/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
#include <dpl/singleton.h>
#include <dpl/singleton_safe_impl.h>
+#include <connection.h>
#include <message-buffer.h>
-
#include <protocols.h>
IMPLEMENT_SAFE_SINGLETON(SecurityManager::Log::LogSystem);
return SECURITY_MANAGER_ERROR_UNKNOWN;
}
+int fetchLabelForProcess(const std::string &appName, std::string &label)
+{
+ using namespace SecurityManager;
+
+ MessageBuffer send, recv;
+ Serialization::Serialize(send, (int) SecurityModuleCall::LABEL_FOR_PROCESS, appName);
+ int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+ if (retval != SECURITY_MANAGER_SUCCESS) {
+ LogError("Error in sendToServer. Error code: " << retval);
+ return retval;
+ }
+
+ Deserialization::Deserialize(recv, retval);
+ if (retval != SECURITY_MANAGER_SUCCESS) {
+ LogError("Couldn't get label for process: " << retval);
+ return retval;
+ }
+ Deserialization::Deserialize(recv, label);
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+
} // namespace SecurityMANAGER
static void init_lib(void) __attribute__ ((constructor));
PermissibleSet::readNamesFromPermissibleFile(global_label_file, names);
PermissibleSet::readNamesFromPermissibleFile(user_label_file, names);
std::vector<const char*> temp;
- std::transform(names.begin(), names.end(), std::back_inserter(temp),
- [] (std::string &label) {label = SmackLabels::generateProcessLabel(label);
- return label.c_str();});
+ // FIXME : monitor should store labels instead of app ids
+ for (auto &name : names) {
+ std::string label;
+ int ret = SecurityManager::fetchLabelForProcess(name, label);
+ if (ret != SECURITY_MANAGER_SUCCESS) {
+ LogError("Couldn't fetch label for process");
+ return static_cast<lib_retcode>(ret);
+ }
+ name = label;
+ temp.push_back(name.c_str());
+ }
if (smack_set_relabel_self(const_cast<const char **>(temp.data()), temp.size()) != 0) {
LogError("smack_set_relabel_self failed");
return SECURITY_MANAGER_ERROR_SET_RELABEL_SELF_FAILED;
return SECURITY_MANAGER_SUCCESS;
try {
- appLabel = SecurityManager::SmackLabels::generateProcessLabel(app_name);
+ ret = fetchLabelForProcess(app_name, appLabel);
+ if (ret != SECURITY_MANAGER_SUCCESS)
+ return ret;
} catch (...) {
LogError("Failed to generate smack label for appName: " << app_name);
return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT;
uid_t cur_tid = gettid();
pid_t cur_pid = getpid();
- g_app_label = SecurityManager::SmackLabels::generateProcessLabel(app_name);
+ int ret = fetchLabelForProcess(app_name, g_app_label);
+ if (ret != SECURITY_MANAGER_SUCCESS)
+ return ret;
g_threads_count = 0;
g_tid_attr_current_map.clear();
g_smack_fs_path = smack_smackfs_path() != NULL;
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
*/
int try_catch(const std::function<int()>& func);
+/*
+ * Fetching label for application process.
+ */
+int fetchLabelForProcess(const std::string &appName, std::string &label);
+
} // namespace SecurityManager
#endif // _SECURITY_MANAGER_CLIENT_
APP_HAS_PRIVILEGE,
PATHS_REGISTER,
GROUPS_FOR_UID,
+ LABEL_FOR_PROCESS,
NOOP = 0x90,
};
* @return API return code, as defined in protocols.h
*/
int pathsRegister(const Credentials &creds, path_req p_req);
+
+ /**
+ * Generate label for process.
+ *
+ * @param[in] appName application identifier
+ * @param[out] label generated label
+ *
+ * @return API return code, as defined in protocols.h
+ */
+ int labelForProcess(const std::string &appName, std::string &label);
};
} /* namespace SecurityManager */
req.uid);
}
+int ServiceImpl::labelForProcess(const std::string &appName, std::string &label)
+{
+ LogDebug("Requested label generation for process of application " << appName);
+
+ label = SmackLabels::generateProcessLabel(appName);
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
} /* namespace SecurityManager */
* @param creds credentials of the requesting process
*/
void processPathsRegister(MessageBuffer &recv, MessageBuffer &send, const Credentials &creds);
+
+ /**
+ * Generate process label request
+ *
+ * @param recv Raw received data buffer
+ * @param send Raw data buffer to be sent
+ */
+ void processLabelForProcess(MessageBuffer &buffer, MessageBuffer &send);
};
} // namespace SecurityManager
case SecurityModuleCall::PATHS_REGISTER:
processPathsRegister(buffer, send, creds);
break;
+ case SecurityModuleCall::LABEL_FOR_PROCESS:
+ processLabelForProcess(buffer, send);
+ break;
default:
LogError("Invalid call: " << call_type_int);
Throw(ServiceException::InvalidAction);
int ret = serviceImpl.pathsRegister(creds, std::move(req));
Serialization::Serialize(send, ret);
}
+
+void Service::processLabelForProcess(MessageBuffer &buffer, MessageBuffer &send)
+{
+ std::string appName;
+ Deserialization::Deserialize(buffer, appName);
+ std::string label;
+ int ret = serviceImpl.labelForProcess(appName, label);
+ Serialization::Serialize(send, ret);
+ if (ret == SECURITY_MANAGER_SUCCESS)
+ Serialization::Serialize(send, label);
+}
} // namespace SecurityManager
projects / platform / core / security / security-manager.git / commitdiff