From: yoonki.park <yoonki.park@samsung.com>
Date: Fri, 28 Jun 2013 09:02:39 +0000 (+0900)
Subject: set * label when file pushing
X-Git-Tag: submit/tizen_2.2/20130628.120622^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d4053178d0aaf82e8235909f21df008213068cbf;p=sdk%2Ftarget%2Fsdbd.git

set * label when file pushing

Change-Id: I784ae9d4d2053307d16ab1184d62f72ff332274c
Signed-off-by: yoonki.park <yoonki.park@samsung.com>
---

diff --git a/src/file_sync_service.c b/src/file_sync_service.c
index f868fa2..c38c07f 100644
--- a/src/file_sync_service.c
+++ b/src/file_sync_service.c
@@ -27,10 +27,12 @@
 #include <sys/socket.h>
 #include <sys/select.h>
 #include "sysdeps.h"
+#include "smack.h"
 
 #define TRACE_TAG  TRACE_SYNC
 #include "sdb.h"
 #include "file_sync_service.h"
+#include "sdktools.h"
 
 #define SYNC_TIMEOUT 15
 
@@ -176,6 +178,80 @@ static int fail_message(int s, const char *reason)
     }
 }
 
+static void set_syncfile_smack_label(char *src) {
+    char *label = NULL;
+    char *src_chr = strrchr(src, '/');
+    int pos = src_chr - src + 1;
+    char dirname[512];
+
+    snprintf(dirname, pos, "%s", src);
+
+    if (getuid() != 0) {
+        D("need root permission to set smack label: %d\n", getuid());
+        return;
+    }
+    D("src:[%s], dirname:[%s]\n", src, dirname);
+    int rc = smack_getlabel(dirname, &label, SMACK_LABEL_TRANSMUTE);
+
+    if (rc == 0 && label != NULL) {
+        if (!strcmp("TRUE", label)) {
+            free(label);
+            rc = smack_getlabel(dirname, &label, SMACK_LABEL_ACCESS);
+            if (rc == 0 && label != NULL) {
+                if (smack_setlabel(src, label, SMACK_LABEL_ACCESS) != -1) {
+                    D("set sync file smack label [%s]\n", label);
+                } else {
+                    D("unable to set sync file smack label %s due to %s\n", label, strerror(errno));
+                }
+                free(label);
+            }
+        } else{
+            D("fail to set label, is it transmuted?:%s\n", label);
+        }
+    } else {
+        free(label);
+        if (smack_setlabel(src, SMACK_SYNC_FILE_LABEL, SMACK_LABEL_ACCESS) != -1) {
+            D("set sync file smack label [%s]\n", SMACK_SYNC_FILE_LABEL);
+        } else {
+            D("unable to set sync file smack label %s due to %s\n", SMACK_SYNC_FILE_LABEL, strerror(errno));
+        }
+    }
+}
+
+static int sync_send_label_notify(int s, const char *path, int success)
+{
+    char buffer[512] = {0,};
+    snprintf(buffer, sizeof(buffer), "%d:%s", success, path);
+
+    int len = sdb_write(s, buffer, sizeof(buffer));
+    D("sync notify done:%d\n", len);
+    return len;
+}
+
+static int sync_read_label_notify(int s)
+{
+    char buffer[512] = {0,};
+
+    int len = sdb_read(s, buffer, sizeof(buffer));
+    if (len < 0) {
+        D("sync notify read error:%s\n", strerror(errno));
+        return -1;
+    }
+
+    D("sync notify read:%s\n", buffer);
+
+    if (buffer[0] == '0') {
+        D("sync notify failed!\n");
+        exit(-1);
+    }
+    char *path = buffer;
+    path++;
+    path++;
+    set_syncfile_smack_label(path);
+    return len;
+}
+
+
 static int fail_errno(int s)
 {
     return fail_message(s, strerror(errno));
@@ -436,6 +512,7 @@ void file_sync_service(int fd, void *cookie)
     fd_set set;
     struct timeval timeout;
     int rv;
+    int s[2];
     char *buffer = malloc(SYNC_DATA_MAX);
     if(buffer == 0) goto fail;
 
@@ -445,6 +522,22 @@ void file_sync_service(int fd, void *cookie)
     timeout.tv_sec = SYNC_TIMEOUT;
     timeout.tv_usec = 0;
 
+
+    if(sdb_socketpair(s)) {
+        D("cannot create service socket pair\n");
+        exit(-1);
+    }
+
+    pid_t pid = fork();
+
+    if (pid == 0) {
+        sdb_close(s[0]); //close the parent fd
+        sync_read_label_notify(s[1]);
+    } else if (pid > 0) {
+        sdb_close(s[1]);
+        //waitpid(pid, &ret, 0);
+    }
+
     for(;;) {
         D("sync: waiting for command for %d sec\n", SYNC_TIMEOUT);
 
@@ -488,6 +581,7 @@ void file_sync_service(int fd, void *cookie)
             break;
         case ID_SEND:
             if(do_send(fd, name, buffer)) goto fail;
+            sync_send_label_notify(s[0], name, 1);
             break;
         case ID_RECV:
             if(do_recv(fd, name, buffer)) goto fail;
@@ -501,7 +595,10 @@ void file_sync_service(int fd, void *cookie)
     }
 
 fail:
+    sync_send_label_notify(s[0], name, 0);
     if(buffer != 0) free(buffer);
     D("sync: done\n");
+    sdb_close(s[0]);
+    sdb_close(s[1]);
     sdb_close(fd);
 }
diff --git a/src/sdb.c b/src/sdb.c
index c9410f2..ce73274 100644
--- a/src/sdb.c
+++ b/src/sdb.c
@@ -43,8 +43,6 @@ SDB_MUTEX_DEFINE( D_lock );
 
 int HOST = 0;
 
-static pid_t required_pid = 0;
-
 void handle_sig_term(int sig) {
 #ifdef SDB_PIDPATH
     if (access(SDB_PIDPATH, F_OK) == 0)
@@ -990,20 +988,17 @@ int should_drop_privileges() {
 int set_developer_privileges() {
     gid_t groups[] = { SID_DEVELOPER, SID_APP_LOGGING, SID_SYS_LOGGING, SID_INPUT };
     if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) {
-        fprintf(stderr, "set groups failed (errno: %d, %s)\n", errno, strerror(errno));
-        //exit(1);
+        D("set groups failed (errno: %d, %s)\n", errno, strerror(errno));
     }
 
     // then switch user and group to developer
     if (setgid(SID_DEVELOPER) != 0) {
-        fprintf(stderr, "set group id failed (errno: %d, %s)\n", errno, strerror(errno));
-        //exit(1);
+        D("set group id failed (errno: %d, %s)\n", errno, strerror(errno));
         return -1;
     }
 
     if (setuid(SID_DEVELOPER) != 0) {
-        fprintf(stderr, "set user id failed (errno: %d, %s)\n", errno, strerror(errno));
-        //exit(1);
+        D("set user id failed (errno: %d, %s)\n", errno, strerror(errno));
         return -1;
     }
 
@@ -1176,6 +1171,7 @@ int sdb_main(int is_daemon, int server_port)
 #endif
         start_logging();
     }
+
     D("Event loop starting\n");
 
     fdevent_loop();
diff --git a/src/sdktools.h b/src/sdktools.h
index 2c491af..58f1208 100644
--- a/src/sdktools.h
+++ b/src/sdktools.h
@@ -22,18 +22,18 @@ struct arg_permit_rule
     int expression; // 0:compare, 1: regx
 };
 
-
-#define SDK_LAUNCH_PATH                 "/usr/sbin/sdk_launch"
+#define SDK_LAUNCH_PATH                         "/usr/sbin/sdk_launch"
 #define APP_INSTALL_PATH_PREFIX1                "/opt/apps"
 #define APP_INSTALL_PATH_PREFIX2                "/opt/usr/apps"
 #define GDBSERVER_PATH                          "/home/developer/sdk_tools/gdbserver/gdbserver"
-#define GDBSERVER_PLATFORM_PATH        "/home/developer/sdk_tools/gdbserver-platform/gdbserver"
+#define GDBSERVER_PLATFORM_PATH                 "/home/developer/sdk_tools/gdbserver-platform/gdbserver"
 #define SMACK_LEBEL_SUBJECT_PATH                "/proc/self/attr/current"
+#define SMACK_SYNC_FILE_LABEL                   "*"
 #define APP_GROUPS_MAX                          100
 #define APP_GROUP_LIST                          "/usr/share/privilege-control/app_group_list"
 #define APPID_MAX_LENGTH                        50
-#define SDBD_LABEL_NAME                          "sdbd"
-#define SDK_HOME_LABEL_NAME                      "sdbd::home"
+#define SDBD_LABEL_NAME                         "sdbd"
+#define SDK_HOME_LABEL_NAME                     "sdbd::home"
 
 int verify_commands(const char *arg1);
 int verify_root_commands(const char *arg1);