return PC_ERR_NOT_PERMITTED;
}
+
+
+static int get_user_groups(uid_t user_id, int *nbgroup, gid_t **groups_list)
+{
+ gid_t *groups = NULL;
+ struct passwd * pw;
+ C_LOGD("Enter function: %s", __func__);
+
+ if ((!groups_list) || (!nbgroup))
+ return PC_ERR_INVALID_OPERATION;
+ pw = getpwuid(user_id);
+ if(!pw) {
+ C_LOGE("getgrouplist fails : Invalid User ID %d",user_id);
+ return PC_ERR_INVALID_OPERATION;
+ }
+ *nbgroup = 0;
+ //First call is done with *ngroup = 0 to get the number of groups found for the user (Usefull for next malloc operation). It should return -1 in this case.
+ if (getgrouplist(pw->pw_name, pw->pw_gid, groups, nbgroup) != -1)
+ return PC_ERR_INVALID_OPERATION;
+
+ C_LOGD("getgrouplist %s user is member of %d groups ",pw->pw_name,*nbgroup);
+ groups = malloc(*nbgroup * sizeof (gid_t));
+ if (!groups)
+ return PC_ERR_INVALID_OPERATION;
+ //Second call is done with the suitable ngroup value and structure groups allocated.
+ if (getgrouplist(pw->pw_name, pw->pw_gid, groups, nbgroup) == -1) {
+ free(groups);
+ C_LOGE("getgrouplist fails %d",nbgroup);
+ return PC_ERR_INVALID_OPERATION;
+ }
+ *groups_list = groups;
+ return PC_OPERATION_SUCCESS;
+}
+
static int set_dac(const char *smack_label, const char *pkg_name)
{
C_LOGD("Enter function: %s", __func__);
- FILE* fp_group = NULL; // /etc/group
uid_t t_uid = -1; // uid of current process
gid_t *glist = NULL; // group list
- gid_t temp_gid = -1; // for group list
- char buf[10] = {0, }; // contents in group_list file
int glist_cnt = 0; // for group list
int result;
int i;
usr.uid = APP_UID;
usr.gid = APP_GID;
strncpy(usr.home_dir, APP_HOME_DIR, sizeof(usr.home_dir));
- strncpy(usr.group_list, APP_GROUP_PATH, sizeof(usr.group_list));
}
/*
* get group information
*/
C_LOGD("get group information");
- if(!(fp_group = fopen(usr.group_list, "r")))
- {
- C_LOGE("[ERR] file open error: [%s]\n", usr.group_list);
+ if (get_user_groups(usr.uid, &glist_cnt, &glist)) {
result = PC_ERR_FILE_OPERATION; // return -1
goto error;
}
-
- while(fgets(buf, 10, fp_group) != NULL)
- {
- errno = 0;
- temp_gid = strtoul(buf, 0, 10);
- if(errno != 0) // error occured during strtoul()
- {
- C_LOGE("[ERR] cannot change string to integer: [%s]", buf);
- result = PC_ERR_INVALID_OPERATION;
- goto error;
- }
-
- glist = (gid_t*)realloc(glist, sizeof(gid_t) * (glist_cnt + 1));
- if(!glist)
- {
- result = PC_ERR_MEM_OPERATION; // return -2
- C_LOGE("Cannot allocate memory");
- goto error;
- }
- glist[glist_cnt] = temp_gid;
- glist_cnt++;
- }
- fclose(fp_group);
- fp_group = NULL;
-
{
gid_t *glist_new;
int i, cnt;
result = PC_OPERATION_SUCCESS;
error:
- if(fp_group != NULL)
- fclose(fp_group);
if(glist != NULL)
free(glist);
free(additional_gids);
projects / platform / core / security / libprivilege-control.git / commitdiff