};
static TidStatus *g_tid_status;
+static int g_all_tid_num;
#define MAX_SIG_WAIT_TIME 1000
return SECURITY_MANAGER_ERROR_MEMORY;
}
+ auto cap_deleter = [&](cap_t* ptr){cap_free(*ptr);};
+ std::unique_ptr<cap_t, decltype(cap_deleter)> scopedCapPtr(&g_cap, cap_deleter);
+
if (smack_check())
g_p_app_label = &app_label;
if (files.size() > 1) {
const pid_t cur_pid = getpid();
- g_threads_count = files.size() - 1;
- g_tid_status = new TidStatus[g_threads_count];
+ g_threads_count = g_all_tid_num = files.size() - 1;
+ g_tid_status = new TidStatus[g_all_tid_num];
if (!g_tid_status) {
LogError("Cannot allocate g_tid_status");
return SECURITY_MANAGER_ERROR_MEMORY;
} else {
- for (int i = 0; i < g_threads_count; ++i) {
+ for (int i = 0; i < g_all_tid_num; ++i) {
g_tid_status[i].tid = 0; // to be sure its not yet any actual TID
g_tid_status[i].status = TID_STATUS_NOT_SYNCED;
}
}
+ auto tid_deleter = [&](TidStatus* ptr){delete [] ptr;};
+ std::unique_ptr<TidStatus, decltype(tid_deleter)> scopedTidPtr(g_tid_status, tid_deleter);
struct sigaction act;
struct sigaction old;
int tid = Syscall::gettid();
int i = 0;
- for (; i < g_threads_count; ++i) {
+ for (; i < g_all_tid_num; ++i) {
if (g_tid_status[i].tid == tid) {
break;
}
if (Syscall::sigaction(SIGSETXID, &act, &old) < 0) {
LogError("Error in sigaction()");
- goto err;
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
}
std::atomic_thread_fence(std::memory_order_release);
if (g_threads_count) {
LogError("Not all threads synchronized: threads left: " << g_threads_count);
- for (int i = 0; i < g_threads_count; ++i) {
+ for (int i = 0; i < g_all_tid_num; ++i) {
switch (g_tid_status[i].status) {
case TID_STATUS_DEAD:
/* this is totally fine */
if (g_p_app_label && label_for_self_internal(cur_tid) != 0) {
LogError("label_for_self_internal failed");
- goto err;
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
}
if (cap_set_proc(g_cap)) {
LogError("Can't drop main thread capabilities");
- goto err;
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
}
- cap_free(g_cap);
- if (g_tid_status)
- delete [] g_tid_status;
-
return SECURITY_MANAGER_SUCCESS;
-
-err:
- cap_free(g_cap);
- if (g_tid_status)
- delete [] g_tid_status;
- return SECURITY_MANAGER_ERROR_UNKNOWN;
}
// respective group vectors come sorted