Before running client in off-line mode, attempt to socket-activate the server

Security-manager is started by systemd on socket-activation basis. This
means that it won't start unless a client connects to its socket. But
client library attempts to detect off-line mode by checking whether the
service is already running. This leads to erroneous off-line runs when in
fact a message should be sent over socket to activate the service.

This change adds one more step to off-line mode detection. When the service
isn't running, client will send a special NOOP message over socket.
If systemd manages to activate security-manager service, normal on-line
operation is then performed.

Change-Id: I94b1b10af24e3b90d048fe1b96b8d870da785d8b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

diff --git a/src/client/client-offline.cpp b/src/client/client-offline.cpp
index 115051a29814a49a5f94ec5c6dd915342838378c..f926d772a3deab1cccc2a191ee7e9c92a7dae0a3 100644 (file)
--- a/src/client/client-offline.cpp
+++ b/src/client/client-offline.cpp
@@ -22,6 +22,10 @@
  * @brief       Helper class for client "off-line" mode detection
  */
 
+#include <client-common.h>
+#include <message-buffer.h>
+#include <protocols.h>
+#include <dpl/serialization.h>
 #include <dpl/log/log.h>
 #include "client-offline.h"
 
@@ -33,7 +37,21 @@ ClientOffline::ClientOffline()
     serviceLock = nullptr;
     try {
         serviceLock = new SecurityManager::FileLocker(SecurityManager::SERVICE_LOCK_FILE, false);
-        offlineMode = serviceLock->Locked();
+        if (serviceLock->Locked()) {
+            int retval;
+            MessageBuffer send, recv;
+
+            LogInfo("Service isn't running, try to trigger it via socket activation.");
+            serviceLock->Unlock();
+            Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::NOOP));
+            retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+            if (retval != SECURITY_MANAGER_API_SUCCESS) {
+                LogInfo("Socket activation attempt failed.");
+                serviceLock->Lock();
+                offlineMode = serviceLock->Locked();
+            } else
+                LogInfo("Service seems to be running now.");
+        }
     } catch (...) {
         /* Ignore exceptions, assume on-line */
     }

diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp
index 1b9b0b8da4078aeb6c2848465f53e9895e6cf868..36b2ccb72c965c663640dc4f3af60060e813ed69 100644 (file)
--- a/src/common/file-lock.cpp
+++ b/src/common/file-lock.cpp
@@ -98,6 +98,7 @@ void FileLocker::Unlock()
 {
     if (m_locked) {
         m_flock.unlock();
+        m_locked = false;
         LogDebug("Lock released.");
     }
 }

diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h
index 620d757955aed093fc4f0b8b89cbff029bc1ff1b..604b0193fd550b40b68b62d1010c71f93497340e 100644 (file)
--- a/src/common/include/file-lock.h
+++ b/src/common/include/file-lock.h
@@ -50,8 +50,6 @@ public:
     ~FileLocker();
 
     bool Locked();
-
-protected:
     void Lock();
     void Unlock();
 

diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h
index 907a41a621f69c3d86dead3951ce25237842fe0c..20902ba39b98bbfe4cf4afd31253426f04f3026a 100644 (file)
--- a/src/common/include/protocols.h
+++ b/src/common/include/protocols.h
@@ -131,6 +131,7 @@ enum class SecurityModuleCall
     GET_POLICY,
     GET_CONF_POLICY_ADMIN,
     GET_CONF_POLICY_SELF,
+    NOOP = 0x90,
 };
 
 } // namespace SecurityManager

diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp
index 7f75bed58c3d2c519ac6eb87ed2748a596eacd95..ca0bf528bd222c09788e07d3fa1b12960102db61 100644 (file)
--- a/src/server/service/service.cpp
+++ b/src/server/service/service.cpp
@@ -94,6 +94,10 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer,
             SecurityModuleCall call_type = static_cast<SecurityModuleCall>(call_type_int);
 
             switch (call_type) {
+                case SecurityModuleCall::NOOP:
+                    LogDebug("call_type: SecurityModuleCall::NOOP");
+                    Serialization::Serialize(send, SECURITY_MANAGER_API_SUCCESS);
+                    break;
                 case SecurityModuleCall::APP_INSTALL:
                     LogDebug("call_type: SecurityModuleCall::APP_INSTALL");
                     processAppInstall(buffer, send, uid);