Remove smack dependency

Replace libsmack and smack related functions with cynara and
security-manager's API.

Remove dependencies.

Leaving the following smack related configuration unchanged. It will be
ignored on no-smack images:
- smack related entries in service configuration,
- smack manifests.

Change-Id: I25e17309be2ac12f3b44e9177bc1542835c557cc

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4bf3647c94dbf370e9ab494b5ea5c7236c30430c..4ca749541b94a0b1deb94a2f085721ff84b3ca75 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -48,7 +48,6 @@ ADD_DEFINITIONS("-Wextra")                      # Generate even more extra warni
 
 STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
 ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
-ADD_DEFINITIONS("-DSMACK_ENABLED")
 ADD_DEFINITIONS("-DSQLITE_HAS_CODEC")
 ADD_DEFINITIONS("-DDUMP_LEGACY_DB_LIBNAME=\"${DUMP_LEGACY_DB_LIBNAME}\"")
 ADD_DEFINITIONS("-DLIB_INSTALL_DIR=\"${LIB_INSTALL_DIR}\"")
@@ -130,7 +129,6 @@ PKG_CHECK_MODULES(KEY_MANAGER_DEP
     dlog
     glib-2.0
     openssl3
-    libsmack
     libsystemd
     capi-base-common
     capi-system-info

diff --git a/misc/CMakeLists.txt b/misc/CMakeLists.txt
index bc9c46dac8622d1a709e07a9e08b669cd46d2410..ac71a1aed036c84643dc83a55aee174dd2c00170 100644 (file)
--- a/misc/CMakeLists.txt
+++ b/misc/CMakeLists.txt
@@ -47,7 +47,14 @@ INSTALL(TARGETS ${CKM_TOOL}
      )
 ADD_SUBDIRECTORY(ckm_db_tool)
 ADD_SUBDIRECTORY(ckm_initial_values)
-ADD_SUBDIRECTORY(encryption_scheme)
+IF (SMACK_ENABLED)
+    ADD_SUBDIRECTORY(encryption_scheme)
+ENDIF (SMACK_ENABLED)
 ADD_SUBDIRECTORY(db_perf)
 ADD_SUBDIRECTORY(update_perf)
-ADD_SUBDIRECTORY(encryption_perf)
\ No newline at end of file
+ADD_SUBDIRECTORY(encryption_perf)
+
+CONFIGURE_FILE(
+    ${PROJECT_SOURCE_DIR}/packaging/key-manager-misc.manifest.in
+    ${PROJECT_SOURCE_DIR}/key-manager-misc.manifest @ONLY
+)

diff --git a/misc/ckm_db_tool/CMakeLists.txt b/misc/ckm_db_tool/CMakeLists.txt
index d0a6d075a6668af12edfa71e0e310cb4d7ebc843..c4dbcaea9a1755034db20350bd7add7e21352ef2 100644 (file)
--- a/misc/ckm_db_tool/CMakeLists.txt
+++ b/misc/ckm_db_tool/CMakeLists.txt
@@ -47,7 +47,6 @@ SET(CKM_DB_TOOLS_SOURCES
     ${KEY_MANAGER_PATH}/initial-values/xml-utils.cpp
     ${KEY_MANAGER_PATH}/main/cynara.cpp
     ${KEY_MANAGER_PATH}/main/generic-socket-manager.cpp
-    ${KEY_MANAGER_PATH}/main/smack-check.cpp
     ${KEY_MANAGER_PATH}/main/socket-2-id.cpp
     ${KEY_MANAGER_PATH}/main/socket-manager.cpp
     ${KEY_MANAGER_PATH}/main/thread-service.cpp

diff --git a/misc/encryption_scheme/CMakeLists.txt b/misc/encryption_scheme/CMakeLists.txt
index 2eac231cab151e862e8512e8e4e90087bf7ee08d..04c9e98d3a17e660efc65244058a0b7f766da8a6 100644 (file)
--- a/misc/encryption_scheme/CMakeLists.txt
+++ b/misc/encryption_scheme/CMakeLists.txt
@@ -3,9 +3,14 @@ FIND_PACKAGE(Threads REQUIRED)
 ADD_DEFINITIONS("-DBOOST_TEST_DYN_LINK")
 ADD_DEFINITIONS("-DMISC_DIR=\"${MISC_DIR}\"")
 
+PKG_CHECK_MODULES(MISC_DEP
+    REQUIRED
+    libsmack
+    )
+
 SET(MANAGER_PATH ${PROJECT_SOURCE_DIR}/src/manager)
 
-INCLUDE_DIRECTORIES(SYSTEM ${KEY_MANAGER_DEP_INCLUDE_DIRS})
+INCLUDE_DIRECTORIES(SYSTEM ${KEY_MANAGER_DEP_INCLUDE_DIRS} ${MISC_DEPS_INCLUDE_DIRS})
 
 INCLUDE_DIRECTORIES(
     ${MANAGER_PATH}/dpl/db/include
@@ -24,6 +29,7 @@ SET(ENCRYPTION_SCHEME_COMMON_LINK_OPTIONS
     ${TARGET_KEY_MANAGER_CLIENT}
     ${TARGET_KEY_MANAGER_CONTROL_CLIENT}
     ${KEY_MANAGER_DEP_LIBRARIES}
+    ${MISC_DEP_LIBRARIES}
     ${CMAKE_THREAD_LIBS_INIT}
     boost_unit_test_framework
     -ldl
@@ -95,8 +101,3 @@ INSTALL(
         key-32bit
     DESTINATION ${MISC_DIR}
 )
-
-CONFIGURE_FILE(
-    ${PROJECT_SOURCE_DIR}/packaging/key-manager-misc.manifest.in
-    ${PROJECT_SOURCE_DIR}/key-manager-misc.manifest @ONLY
-)

diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec
index 46a411250791e3ae35529e04ecfa0af45e848a0f..276180993320222a80480bc931847a34b9042cd9 100644 (file)
--- a/packaging/key-manager.spec
+++ b/packaging/key-manager.spec
@@ -26,7 +26,6 @@ BuildRequires: zip
 BuildRequires: pkgconfig(dlog)
 BuildRequires: pkgconfig(openssl3)
 BuildRequires: libattr-devel
-BuildRequires: pkgconfig(libsmack)
 BuildRequires: pkgconfig(libsystemd)
 BuildRequires: pkgconfig(libxml-2.0)
 BuildRequires: pkgconfig(capi-system-info)
@@ -52,6 +51,9 @@ BuildRequires: lcov
 %endif
 BuildRequires: pkgconfig(capi-system-resource)
 BuildRequires: liboqs
+%if "%{?dev_wos}" != "1"
+Requires:      smack
+%endif
 
 %{?systemd_requires}
 
@@ -128,6 +130,10 @@ Group:      Security/Testing
 License:    Apache-2.0 and BSL-1.0
 Requires:   boost-test
 Requires:   key-manager = %{version}-%{release}
+%if "%{?dev_wos}" != "1"
+BuildRequires: pkgconfig(libsmack)
+%endif
+
 
 %description -n key-manager-misc
 Miscellaneous tools and tests for key-manager.
@@ -220,6 +226,9 @@ export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions"
         -DCOVERAGE_DIR=%{coverage_dir} \
 %if %{coverage_only}
         -DCOVERAGE_ONLY=ON \
+%endif
+%if "%{?dev_wos}" != "1"
+        -DSMACK_ENABLED=ON \
 %endif
         -DDUMP_LEGACY_DB_LIBNAME=%{dump_legacy_db_libname}
 
@@ -287,7 +296,9 @@ if [ $1 = 2 ]; then
     # update
 
     # In ckm version <= 0.1.18 all files were owned by root.
+%if "%{?dev_wos}" != "1"
     find %{rw_data_dir} -exec chsmack -a %{smack_domain_name} {} \;
+%endif
     chown %{user_name}:%{group_name} -R %{rw_data_dir}
     systemctl restart central-key-manager.service
 fi
@@ -388,15 +399,17 @@ fi
 %manifest key-manager-misc.manifest
 %license LICENSE
 %license LICENSE.BSL-1.0
-%{bin_dir}/ckm-scheme-test
+%if "%{?dev_wos}" != "1"
+    %{bin_dir}/ckm-scheme-test
+    %{bin_dir}/ckm_generate_db
+    %misc_dir
+%endif
 %{bin_dir}/ckm_so_loader
 %{bin_dir}/ckm_db_tool
 %{bin_dir}/ckm_db_merge
-%{bin_dir}/ckm_generate_db
 %{bin_dir}/ckm_db_perf
 %{bin_dir}/ckm_enc_perf
 %{bin_dir}/ckm_update_perf
-%misc_dir
 
 %endif
 

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 2c82fe42d5398af4c32b27f64fd3c92d9ab5f0bc..9d7aa6860f9abeb68ea96ea59b3dfeafe7a0c910 100644 (file)
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -7,7 +7,6 @@ SET(KEY_MANAGER_SOURCES
     ${KEY_MANAGER_PATH}/main/cynara.cpp
     ${KEY_MANAGER_PATH}/main/generic-socket-manager.cpp
     ${KEY_MANAGER_PATH}/main/key-manager-main.cpp
-    ${KEY_MANAGER_PATH}/main/smack-check.cpp
     ${KEY_MANAGER_PATH}/main/socket-2-id.cpp
     ${KEY_MANAGER_PATH}/main/socket-manager.cpp
     ${KEY_MANAGER_PATH}/main/thread-service.cpp

diff --git a/src/manager/CMakeLists.txt b/src/manager/CMakeLists.txt
index effc99ab42c5af91b5b11debc71065d2b7e8df44..6d46cbd2173f5c720ae5595cb0c0b1a8d0d8952b 100644 (file)
--- a/src/manager/CMakeLists.txt
+++ b/src/manager/CMakeLists.txt
@@ -2,7 +2,6 @@ PKG_CHECK_MODULES(COMMON_DEP
     REQUIRED
     dlog
     openssl3
-    libsmack
     libsystemd
     )
 

diff --git a/src/manager/main/smack-check.cpp b/src/manager/main/smack-check.cpp
deleted file mode 100644 (file)
index 5e9344d..0000000
--- a/src/manager/main/smack-check.cpp
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- *  Copyright (c) 2014 - 2018 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License
- */
-
-#include <smack-check.h>
-
-#include <stdlib.h>
-#include <sys/smack.h>
-
-#include <dpl/log/log.h>
-
-namespace CKM {
-
-int smack_runtime_check(void)
-{
-       static int smack_present = -1;
-
-       if (-1 == smack_present) {
-               if (NULL == smack_smackfs_path()) {
-                       LogDebug("no smack found on device");
-                       smack_present = 0;
-               } else {
-                       LogDebug("found smack on device");
-                       smack_present = 1;
-               }
-       }
-
-       return smack_present;
-}
-
-int smack_check(void)
-{
-#ifndef SMACK_ENABLED
-       return 0;
-#else
-       return smack_runtime_check();
-#endif
-}
-
-} // namespace CKM

diff --git a/src/manager/main/smack-check.h b/src/manager/main/smack-check.h
deleted file mode 100644 (file)
index 41fffa1..0000000
--- a/src/manager/main/smack-check.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- *  ckm-manager
- *
- *  Copyright (c) 2000-2019 Samsung Electronics Co., Ltd. All rights reserved
- *
- *  Contact: Dongsun Lee <ds73.lee@samsung.com>
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License
- */
-
-#ifndef _SMACK_CHECK_H_
-#define _SMACK_CHECK_H_
-
-namespace CKM {
-
-/*
- * A very simple runtime check for SMACK on the platform
- * Returns 1 if SMACK is present, 0 otherwise
- */
-
-int smack_runtime_check(void);
-
-/*
- * A very simple runtime check for SMACK on the platform
- * Returns 1 if SMACK is present, 0 otherwise. If SMACK_ENABLED is not defined
- * It returns 0.
- */
-int smack_check(void);
-
-} // namespace CKM
-
-#endif // _SMACK_CHECK_H_

diff --git a/src/manager/main/socket-2-id.cpp b/src/manager/main/socket-2-id.cpp
index 29defbb8f1a46d70034ee7793a0237e6a2642708..6240a29dbe139a3d59889435c12b8f88c645eb39 100644 (file)
--- a/src/manager/main/socket-2-id.cpp
+++ b/src/manager/main/socket-2-id.cpp
@@ -26,145 +26,33 @@
 #include "protocols.h"
 #include "security-manager.h"
 
-#include <sys/smack.h>
 #include <sys/types.h>
+#include <sys/socket.h>
 
 
 namespace CKM {
 
-namespace {
+namespace Socket2Id {
 
-int getPkgIdFromSocket(int sock, std::string &pkgId)
-{
-       char *pkg = nullptr;
-
-       int ret = security_manager_identify_app_from_socket(sock, &pkg, nullptr);
-
-       if (ret == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT) {
-               LogInfo("Owner of socket is not connected with pkgid. "
-                               "This case must be special-labled client. e.g. User, System");
-               return 1;
-       }
-
-       if (ret != SECURITY_MANAGER_SUCCESS) {
-               LogError("security_manager_identify_app_from_socket failed with error: "
-                                << ret);
-               return -1;
-       }
-
-       pkgId = pkg;
-       free(pkg);
-       LogDebug("Socket: " << sock << " Was translated to owner id: " << pkgId);
-       return 0;
-}
-
-int assignToString(std::vector<char> &vec, socklen_t len, std::string &res)
-{
-       if (vec.size() <= len)
-               return -1;
-
-       vec[len] =
-               0;            // old implementation getsockopt returns cstring without 0
-
-       if (vec[len - 1] == 0)
-               --len;               // new implementation of getsockopt returns cstring size+1
-
-       res.assign(vec.data(), len);
-       return 0;
-}
-
-} // namespace anonymous
-
-int Socket2Id::getPeerCred(int sock, ucred &peerCred)
+bool translate(int sock, const std::string& cynaraClient, CKM::Credentials &creds)
 {
+       ucred peerCred;
        socklen_t length = sizeof(ucred);
-
        if (0 > getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &peerCred, &length)) {
                LogError("getsockopt failed");
-               return -1;
-       }
-       return 0;
-}
-
-int Socket2IdSmack::getCredentialsFromSocket(int sock, std::string &res)
-{
-       std::vector<char> result(SMACK_LABEL_LEN + 1);
-       socklen_t length = SMACK_LABEL_LEN;
-
-       if (0 == getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length))
-               return assignToString(result, length, res);
-
-       if (errno != ERANGE) {
-               LogError("getsockopt failed with errno: " << errno);
-               return -1;
-       }
-
-       result.resize(length + 1);
-
-       if (0 > getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length)) {
-               LogError("getsockopt failed with errno: " << errno);
-               return -1;
-       }
-
-       return assignToString(result, length, res);
-}
-
-void Socket2IdSmack::mapToDomainClient(std::string &pkgId)
-{
-       static const std::string subdomainSep = "::";
-       static const auto systemClientLen = strlen(CLIENT_ID_SYSTEM);
-
-       if (pkgId.length() > systemClientLen + subdomainSep.length() &&
-               pkgId.compare(0, systemClientLen, CLIENT_ID_SYSTEM) == 0 &&
-               pkgId.compare(systemClientLen, subdomainSep.length(), subdomainSep) == 0) {
-               pkgId = CLIENT_ID_SYSTEM;
+               return false;
        }
-}
-
-int Socket2IdSmack::translate(int sock, CKM::Credentials &creds)
-{
-       ucred peerCred;
-       if (0 > Socket2Id::getPeerCred(sock, peerCred))
-               return -1;
-
-       creds.clientUid = peerCred.uid;
-
-       std::string smack;
-
-       if (0 > getCredentialsFromSocket(sock, smack))
-               return -1;
-
-       auto it = m_smack2pkgId.find(smack);
-
-       if (it != m_smack2pkgId.end()) {
-               creds.client = it->second;
-               return 0;
-       }
-
-       std::string pkgId;
-       int retCode = getPkgIdFromSocket(sock, pkgId);
-
-       if (retCode < 0)
-               return -1;
-
-       if (retCode == 1) {
-               LogInfo("Special smack label case. label: " << smack);
-               pkgId = "/" + smack;
-       }
-
-       mapToDomainClient(pkgId);
-
-       creds.client = pkgId;
-       m_smack2pkgId.emplace(std::move(smack), std::move(pkgId));
-       return 0;
-}
-
-int Socket2IdDac::translate(int sock, CKM::Credentials &creds)
-{
-       ucred peerCred;
-       if (0 > Socket2Id::getPeerCred(sock, peerCred))
-               return -1;
 
+       /*
+        * Get user on behalf of which the app is running.
+        *
+        * For smack it will simply return the process uid.
+        *
+        * For uid sandboxing it will return:
+        * - the user which started the app using security_manager_prepare_app2()
+        * - SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT if it's a system service, or some other process not
+        *   started with security_manager_prepare_app2()
+        */
        int ret = security_manager_get_app_owner_uid(peerCred.pid, &creds.clientUid);
        if (ret == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT) {
                if (AccessControl::isSystemService(peerCred.uid)) {
@@ -175,15 +63,60 @@ int Socket2IdDac::translate(int sock, CKM::Credentials &creds)
                        creds.client = CLIENT_ID_UNKNOWN;
                }
                creds.clientUid = peerCred.uid;
-               return 0;
-       } else if (ret != SECURITY_MANAGER_SUCCESS) {
-               LogError("security_manager_get_app_owner_uid failed");
-               return -1;
+               return true;
        }
 
-       int retCode = getPkgIdFromSocket(sock, creds.client);
-       return retCode < 0 ? -1: 0;
+       if (ret != SECURITY_MANAGER_SUCCESS) {
+               LogError("security_manager_get_app_owner_uid failed with " << ret);
+               return false;
+       }
+
+       /*
+        * At this point this is either smack or a known application in uid-sandboxing.
+        *
+        * Try to get the app package id
+        *
+        * For smack it will return:
+        * - <PkgId> extracted from label User::Pkg::<PkgId>... for an existing app
+        * - <PkgId> extracted from label User::Pkg::<PkgId>... for a non-existing app (no check is
+        *   performed)
+        * - SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT for system services (labels not matching
+        *   "User::Pkg...")
+        *
+        * For uid sandboxing it will return:
+        * - <PkgId> retrieved from security-manager's db using process uid for an existing app
+        * - Other processes are handled above so SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT must not happen
+        */
+       char* pkgId = nullptr;
+    ret = security_manager_identify_app_from_socket(sock, &pkgId, nullptr);
+       if (ret == SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT) {
+               /*
+                * Use the client identifier from cynara and convert it to:
+                * - /System if it's "System::.*"
+                * - /<Label> in other cases (e.g. "User" -> "/User")
+                */
+           static const std::string systemClientPrefix = std::string(&CLIENT_ID_SYSTEM[1]) + "::";
+
+               if (cynaraClient.compare(0, systemClientPrefix.size(), systemClientPrefix) == 0) {
+                       creds.client = CLIENT_ID_SYSTEM;
+               } else {
+                       creds.client = std::string("/") + cynaraClient;
+               }
+               return true;
+       }
+
+       if (ret != SECURITY_MANAGER_SUCCESS || pkgId == nullptr) {
+               LogError("security_manager_identify_app_from_socket() failed with " << ret);
+               return false;
+       }
+
+       std::unique_ptr<std::remove_pointer_t<decltype(pkgId)>, decltype(&free)> pkgIdPtr(pkgId, free);
+       creds.client = pkgId;
+
+       return true;
 }
 
+} // namespace Socket2Id
+
 } // namespace CKM
 

diff --git a/src/manager/main/socket-2-id.h b/src/manager/main/socket-2-id.h
index 3c3f73b8dbd752f6bac29ba3e237368beb049d7c..770e19fe76695140b816269eaf69cc88eeb527db 100644 (file)
--- a/src/manager/main/socket-2-id.h
+++ b/src/manager/main/socket-2-id.h
@@ -22,39 +22,12 @@
 
 #include "credentials.h"
 
-#include <map>
 #include <string>
 
-#include <sys/socket.h>
-
 namespace CKM {
 
-class Socket2Id {
-public:
-       Socket2Id() {}
-
-       virtual int translate(int sock, CKM::Credentials &creds) = 0;
-
-       virtual ~Socket2Id() = default;
-
-protected:
-       int getPeerCred(int sock, ucred &peerCred);
-};
-
-class Socket2IdSmack : public Socket2Id {
-public:
-       int translate(int sock, CKM::Credentials &creds) override;
-
-private:
-       int getCredentialsFromSocket(int sock, std::string &res);
-       void mapToDomainClient(std::string &label);
-
-       std::map<std::string, std::string> m_smack2pkgId;
-};
-
-class Socket2IdDac : public Socket2Id {
-public:
-       int translate(int sock, CKM::Credentials &creds) override;
+namespace Socket2Id {
+bool translate(int sock, const std::string& cynaraClient, CKM::Credentials &creds);
 };
 
 } // namespace CKM

diff --git a/src/manager/main/socket-manager.cpp b/src/manager/main/socket-manager.cpp
index 652e91d00f312c382e778eb9207e391e72bd1497..07f4728202c6e14ced60f5e0033c73ee15ec8aad 100644 (file)
--- a/src/manager/main/socket-manager.cpp
+++ b/src/manager/main/socket-manager.cpp
@@ -25,7 +25,6 @@
 #include <sys/eventfd.h>
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <sys/smack.h>
 #include <sys/un.h>
 #include <sys/stat.h>
 #include <unistd.h>
@@ -44,7 +43,6 @@
 #include <dpl/errno_string.h>
 #include <dpl/log/log.h>
 
-#include <smack-check.h>
 #include <socket-manager.h>
 #include <socket-2-id.h>
 
@@ -61,20 +59,6 @@ const std::chrono::seconds SOCKET_TIMEOUT(OVERRIDE_SOCKET_TIMEOUT);
 const std::chrono::seconds SOCKET_TIMEOUT(1000);
 #endif // OVERRIDE_SOCKET_TIMEOUT
 
-int getCredentialsFromSocket(int sock, CKM::Credentials &cred)
-{
-       static auto sock2id =
-                       CKM::smack_check() ?
-                                       std::unique_ptr<CKM::Socket2Id>(new CKM::Socket2IdSmack()) :
-                                       std::unique_ptr<CKM::Socket2Id>(new CKM::Socket2IdDac());
-       CKM::ClientId client;
-
-       if (0 > sock2id->translate(sock, cred))
-               return -1;
-
-       return 0;
-}
-
 std::chrono::time_point<std::chrono::steady_clock> monotonicNow() {
        return std::chrono::steady_clock::now();
 }
@@ -255,36 +239,37 @@ void SocketManager::ReadyForAccept(int sock)
 {
        struct sockaddr_un clientAddr;
        unsigned int clientLen = sizeof(clientAddr);
-       int client = accept4(sock, (struct sockaddr *) &clientAddr, &clientLen,
+       int clientSocket = accept4(sock, (struct sockaddr *) &clientAddr, &clientLen,
                                                 SOCK_NONBLOCK);
 
-       if (-1 == client) {
+       if (-1 == clientSocket) {
                int err = errno;
                LogDebug("Error in accept: " << GetErrnoString(err));
                return;
        }
 
-       std::string smack;
+       std::string cynaraClient;
        std::string user;
        Credentials peerCred;
 
-       if (0 > getCredentialsFromSocket(client, peerCred)
-                       || !Cynara::GetUserFromSocket(client, user)
-                       || !Cynara::GetClientFromSocket(client, smack)) {
+       if (!Cynara::GetClientFromSocket(clientSocket, cynaraClient) ||
+               !Socket2Id::translate(clientSocket, cynaraClient, peerCred) ||
+               !Cynara::GetUserFromSocket(clientSocket, user))
+       {
                LogDebug("Error in getting credentials from socket.");
-               close(client);
+               close(clientSocket);
                return;
        }
 
-       auto &desc = CreateDefaultReadSocketDescription(client, true);
+       auto &desc = CreateDefaultReadSocketDescription(clientSocket, true);
        desc.interfaceID = m_socketDescriptionVector[sock].interfaceID;
        desc.service = m_socketDescriptionVector[sock].service;
        desc.cynaraPrivilege = m_socketDescriptionVector[sock].cynaraPrivilege;
        desc.cynaraUser = std::move(user);
-       desc.cynaraClient = std::move(smack);
+       desc.cynaraClient = std::move(cynaraClient);
 
        GenericSocketService::AcceptEvent event;
-       event.connectionID.sock = client;
+       event.connectionID.sock = clientSocket;
        event.connectionID.counter = desc.counter;
        event.interfaceID = desc.interfaceID;
        event.credentials = peerCred;
@@ -552,17 +537,6 @@ int SocketManager::CreateDomainSocketHelp(
                ThrowMsg(Exception::InitFailed, "Error in socket: " << GetErrnoString(err));
        }
 
-       if (smack_check()) {
-               LogInfo("Set up smack label: " << desc.privilege);
-
-               //        if (0 != smack_fsetlabel(sockfd, desc.smackLabel.c_str(), SMACK_LABEL_IPIN)) {
-               //            LogError("Error in smack_fsetlabel");
-               //            ThrowMsg(Exception::InitFailed, "Error in smack_fsetlabel");
-               //        }
-       } else {
-               LogInfo("No smack on platform. Socket won't be securied with smack label!");
-       }
-
        int flags;
 
        if (-1 == (flags = fcntl(sockfd, F_GETFL, 0)))

diff --git a/unit-tests/CMakeLists.txt b/unit-tests/CMakeLists.txt
index 9050da2ad69ef4291ad8b6f1e79e70c285d40db5..edbaa2da606f73fb28dc8ce1e502926ef3005c5c 100644 (file)
--- a/unit-tests/CMakeLists.txt
+++ b/unit-tests/CMakeLists.txt
@@ -131,7 +131,6 @@ SET(UNIT_TESTS_SOURCES
     ${MANAGER_PATH}/initial-values/parser.cpp
     ${MANAGER_PATH}/initial-values/xml-utils.cpp
     ${MANAGER_PATH}/main/cynara.cpp
-    ${MANAGER_PATH}/main/smack-check.cpp
     ${MANAGER_PATH}/main/socket-2-id.cpp
     ${MANAGER_PATH}/main/socket-manager.cpp
     ${MANAGER_PATH}/service/crypto-logic.cpp