SET_SOURCE_FILES_PROPERTIES(
${SECURITY_SERVER_SOURCES}
PROPERTIES
- COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG")
+ COMPILE_FLAGS "-D_GNU_SOURCE")
+ # with flag -DSECURITY_SERVER_DEBUG_DLOG debug and warning logs on
INCLUDE_DIRECTORIES(
${SECURITY_SERVER_PATH}/include
SET_TARGET_PROPERTIES(
${TARGET_SECURITY_CLIENT}
PROPERTIES
- COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG -fPIC"
+ COMPILE_FLAGS "-D_GNU_SOURCE -fPIC"
+ # with flag -DSECURITY_SERVER_DEBUG_DLOG debug and warning logs on
SOVERSION ${SECURITY_CLIENT_VERSION_MAJOR}
VERSION ${SECURITY_CLIENT_VERSION}
)
if (ret > 0)
SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path);
else
- SECURE_LOGE("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path);
+ SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, subject, object, access_rights, ret, path);
free(path);
free(subject);
SEC_SVR_DBG("%s","Client: There is privilege match");
retval = SECURITY_SERVER_SUCCESS;
} else {
- SEC_SVR_ERR("%s","Client: There is no privilege match");
+ SEC_SVR_WRN("%s","Client: There is no privilege match");
retval = SECURITY_SERVER_ERROR_ACCESS_DENIED;
}
if (hdr->return_code != SECURITY_SERVER_RETURN_CODE_SUCCESS)
{
- SEC_SVR_ERR("Client: return code is not success: %d", hdr->return_code);
+ /* Return codes
+ * SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_REQUEST
+ * SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE
+ * are not errors but warnings
+ */
+ SEC_SVR_WRN("Client: return code is not success: %d", hdr->return_code);
return return_code_to_error_code(hdr->return_code);
}
return SECURITY_SERVER_SUCCESS;
#define SECURITY_SERVER_COMMON_H
#include <sys/types.h>
+#include <dlog.h>
/* Definitions *********************************************************/
/* Return value. Continuing from return value of the client header file */
void printhex(const unsigned char *data, int size);
-/* Debug */
-#ifdef SECURITY_SERVER_DEBUG_TO_CONSOLE /* debug msg will be printed in console */
-#define SEC_SVR_DBG(FMT, ARG ...) fprintf(stderr, "[DBG:%s:%d] "FMT "\n", \
- __FILE__, __LINE__, ##ARG)
-#define SEC_SVR_ERR(FMT, ARG ...) fprintf(stderr, "[ERR:%s:%d] "FMT "\n", \
- __FILE__, __LINE__, ##ARG)
-
-#elif SECURITY_SERVER_DEBUG_DLOG /* debug msg will be printed by dlog daemon */
-
/* for SECURE_LOG* purpose */
#undef _SECURE_
#ifndef _SECURE_LOG
#define SECURE_LOG_(id, prio, tag, fmt, arg ...) \
(_SECURE_ ? (__dlog_print(id, prio, tag, "%s: %s(%d) > [SECURE_LOG] " fmt, __MODULE__, __func__, __LINE__, ##arg)) : (0))
+#ifdef LOG_TAG
+ #undef LOG_TAG
+#endif
+#define LOG_TAG "SECURITY_SERVER"
+
#define SECURE_LOGD(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_DEBUG, LOG_TAG, format, ##arg)
#define SECURE_LOGI(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_INFO, LOG_TAG, format, ##arg)
#define SECURE_LOGW(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_WARN, LOG_TAG, format, ##arg)
#define SECURE_LOGE(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_ERROR, LOG_TAG, format, ##arg)
/****************************/
-#define LOG_TAG "SECURITY_SERVER"
-#include <dlog.h>
-#define SEC_SVR_DBG SLOGD
+
+/* Debug */
+#ifdef SECURITY_SERVER_DEBUG_TO_CONSOLE /* debug msg will be printed in console */
+#define SEC_SVR_DBG(FMT, ARG ...) fprintf(stderr, "[DBG:%s:%d] "FMT"\n", \
+ __FILE__, __LINE__, ##ARG)
+#define SEC_SVR_WRN(FMT, ARG ...) fprintf(stderr, "[WRN:%s:%d] "FMT"\n", \
+ __FILE__, __LINE__, ##ARG)
+#define SEC_SVR_ERR(FMT, ARG ...) fprintf(stderr, "[ERR:%s:%d] "FMT"\n", \
+ __FILE__, __LINE__, ##ARG)
+
+#else
#define SEC_SVR_ERR LOGE
+#if SECURITY_SERVER_DEBUG_DLOG /* debug msg will be printed by dlog daemon */
+#define SEC_SVR_DBG SLOGD
+#define SEC_SVR_WRN LOGW
#else /* No debug output */
-#define SEC_SVR_DBG(FMT, ARG ...) {}
-#endif
+
+#define SEC_SVR_DBG(FMT, ARG ...) do { } while(0)
+#define SEC_SVR_WRN(FMT, ARG ...) do { } while(0)
+#undef SECURE_LOGD
+#define SECURE_LOGD(FMT, ARG ...) do { } while(0)
+#undef SECURE_LOGW
+#define SECURE_LOGW(FMT, ARG ...) do { } while(0)
+
+#endif // SECURITY_SERVER_DEBUG_DLOG
+#endif // SECURITY_SERVER_DEBUG_TO_CONSOLE
#endif
if (ret > 0)
SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", current->pid, current->smack_label, object, access_rights, ret, current->path);
else
- SECURE_LOGE("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", current->pid, current->smack_label, object, access_rights, ret, current->path);
+ SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", current->pid, current->smack_label, object, access_rights, ret, current->path);
if (ret == 1)
{
//some log in SMACK format
if (retval > 0)
- SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path);
+ SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path);
else
- SEC_SVR_ERR("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path);
-
+ SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", cr.pid, label, required_API_label, required_rule, retval, path);
end:
if (path != NULL)
free(path);
else
{
/* It's not exist */
- SEC_SVR_ERR("Could not find the cookie with %d privilege", requested_privilege);
+ SEC_SVR_WRN("Could not find the cookie with %d privilege", requested_privilege);
retval = send_generic_response(sockfd,
SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_RESPONSE,
SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
else
{
/* It's not exist */
- SEC_SVR_ERR("Could not find the cookie with %s rights", access_rights);
+ SEC_SVR_WRN("Could not find the cookie with %s rights", access_rights);
retval = send_generic_response(sockfd,
SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
SECURITY_SERVER_RETURN_CODE_ACCESS_DENIED);
{
SEC_SVR_ERR("ERROR: Cannot send generic response: %d", retval);
}
-
error:
return retval;
}
}
goto error;
}
-
if (msg_len >= SECURITY_SERVER_MAX_OBJ_NAME)
{
/* Too big ojbect name */
if (retval > 0)
SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", pid, subject, object, access_rights, retval, path);
else
- SECURE_LOGE("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", pid, subject, object, access_rights, retval, path);
+ SECURE_LOGW("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s", pid, subject, object, access_rights, retval, path);
if (path != NULL)
free(path);
}
if (SECURITY_SERVER_SUCCESS == authenticate_client_application(sockfd, &pid, &uid))
- SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=rw, result=%d",
+ SECURE_LOGD("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=rw, result=%d",
pid, label, object, ret);
free(label);