projects / platform / core / api / usb-host.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 91288ee)
Save policy to file and restore from it during startup
authorStanislaw Wadas <s.wadas@samsung.com>
Fri, 4 Sep 2015 09:31:34 +0000 (11:31 +0200)
committerStanislaw Wadas <s.wadas@samsung.com>
Tue, 8 Sep 2015 16:44:47 +0000 (18:44 +0200)
This change is needed as USD exits if no communication is processed.
As for now, all the policy was stored in USD process memory.
Now it is necassary to save it.
As for now store the policy in /run/usb-security-daemon.
This will cause reset of policy after each device reset.

Change-Id: Id8c8c5e00944f3530333a7410bda0250681d8baf
Signed-off-by: Stanislaw Wadas <s.wadas@samsung.com>
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
USD/src/common/usb-access-map.cpp patch | blob | history
USD/src/common/usb-access-map.h patch | blob | history
USD/src/service/add-permission.cpp patch | blob | history
USD/src/service/add-permission.h patch | blob | history
USD/src/service/usb-access.cpp patch | blob | history
USD/src/service/usb-access.h patch | blob | history
packaging/capi-system-usbhost.spec patch | blob | history
usb-security-daemon.conf [new file with mode: 0644] patch | blob

diff --git a/USD/src/common/usb-access-map.cpp b/USD/src/common/usb-access-map.cpp
index 9d691e67cf928fee2cb4a36aec4a401f991185eb..812347cfc67ae2121faed493be209bdcd4863cba 100644 (file)
--- a/USD/src/common/usb-access-map.cpp
+++ b/USD/src/common/usb-access-map.cpp
@@ -147,6 +147,20 @@ USBDevicePath::USBDevicePath(const string &path,
     }
 }
 
+USBDevicePath::USBDevicePath(std::string min, std::string maj, std::string m_sysPath)
+    : m_sysPath(m_sysPath)
+{
+    int t_maj, t_min;
+    std::stringstream s_maj, s_min;
+
+    s_maj << std::hex << maj;
+    s_min << std::hex << min;
+    s_maj >> t_maj;
+    s_min >> t_min;
+
+    m_dev = makedev(t_min, t_maj);
+}
+
 const std::string &USBDevicePath::getSysFSPath() const
 {
     return m_sysPath;
@@ -167,8 +181,8 @@ std::ostream &operator<<(std::ostream &stream,
                                     const USBDevicePath &path)
 {
 
-    stream << '(' << major(path.m_dev) << ':' << minor(path.m_dev) << ", "
-           << path.m_sysPath << ')';
+    stream << major(path.m_dev) << ';' << minor(path.m_dev) << ";"
+           << path.m_sysPath << ";";
 
     return stream;
 }
@@ -181,6 +195,27 @@ USBDeviceId::USBDeviceId(const string &path, USBDevicePath::PathType path_type)
     initDevId(m_path.getSysFSPath());
 }
 
+USBDeviceId::USBDeviceId(std::string values[], USBDevicePath m_path)
+    : m_path(m_path)
+{
+    std::stringstream ssVal[7];
+    int decVal[7];
+    int i;
+    for (i = 0; i < 7; i++){
+        ssVal[i] << values[i+1];
+        ssVal[i] >> std::hex >> decVal[i];
+    }
+
+    m_idVendor = decVal[0];
+    m_idProduct = decVal[1];
+    m_bcdDevice =  decVal[2];
+    m_bDeviceClass = decVal[3];
+    m_bDeviceSubClass = decVal[4];
+    m_bDeviceProtocol  = decVal[5];
+    m_bcdUSB = decVal[6];
+
+}
+
 USBDeviceId::USBDeviceId(const USBDevicePath &path)
     : m_path(path)
 {
@@ -311,13 +346,11 @@ std::ostream &operator<<(std::ostream &stream,
 #undef NAMED_VAL
     int i = 0;
 
-    stream << "(";
     for (i = 0; (unsigned)i < ARRAY_SIZE(fields); ++i)
-        stream << fields[i].name << ": " << std::hex << fields[i].val << ", ";
+        stream << ";" << std::hex << fields[i].val;
 
-    stream << "devicePath: " << id.m_path;
+    stream << ";" << id.m_path;
 
-    stream << ")";
 
     return stream;
 }
@@ -397,7 +430,7 @@ bool USBAccessMapKey::operator==(const USBAccessMapKey &r) const
 std::ostream& operator<<(std::ostream& stream,
                                     const USBAccessMapKey& key)
 {
-    stream << "(" << key.m_subject << ", " << key.m_device << ")";
+    stream << key.m_subject << key.m_device;
     return stream;
 }
 
diff --git a/USD/src/common/usb-access-map.h b/USD/src/common/usb-access-map.h
index 93d81099a683884053d0ec23a4aa219f34639cca..2d610675c3c36e57bbaf2973e12a01e3a6c8e4ee 100644 (file)
--- a/USD/src/common/usb-access-map.h
+++ b/USD/src/common/usb-access-map.h
@@ -45,6 +45,7 @@ public:
 
     /* Never call this constructor with SysFS path received from user! */
     USBDevicePath(const std::string &path, PathType path_type);
+    USBDevicePath(const std::string min, const std::string maj, std::string m_sysPath);
     const std::string &getSysFSPath() const;
     const std::string &getTopology() const;
     dev_t getDev() const;
@@ -68,6 +69,7 @@ class USBDeviceId
 {
 public:
     USBDeviceId(const USBDevicePath &path);
+    USBDeviceId(std::string values[], USBDevicePath m_path);
     USBDeviceId(const std::string &path, USBDevicePath::PathType path_type);
 
     bool operator<(const USBDeviceId &r) const;
@@ -133,12 +135,12 @@ class USBAccessMapKey
 public:
     USBAccessMapKey(const PolicySubjectId &subject,
                     const USBDeviceId &device);
-    bool validate(void) const;
 
+    bool validate(void) const;
     bool operator<(const USBAccessMapKey &r) const;
     bool operator==(const USBAccessMapKey &r) const;
     friend std::ostream& operator<<(std::ostream& stream,
-                                    const USBAccessMapKeykey);
+                                    const USBAccessMapKey &key);
     const char* getDeviceTopology() const {return m_device.getTopology();}
     const char* getAppData() const {return m_subject.getAppData();}
 
diff --git a/USD/src/service/add-permission.cpp b/USD/src/service/add-permission.cpp
index 85a352eae12a72ad26e9b0a078f6b2d80aa40bd9..c7fca545c32dbe192c2ba918e13f8479449dba0b 100644 (file)
--- a/USD/src/service/add-permission.cpp
+++ b/USD/src/service/add-permission.cpp
@@ -38,6 +38,7 @@
 #include <usb-access-map.h>
 #include <dbus-manager.h>
 #include <cstdint>
+#include <usb-access.h>
 
 namespace USD {
 
@@ -70,6 +71,7 @@ int USBAddPermission::writePermission(const char *path, const char *smack, bool
         if (valid) {
             std::lock_guard<std::mutex> lock(m_eventWriteDBMutex);
             m_accessMap[mk] = policy;
+            storePolicy();
             retCode = USD_API_SUCCESS;
         } else {
             retCode = USD_API_ERROR_ACCESS_DENIED;
diff --git a/USD/src/service/add-permission.h b/USD/src/service/add-permission.h
index 51e4da63df26f1481d20ca9001154d49e575894c..7c55f2bdec89a5488a1dca11cf2d4ce74d486f64 100644 (file)
--- a/USD/src/service/add-permission.h
+++ b/USD/src/service/add-permission.h
@@ -41,7 +41,9 @@ namespace USD {
 extern USBAccessMap m_accessMap;
 
 
-class USBAddPermission
+class USBAddPermission :
+        public USD::USBAccessService
+
 
 {
 public:
diff --git a/USD/src/service/usb-access.cpp b/USD/src/service/usb-access.cpp
index 509c04e06596abcf662c9cbb9b6986941d0a9d1f..08639c543d3881af5b24ecfaf9f99c3b2a81b2c4 100644 (file)
--- a/USD/src/service/usb-access.cpp
+++ b/USD/src/service/usb-access.cpp
@@ -40,6 +40,9 @@
 #include <dbus-manager.h>
 #include <add-permission.h>
 
+#include <iostream>
+#include <fstream>
+
 namespace {
 // Service may open more than one socket.
 // These ID's will be assigned to sockets
@@ -180,6 +183,61 @@ bool USBAccessService::processOpen(const ConnectionID &conn,
     return true;
 }
 
+bool USBAccessService::storePolicy(void) {
+    std::ofstream myfile;
+    myfile.open(POLICY_FILE_PATH);
+    for(auto it = m_accessMap.begin(); it != m_accessMap.end(); it++) {
+            // it->first is map key
+            // it->second is map value (policy at key)
+        myfile << it->first << " " << it->second << " \n";
+    }
+    myfile.close();
+    return true;
+}
+
+bool USBAccessService::restorePolicy(void) {
+    LogDebug("Restoring policy from file" << POLICY_FILE_PATH);
+    std::ifstream file (POLICY_FILE_PATH);
+    std::string line;
+    if (file.is_open())
+    {
+        LogDebug("Policy file found");
+
+        while (std::getline(file, line)) {
+
+            std::stringstream ss(line);
+            std::string item;
+            int i = 0;
+            std::string values[12];
+
+            while (std::getline(ss, item, ';'))
+            {
+                values[i++] = item;
+            }
+
+            PolicySubjectId sub_id(values[0]);
+
+            USBDevicePath m_path(values[8], values[9], values[10]);
+
+            USBDeviceId devId(values, m_path);
+
+            USBAccessMapKey key(sub_id, devId);
+
+            bool policy = atoll(values[11].c_str());
+
+            m_accessMap[key] = policy;
+
+            LogDebug("key: " << key << " policy: " << policy);
+
+        }
+
+        file.close();
+        return true;
+    }
+    LogDebug("No policy file found");
+    return false;
+}
+
 bool USBAccessService::processSetupPolicy(const ConnectionID &conn,
                                           MessageBuffer &buffer)
 {
@@ -207,6 +265,7 @@ bool USBAccessService::processSetupPolicy(const ConnectionID &conn,
         if (valid) {
             std::lock_guard<std::mutex> lock(m_eventWriteDBMutex);
             m_accessMap[mk] = policy;
+            storePolicy();
             retCode = USD_API_SUCCESS;
         } else {
             retCode = USD_API_ERROR_ACCESS_DENIED;
diff --git a/USD/src/service/usb-access.h b/USD/src/service/usb-access.h
index ab1e2162fdf6581c4cd4827aea046d365148739f..5b0e2e7ef13cd7ea4052c7099e2d125ce0537dd7 100644 (file)
--- a/USD/src/service/usb-access.h
+++ b/USD/src/service/usb-access.h
@@ -43,9 +43,13 @@ class USBAccessService  :
 {
 public:
     typedef std::map<int, MessageBuffer> MessageBufferMap;
+    const std::string POLICY_FILE_PATH = "/run/usb-security-daemon/usdpolicy";
 
     ServiceDescriptionVector GetServiceDescription();
 
+    USBAccessService() {restorePolicy();};
+    bool storePolicy(void);
+
     DECLARE_THREAD_EVENT(AcceptEvent, accept)
     DECLARE_THREAD_EVENT(WriteEvent, write)
     DECLARE_THREAD_EVENT(ReadEvent, process)
@@ -57,6 +61,7 @@ public:
     void close(const CloseEvent &event);
 
 private:
+    bool restorePolicy(void);
     bool processOne(const ConnectionID &conn, MessageBuffer &buffer);
     bool processOpen(const ConnectionID &conn, MessageBuffer &buffer);
     bool processSetupPolicy(const ConnectionID &conn, MessageBuffer &buffer);
diff --git a/packaging/capi-system-usbhost.spec b/packaging/capi-system-usbhost.spec
index 3be62c0c95c7d5cccbecaa6401cdbefc3e9e1884..ea3185a890cace1c362bffe560ee85280b960e14 100644 (file)
--- a/packaging/capi-system-usbhost.spec
+++ b/packaging/capi-system-usbhost.spec
@@ -61,8 +61,10 @@ export LDFLAGS="${LDFLAGS} -Wl,--rpath=%{_libdir}"
 %install
 rm -rf %{buildroot}
 mkdir -p %{buildroot}%{_datadir}/license
+mkdir -p %{buildroot}/usr/lib/tmpfiles.d
 cp LICENSE %{buildroot}%{_datadir}/license/%{name}
 cp LICENSE %{buildroot}%{_datadir}/license/libusd-client
+cp usb-security-daemon.conf %{buildroot}/usr/lib/tmpfiles.d
 mkdir -p %{buildroot}%{_sysconfdir}/security/
 %make_install
 
@@ -168,6 +170,7 @@ fi
 %attr(-,root,root) %{_unitdir}/sockets.target.wants/usd-ask-user.socket
 %attr(-,root,root) %{_unitdir}/usd-access.socket
 %attr(-,root,root) %{_unitdir}/usd-ask-user.socket
+%attr(-,root,root) /usr/lib/tmpfiles.d/usb-security-daemon.conf
 %{_datadir}/license/%{name}
 
 %files libusd-client
diff --git a/usb-security-daemon.conf b/usb-security-daemon.conf
new file mode 100644 (file)
index 0000000..77b5a91
--- /dev/null
+++ b/usb-security-daemon.conf
@@ -0,0 +1 @@
+d /run/usb-security-daemon 1755 root root 10d
Domain: System / System Framework;