const std::string SUBSCRIBER_UNREGISTER = "Server::unregisterNotificationSubscriber";
-const std::string ODE_MANAGER_ADDRESS = "/tmp/.ode.sock";
+const std::string ODE_MANAGER_ADDRESS = "/tmp/.ode.socket";
} // namespace
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/oded
%attr(700,root,root) %{_sbindir}/ode-mount-external.sh
+%{_unitdir}/ode.socket
+%{_unitdir}/sockets.target.wants/ode.socket
%{_unitdir}/ode.service
%{_unitdir}/multi-user.target.wants/ode.service
%{_unitdir}/ode-mount-external.path
%install
%make_install
-mkdir -p %{buildroot}/%{_unitdir}/multi-user.target.wants
-ln -s ../ode.service %{buildroot}/%{_unitdir}/multi-user.target.wants/ode.service
-ln -s ../ode-mount-external.path %{buildroot}/%{_unitdir}/multi-user.target.wants/ode-mount-external.path
-ln -s ../ode-umount-internal.path %{buildroot}/%{_unitdir}/multi-user.target.wants/ode-umount-internal.path
-ln -s ../ode-progress-internal@Decrypting.path %{buildroot}/%{_unitdir}/multi-user.target.wants/ode-progress-internal@Decrypting.path
-ln -s ../ode-progress-internal@Encrypting.path %{buildroot}/%{_unitdir}/multi-user.target.wants/ode-progress-internal@Encrypting.path
+%install_service sockets.target.wants ode.socket
+%install_service multi-user.target.wants ode.service
+%install_service multi-user.target.wants ode-mount-external.path
+%install_service multi-user.target.wants ode-umount-internal.path
+%install_service multi-user.target.wants ode-progress-internal@Decrypting.path
+%install_service multi-user.target.wants ode-progress-internal@Encrypting.path
%find_lang secure-erase
%find_lang ode
systemctl daemon-reload
if [ $1 = 1 ]; then
# installation
- systemctl start ode.service
+ systemctl start ode.socket \
+ ode.service \
+ ode-mount-external.path \
+ ode-umount-internal.path \
+ ode-progress-internal@Decrypting.path \
+ ode-progress-internal@Encrypting.path
elif [ $1 = 2 ]; then
# update
- systemctl restart ode.service
+ systemctl restart ode.socket \
+ ode.service \
+ ode-mount-external.path \
+ ode-umount-internal.path\
+ ode-progress-internal@Decrypting.path \
+ ode-progress-internal@Encrypting.path
fi
%preun
CONFIGURE_FILE(systemd/${PROJECT_NAME}-progress-internal@.service.in systemd/${PROJECT_NAME}-progress-internal@.service)
INSTALL(TARGETS ${SERVER_NAME} DESTINATION ${BIN_DIR})
+INSTALL(FILES systemd/${PROJECT_NAME}.socket DESTINATION ${SYSTEMD_UNIT_DIR})
INSTALL(FILES systemd/${PROJECT_NAME}.service DESTINATION ${SYSTEMD_UNIT_DIR})
INSTALL(FILES systemd/${PROJECT_NAME}-mount-external.path DESTINATION ${SYSTEMD_UNIT_DIR})
INSTALL(FILES systemd/${PROJECT_NAME}-mount-external.service DESTINATION ${SYSTEMD_UNIT_DIR})
));
externalAddEventReceiver();
+
+ if (getState() == State::Encrypted) {
+ context.ref();
+ }
}
ExternalEncryption::~ExternalEncryption()
KeyManager::data MasterKey = keyManager.getMasterKey(pwData);
auto encryptWorker = [MasterKey, options, this]() {
+ context.ref();
try {
INFO(SINK, "Close all applications using external storage...");
killDependedApplications();
} catch (runtime::Exception &e) {
::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
ERROR(SINK, "Encryption failed - " + std::string(e.what()));
+ context.unref();
}
};
sync();
INFO(SINK, "Decryption completed");
::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "unencrypted");
+ context.unref();
} catch (runtime::Exception &e) {
ERROR(SINK, "Decryption failed - " + std::string(e.what()));
}
KeyManager::data MasterKey = keyManager.getMasterKey(pwData);
auto encryptWorker = [MasterKey, options, this]() {
+ context.ref();
try {
INFO(SINK, "Close all processes that use internal storage...");
stopDependedSystemdServices();
::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
ERROR(SINK, "Encryption failed - " + std::string(e.what()));
}
+ context.unref();
};
std::thread asyncWork(encryptWorker);
KeyManager::data MasterKey = keyManager.getMasterKey(pwData);
auto decryptWorker = [MasterKey, this]() {
+ context.ref();
try {
INFO(SINK, "Umount internal storage...");
stopDependedSystemdServices();
::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
ERROR(SINK, "Decryption failed - " + std::string(e.what()));
}
+ context.unref();
};
std::thread asyncWork(decryptWorker);
namespace {
-const std::string ODE_MANAGER_ADDRESS = "/tmp/.ode.sock";
+const int ODE_MANAGER_ONDEMAND_TIMEOUT = 1000;
+const std::string ODE_MANAGER_ADDRESS = "/tmp/.ode.socket";
std::unique_ptr<ode::SecureErase> secureErase;
std::unique_ptr<ode::InternalEncryption> internalEncryption;
audit::LogSink *SINK = nullptr;
-Server::Server()
+Server::Server() :
+ referenceCount(0)
{
_sink.reset(new audit::DlogLogSink("ODE"));
SINK = dynamic_cast<audit::LogSink*>((_sink).get());
void Server::run()
{
// Prepare execution environment
- service->start();
+ service->start(true, ODE_MANAGER_ONDEMAND_TIMEOUT);
+ while (referenceCount > 0) {
+ service->mainloop.dispatch(ODE_MANAGER_ONDEMAND_TIMEOUT);
+ }
}
void Server::terminate()
runtime::FileDescriptor registerNotificationSubscriber(const std::string& name);
int unregisterNotificationSubscriber(const std::string& name, int id);
+ void ref()
+ {
+ referenceCount++;
+ }
+
+ void unref()
+ {
+ referenceCount--;
+ }
+
private:
std::string securityLabel;
+ std::atomic<int> referenceCount;
std::unique_ptr<rmi::Service> service;
};
--- /dev/null
+[Unit]
+Description=ODE daemon socket
+Wants=ode.service
+Before=ode.service
+
+[Socket]
+ListenStream=/tmp/.ode.socket
+Service=ode.service
+SocketMode=0770
+SmackLabelIPIn=*
+SmackLabelIPOut=@
+
+[Install]
+WantedBy=sockets.target