using namespace SecurityManager;
MessageBuffer send, recv;
- LogDebug("app_install() called");
-
return try_catch([&] {
//checking parameters
if (!p_req)
//send buffer to server
int retval = sendToServer(SERVICE_SOCKET_INSTALLER, send.Pop(), recv);
if (retval != SECURITY_MANAGER_API_SUCCESS) {
- LogDebug("Error in sendToServer. Error code: " << retval);
+ LogError("Error in sendToServer. Error code: " << retval);
return SECURITY_MANAGER_ERROR_UNKNOWN;
}
using namespace SecurityManager;
MessageBuffer send, recv;
- LogDebug("app_uninstall() called");
-
return try_catch([&] {
//checking parameters
if (!p_req)
//send buffer to server
int retval = sendToServer(SERVICE_SOCKET_INSTALLER, send.Pop(), recv);
if (retval != SECURITY_MANAGER_API_SUCCESS) {
- LogDebug("Error in sendToServer. Error code: " << retval);
+ LogError("Error in sendToServer. Error code: " << retval);
return SECURITY_MANAGER_ERROR_UNKNOWN;
}
void MessageBuffer::Read(size_t num, void *bytes) {
CountBytesLeft();
if (num > m_bytesLeft) {
- LogDebug("Protocol broken. OutOfData. Asked for: " << num << " Ready: " << m_bytesLeft << " Buffer.size(): " << m_buffer.Size());
+ LogError("Protocol broken. OutOfData. Asked for: " << num << " Ready: " << m_bytesLeft << " Buffer.size(): " << m_buffer.Size());
Throw(Exception::OutOfData);
}
Queries.at(QueryType::EPkgIdExists));
command->BindString(1, pkgId.c_str());
if (command->Step()) {
- LogPedantic("PkgId: " << pkgId << " found in database");
+ // pkgId found in the database
command->Reset();
return true;
};
+ // pkgId not found in the database
return false;
});
}
return false;
}
+ // application package found in the database, get it
pkgId = command->GetColumnString(0);
+
return true;
});
}
command->BindString(2, pkgId.c_str());
if (command->Step()) {
- LogPedantic("Unexpected SQLITE_ROW answer to query: " <<
+ LogDebug("Unexpected SQLITE_ROW answer to query: " <<
Queries.at(QueryType::EAddApplication));
};
command->Reset();
- LogPedantic( "Added appId: " << appId << ", pkgId: " << pkgId);
+ LogDebug("Added appId: " << appId << ", pkgId: " << pkgId);
});
}
command->BindString(1, appId.c_str());
if (command->Step()) {
- LogPedantic("Unexpected SQLITE_ROW answer to query: " <<
+ LogDebug("Unexpected SQLITE_ROW answer to query: " <<
Queries.at(QueryType::ERemoveApplication));
};
command->Reset();
- LogPedantic( "Removed appId: " << appId);
+ LogDebug("Removed appId: " << appId);
pkgIdIsNoMore = !(this->PkgIdExists(pkgId));
});
while (command->Step()) {
std::string privilege = command->GetColumnString(0);
- LogPedantic ("Got privilege: "<< privilege);
+ LogDebug("Got privilege: " << privilege);
currentPrivileges.push_back(privilege);
};
});
mSqlConnection->PrepareDataCommand(Queries.at(QueryType::ERemoveAppPrivileges));
command->BindString(1, appId.c_str());
- command->Step();
+ if (command->Step()) {
+ LogDebug("Unexpected SQLITE_ROW answer to query: " <<
+ Queries.at(QueryType::ERemoveAppPrivileges));
+ }
+
+ LogDebug("Removed all privileges for appId: " << appId);
});
}
command->BindString(2, privilege.c_str());
command->Step();
command->Reset();
+ LogDebug("Added privilege: " << privilege << " to appId: " << appId);
}
});
}
// LogInfo("Accept on sock: " << sock << " Socket opended: " << client);
if (-1 == client) {
int err = errno;
- LogDebug("Error in accept: " << strerror(err));
+ LogError("Error in accept: " << strerror(err));
return;
}
case EINTR:
break;
default:
- LogDebug("Reading sock error: " << strerror(err));
+ LogError("Reading sock error: " << strerror(err));
CloseSocket(sock);
}
}
break;
case EPIPE:
default:
- LogDebug("Error during send: " << strerror(err));
+ LogError("Error during send: " << strerror(err));
CloseSocket(sock);
break;
}
break;
case EPIPE:
default:
- LogDebug("Error during write: " << strerror(err));
+ LogError("Error during write: " << strerror(err));
CloseSocket(sock);
break;
}
switch (call_type) {
case SecurityModuleCall::APP_INSTALL:
+ LogDebug("call_type: SecurityModuleCall::APP_INSTALL");
processAppInstall(buffer, send);
break;
case SecurityModuleCall::APP_UNINSTALL:
+ LogDebug("call_type: SecurityModuleCall::APP_UNINSTALL");
processAppUninstall(buffer, send);
break;
case SecurityModuleCall::APP_GET_PKGID:
Deserialization::Deserialize(buffer, req.privileges);
Deserialization::Deserialize(buffer, req.appPaths);
- LogDebug("appId: " << req.appId);
- LogDebug("pkgId: " << req.pkgId);
-
std::string smackLabel;
if (!generateAppLabel(req.pkgId, smackLabel)) {
- LogError("Cannot generate Smack label for package");
+ LogError("Cannot generate Smack label for package: " << req.pkgId);
Serialization::Serialize(send, SECURITY_MANAGER_API_ERROR_SERVER_ERROR);
return false;
}
- LogDebug("Smack label: " << smackLabel);
- // create null terminated array of strigns for permissions
+ LogDebug("Install parameters: appId: " << req.appId << ", pkgId: " << req.pkgId
+ << ", generated smack label: " << smackLabel);
+
+ // create null terminated array of strings for permissions
std::unique_ptr<const char *[]> pp_permissions(new const char* [req.privileges.size() + 1]);
for (size_t i = 0; i < req.privileges.size(); ++i) {
- LogDebug("Permission = " << req.privileges[i]);
+ LogDebug(" Permission = " << req.privileges[i]);
pp_permissions[i] = req.privileges[i].c_str();
}
pp_permissions[req.privileges.size()] = nullptr;
// start database transaction
int result = perm_begin();
- LogDebug("perm_begin() returned " << result);
if (PC_OPERATION_SUCCESS != result) {
// libprivilege is locked
+ LogError("perm_begin() returned " << result);
Serialization::Serialize(send, SECURITY_MANAGER_API_ERROR_SERVER_ERROR);
return false;
}
result = perm_app_install(smackLabel.c_str());
- LogDebug("perm_app_install() returned " << result);
if (PC_OPERATION_SUCCESS != result) {
// libprivilege error
+ LogError("perm_app_install() returned " << result);
goto error_label;
}
result = perm_app_enable_permissions(smackLabel.c_str(), APP_TYPE_WGT,
pp_permissions.get(), true);
- LogDebug("perm_app_enable_permissions() returned " << result);
if (PC_OPERATION_SUCCESS != result) {
// libprivilege error
+ LogError("perm_app_enable_permissions() returned " << result);
goto error_label;
}
result = setupPath(req.pkgId, path, pathType);
if (!result) {
- LogDebug("setupPath() failed ");
+ LogError("setupPath() failed");
goto error_label;
}
}
// finish database transaction
result = perm_end();
- LogDebug("perm_end() returned " << result);
if (PC_OPERATION_SUCCESS != result) {
+ LogError("perm_end() returned " << result);
if (pkgIdIsNew)
if (!SmackRules::uninstallPackageRules(req.pkgId))
LogWarning("Failed to rollback package-specific smack rules");
error_label:
// rollback failed transaction before exiting
result = perm_rollback();
- LogDebug("perm_rollback() returned " << result);
+ if (PC_OPERATION_SUCCESS != result)
+ LogError("perm_rollback() returned " << result);
Serialization::Serialize(send, SECURITY_MANAGER_API_ERROR_SERVER_ERROR);
return false;
}
bool removePkg = false;
Deserialization::Deserialize(buffer, appId);
- LogDebug("appId: " << appId);
int result = perm_begin();
- LogDebug("perm_begin() returned " << result);
if (PC_OPERATION_SUCCESS != result) {
+ // libprivilege is locked
+ LogError("perm_begin() returned " << result);
Serialization::Serialize(send, SECURITY_MANAGER_API_ERROR_SERVER_ERROR);
return false;
}
m_privilegeDb.RollbackTransaction();
appExists = false;
} else {
- LogDebug("pkgId: " << pkgId);
-
if (!generateAppLabel(pkgId, smackLabel)) {
- LogError("Cannot generate Smack label for package");
+ LogError("Cannot generate Smack label for package: " << pkgId);
goto error_label;
}
- LogDebug("Smack label: " << smackLabel);
+
+ LogDebug("Unnstall parameters: appId: " << appId << ", pkgId: " << pkgId
+ << ", generated smack label: " << smackLabel);
m_privilegeDb.GetPkgPrivileges(pkgId, oldPkgPrivileges);
m_privilegeDb.UpdateAppPrivileges(appId, std::vector<std::string>());
if (appExists) {
result = perm_app_uninstall(smackLabel.c_str());
- LogDebug("perm_app_uninstall() returned " << result);
if (PC_OPERATION_SUCCESS != result) {
// error in libprivilege-control
+ LogError("perm_app_uninstall() returned " << result);
goto error_label;
}
// finish database transaction
result = perm_end();
- LogDebug("perm_end() returned " << result);
if (PC_OPERATION_SUCCESS != result) {
// error in libprivilege-control
+ LogError("perm_end() returned " << result);
Serialization::Serialize(send, SECURITY_MANAGER_API_ERROR_SERVER_ERROR);
return false;
}
error_label:
// rollback failed transaction before exiting
result = perm_rollback();
- LogDebug("perm_rollback() returned " << result);
+ if (PC_OPERATION_SUCCESS != result)
+ LogError("perm_rollback() returned " << result);
Serialization::Serialize(send, SECURITY_MANAGER_API_ERROR_SERVER_ERROR);
return false;
}
static FileDecision labelAll(const FTSENT *ftsent __attribute__((unused)))
{
- LogDebug("Entering function: " << __func__);
-
return FileDecision::LABEL;
}
static FileDecision labelDirs(const FTSENT *ftsent)
{
- LogDebug("Entering function: " << __func__);
-
// label only directories
if (S_ISDIR(ftsent->fts_statp->st_mode))
return FileDecision::LABEL;
static FileDecision labelExecs(const FTSENT *ftsent)
{
- LogDebug("Entering function: " << __func__);
-
- LogDebug("Mode = " << ftsent->fts_statp->st_mode);
+ // LogDebug("Mode = " << ftsent->fts_statp->st_mode); // this could be helpfull in debugging
// label only regular executable files
if (S_ISREG(ftsent->fts_statp->st_mode) && (ftsent->fts_statp->st_mode & S_IXUSR))
return FileDecision::LABEL;
static FileDecision labelLinksToExecs(const FTSENT *ftsent)
{
- LogDebug("Entering function: " << __func__);
-
struct stat buf;
// check if it's a link
}
// skip if link target is not a regular executable file
if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
- LogDebug(target.get() << "is not a regular executable file. Skipping.");
+ // LogDebug(target.get() << "is not a regular executable file. Skipping.");
return FileDecision::SKIP;
}
static bool dirSetSmack(const std::string &path, const std::string &label,
const char *xattr_name, LabelDecisionFn fn)
{
- LogDebug("Entering function: "<< __func__ <<". Params:"
- " path=" << path << ", label=" << label << ", xattr=" << xattr_name);
-
-
char *const path_argv[] = {const_cast<char *>(path.c_str()), NULL};
FTSENT *ftsent;
FileDecision ret;
static bool labelDir(const std::string &path, const std::string &label,
bool set_transmutable, bool set_executables)
{
- LogDebug("Entering function: "<< __func__ <<". Params:"
- " path=" << path << " label= " << label
- << " set_transmutable= " << set_transmutable
- << " set_executables= " << set_executables);
bool ret = true;
// setting access label on everything in given directory and below
fd = TEMP_FAILURE_RETRY(open(path.c_str(), O_RDONLY));
if (fd == -1) {
- LogError("Failed to open file: %s" << path);
+ LogError("Failed to open file: " << path);
return false;
}
if (smack_accesses_add_from_file(m_handle, fd)) {
- LogError("Failed to load smack rules from file: %s" << path);
+ LogError("Failed to load smack rules from file: " << path);
ret = false;
}
fd = TEMP_FAILURE_RETRY(open(path.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0644));
if (fd == -1) {
- LogError("Failed to create file: %s" << path);
+ LogError("Failed to create file: " << path);
return false;
}
if (smack_accesses_save(m_handle, fd)) {
- LogError("Failed to save rules to file: %s" << path);
+ LogError("Failed to save rules to file: " << path);
unlink(path.c_str());
ret = false;
}
projects / platform / core / security / security-manager.git / commitdiff