#include <sys/socket.h>
#include <sys/select.h>
#include "sysdeps.h"
+#include "smack.h"
#define TRACE_TAG TRACE_SYNC
#include "sdb.h"
#include "file_sync_service.h"
+#include "sdktools.h"
#define SYNC_TIMEOUT 15
}
}
+static void set_syncfile_smack_label(char *src) {
+ char *label = NULL;
+ char *src_chr = strrchr(src, '/');
+ int pos = src_chr - src + 1;
+ char dirname[512];
+
+ snprintf(dirname, pos, "%s", src);
+
+ if (getuid() != 0) {
+ D("need root permission to set smack label: %d\n", getuid());
+ return;
+ }
+ D("src:[%s], dirname:[%s]\n", src, dirname);
+ int rc = smack_getlabel(dirname, &label, SMACK_LABEL_TRANSMUTE);
+
+ if (rc == 0 && label != NULL) {
+ if (!strcmp("TRUE", label)) {
+ free(label);
+ rc = smack_getlabel(dirname, &label, SMACK_LABEL_ACCESS);
+ if (rc == 0 && label != NULL) {
+ if (smack_setlabel(src, label, SMACK_LABEL_ACCESS) != -1) {
+ D("set sync file smack label [%s]\n", label);
+ } else {
+ D("unable to set sync file smack label %s due to %s\n", label, strerror(errno));
+ }
+ free(label);
+ }
+ } else{
+ D("fail to set label, is it transmuted?:%s\n", label);
+ }
+ } else {
+ free(label);
+ if (smack_setlabel(src, SMACK_SYNC_FILE_LABEL, SMACK_LABEL_ACCESS) != -1) {
+ D("set sync file smack label [%s]\n", SMACK_SYNC_FILE_LABEL);
+ } else {
+ D("unable to set sync file smack label %s due to %s\n", SMACK_SYNC_FILE_LABEL, strerror(errno));
+ }
+ }
+}
+
+static int sync_send_label_notify(int s, const char *path, int success)
+{
+ char buffer[512] = {0,};
+ snprintf(buffer, sizeof(buffer), "%d:%s", success, path);
+
+ int len = sdb_write(s, buffer, sizeof(buffer));
+ D("sync notify done:%d\n", len);
+ return len;
+}
+
+static int sync_read_label_notify(int s)
+{
+ char buffer[512] = {0,};
+
+ int len = sdb_read(s, buffer, sizeof(buffer));
+ if (len < 0) {
+ D("sync notify read error:%s\n", strerror(errno));
+ return -1;
+ }
+
+ D("sync notify read:%s\n", buffer);
+
+ if (buffer[0] == '0') {
+ D("sync notify failed!\n");
+ exit(-1);
+ }
+ char *path = buffer;
+ path++;
+ path++;
+ set_syncfile_smack_label(path);
+ return len;
+}
+
+
static int fail_errno(int s)
{
return fail_message(s, strerror(errno));
fd_set set;
struct timeval timeout;
int rv;
+ int s[2];
char *buffer = malloc(SYNC_DATA_MAX);
if(buffer == 0) goto fail;
timeout.tv_sec = SYNC_TIMEOUT;
timeout.tv_usec = 0;
+
+ if(sdb_socketpair(s)) {
+ D("cannot create service socket pair\n");
+ exit(-1);
+ }
+
+ pid_t pid = fork();
+
+ if (pid == 0) {
+ sdb_close(s[0]); //close the parent fd
+ sync_read_label_notify(s[1]);
+ } else if (pid > 0) {
+ sdb_close(s[1]);
+ //waitpid(pid, &ret, 0);
+ }
+
for(;;) {
D("sync: waiting for command for %d sec\n", SYNC_TIMEOUT);
break;
case ID_SEND:
if(do_send(fd, name, buffer)) goto fail;
+ sync_send_label_notify(s[0], name, 1);
break;
case ID_RECV:
if(do_recv(fd, name, buffer)) goto fail;
}
fail:
+ sync_send_label_notify(s[0], name, 0);
if(buffer != 0) free(buffer);
D("sync: done\n");
+ sdb_close(s[0]);
+ sdb_close(s[1]);
sdb_close(fd);
}
int HOST = 0;
-static pid_t required_pid = 0;
-
void handle_sig_term(int sig) {
#ifdef SDB_PIDPATH
if (access(SDB_PIDPATH, F_OK) == 0)
int set_developer_privileges() {
gid_t groups[] = { SID_DEVELOPER, SID_APP_LOGGING, SID_SYS_LOGGING, SID_INPUT };
if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) {
- fprintf(stderr, "set groups failed (errno: %d, %s)\n", errno, strerror(errno));
- //exit(1);
+ D("set groups failed (errno: %d, %s)\n", errno, strerror(errno));
}
// then switch user and group to developer
if (setgid(SID_DEVELOPER) != 0) {
- fprintf(stderr, "set group id failed (errno: %d, %s)\n", errno, strerror(errno));
- //exit(1);
+ D("set group id failed (errno: %d, %s)\n", errno, strerror(errno));
return -1;
}
if (setuid(SID_DEVELOPER) != 0) {
- fprintf(stderr, "set user id failed (errno: %d, %s)\n", errno, strerror(errno));
- //exit(1);
+ D("set user id failed (errno: %d, %s)\n", errno, strerror(errno));
return -1;
}
#endif
start_logging();
}
+
D("Event loop starting\n");
fdevent_loop();
int expression; // 0:compare, 1: regx
};
-
-#define SDK_LAUNCH_PATH "/usr/sbin/sdk_launch"
+#define SDK_LAUNCH_PATH "/usr/sbin/sdk_launch"
#define APP_INSTALL_PATH_PREFIX1 "/opt/apps"
#define APP_INSTALL_PATH_PREFIX2 "/opt/usr/apps"
#define GDBSERVER_PATH "/home/developer/sdk_tools/gdbserver/gdbserver"
-#define GDBSERVER_PLATFORM_PATH "/home/developer/sdk_tools/gdbserver-platform/gdbserver"
+#define GDBSERVER_PLATFORM_PATH "/home/developer/sdk_tools/gdbserver-platform/gdbserver"
#define SMACK_LEBEL_SUBJECT_PATH "/proc/self/attr/current"
+#define SMACK_SYNC_FILE_LABEL "*"
#define APP_GROUPS_MAX 100
#define APP_GROUP_LIST "/usr/share/privilege-control/app_group_list"
#define APPID_MAX_LENGTH 50
-#define SDBD_LABEL_NAME "sdbd"
-#define SDK_HOME_LABEL_NAME "sdbd::home"
+#define SDBD_LABEL_NAME "sdbd"
+#define SDK_HOME_LABEL_NAME "sdbd::home"
int verify_commands(const char *arg1);
int verify_root_commands(const char *arg1);