From: Dongwoo Lee Date: Tue, 13 Sep 2022 08:08:54 +0000 (+0900) Subject: monitor: providing ip socket server when debug mode is enabled X-Git-Tag: accepted/tizen/unified/20220917.094318~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=152061441eb8353b4569ad2db473571b1eb43b10;p=platform%2Fcore%2Fsystem%2Fpass.git monitor: providing ip socket server when debug mode is enabled To protect against attacks using network socket vulnerabilities, open the TCP/IP based socket interface only when debug mode is enabled. Change-Id: Ie8b3d392b783c63225f30f6dc611524ccb7c6a09 Signed-off-by: Dongwoo Lee --- diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h index 38b4e62..25413f9 100644 --- a/include/monitor/monitor.h +++ b/include/monitor/monitor.h @@ -41,6 +41,8 @@ struct monitor { }; struct monitor *monitor_get(void); +gboolean monitor_get_debug_mode(void); +void monitor_set_debug_mode(gboolean on); int monitor_thread_init(struct monitor *monitor); void monitor_thread_exit(struct monitor *monitor); @@ -55,4 +57,5 @@ void monitor_command_exit(struct monitor_command *cmd); int request_server_init(void); void request_server_exit(void); + #endif diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index dd0e818..b412f93 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -24,12 +24,23 @@ #include static struct monitor g_monitor; +static gboolean g_debug_mode; struct monitor *monitor_get(void) { return &g_monitor; } +gboolean monitor_get_debug_mode(void) +{ + return g_debug_mode; +} + +void monitor_set_debug_mode(gboolean on) +{ + g_debug_mode = on; +} + static int monitor_setup(void *data, void *user_data) { int ret; diff --git a/src/monitor/request-handler.c b/src/monitor/request-handler.c index 324d0fc..5d2d8bd 100644 --- a/src/monitor/request-handler.c +++ b/src/monitor/request-handler.c @@ -1177,7 +1177,7 @@ static int request_server_func(void *ctx, void **result) struct sockaddr_in ip_address; struct timeval wait; int server_unix_socket; - int server_ip_socket; + int server_ip_socket = 0; int unix_addrlen; int ip_addrlen; int ret; @@ -1193,15 +1193,11 @@ static int request_server_func(void *ctx, void **result) if (ret < 0) goto error_out; - /* initialize TCP socket */ - ret = init_ip_socket(&server_ip_socket, &ip_address, &ip_addrlen); - if (ret < 0) - goto error_out_close_server_unix_socket; - while (g_request_server_run) { FD_ZERO(&fds); FD_SET(server_unix_socket, &fds); - FD_SET(server_ip_socket, &fds); + if (server_ip_socket) + FD_SET(server_ip_socket, &fds); wait.tv_sec = 1; wait.tv_usec = 0; @@ -1224,7 +1220,7 @@ static int request_server_func(void *ctx, void **result) create_request_client(new_socket); } - if (FD_ISSET(server_ip_socket, &fds)) { + if (server_ip_socket && FD_ISSET(server_ip_socket, &fds)) { int new_socket = accept(server_ip_socket, (struct sockaddr *)&ip_address, (socklen_t *)&ip_addrlen); @@ -1235,15 +1231,34 @@ static int request_server_func(void *ctx, void **result) create_request_client(new_socket); } + + if (!server_ip_socket && (monitor_get_debug_mode() == TRUE)) { + /* + * FIXME: + * server_ip_socket activation can be deferred since it + * will be done after timeout of select is expired. So, + * when the timeout is extended, this activation should be + * done by other ways in order to prevent unacceptable + * delays. + */ + ret = init_ip_socket(&server_ip_socket, &ip_address, &ip_addrlen); + if (ret < 0) + goto error_out_close_server_unix_socket; + } else if (server_ip_socket && (monitor_get_debug_mode() == FALSE)) { + close(server_ip_socket); + server_ip_socket = 0; + } } - close(server_ip_socket); close(server_unix_socket); + if (server_ip_socket) + close(server_ip_socket); return THREAD_RETURN_DONE; error_out_close: - close(server_ip_socket); + if (server_ip_socket) + close(server_ip_socket); error_out_close_server_unix_socket: close(server_unix_socket); error_out: