${SERVER2_PATH}/service/app-permissions.cpp
${SERVER2_PATH}/service/cookie.cpp
${SERVER2_PATH}/service/cookie-jar.cpp
+ ${SERVER2_PATH}/service/cookie-common.cpp
${SERVER2_PATH}/service/privilege-by-pid.cpp
${SERVER2_PATH}/service/open-for.cpp
${SERVER2_PATH}/service/open-for-manager.cpp
--- /dev/null
+#include <cookie-common.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <dpl/log/log.h>
+
+namespace SecurityServer {
+
+int getPidPath(char *path, unsigned int pathSize, int pid)
+{
+ int retval;
+ char link[pathSize];
+
+ snprintf(link, pathSize, "/proc/%d/exe", pid);
+ retval = readlink(link, path, pathSize-1);
+ if (retval < 0) {
+ LogDebug("Unable to get process path");
+ return -1;
+ }
+ path[retval] = '\0';
+
+ return 0;
+}
+
+} // namespace SecurityServer
--- /dev/null
+/*
+ * security-server
+ *
+ * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Bumjin Im <bj.im@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef _COOKIE_COMMON_H_
+#define _COOKIE_COMMON_H_
+
+namespace SecurityServer {
+
+/*
+ * Simple function for translating PID to process path
+ */
+int getPidPath(char *path, unsigned int pathSize, int pid);
+
+} // namespace SecurityServer
+
+#endif // _COOKIE_COMMON_H_
#include <cookie-jar.h>
#include <protocols.h>
+#include <cookie-common.h>
#include <dpl/log/log.h>
#include <dpl/exception.h>
#include <vector>
return searchResult;
}
- searchResult = &newCookie; //only for searchResult != NULL
+ searchResult = &newCookie; //only for searchResult != NULL during while loop init
while(searchResult != NULL) {
//generate unique key
std::ifstream urandom("/dev/urandom", std::ifstream::binary);
}
//obtain process path
- char link[PATH_MAX];
char path[PATH_MAX];
-
- snprintf(link, PATH_MAX, "/proc/%d/exe", pid);
- retval = readlink(link, path, PATH_MAX-1);
+ retval = getPidPath(path, PATH_MAX, pid);
if (retval < 0) {
LogDebug("Unable to get process path");
return NULL;
}
- path[retval] = '\0';
newCookie.binaryPath = path;
//get smack label if smack enabled
for (size_t k = 0; k < newCookie.permissions.size(); k++)
LogDebug("GID: " << newCookie.permissions[k]);
+ //only when cookie ready store it
m_cookieList.push_back(newCookie);
return &m_cookieList[m_cookieList.size() - 1];
}
#include <dpl/log/log.h>
#include <dpl/serialization.h>
#include <protocols.h>
+#include <cookie-common.h>
#include <security-server.h>
#include <cookie.h>
#include <smack-check.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/smack.h>
+#include <linux/limits.h>
//interfaces ID
const int INTERFACE_GET = 0;
return false;
const Cookie *generatedCookie = m_cookieJar.GenerateCookie(cr.pid);
- if (generatedCookie != NULL) {
- //cookie created correct
- Serialization::Serialize(send, (int)SECURITY_SERVER_API_SUCCESS);
- Serialization::Serialize(send, generatedCookie->cookieId);
- } else {
+
+ if (generatedCookie == NULL) {
//unable to create cookie
Serialization::Serialize(send, (int)SECURITY_SERVER_API_ERROR_UNKNOWN);
+ return true;
+ }
+
+ //checking if binary path match created / found cookie
+ char path[PATH_MAX];
+ int ret = getPidPath(path, PATH_MAX, cr.pid);
+
+ if (ret < 0) {
+ LogError("Unable to check process binary path");
+ Serialization::Serialize(send, (int)SECURITY_SERVER_API_ERROR_UNKNOWN);
+ } else {
+ if (generatedCookie->binaryPath.compare(path)) {
+ LogDebug("Found cookie but no match in bin path");
+ Serialization::Serialize(send, (int)SECURITY_SERVER_API_ERROR_UNKNOWN);
+ } else {
+ Serialization::Serialize(send, (int)SECURITY_SERVER_API_SUCCESS);
+ Serialization::Serialize(send, generatedCookie->cookieId);
+ }
}
return true;