#include <security-server.h>
#include <security-server-common.h>
-static int get_exec_path(pid_t pid, std::string &exe)
-{
- using namespace SecurityServer;
-
- try{
- MessageBuffer send, recv;
- Serialization::Serialize(send, pid);
-
- int result = sendToServer(
- SERVICE_SOCKET_EXEC_PATH,
- send.Pop(),
- recv);
- if(result != SECURITY_SERVER_API_SUCCESS)
- return result;
-
- Deserialization::Deserialize(recv, result);
- if(result != SECURITY_SERVER_API_SUCCESS)
- return result;
-
- Deserialization::Deserialize(recv, exe);
- return result;
- } catch (MessageBuffer::Exception::Base &e) {
- LogDebug("SecurityServer::MessageBuffer::Exception " << e.DumpToString());
- } catch (std::exception &e) {
- LogDebug("STD exception " << e.what());
- } catch (...) {
- LogDebug("Unknown exception occured");
- }
- return SECURITY_SERVER_API_ERROR_UNKNOWN;
-}
+//static int get_exec_path(pid_t pid, std::string &exe)
+//{
+// using namespace SecurityServer;
+//
+// try{
+// MessageBuffer send, recv;
+// Serialization::Serialize(send, pid);
+//
+// int result = sendToServer(
+// SERVICE_SOCKET_EXEC_PATH,
+// send.Pop(),
+// recv);
+// if(result != SECURITY_SERVER_API_SUCCESS)
+// return result;
+//
+// Deserialization::Deserialize(recv, result);
+// if(result != SECURITY_SERVER_API_SUCCESS)
+// return result;
+//
+// Deserialization::Deserialize(recv, exe);
+// return result;
+// } catch (MessageBuffer::Exception::Base &e) {
+// LogDebug("SecurityServer::MessageBuffer::Exception " << e.DumpToString());
+// } catch (std::exception &e) {
+// LogDebug("STD exception " << e.what());
+// } catch (...) {
+// LogDebug("Unknown exception occured");
+// }
+// return SECURITY_SERVER_API_ERROR_UNKNOWN;
+//}
SECURITY_SERVER_API
int security_server_check_privilege_by_sockfd(int sockfd,
ret = security_server_check_privilege_by_pid(cr.pid, object, access_rights);
//Getting path for logs
- if (SECURITY_SERVER_API_SUCCESS != get_exec_path(cr.pid, path)) {
- LogError("Failed to read executable path for process " << cr.pid);
- }
-
- if (ret == SECURITY_SERVER_API_SUCCESS)
- LogSecureDebug("SS_SMACK: caller_pid=" << cr.pid << ", subject=" <<
- (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" <<
- object << ", access=" << access_rights << ", result=" <<
- ret << ", caller_path=" << path.c_str());
- else
- LogSecureWarning("SS_SMACK: caller_pid=" << cr.pid << ", subject=" <<
- (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" <<
- object << ", access=" << access_rights << ", result=" <<
- ret << ", caller_path=" << path.c_str());
+// if (SECURITY_SERVER_API_SUCCESS != get_exec_path(cr.pid, path)) {
+// LogError("Failed to read executable path for process " << cr.pid);
+// }
+//
+// if (ret == SECURITY_SERVER_API_SUCCESS)
+// LogSecureDebug("SS_SMACK: caller_pid=" << cr.pid << ", subject=" <<
+// (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" <<
+// object << ", access=" << access_rights << ", result=" <<
+// ret << ", caller_path=" << path.c_str());
+// else
+// LogSecureWarning("SS_SMACK: caller_pid=" << cr.pid << ", subject=" <<
+// (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" <<
+// object << ", access=" << access_rights << ", result=" <<
+// ret << ", caller_path=" << path.c_str());
return ret;
}
retval = 1;
}
- char *path = read_exe_path_from_proc(pid);
-
- if (retval > 0)
- LogDebug("SS_SMACK: "
- << "caller_pid=" << pid
- << ", subject=" << subject
- << ", object=" << object
- << ", access=" << access_rights
- << ", result=" << retval
- << ", caller_path=" << path);
- else
- LogError("SS_SMACK: "
- << "caller_pid=" << pid
- << ", subject=" << subject
- << ", object=" << object
- << ", access=" << access_rights
- << ", result=" << retval
- << ", caller_path=" << path);
-
- if (path != NULL)
- free(path);
+// char *path = read_exe_path_from_proc(pid);
+//
+// if (retval > 0)
+// LogDebug("SS_SMACK: "
+// << "caller_pid=" << pid
+// << ", subject=" << subject
+// << ", object=" << object
+// << ", access=" << access_rights
+// << ", result=" << retval
+// << ", caller_path=" << path);
+// else
+// LogError("SS_SMACK: "
+// << "caller_pid=" << pid
+// << ", subject=" << subject
+// << ", object=" << object
+// << ", access=" << access_rights
+// << ", result=" << retval
+// << ", caller_path=" << path);
+//
+// if (path != NULL)
+// free(path);
if (retval == 1) //there is permission
retCode = SECURITY_SERVER_API_SUCCESS;
int retval;
int checkval;
char *label = NULL;
- char *path = NULL;
+// char *path = NULL;
//for getting socket options
struct ucred cr;
unsigned int len;
if (checkval < 0) {
SEC_SVR_ERR("Error in getsockopt(): client pid is unknown.");
- if (retval) {
- SEC_SVR_DBG("SS_SMACK: subject=%s, object=%s, access=%s, result=%d", label, required_API_label, required_rule, retval);
- } else {
- SEC_SVR_ERR("SS_SMACK: subject=%s, object=%s, access=%s, result=%d", label, required_API_label, required_rule, retval);
- }
+// if (retval) {
+// SEC_SVR_DBG("SS_SMACK: subject=%s, object=%s, access=%s, result=%d", label, required_API_label, required_rule, retval);
+// } else {
+// SEC_SVR_ERR("SS_SMACK: subject=%s, object=%s, access=%s, result=%d", label, required_API_label, required_rule, retval);
+// }
} else {
- path = read_exe_path_from_proc(cr.pid);
+// path = read_exe_path_from_proc(cr.pid);
if (retval == 0) {
retval = smack_pid_have_access(cr.pid, required_API_label, required_rule);
if (retval == 0)
cap_info = ", no CAP_MAC_OVERRIDE";
- if (retval > 0) {
- SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s",
- cr.pid, label, required_API_label, required_rule, retval, path);
- } else {
- SEC_SVR_ERR("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s%s",
- cr.pid, label, required_API_label, required_rule, retval, path, cap_info);
- }
+// if (retval > 0) {
+// SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s",
+// cr.pid, label, required_API_label, required_rule, retval, path);
+// } else {
+// SEC_SVR_ERR("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s%s",
+// cr.pid, label, required_API_label, required_rule, retval, path, cap_info);
+// }
}
end:
- if (path != NULL)
- free(path);
+// if (path != NULL)
+// free(path);
if (label != NULL)
free(label);