policy checking scheme: add mutex lock for data structure(std::map and std::vector)

Change-Id: I4a213d90dca2447cbd5678083a41c18f10e958fa
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
(cherry picked from commit 82139a81405a9e4ce38ce37439612079643864be)

diff --git a/src/internal/internal.cpp b/src/internal/internal.cpp
index aa0e947..3c3d82b 100755 (executable)
--- a/src/internal/internal.cpp
+++ b/src/internal/internal.cpp
@@ -55,6 +55,12 @@ void __internal_init_flush_logs()
        }
 }
 
+void __internal_init_sup_group(bool bus_type)
+{
+       ldp_xml_parser::XmlParser p;
+       p.updateGroupPolicy(bus_type);
+}
+
 void __internal_enter()
 {
        if (tslog::enabled())

diff --git a/src/internal/internal.h b/src/internal/internal.h
index 94db50b..c10b789 100755 (executable)
--- a/src/internal/internal.h
+++ b/src/internal/internal.h
@@ -46,6 +46,11 @@ extern pthread_mutex_t g_mutex;
 /** Flushes logs. */
 void __internal_init_flush_logs(void);
 
+/** Initializes supplementary groups for current process
+ * \param[in] bus_type Bus type (system/session)
+ */
+void __internal_init_sup_group(bool bus_type);
+
 /** Enables logger mutex */
 void __internal_enter(void);
 

diff --git a/src/internal/naive_policy_db.cpp b/src/internal/naive_policy_db.cpp
index 4c88baf..68f23a3 100755 (executable)
--- a/src/internal/naive_policy_db.cpp
+++ b/src/internal/naive_policy_db.cpp
@@ -296,36 +296,26 @@ void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSetOwn& set,
        }
 }
 
-void NaivePolicyDb::updateSupplementaryGroups(uid_t uid, gid_t gid)
+void NaivePolicyDb::updateSupplementaryGroups(uid_t uid, gid_t gid, const ItemType type)
 {
        auto vsend = &mapSendGroup[uid];
        auto vrecv = &mapRecvGroup[uid];
-       auto vown = &mapOwnGroup[uid];
+       auto vown = (type == ItemType::GENERIC || type == ItemType::OWN) ? &mapOwnGroup[uid] : nullptr;
        int ngroups = 100;
        gid_t groups[100];
-
        struct passwd *user_pw;
+
        user_pw = getpwuid(uid);
        if (!user_pw) {
                if (tslog::enabled())
                        std::cout << "getpwuid failed" << " uid:" << uid << " gid:" << gid << "\n";
-
-               (*vsend).push_back(gid);
-               (*vrecv).push_back(gid);
-               (*vown).push_back(gid);
-
-               return ;
+               goto err;
        }
 
        if (getgrouplist(user_pw->pw_name, gid, groups, &ngroups) == -1) {
                if (tslog::enabled())
                        std::cout << "getgrouplist failed" << " uid:" << uid << " gid:" << gid << "\n";
-
-               (*vsend).push_back(gid);
-               (*vrecv).push_back(gid);
-               (*vown).push_back(gid);
-
-               return ;
+               goto err;
        }
 
        /* insert supplementary group */
@@ -334,36 +324,60 @@ void NaivePolicyDb::updateSupplementaryGroups(uid_t uid, gid_t gid)
                        (*vsend).push_back(groups[i]);
                if (m_receive_set.group.find(groups[i]) != m_receive_set.group.end())
                        (*vrecv).push_back(groups[i]);
-               if (m_own_set.group.find(groups[i]) != m_own_set.group.end())
-                       (*vown).push_back(groups[i]);
        }
 
        if ((*vsend).size() == 0 )
                (*vsend).push_back(-1);
        if ((*vrecv).size() == 0 )
                (*vrecv).push_back(-1);
-       if ((*vown).size() == 0 )
+       if (type == ItemType::GENERIC || type == ItemType::OWN) {
+               for (int i = 0; i < ngroups; i++) {
+                       if (m_own_set.group.find(groups[i]) != m_own_set.group.end())
+                               (*vown).push_back(groups[i]);
+               }
+
+               if ((*vown).size() == 0 )
                (*vown).push_back(-1);
+       }
+
+       return ;
+err:
+       (*vsend).push_back(gid);
+       (*vrecv).push_back(gid);
+       if (type == ItemType::GENERIC || type == ItemType::OWN)
+               (*vown).push_back(gid);
 }
 
 std::vector<gid_t> * NaivePolicyDb::getGroups(uid_t uid, gid_t gid)
 {
-       if (mapOwnGroup[uid].size() == 0)
-               updateSupplementaryGroups(uid, gid);
-       if (mapOwnGroup[uid][0] == (gid_t)-1)
-               return nullptr;
-
+       gid = gid;
        return &mapOwnGroup[uid];
 }
 
 std::vector<gid_t> * NaivePolicyDb::getGroups(uid_t uid, gid_t gid, ItemType type)
 {
+       static gid_t mygid = getgid();
+       static uid_t myuid = getgid();
+
+       if (uid == myuid && gid ==mygid)
+               return (type == ItemType::SEND) ? &mapSendGroup[uid] : &mapRecvGroup[uid];
+
+       pthread_mutex_lock(&mutexGroup);
        auto vgid = (type == ItemType::SEND) ? &mapSendGroup[uid] : &mapRecvGroup[uid];
 
        if ((*vgid).size() == 0)
-               updateSupplementaryGroups(uid, gid);
+               updateSupplementaryGroups(uid, gid, type);
+       pthread_mutex_unlock(&mutexGroup);
+
        if ((*vgid)[0] == (gid_t)-1)
                return nullptr;
 
        return vgid;
 }
+
+void NaivePolicyDb::updateSupGroup()
+{
+       pthread_mutex_lock(&mutexGroup);
+       updateSupplementaryGroups(getuid(), getgid(), ItemType::GENERIC);
+       pthread_mutex_unlock(&mutexGroup);
+}
\ No newline at end of file

diff --git a/src/internal/naive_policy_db.hpp b/src/internal/naive_policy_db.hpp
index dc3ed61..571c31c 100755 (executable)
--- a/src/internal/naive_policy_db.hpp
+++ b/src/internal/naive_policy_db.hpp
@@ -34,10 +34,12 @@ namespace ldp_xml_parser
                std::map<gid_t, std::vector<gid_t>> mapOwnGroup;
                std::map<gid_t, std::vector<gid_t>> mapSendGroup;
                std::map<gid_t, std::vector<gid_t>> mapRecvGroup;
-               void updateSupplementaryGroups(uid_t uid, gid_t gid);
+               pthread_mutex_t mutexGroup = PTHREAD_MUTEX_INITIALIZER;
+               void updateSupplementaryGroups(uid_t uid, gid_t gid, const ItemType type);
        public:
                std::vector<gid_t> * getGroups(uid_t uid, gid_t gid);
                std::vector<gid_t> *getGroups(uid_t uid, gid_t gid, const ItemType type);
+               void updateSupGroup();
        public:
                /** Class containing policy with send/receive rules */
                class PolicySR {

diff --git a/src/internal/policy.cpp b/src/internal/policy.cpp
index 07caa3a..5286cd8 100755 (executable)
--- a/src/internal/policy.cpp
+++ b/src/internal/policy.cpp
@@ -204,6 +204,11 @@ void DbAdapter::updateDb(bool bus, boost::property_tree::ptree& xmlTree, std::ve
        }
 }
 
+void DbAdapter::updateGroupDb(bool bus)
+{
+       policy_checker().db(bus).updateSupGroup();
+}
+
 DecisionItem::DecisionItem(Decision decision, const char* privilege)
        : __decision(decision), __privilege(privilege)
 {

diff --git a/src/internal/policy.hpp b/src/internal/policy.hpp
old mode 100644 (file)
new mode 100755 (executable)
index 344c841..4dd7a6c
--- a/src/internal/policy.hpp
+++ b/src/internal/policy.hpp
@@ -264,6 +264,7 @@ namespace ldp_xml_parser
        public:
                DbAdapter();
                void updateDb(bool bus, boost::property_tree::ptree& xmlTree, std::vector<std::string>& incl_dirs);
+               void updateGroupDb(bool bus);
        };
 }
 #endif

diff --git a/src/internal/xml_parser.hpp b/src/internal/xml_parser.hpp
old mode 100644 (file)
new mode 100755 (executable)
index f874320..6eea72b
--- a/src/internal/xml_parser.hpp
+++ b/src/internal/xml_parser.hpp
@@ -37,12 +37,15 @@ namespace ldp_xml_parser
     class XmlParser : boost::noncopyable
     {
         public:
-           /** Parses given config file for declared bus type */
+            /** Parses given config file for declared bus type */
             ErrCode parsePolicy(bool bus,
                     std::string const &fname) {
                 ErrCode err = parse(bus, fname);
                 return err;
             }
+            void updateGroupPolicy(bool bus) {
+                __adapter.updateGroupDb(bus);
+            }
 
         private:
             /** Vector containing parsed policy */
@@ -51,7 +54,7 @@ namespace ldp_xml_parser
             /** Adapter which allows to access parsed policies */
             DbAdapter __adapter;
 
-           /** Parses config file and all files included in it */
+            /** Parses config file and all files included in it */
             ErrCode parse(bool bus, std::string const &filename) {
                 ErrCode err;
                 std::vector<std::string> incl_files;

diff --git a/src/libdbuspolicy1.c b/src/libdbuspolicy1.c
index 0cd422b..2c04814 100755 (executable)
--- a/src/libdbuspolicy1.c
+++ b/src/libdbuspolicy1.c
@@ -244,6 +244,8 @@ DBUSPOLICY1_EXPORT void* dbuspolicy1_init(const char *bus_path)
                if (rp < 0 && rs < 0) /* when both negative */
                        goto err_close;
 
+               __internal_init_sup_group(bus_type);
+
                init_once[bus_type] = true;
        }