* - filepath
* @return type: int
*/
+#ifndef SMACK_GROUP_ID
int SsServerDataStoreFromFile(int sender_pid, const char* filepath, ssm_flag flag, const char* cookie, const char* group_id);
int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, const char* cookie, const char* group_id);
+#else
+int SsServerDataStoreFromFile(int sender_pid, const char* filepath, ssm_flag flag, int sockfd, const char* group_id);
+int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, int sockfd, const char* group_id);
+#endif
/*
* Declare new function
* - redLen
* @return type: int
*/
+#ifndef SMACK_GROUP_ID
int SsServerDataRead(int sender_pid, const char* filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, const char* cookie, const char* group_id);
-
+#else
+int SsServerDataRead(int sender_pid, const char* filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, int sockfd, const char* group_id);
+#endif
/*
* Declare new function
*
* - file_info
* @return type: int
*/
+
+#ifndef SMACK_GROUP_ID
int SsServerGetInfo(int sender_pid, const char* filepath, char* file_info, ssm_flag flag, const char* cookie, const char* group_id);
int SsServerDeleteFile(int sender_pid, const char* filepath, ssm_flag flag, const char* cookie, const char* group_id);
+#else
+int SsServerGetInfo(int sender_pid, const char* filepath, char* file_info, ssm_flag flag, int sockfd, const char* group_id);
+int SsServerDeleteFile(int sender_pid, const char* filepath, ssm_flag flag, int sockfd, const char* group_id);
+#endif
switch(recv_data.req_type)
{
case 1:
+#ifndef SMACK_GROUP_ID
send_data.rsp_type = SsServerDataStoreFromFile(cr.pid, recv_data.data_infilepath, recv_data.flag, recv_data.cookie, recv_data.group_id);
+#else
+ send_data.rsp_type = SsServerDataStoreFromFile(cr.pid, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id);
+#endif
if(send_data.rsp_type == 1)
{
write(client_sockfd, (char*)&send_data, sizeof(send_data));
break;
case 2:
+#ifndef SMACK_GROUP_ID
send_data.rsp_type = SsServerDataStoreFromBuffer(cr.pid, recv_data.buffer, recv_data.count, recv_data.data_infilepath, recv_data.flag, recv_data.cookie, recv_data.group_id);
+#else
+ send_data.rsp_type = SsServerDataStoreFromBuffer(cr.pid, recv_data.buffer, recv_data.count, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id);
+#endif
if(send_data.rsp_type == 1)
{
write(client_sockfd, (char*)&send_data, sizeof(send_data));
break;
case 3:
+#ifndef SMACK_GROUP_ID
send_data.rsp_type = SsServerDataRead(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.count, &(send_data.readLen), recv_data.flag, recv_data.cookie, recv_data.group_id);
-
+#else
+ send_data.rsp_type = SsServerDataRead(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.count, &(send_data.readLen), recv_data.flag, client_sockfd, recv_data.group_id);
+#endif
if(send_data.rsp_type == 1)
{
strncpy(send_data.data_filepath, recv_data.data_infilepath, MAX_FILENAME_LEN - 1);
write(client_sockfd, (char*)&send_data, sizeof(send_data));
break;
- case 4:
+ case 4:
+#ifndef SMACK_GROUP_ID
send_data.rsp_type = SsServerGetInfo(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.flag, recv_data.cookie, recv_data.group_id);
-
+#else
+ send_data.rsp_type = SsServerGetInfo(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.flag, client_sockfd /*recv_data.cookie*/, recv_data.group_id);
+#endif
+
if(send_data.rsp_type == 1)
{
strncpy(send_data.data_filepath, recv_data.data_infilepath, MAX_FILENAME_LEN - 1);
write(client_sockfd, (char*)&send_data, sizeof(send_data));
break;
case 10:
+#ifndef SMACK_GROUP_ID
send_data.rsp_type = SsServerDeleteFile(cr.pid, recv_data.data_infilepath, recv_data.flag, recv_data.cookie, recv_data.group_id);
+#else
+ send_data.rsp_type = SsServerDeleteFile(cr.pid, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id);
+#endif
if(send_data.rsp_type == 1)
{
#include "secure_storage.h"
#include "ss_server_main.h"
#include "ss_server_ipc.h"
+#include <security-server/security-server.h>
#ifdef USE_KEY_FILE
#define CONF_FILE_PATH "/usr/share/secure-storage/config"
return retbuf;
}
+int IsSmackEnabled()
+{
+ FILE *file = NULL;
+ if(file = fopen("/smack/load2", "r"))
+ {
+ fclose(file);
+ return 1;
+ }
+ return 0;
+}
+
/* get key from hardware( ex. OMAP e-fuse random key ) */
void GetKey(char* key, unsigned char* iv)
{
return 0; // success always
}
+int check_privilege_by_sockfd(int sockfd, const char* object, const char* access_rights)
+{
+ int ret = -1; // if success, return 0
+ const char* private_group_id = "NOTUSED";
+
+ if(!IsSmackEnabled())
+ {
+ return 0;
+ }
+
+ if(!strncmp(object,"NOTUSED", strlen(private_group_id)))
+ {
+ SLOGD("requested default group_id :%s. get smack label", object);
+ char* client_process_smack_label = security_server_get_smacklabel_sockfd(sockfd);
+ if(client_process_smack_label)
+ {
+ SLOGD("defined smack label : %s", client_process_smack_label);
+ strncpy(object, client_process_smack_label, strlen(client_process_smack_label));
+ }
+ else
+ {
+ SLOGD("failed to get smack label");
+ return -1;
+ }
+ }
+
+ SLOGD("object : %s, access_rights : %s", object, access_rights);
+ ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
+
+ return ret;
+}
+
/* convert normal file path to secure storage file path */
int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag, const char* group_id)
{
}
}
- strncat(dest, if_pointer + 1, strlen(if_pointer) + 1);
+ int length_of_file = 0;
+ if(if_pointer != NULL)
+ {
+ strncat(dest, if_pointer + 1, strlen(if_pointer) + 1);
+ }
strncat(dest, "_", 1);
SHA1((unsigned char*)src, (size_t)strlen(src), path_hash);
strncat(dest, s, strlen(s));
strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX));
- dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + strlen(if_pointer) + strlen(s) + strlen(SS_FILE_POSTFIX) + 4] = '\0';
+ dest[strlen(SS_STORAGE_DEFAULT_PATH) + strlen(dir) + length_of_file + strlen(s) + strlen(SS_FILE_POSTFIX) + 4] = '\0';
}
else if(flag == SSM_FLAG_SECRET_PRESERVE) // /tmp/csa/
{
/***************************************************************************
* Function Definition
**************************************************************************/
-
+#ifndef SMACK_GROUP_ID
int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_flag flag, const char* cookie, const char* group_id)
+#else
+int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_flag flag, int sockfd, const char* group_id)
+#endif
{
char key[16] = {0, };
unsigned char iv[16] = {0, };
size_t read = 0, rest = 0;
//0. privilege check and get directory name
- if(check_privilege(cookie, group_id) != 0)
+#ifdef SMACK_GROUP_ID
+ if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0)
{
SLOGE("[%s] permission denied\n", group_id);
return SS_PERMISSION_DENIED;
}
+#endif
// 1. create out file name
ConvertFileName(sender_pid, out_filepath, in_filepath, flag, group_id);
return 1;
}
+#ifndef SMACK_GROUP_ID
int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, const char* cookie, const char* group_id)
+#else
+int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, int sockfd, const char* group_id)
+#endif
{
char key[16] = {0, };
unsigned char iv[16] = {0, };
memcpy(buffer, writebuffer, bufLen);
//0. privilege check and get directory name
- if(check_privilege(cookie, group_id) != 0)
+#ifdef SMACK_GROUP_ID
+ if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0)
{
SLOGE("permission denied\n");
free(buffer);
return SS_PERMISSION_DENIED;
}
+#endif
// create file path from filename
ConvertFileName(sender_pid, out_filepath, filename, flag, group_id);
return 1;
}
+#ifndef SMACK_GROUP_ID
int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, const char* cookie, const char* group_id)
+#else
+int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, int sockfd, const char* group_id)
+#endif
{
unsigned int offset = count * MAX_RECV_DATA_LEN;
char key[16] = {0, };
*readLen = 0;
//0. privilege check and get directory name
- if(check_privilege(cookie, group_id) != 0)
+#ifdef SMACK_GROUP_ID
+ if(check_privilege_by_sockfd(sockfd, group_id, "r") != 0)
{
SLOGE("permission denied\n");
return SS_PERMISSION_DENIED;
}
+#endif
// 1. create in file name : convert file name in order to access secure storage
if(flag == SSM_FLAG_WIDGET)
return 1;
}
+#ifndef SMACK_GROUP_ID
int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag, const char* cookie, const char* group_id)
+#else
+int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag, int sockfd, const char* group_id)
+#endif
{
const char* in_filepath = data_filepath;
char out_filepath[MAX_FILENAME_LEN] = {0, };
//0. privilege check and get directory name
- if(check_privilege(cookie, group_id) != 0)
+#ifdef SMACK_GROUP_ID
+ if(check_privilege_by_sockfd(sockfd, group_id, "w") != 0)
{
SLOGE("permission denied\n");
return SS_PERMISSION_DENIED;
}
-
+#endif
// 1. create out file name
ConvertFileName(sender_pid, out_filepath, in_filepath, flag, group_id);
return 1;
}
+#ifndef SMACK_GROUP_ID
int SsServerGetInfo(int sender_pid, const char* data_filepath, char* file_info, ssm_flag flag, const char* cookie, const char* group_id)
+#else
+int SsServerGetInfo(int sender_pid, const char* data_filepath, char* file_info, ssm_flag flag, int sockfd, const char* group_id)
+#endif
{
size_t read = 0;
FILE *fd_in = NULL;
char in_filepath[MAX_FILENAME_LEN] = {0, };
//0. privilege check and get directory name
- if(check_privilege(cookie, group_id) != 0)
+#ifdef SMACK_GROUP_ID
+ if(check_privilege_by_sockfd(sockfd, group_id, "r") != 0)
{
SLOGE("permission denied, [%s]\n", group_id);
return SS_PERMISSION_DENIED;
}
+#endif
// 1. create in file name : convert file name in order to access secure storage
if(flag == SSM_FLAG_WIDGET)