BuildRequires: libattr-devel
BuildRequires: pkgconfig(libsmack)
BuildRequires: pkgconfig(libsystemd-daemon)
-BuildRequires: pkgconfig(vconf)
BuildRequires: pkgconfig(libsystemd-journal)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(capi-system-info)
%package -n key-manager-listener
Summary: Package with listener daemon
Group: System/Security
-BuildRequires: pkgconfig(vconf)
BuildRequires: pkgconfig(glib-2.0)
+BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(capi-appfw-package-manager)
Requires: libkey-manager-client = %{version}-%{release}
%cmake . -DVERSION=%{version} \
-DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \
-DCMAKE_VERBOSE_MAKEFILE=ON \
-%if "%{sec_product_feature_security_mdfpp_enable}" == "1"
- -DSECURITY_MDFPP_STATE_ENABLE=1 \
-%endif
-DSYSTEMD_UNIT_DIR=%{_unitdir} \
-DSYSTEMD_ENV_FILE="/etc/sysconfig/central-key-manager" \
-DMOCKUP_SM=%{?mockup_sm:%mockup_sm}%{!?mockup_sm:OFF}
#include <ckm/ckm-type.h>
#include <dlog.h>
-#ifdef SECURITY_MDFPP_STATE_ENABLE
-#include <vconf/vconf.h>
-#endif
-
-#define CKM_LISTENER_TAG "CKM_LISTENER"
-
-#if defined(SECURITY_MDFPP_STATE_ENABLE) && !defined(VCONFKEY_SECURITY_MDPP_STATE)
-#define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
+#ifdef LOG_TAG
+#undef LOG_TAG
#endif
+#define LOG_TAG "CKM_LISTENER"
namespace {
const char* const CKM_LOCK = "/var/run/key-manager.pid";
return (0 != ret);
}
-#ifdef SECURITY_MDFPP_STATE_ENABLE
-void callUpdateCCMode()
-{
- if(!isCkmRunning())
- return;
-
- auto control = CKM::Control::create();
- int ret = control->updateCCMode();
-
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "Callback caller process id : %d\n", getpid());
-
- if ( ret != CKM_API_SUCCESS )
- SLOG(LOG_ERROR, CKM_LISTENER_TAG, "CKM::Control::updateCCMode error. ret : %d\n", ret);
- else
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "CKM::Control::updateCCMode success.\n");
-}
-
-void ccModeChangedEventCallback(keynode_t*, void*)
-{
- callUpdateCCMode();
-}
-#endif
-
-
void packageUninstalledEventCallback(
const char *type,
const char *package,
if (eventType != PACKAGE_MANAGER_EVENT_TYPE_UNINSTALL ||
eventState != PACKAGE_MANAGER_EVENT_STATE_STARTED ||
- package == NULL) {
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "PackageUninstalled Callback error of Invalid Param");
- }
- else {
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "PackageUninstalled Callback. Uninstalation of: %s", package);
- auto control = CKM::Control::create();
- int ret = 0;
- if ( CKM_API_SUCCESS != (ret = control->removeApplicationData(std::string(package))) ) {
- SLOG(LOG_ERROR, CKM_LISTENER_TAG, "CKM::Control::removeApplicationData error. ret : %d\n", ret);
- }
- else {
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG,
- "CKM::Control::removeApplicationData success. Uninstallation package : %s\n", package);
- }
+ package == NULL)
+ return;
+
+ SLOGD("PackageUninstalled Callback. Uninstalation of: %s", package);
+
+ if (!isCkmRunning()) {
+ SLOGE("package uninstall event recieved but ckm isn't running!");
+ return;
}
+
+ auto control = CKM::Control::create();
+ int ret = control->removeApplicationData(std::string(package));
+ if (ret != CKM_API_SUCCESS)
+ SLOGE("CKM::Control::removeApplicationData error. ret : %d", ret);
+ else
+ SLOGD("CKM::Control::removeApplicationData success. Uninstallation package : %s", package);
}
-int main(void) {
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "%s", "Start!");
+int main(void)
+{
+ SLOGD("Start!");
- // Let's start to listen
GMainLoop *main_loop = g_main_loop_new(NULL, FALSE);
package_manager_h request;
package_manager_create(&request);
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register uninstalledApp event callback start");
+ SLOGD("register uninstalledApp event callback start");
if (0 != package_manager_set_event_cb(request, packageUninstalledEventCallback, NULL)) {
- SLOG(LOG_ERROR, CKM_LISTENER_TAG, "%s", "Error in package_manager_set_event_cb");
+ SLOGE("Error in package_manager_set_event_cb");
exit(-1);
}
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register uninstalledApp event callback success");
-
-#ifdef SECURITY_MDFPP_STATE_ENABLE
- int ret = 0;
- char *mdpp_state = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
- if ( mdpp_state ) { // Update cc mode and register event callback only when mdpp vconf key exists
- callUpdateCCMode();
-
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register vconfCCModeChanged event callback start");
- if ( 0 != (ret = vconf_notify_key_changed(VCONFKEY_SECURITY_MDPP_STATE, ccModeChangedEventCallback, NULL)) ) {
- SLOG(LOG_ERROR, CKM_LISTENER_TAG, "Error in vconf_notify_key_changed. ret : %d", ret);
- exit(-1);
- }
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "register vconfCCModeChanged event callback success");
- }
- else
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG,
- "vconfCCModeChanged event callback is not registered. No vconf key exists : %s", VCONFKEY_SECURITY_MDPP_STATE);
-#endif
-
- SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "%s", "Ready to listen!");
+ SLOGD("Ready to listen!");
g_main_loop_run(main_loop);
+
return 0;
}
#include <ckm/ckm-type.h>
#include <openssl/crypto.h>
-#ifdef SECURITY_MDFPP_STATE_ENABLE
-#include <vconf/vconf.h>
-#endif
-
-#if defined(SECURITY_MDFPP_STATE_ENABLE) && !defined(VCONFKEY_SECURITY_MDPP_STATE)
-#define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
-#endif
-
namespace {
-const char* const MDPP_MODE_ENFORCING = "Enforcing";
-const char* const MDPP_MODE_ENABLED = "Enabled";
-const char* const MDPP_MODE_DISABLED = "Disabled";
-const uid_t SYSTEM_SVC_MAX_UID = (5000 - 1);
+const uid_t SYSTEM_SVC_MAX_UID = (5000 - 1);
} // anonymous namespace
namespace CKM {
-void AccessControl::updateCCMode() {
- int fipsModeStatus = 0;
- int rc = 0;
- bool newMode;
-
-#ifdef SECURITY_MDFPP_STATE_ENABLE
- char *mdppState = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
-#else
- char *mdppState = NULL;
-#endif
- newMode = ( mdppState && (!strcmp(mdppState, MDPP_MODE_ENABLED) ||
- !strcmp(mdppState, MDPP_MODE_ENFORCING) ||
- !strcmp(mdppState, MDPP_MODE_DISABLED)));
+void AccessControl::updateCCMode()
+{
+ /* newMode should be extracted from global property like buxton in product */
+ bool newMode = false;
+
if (newMode == m_ccMode)
return;
- m_ccMode = newMode;
+ int iNewMode = newMode ? 1 : 0;
- fipsModeStatus = FIPS_mode();
-
- if(m_ccMode) {
- if(fipsModeStatus == 0) { // If FIPS mode off
- rc = FIPS_mode_set(1); // Change FIPS_mode from off to on
- if(rc == 0) {
- LogError("Error in FIPS_mode_set function");
- }
- }
- } else {
- if(fipsModeStatus == 1) { // If FIPS mode on
- rc = FIPS_mode_set(0); // Change FIPS_mode from on to off
- if(rc == 0) {
- LogError("Error in FIPS_mode_set function");
- }
- }
+ if (FIPS_mode_set(iNewMode) == 0) {
+ LogError("Error to FIPS_mode_set with param " << iNewMode);
+ return;
}
+
+ m_ccMode = newMode;
}
bool AccessControl::isCCMode() const
projects / platform / core / security / key-manager.git / commitdiff