${CMAKE_CURRENT_SOURCE_DIR}/launcher.cpp
)
+ADD_DEFINITIONS("-DLAUNCHER_USER=\"${APP_ENCRYPTION_DIR}/${TARGET_LAUNCHER_USER}\"")
+
ADD_EXECUTABLE(${TARGET_LAUNCHER} ${LAUNCHER_SOURCES})
TARGET_LINK_LIBRARIES(${TARGET_LAUNCHER}
return 1;
}
+ // prevent capabilities drop
+ if (0 != prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
+ std::cerr << "prctl() failed" << std::endl;
+ return 1;
+ }
+
// uid / gid (because real uid is not affected by chmod)
passwd* pw = getpwnam(OWNER);
if (pw == NULL) {
}
// launch helper binary with smack exec label = User
- std::string launcher_user = std::string(argv[0]) + "_user";
-
- char* user_argv[argc+1];
- user_argv[0] = strdup(launcher_user.c_str());
+ char* userArgv[argc+1];
+ userArgv[0] = strdup(LAUNCHER_USER);
for (int i = 1; i < argc; i++)
- user_argv[i] = argv[i];
- user_argv[argc] = NULL;
+ userArgv[i] = argv[i];
+ userArgv[argc] = NULL;
char* envp[] = { NULL };
- execve(user_argv[0], user_argv, envp);
+
+ execve(userArgv[0], userArgv, envp);
std::cerr << "execve() failed" << std::endl;
- free(user_argv[0]);
+ free(userArgv[0]);
return 1;
}
return 0;
projects / platform / core / security / security-manager.git / commitdiff