From: seolheui,kim Date: Fri, 25 Nov 2016 05:18:12 +0000 (+0900) Subject: Add fileuser X-Git-Tag: submit/tizen_3.0/20161205.022817^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=024554ec71fb6a8d62ab044adecf85991641391f;p=platform%2Fcore%2Fsecurity%2Fklay.git Add fileuser Change-Id: I8094360a56acb3082b4de876469ddedaa37c65cd Signed-off-by: seolheui,kim --- diff --git a/include/klay/file-user.h b/include/klay/file-user.h new file mode 100644 index 0000000..81d3a39 --- /dev/null +++ b/include/klay/file-user.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __FILE_USER_H__ +#define __FILE_USER_H__ + +#include +#include + +namespace runtime { + +class FileUser final { +public: + FileUser() = delete; + + static bool isUsedAsFD(const std::string &filePath, const pid_t pid, bool isMount = false); + static bool isUsedAsMap(const std::string &filePath, const pid_t pid, bool isMount = false); + static bool isUsedAsCwd(const std::string &filePath, const pid_t pid, bool isMount = false); + static bool isUsedAsRoot(const std::string &filePath, const pid_t pid, bool isMount = false); + + static std::vector getList(const std::string &path, bool isMount = false); +}; + +} // namespace runtime + +#endif /* __FILE_USER_H__ */ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index a9f6ad2..be96c5f 100755 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -18,6 +18,7 @@ SET (KLAY_SOURCES ${KLAY_SRC}/error.cpp ${KLAY_SRC}/eventfd.cpp ${KLAY_SRC}/mainloop.cpp ${KLAY_SRC}/testbench.cpp + ${KLAY_SRC}/file-user.cpp ${KLAY_SRC}/filesystem.cpp ${KLAY_SRC}/thread-pool.cpp ${KLAY_SRC}/file-descriptor.cpp diff --git a/src/file-user.cpp b/src/file-user.cpp new file mode 100644 index 0000000..2dbcfc1 --- /dev/null +++ b/src/file-user.cpp @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include +#include + +#include + +#include +#include +#include +#include + +namespace runtime { + +bool FileUser::isUsedAsFD(const std::string &filePath, const pid_t pid, bool isMount) +{ + std::string path = "/proc/" + std::to_string(pid) + "/fd"; + + try { + File file(filePath); + + for (runtime::DirectoryIterator iter(path), end; iter != end;) { + File cur(path + "/" + iter->getName()); + if ((cur.getInode() == file.getInode() || isMount) && + cur.getDevice() == file.getDevice()) { + return true; + } + ++iter; + } + } catch (runtime::Exception &e) {} + + return false; +} + +bool FileUser::isUsedAsMap(const std::string &filePath, const pid_t pid, bool isMount) +{ + std::string path = "/proc/" + std::to_string(pid) + "/maps"; + + try { + File mapsFile(path, O_RDONLY), file(filePath); + + dev_t dev, devMin, devMaj; + dev = file.getDevice(); + devMin = minor(dev); + devMaj = major(dev); + + std::ifstream mapsStream(path); + std::string mapsInfo; + while (std::getline(mapsStream, mapsInfo)) { + unsigned long long min, maj, inode; + + if (::sscanf(mapsInfo.c_str(), "%*s %*s %*s %llx:%llx %lld", + &maj, &min, &inode) == 3) { + if ((dev_t)maj == devMaj && (dev_t)min == devMin && + ((ino_t)inode == file.getInode() || isMount)) { + return true; + } + } + } + } catch (runtime::Exception &e) {} + + return false; +} + +bool FileUser::isUsedAsCwd(const std::string &filePath, const pid_t pid, bool isMount) +{ + std::string path = "/proc/" + std::to_string(pid) + "/cwd"; + + try { + File file(filePath), cwd(path); + + if ((cwd.getInode() == file.getInode() || isMount) && + cwd.getDevice() == file.getDevice()) { + return true; + } + } catch (runtime::Exception &e) {} + + return false; +} + +bool FileUser::isUsedAsRoot(const std::string &filePath, const pid_t pid, bool isMount) +{ + std::string path = "/proc/" + std::to_string(pid) + "/root"; + + try { + File file(filePath), root(path); + + if ((root.getInode() == file.getInode() || isMount) && + root.getDevice() == file.getDevice()) { + return true; + } + } catch (runtime::Exception &e) {} + + return false; +} + +std::vector FileUser::getList(const std::string &path, bool isMount) +{ + pid_t currentPid = ::getpid(); + std::vector list; + + for (runtime::DirectoryIterator iter("/proc"), end; iter != end;) { + const std::string name = iter->getName(); + if (!std::isdigit(name[0])) { + ++iter; + continue; + } + + pid_t pid = std::stoi(name); + if (pid == currentPid) { + ++iter; + continue; + } + + if (isUsedAsFD(path, pid, isMount) || + isUsedAsMap(path, pid, isMount) || + isUsedAsCwd(path, pid, isMount) || + isUsedAsRoot(path, pid, isMount)) { + list.push_back(pid); + } + ++iter; + } + + return list; +} + +} // namespace runtime