%manifest %{service_name}-test.manifest
%{ro_data_dir}/license/%{name}-test
%{ro_data_dir}/license/%{name}-test.BSL-1.0
-%{bin_dir}/%{service_name}-test
-%{bin_dir}/%{service_name}-internal-test
-%{bin_dir}/%{service_name}-popup-test
-%{bin_dir}/%{service_name}-threadpool-test
+%attr(-, %{service_user}, %{service_group}) %{bin_dir}/%{service_name}-test
+%attr(-, %{service_user}, %{service_group}) %{bin_dir}/%{service_name}-internal-test
+%attr(-, %{service_user}, %{service_group}) %{bin_dir}/%{service_name}-popup-test
+%attr(-, %{service_user}, %{service_group}) %{bin_dir}/%{service_name}-threadpool-test
# test resources
-%dir %{test_dir}
-%{test_dir}/*
+%dir %attr(-, %{service_user}, %{service_group}) %{test_dir}
+%attr(-, %{service_user}, %{service_group}) %{test_dir}/*
<smack request="device::app_logging" type="rw" />
<smack request="sys-assert::core" type="rwxat" />
<smack request="systemd" type="rx" />
- <smack request="csr" type="rwxat" />
+ <smack request="@SERVICE_NAME@" type="rwxat" />
<smack request="sdbd" type="rx" />
<smack request="pkgmgr::db" type="rwx" />
</request>
<smack permit="_" type="rx" />
<smack permit="pkgmgr" type="rx" />
<smack permit="pkgmgr-server" type="rx" />
+ <smack permit="@SERVICE_NAME@" type="rwxat" />
</permit>
</define>
<request>
<smack request="pulseaudio" type="w" />
<smack request="sdbd" type="rx" />
<smack request="pkgmgr::db" type="rwx" />
-
- <smack request="csr-test" type="rwxat" />
</request>
<permit>
<smack permit="_" type="rx" />
sqlite3
glib-2.0
pkgmgr
- libsmack
)
SET(${TARGET_CSR_SERVER}_SRCS
*/
#include "service/access-control.h"
-#include <memory>
-#include <cstring>
-#include <sys/smack.h>
-
-#include "common/audit/logger.h"
-#include "common/exception.h"
-#include "service/fs-utils.h"
+#include <unistd.h>
namespace Csr {
-namespace {
-
-bool hasPermToWriteDac(const Credential &cred, const std::string &filepath)
-{
- auto statptr = getStat(filepath);
- return (cred.uid == statptr->st_uid && (statptr->st_mode & S_IWUSR)) ||
- (cred.gid == statptr->st_gid && (statptr->st_mode & S_IWGRP)) ||
- (statptr->st_mode & S_IWOTH);
-}
-
-bool hasPermToWriteMac(const Credential &cred, const std::string &filepath)
-{
- char *label = nullptr;
- int ret = smack_getlabel(filepath.c_str(), &label, SMACK_LABEL_ACCESS);
- if (ret != 0)
- ThrowExc(InternalError, "get smack label failed from file: " << filepath <<
- " ret: " << ret);
-
- std::unique_ptr<char, void(*)(void *)> labelptr(label, ::free);
-
- ret = smack_have_access(cred.label.c_str(), label, "w");
- if (ret == -1)
- ThrowExc(InternalError, "smack_have_access err on file: " << filepath <<
- " errno: " << errno);
-
- return ret == 1;
-}
-
-} // namespace anonymous
-
-bool hasPermToRemove(const Credential &cred, const std::string &filepath)
+bool hasPermToRemove(const std::string &filepath)
{
auto parent = filepath.substr(0, filepath.find_last_of('/'));
-
- return hasPermToWriteDac(cred, parent) && hasPermToWriteMac(cred, parent);
-
+ return access(parent.c_str(), W_OK) == 0;
}
}
#include <string>
-#include "common/credential.h"
-
namespace Csr {
// filepath should be absolute and not ended with '/'
-bool hasPermToRemove(const Credential &cred, const std::string &filepath);
+bool hasPermToRemove(const std::string &filepath);
}
} // namespace anonymous
-Logic::Logic(ThreadPool &pool) :
- m_workqueue(pool),
+Logic::Logic() :
m_cs(new CsLoader(CS_ENGINE_PATH)),
m_wp(new WpLoader(WP_ENGINE_PATH)),
m_db(new Db::Manager(RW_DBSPACE "/.csr.db", RO_DBSPACE))
EXCEPTION_GUARD_END
}
-RawBuffer Logic::getScannableFiles(const Credential &cred, const std::string &dir)
+RawBuffer Logic::getScannableFiles(const std::string &dir)
{
EXCEPTION_GUARD_START
auto lastScanTime = m_db->getLastScanTime(dir, m_csDataVersion);
- StrSet filesetForClient;
- auto filesetForServer = std::make_shared<StrSet>();
+ FsVisitorPtr visitor;
try {
- auto visitor = FsVisitor::create(dir, lastScanTime);
-
- if (visitor == nullptr)
- return BinaryQueue::Serialize(CSR_ERROR_INVALID_PARAMETER, StrSet()).pop();
-
- while (auto file = visitor->next()) {
- DEBUG("In dir[" << dir << "], Scannable file[" << file->getPath() << "]");
-
- if (hasPermToRemove(cred, file->getPath()))
- filesetForClient.insert(file->getPath());
- else
- filesetForServer->insert(file->getPath());
- }
+ visitor = FsVisitor::create(dir, lastScanTime);
} catch (const FileDoNotExist &) {
WARN("Directory isn't exist: " << dir << " return success with empty file set "
"to skip it softly.");
return BinaryQueue::Serialize(CSR_ERROR_NONE, StrSet()).pop();
}
+ StrSet fileset;
+
+ while (auto file = visitor->next()) {
+ if (hasPermToRemove(file->getPath())) {
+ DEBUG("Scannable file[" << file->getPath() << "]");
+ fileset.insert(file->getPath());
+ }
+ }
+
if (lastScanTime != -1) {
// for case: scan history exist and not modified.
for (auto &row : m_db->getDetectedMalwares(dir))
- filesetForClient.insert(row->targetName);
+ fileset.insert(row->targetName);
}
- // no fileset for server-only or dir is scanning in background already.. just skip
- if (filesetForServer->empty() || m_scanningDirs.count(dir) != 0)
- return BinaryQueue::Serialize(CSR_ERROR_NONE, filesetForClient).pop();
-
// update last scan time before start.
// to set scan time early is safe because file which is modified between
// scan start time and end time will be traversed by FsVisitor and re-scanned
// being compared to start time as modified since.
m_db->insertLastScanTime(dir, time(nullptr), m_csDataVersion);
- m_workqueue.submit([this, dir, filesetForServer]() {
- {
- std::lock_guard<std::mutex> l(this->m_mutex);
- this->m_scanningDirs.insert(dir);
- }
-
- // TODO: how to set default option of scan on cloud?
- // ask user -> not ask user
- // message -> none because not ask user
- // core usage -> default
- CsContext context;
-
- for (auto file : *filesetForServer) {
- // results are registered to db automatically
- // so need not to handle returned data
- this->scanFileHelper(context, file);
- }
-
- {
- std::lock_guard<std::mutex> l(this->m_mutex);
- this->m_scanningDirs.erase(dir);
- }
- });
-
- return BinaryQueue::Serialize(CSR_ERROR_NONE, filesetForClient).pop();
+ return BinaryQueue::Serialize(CSR_ERROR_NONE, fileset).pop();
EXCEPTION_GUARD_CLOSER(ret)
class Logic {
public:
- Logic(ThreadPool &);
+ Logic();
virtual ~Logic();
void submit(std::function<void()> &&task);
RawBuffer scanData(const CsContext &context, const RawBuffer &data);
RawBuffer scanFile(const CsContext &context, const std::string &filepath);
- RawBuffer getScannableFiles(const Credential &cred, const std::string &dir);
+ RawBuffer getScannableFiles(const std::string &dir);
RawBuffer judgeStatus(const std::string &filepath, csr_cs_action_e action);
RawBuffer getDetected(const std::string &filepath);
RawBuffer getDetectedList(const StrSet &dirSet);
static csr_wp_user_response_e getUserResponse(const WpContext &,
const std::string &url, const WpResult &);
- // internal task submit to thread pool for background scanning
- ThreadPool &m_workqueue;
- std::mutex m_mutex;
- StrSet m_scanningDirs;
-
std::shared_ptr<CsLoader> m_cs;
std::shared_ptr<WpLoader> m_wp;
std::unique_ptr<Db::Manager> m_db;
namespace Csr {
ServerService::ServerService(const std::string &address) :
- Service(address),
- m_workqueue(2, 10),
- m_logic(m_workqueue)
+ Service(address), m_workqueue(2, 10)
{
}
{
}
-RawBuffer ServerService::process(const ConnShPtr &conn, RawBuffer &data)
+RawBuffer ServerService::process(const ConnShPtr &, RawBuffer &data)
{
CommandId id;
std::string dir;
q.Deserialize(dir);
- return m_logic.getScannableFiles(conn->getCredential(), dir);
+ return m_logic.getScannableFiles(dir);
}
case CommandId::JUDGE_STATUS: {
l.unlock();
ASSERT_IF(testCtx.completedCnt, 1);
- ASSERT_IF(testCtx.scannedCnt + testCtx.detectedCnt, 8);
+ ASSERT_IF(testCtx.detectedCnt, 0);
ASSERT_IF(testCtx.cancelledCnt, 0);
ASSERT_IF(testCtx.errorCnt, 0);
+ ASSERT_IF(testCtx.scannedCnt == 8 || testCtx.scannedCnt == 0, true); // in case of delta
EXCEPTION_GUARD_END
}
l.unlock();
ASSERT_IF(testCtx.completedCnt, 1);
- ASSERT_IF(testCtx.scannedCnt + testCtx.detectedCnt, 8);
+ ASSERT_IF(testCtx.detectedCnt, 0);
ASSERT_IF(testCtx.cancelledCnt, 0);
ASSERT_IF(testCtx.errorCnt, 0);
+ ASSERT_IF(testCtx.scannedCnt == 8 || testCtx.scannedCnt == 0, true); // in case of delta
EXCEPTION_GUARD_END
}