From: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
Date: Thu, 24 Oct 2013 12:51:34 +0000 (+0200)
Subject: Remove deprecated SS_SMACK logs.
X-Git-Tag: submit/tizen/20140307.131547~55
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=cacb6d75a63083fef394b69ab91faee6448c79f8;p=platform%2Fcore%2Fsecurity%2Fsecurity-server.git

Remove deprecated SS_SMACK logs.

Each api privided by security-server uses separate socket. Each socket
is secured with diffrent smack label (for example socket:
security-server-api-data-share.sock is secured with label
security-server::api-data-share). In this way all deny logs connected
with smack were moved from dlog to dmesg. Also secure mechanism
connected with SMACK was removed from security-server code. Now,
secuirty-server is using SMACK check provided by linux kernel.

[Issue#]   N/A
[Bug]      N/A
[Cause]    N/A
[Problem]  N/A
[Solution] N/A

[Verification] Build, run tests.

Change-Id: Id9b6f05731e281a6187d3c5696a44f04a754041e
---

diff --git a/src/server2/client/client-socket-privilege.cpp b/src/server2/client/client-socket-privilege.cpp
index 4358b07..61addc3 100644
--- a/src/server2/client/client-socket-privilege.cpp
+++ b/src/server2/client/client-socket-privilege.cpp
@@ -37,36 +37,36 @@
 #include <security-server.h>
 #include <security-server-common.h>
 
-static int get_exec_path(pid_t pid, std::string &exe)
-{
-    using namespace SecurityServer;
-
-    try{
-        MessageBuffer send, recv;
-        Serialization::Serialize(send, pid);
-
-        int result = sendToServer(
-                SERVICE_SOCKET_EXEC_PATH,
-                send.Pop(),
-                recv);
-        if(result != SECURITY_SERVER_API_SUCCESS)
-            return result;
-
-        Deserialization::Deserialize(recv, result);
-        if(result != SECURITY_SERVER_API_SUCCESS)
-            return result;
-
-        Deserialization::Deserialize(recv, exe);
-        return result;
-    } catch (MessageBuffer::Exception::Base &e) {
-        LogDebug("SecurityServer::MessageBuffer::Exception " << e.DumpToString());
-    } catch (std::exception &e) {
-        LogDebug("STD exception " << e.what());
-    } catch (...) {
-        LogDebug("Unknown exception occured");
-    }
-    return SECURITY_SERVER_API_ERROR_UNKNOWN;
-}
+//static int get_exec_path(pid_t pid, std::string &exe)
+//{
+//    using namespace SecurityServer;
+//
+//    try{
+//        MessageBuffer send, recv;
+//        Serialization::Serialize(send, pid);
+//
+//        int result = sendToServer(
+//                SERVICE_SOCKET_EXEC_PATH,
+//                send.Pop(),
+//                recv);
+//        if(result != SECURITY_SERVER_API_SUCCESS)
+//            return result;
+//
+//        Deserialization::Deserialize(recv, result);
+//        if(result != SECURITY_SERVER_API_SUCCESS)
+//            return result;
+//
+//        Deserialization::Deserialize(recv, exe);
+//        return result;
+//    } catch (MessageBuffer::Exception::Base &e) {
+//        LogDebug("SecurityServer::MessageBuffer::Exception " << e.DumpToString());
+//    } catch (std::exception &e) {
+//        LogDebug("STD exception " << e.what());
+//    } catch (...) {
+//        LogDebug("Unknown exception occured");
+//    }
+//    return SECURITY_SERVER_API_ERROR_UNKNOWN;
+//}
 
 SECURITY_SERVER_API
 int security_server_check_privilege_by_sockfd(int sockfd,
@@ -116,20 +116,20 @@ int security_server_check_privilege_by_sockfd(int sockfd,
     ret = security_server_check_privilege_by_pid(cr.pid, object, access_rights);
 
     //Getting path for logs
-    if (SECURITY_SERVER_API_SUCCESS != get_exec_path(cr.pid, path)) {
-        LogError("Failed to read executable path for process " << cr.pid);
-    }
-
-    if (ret == SECURITY_SERVER_API_SUCCESS)
-        LogSecureDebug("SS_SMACK: caller_pid=" << cr.pid << ", subject=" <<
-            (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" <<
-            object << ", access=" << access_rights << ", result=" <<
-            ret << ", caller_path=" << path.c_str());
-    else
-        LogSecureWarning("SS_SMACK: caller_pid=" << cr.pid << ", subject=" <<
-            (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" <<
-            object << ", access=" << access_rights << ", result=" <<
-            ret << ", caller_path=" << path.c_str());
+//    if (SECURITY_SERVER_API_SUCCESS != get_exec_path(cr.pid, path)) {
+//        LogError("Failed to read executable path for process " << cr.pid);
+//    }
+//
+//    if (ret == SECURITY_SERVER_API_SUCCESS)
+//        LogSecureDebug("SS_SMACK: caller_pid=" << cr.pid << ", subject=" <<
+//            (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" <<
+//            object << ", access=" << access_rights << ", result=" <<
+//            ret << ", caller_path=" << path.c_str());
+//    else
+//        LogSecureWarning("SS_SMACK: caller_pid=" << cr.pid << ", subject=" <<
+//            (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" <<
+//            object << ", access=" << access_rights << ", result=" <<
+//            ret << ", caller_path=" << path.c_str());
 
     return ret;
 }
diff --git a/src/server2/service/privilege-by-pid.cpp b/src/server2/service/privilege-by-pid.cpp
index a1e19ec..8c59052 100644
--- a/src/server2/service/privilege-by-pid.cpp
+++ b/src/server2/service/privilege-by-pid.cpp
@@ -122,27 +122,27 @@ bool PrivilegeByPidService::processOne(const ConnectionID &conn, MessageBuffer &
         retval = 1;
     }
 
-    char *path = read_exe_path_from_proc(pid);
-
-    if (retval > 0)
-        LogDebug("SS_SMACK: "
-                << "caller_pid=" << pid
-                << ", subject=" << subject
-                << ", object=" << object
-                << ", access=" << access_rights
-                << ", result=" << retval
-                << ", caller_path=" << path);
-    else
-        LogError("SS_SMACK: "
-                << "caller_pid=" << pid
-                << ", subject=" << subject
-                << ", object=" << object
-                << ", access=" << access_rights
-                << ", result=" << retval
-                << ", caller_path=" << path);
-
-    if (path != NULL)
-        free(path);
+//    char *path = read_exe_path_from_proc(pid);
+//
+//    if (retval > 0)
+//        LogDebug("SS_SMACK: "
+//                << "caller_pid=" << pid
+//                << ", subject=" << subject
+//                << ", object=" << object
+//                << ", access=" << access_rights
+//                << ", result=" << retval
+//                << ", caller_path=" << path);
+//    else
+//        LogError("SS_SMACK: "
+//                << "caller_pid=" << pid
+//                << ", subject=" << subject
+//                << ", object=" << object
+//                << ", access=" << access_rights
+//                << ", result=" << retval
+//                << ", caller_path=" << path);
+//
+//    if (path != NULL)
+//        free(path);
 
     if (retval == 1)   //there is permission
         retCode = SECURITY_SERVER_API_SUCCESS;
diff --git a/src/util/security-server-util-common.c b/src/util/security-server-util-common.c
index f72a037..7d90d7f 100644
--- a/src/util/security-server-util-common.c
+++ b/src/util/security-server-util-common.c
@@ -127,7 +127,7 @@ int authorize_SS_API_caller_socket(int sockfd, char *required_API_label, char *r
     int retval;
     int checkval;
     char *label = NULL;
-    char *path = NULL;
+//    char *path = NULL;
     //for getting socket options
     struct ucred cr;
     unsigned int len;
@@ -154,13 +154,13 @@ int authorize_SS_API_caller_socket(int sockfd, char *required_API_label, char *r
 
     if (checkval < 0) {
         SEC_SVR_ERR("Error in getsockopt(): client pid is unknown.");
-        if (retval) {
-            SEC_SVR_DBG("SS_SMACK: subject=%s, object=%s, access=%s, result=%d", label, required_API_label, required_rule, retval);
-        } else {
-            SEC_SVR_ERR("SS_SMACK: subject=%s, object=%s, access=%s, result=%d", label, required_API_label, required_rule, retval);
-        }
+//        if (retval) {
+//            SEC_SVR_DBG("SS_SMACK: subject=%s, object=%s, access=%s, result=%d", label, required_API_label, required_rule, retval);
+//        } else {
+//            SEC_SVR_ERR("SS_SMACK: subject=%s, object=%s, access=%s, result=%d", label, required_API_label, required_rule, retval);
+//        }
     } else {
-        path = read_exe_path_from_proc(cr.pid);
+//        path = read_exe_path_from_proc(cr.pid);
 
         if (retval == 0) {
             retval = smack_pid_have_access(cr.pid, required_API_label, required_rule);
@@ -170,18 +170,18 @@ int authorize_SS_API_caller_socket(int sockfd, char *required_API_label, char *r
         if (retval == 0)
             cap_info = ", no CAP_MAC_OVERRIDE";
 
-        if (retval > 0) {
-            SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s",
-                        cr.pid, label, required_API_label, required_rule, retval, path);
-        } else {
-            SEC_SVR_ERR("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s%s",
-                        cr.pid, label, required_API_label, required_rule, retval, path, cap_info);
-        }
+//        if (retval > 0) {
+//            SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s",
+//                        cr.pid, label, required_API_label, required_rule, retval, path);
+//        } else {
+//            SEC_SVR_ERR("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=%s, result=%d, caller_path=%s%s",
+//                        cr.pid, label, required_API_label, required_rule, retval, path, cap_info);
+//        }
     }
 
 end:
-    if (path != NULL)
-        free(path);
+//    if (path != NULL)
+//        free(path);
     if (label != NULL)
         free(label);