}
static int __accept_candidate_process(int server_fd, int *out_client_fd,
- int *out_client_pid)
+ int *out_client_pid, int cpc_pid)
{
int client_fd = -1;
- int client_pid = 0;
- int recv_ret = 0;
+ int recv_pid = 0;
+ int ret;
+ socklen_t len;
+ struct ucred cred = {};
if (server_fd == -1 || out_client_fd == NULL ||
out_client_pid == NULL) {
goto error;
}
- recv_ret = recv(client_fd, &client_pid, sizeof(client_pid),
- MSG_WAITALL);
- if (recv_ret == -1) {
+ ret = recv(client_fd, &recv_pid, sizeof(recv_pid), MSG_WAITALL);
+ if (ret == -1) {
_E("recv error!");
goto error;
}
+ len = sizeof(cred);
+ ret = getsockopt(client_fd, SOL_SOCKET, SO_PEERCRED, &cred, &len);
+ if (ret < 0) {
+ _E("getsockopt error");
+ goto error;
+ }
+
+ if (cred.pid != cpc_pid) {
+ _E("Invalid accept. pid(%d)", cred.pid);
+ goto error;
+ }
+
+ if (cred.pid != recv_pid)
+ _W("Not equal recv and real pid");
+
*out_client_fd = client_fd;
- *out_client_pid = client_pid;
+ *out_client_pid = cred.pid;
return *out_client_fd;
return false;
if (!cpc->prepared) {
- ret = __accept_candidate_process(fd, &client_fd, &client_pid);
+ ret = __accept_candidate_process(fd, &client_fd, &client_pid,
+ cpc->pid);
if (ret >= 0) {
/* for hydra need to set pid to pid of non-hydra candidate, */
/* which is connecting now */
return false;
if (!cpc->prepared) {
- ret = __accept_candidate_process(fd, &client_fd, &client_pid);
+ ret = __accept_candidate_process(fd, &client_fd, &client_pid,
+ cpc->pid);
if (ret >= 0) {
cpc->hydra_fd = client_fd;
return false;
}
+ _D("fd(%d) condition(%d)", fd, cond);
_log_print("[LABEL]", "fd(%d), condition(%d)", fd, cond);
security_manager_app_labels_monitor_process(label_monitor);