From: Sooyoung Ha <yoosah.ha@samsung.com>
Date: Tue, 7 Feb 2017 06:50:10 +0000 (+0900)
Subject: Revert "Revert "Revert "Revert "Modify the SMACK label for SDB shell.""""
X-Git-Tag: submit/tizen_3.0/20170207.083849~4
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=588e1ea24c365e37236010893a42f5c07b8db890;p=sdk%2Ftarget%2Fsdbd.git

Revert "Revert "Revert "Revert "Modify the SMACK label for SDB shell.""""

This reverts commit b3894c7aa4e819c5cde88c7d389fb8300af6fdb1.

Change-Id: I98cbf82cdc47392e8c3b8038c0e395bcc9e6ac3b
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
---

diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec
index bc9408f..15eb808 100644
--- a/packaging/sdbd.spec
+++ b/packaging/sdbd.spec
@@ -109,6 +109,10 @@ if ! getent passwd "${TZ_SDK_USER_NAME}" > /dev/null; then
   done
 fi
 
+cp -f /bin/sh /bin/sh-user
+chsmack -a "_" /bin/sh-user
+chsmack -e "User::Shell" /bin/sh-user
+
 %files
 %manifest sdbd.manifest
 %license LICENSE
diff --git a/src/default_plugin_appcmd.c b/src/default_plugin_appcmd.c
index 07a41d1..c929cf2 100644
--- a/src/default_plugin_appcmd.c
+++ b/src/default_plugin_appcmd.c
@@ -38,6 +38,7 @@
 
 #include <tzplatform_config.h>
 
+#define SHELL_COMMAND   "/bin/sh"
 #define APPCMD_RESULT_BUFSIZE   (4096)
 
 typedef struct appcmd_info appcmd_info;
@@ -650,10 +651,10 @@ static void run_appcmd_appinstallpath(appcmd_info* p_info) {
 
     p_info->exitcode = -1;
 
-    const char* path = tzplatform_getenv(TZ_SDK_HOME);
+    const char* path = tzplatform_getenv(TZ_SDK_TOOLS);
     if (path != NULL) {
         p_info->exitcode = 0;
-        snprintf(result_buf, sizeof(result_buf), "\n%s:%s/apps_rw/\n", MESSAGE_PREFIX_APPCMD_RETURN, path);
+        snprintf(result_buf, sizeof(result_buf), "\n%s:%s\n", MESSAGE_PREFIX_APPCMD_RETURN, path);
         writex(p_info->fd, result_buf, strlen(result_buf));
     } else {
         D("failed to get application install path from tzplatform_getenv.");
diff --git a/src/sdb.c b/src/sdb.c
index a5e853d..452616f 100644
--- a/src/sdb.c
+++ b/src/sdb.c
@@ -31,6 +31,7 @@
 #include <tzplatform_config.h>
 #include <pthread.h>
 #include <dlfcn.h>
+#include <sys/smack.h>
 
 #include "sysdeps.h"
 #include "log.h"
@@ -58,6 +59,7 @@
 
 #define PROC_CMDLINE_PATH "/proc/cmdline"
 #define USB_SERIAL_PATH "/sys/class/usb_mode/usb0/iSerial"
+#define APPID2PID_PATH  "/usr/bin/appid2pid"
 
 #include <sys/ioctl.h>
 #include <net/if.h>
@@ -125,6 +127,29 @@ int is_emulator(void) {
 #endif
 }
 
+int is_appid2pid_supported(void) {
+
+    if (access(APPID2PID_PATH, F_OK) == 0) {
+        /* It is necessary to confirm that it is possible
+         * to run "appid2pid" in the sdk user/group privileges. */
+        struct stat st;
+        if (stat(APPID2PID_PATH, &st) == 0) {
+            D("appid2pid uid=%d, gid=%d, mode=0x%x.\n", st.st_uid, st.st_gid, st.st_mode);
+            if ( (st.st_uid == STATIC_SDK_USER_ID && st.st_mode & S_IXUSR)
+                || (st.st_gid == STATIC_SDK_GROUP_ID && st.st_mode & S_IXGRP)
+                || (st.st_mode & S_IXOTH) ) {
+                D("appid2pid is supported.\n");
+                return 1;
+            }
+        }
+    } else {
+        D("failed to access appid2pid file: %d\n", errno);
+    }
+
+    D("appid2pid is NOT supported.\n");
+    return 0;
+}
+
 int is_container_enabled(void) {
     bool value;
     int ret;
@@ -373,7 +398,7 @@ void print_packet(const char *label, apacket *p)
 #endif
 
 #ifdef SUPPORT_ENCRYPT
-/* 
+/*
 desc. : ìí¸í ì¤í¨ ë©ìì§ ì ì¡
 parameter : [in] apacket* p : sdbdë¡ ë¤ì´ì¨ ë©ìì§
 			[in] atransport *t : íì¬ ì°ê²°ì ëí atransport
@@ -389,7 +414,7 @@ void send_encr_fail(apacket* p, atransport *t, unsigned failed_value){
 	//put_apacket(enc_p);
 }
 
-/* 
+/*
 desc. : ìí¸í ë©ìì§ í¸ë¤ë§
 parameter : [in] apacket* p : sdbdë¡ ë¤ì´ì¨ ë©ìì§
 			[in/out] atransport *t : íì¬ ì°ê²°ì ëí atransport
@@ -403,12 +428,12 @@ int handle_encr_packet(apacket* p, atransport *t){
 
 	if(p->msg.arg0 == ENCR_SET_ON_REQ){ // hello ë©ìì§ì¸ ê²½ì°
 		t->sessionID = sessionID;
-		if((retVal = security_init(t->sessionID, NULL)) == 1){ // ìí¸í handshakingì ìí init			
+		if((retVal = security_init(t->sessionID, NULL)) == 1){ // ìí¸í handshakingì ìí init
 			if(security_parse_server_hello(t->sessionID, p) == 1){ // hello ë©ìì§ íì±
 				D("security_parse_server_hello success\n");
                 enc_p = get_apacket();
 				if(security_gen_client_hello(t->sessionID, enc_p) == 1){ // hello ë©ìì§ ìì±
-					D("security_gen_client_hello success\n");				
+					D("security_gen_client_hello success\n");
 					enc_p->msg.command = A_ENCR;
 					enc_p->msg.arg0 = ENCR_SET_ON_REQ;
 					enc_p->msg.arg1 = p->msg.arg1;
@@ -419,7 +444,7 @@ int handle_encr_packet(apacket* p, atransport *t){
 					D("security_gen_client_hello error\n");
 					send_encr_fail(p, t, ENCR_ON_FAIL); // ìí¸í on ì¤í¨ ë©ìì§ ì ì¡
 					t->encryption = ENCR_OFF; // ìí¸í ëª¨ëë off
-					security_deinit(t->sessionID);				
+					security_deinit(t->sessionID);
 					return -1;
 				}
 			}
@@ -428,7 +453,7 @@ int handle_encr_packet(apacket* p, atransport *t){
 				send_encr_fail(p, t, ENCR_ON_FAIL);
 				t->encryption = ENCR_OFF;
 				security_deinit(t->sessionID);
-				
+
 				return -1;
 			}
 		} else { // init ì¤í¨
@@ -511,7 +536,7 @@ int handle_encr_packet(apacket* p, atransport *t){
 	}
 	//put_apacket(enc_p);
 	return 0;
-	
+
 }
 #endif
 
@@ -1236,6 +1261,10 @@ void start_device_log(void)
         return;
     }
 
+    if (smack_setlabel(path, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) {
+        D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno);
+    }
+
     // redirect stdout and stderr to the log file
     dup2(fd, 1);
     dup2(fd, 2);
@@ -2009,6 +2038,17 @@ static void init_capabilities(void) {
                        "%s", UNKNOWN);
     }
 
+    // appid2pid support
+    ret = is_appid2pid_supported();
+    snprintf(g_capabilities.appid2pid_support, sizeof(g_capabilities.appid2pid_support),
+                "%s", ret == 1 ? ENABLED : DISABLED);
+
+
+    // pkgcmd debug mode support
+    snprintf(g_capabilities.pkgcmd_debugmode, sizeof(g_capabilities.pkgcmd_debugmode),
+                "%s", ENABLED);
+
+
     // Capability version
     snprintf(g_capabilities.sdbd_cap_version, sizeof(g_capabilities.sdbd_cap_version),
                 "%d.%d", SDBD_CAP_VERSION_MAJOR, SDBD_CAP_VERSION_MINOR);
diff --git a/src/sdb.h b/src/sdb.h
index fd71307..0c4f7cc 100644
--- a/src/sdb.h
+++ b/src/sdb.h
@@ -279,6 +279,8 @@ typedef struct platform_capabilities
     char sockproto_support[CAPBUF_ITEMSIZE];    // enabled or disabled
     char appcmd_support[CAPBUF_ITEMSIZE];       // enabled or disabled
     char encryption_support[CAPBUF_ITEMSIZE];   // enabled or disabled
+    char appid2pid_support[CAPBUF_ITEMSIZE];    // enabled or disabled
+    char pkgcmd_debugmode[CAPBUF_ITEMSIZE];     // enabled or disabled
 
     char log_enable[CAPBUF_ITEMSIZE];           // enabled or disabled
     char log_path[CAPBUF_LL_ITEMSIZE];          // path of sdbd log
@@ -548,7 +550,6 @@ int read_line(const int fd, char* ptr, const size_t maxlen);
 
 #define USB_FUNCFS_SDB_PATH "/dev/usbgadget/sdb"
 #define USB_NODE_FILE "/dev/samsung_sdb"
-#define SHELL_COMMAND "/bin/sh"
 int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * const envp[]);
 void get_env(char *key, char **env);
 
diff --git a/src/sdktools.h b/src/sdktools.h
index 9027970..e73bfec 100644
--- a/src/sdktools.h
+++ b/src/sdktools.h
@@ -37,6 +37,7 @@ struct arg_permit_rule
 #define APPID_MAX_LENGTH                        50
 #define SDBD_LABEL_NAME                         "sdbd"
 #define SDK_HOME_LABEL_NAME                     "sdbd::home"
+#define SDK_SHELL_LABEL_NAME                    "User::Shell"
 
 int verify_root_commands(const char *arg1);
 int verify_app_path(const char* path);
diff --git a/src/services.c b/src/services.c
index 6b61d94..2e1b577 100644
--- a/src/services.c
+++ b/src/services.c
@@ -44,6 +44,7 @@
 #include "utils.h"
 #include <system_info.h>
 #include <tzplatform_config.h>
+#include <sys/smack.h>
 
 #include <vconf.h>
 #include <limits.h>
@@ -408,6 +409,12 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c
         return -1;
     }
 
+    if (smack_setlabel(devname, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) {
+        D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno);
+        sdb_close(ptm);
+        return -1;
+    }
+
     *pid = fork();
     if(*pid < 0) {
         D("- fork failed: errno:%d -\n", errno);
@@ -468,6 +475,7 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c
 }
 #endif  /* !SDB_HOST */
 
+#define SHELL_COMMAND "/bin/sh-user"
 #define LOGIN_COMMAND "/bin/login"
 #define SUPER_USER    "root"
 #define LOGIN_CONFIG  "/etc/login.defs"
@@ -962,6 +970,14 @@ static void get_capability(int fd, void *cookie) {
     offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE,
             "appcmd_support", g_capabilities.appcmd_support);
 
+    // appid2pid support
+    offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE,
+                                "appid2pid_support", g_capabilities.appid2pid_support);
+
+    // pkgcmd debug mode support
+    offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE,
+                                "pkgcmd_debugmode", g_capabilities.pkgcmd_debugmode);
+
     offset++; // for '\0' character
 
     writex(fd, &offset, sizeof(uint16_t));