskData);
+ try {
+ TaskData(taskId, checkProperDropFlags).checkSameAs(lastTaskData);
+ } catch (...) {
+ LogError("Offending taskId is: " << taskId);
+ throw;
+ }
}
} // namespace CheckProperDrop
CheckProperDrop::checkThreads(prepareAppFlags >> PREPARE_APP_CPD_FLAG_SHIFT);
} catch (...) {
LogError("Privileges haven't been properly dropped for the whole process of application " << app_name);
- throw;
+ /*
+ * Not all app candidate processes behave properly and some may want to spawn
+ * new threads during this API call. This abort() below makes sure the process will:
+ *
+ * 1) not allow actual applicaton run in environment where there's a thread that still has high privileges
+ * 2) make sure a coredump will be created so that it can be analyzed later which thread caused troubles
+ *
+ * This will effectively block possible privilege escalation in application due to improper setup of
+ * the candidate process.
+ */
+ abort();
}
LogWarning("security_manager_prepare_app2() finished with return code " << ret);