From 07d874514c1b9a3208158b4de8d6a804f43b657e Mon Sep 17 00:00:00 2001 From: Jan Olszak Date: Thu, 8 May 2014 16:00:07 +0200 Subject: [PATCH] Introduced Container Daemon [Bug/Feature] No way to run arbitrary code in a container [Cause] N/A [Solution] Introduced Container Daemon that provides his API in system dbus of the container. [Verification] Build, install run security-containers-container-daemon dbus-send --system --dest=com.samsung.container.daemon \ --type=method_call --print-reply \ /com/samsung/container/daemon \ com.samsung.container.daemon.GainFocus dbus-send --system --dest=com.samsung.container.daemon \ --type=method_call --print-reply \ /com/samsung/container/daemon \ com.samsung.container.daemon.LoseFocus Change-Id: I557ca0b283f8c542d45238ec0183ee953a277d5e --- CMakeLists.txt | 2 + container-daemon/CMakeLists.txt | 44 ++++++ .../configs/com.samsung.container.daemon.conf | 14 ++ container-daemon/daemon-connection.cpp | 140 +++++++++++++++++++ container-daemon/daemon-connection.hpp | 79 +++++++++++ container-daemon/daemon-dbus-definitions.hpp | 58 ++++++++ container-daemon/daemon.cpp | 64 +++++++++ container-daemon/daemon.hpp | 54 ++++++++ container-daemon/exception.hpp | 47 +++++++ container-daemon/main.cpp | 153 +++++++++++++++++++++ container-daemon/runner.cpp | 88 ++++++++++++ container-daemon/runner.hpp | 56 ++++++++ packaging/security-containers.spec | 17 +++ 13 files changed, 816 insertions(+) create mode 100644 container-daemon/CMakeLists.txt create mode 100644 container-daemon/configs/com.samsung.container.daemon.conf create mode 100644 container-daemon/daemon-connection.cpp create mode 100644 container-daemon/daemon-connection.hpp create mode 100644 container-daemon/daemon-dbus-definitions.hpp create mode 100644 container-daemon/daemon.cpp create mode 100644 container-daemon/daemon.hpp create mode 100644 container-daemon/exception.hpp create mode 100644 container-daemon/main.cpp create mode 100644 container-daemon/runner.cpp create mode 100644 container-daemon/runner.hpp diff --git a/CMakeLists.txt b/CMakeLists.txt index d228123..964ba66 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -58,6 +58,7 @@ ADD_DEFINITIONS(-DPROJECT_SOURCE_DIR="${PROJECT_SOURCE_DIR}") SET(COMMON_FOLDER ${PROJECT_SOURCE_DIR}/common) SET(CLIENT_FOLDER ${PROJECT_SOURCE_DIR}/client) SET(SERVER_FOLDER ${PROJECT_SOURCE_DIR}/server) +SET(CONTAINER_DAEMON_FOLDER ${PROJECT_SOURCE_DIR}/container-daemon) SET(UNIT_TESTS_FOLDER ${PROJECT_SOURCE_DIR}/unit_tests) IF(NOT DEFINED SYSCONF_INSTALL_DIR) @@ -85,5 +86,6 @@ SET(SC_DATA_INSTALL_DIR ${SHARE_INSTALL_PREFIX}/security-containers) ADD_SUBDIRECTORY(${CLIENT_FOLDER}) ADD_SUBDIRECTORY(${SERVER_FOLDER}) +ADD_SUBDIRECTORY(${CONTAINER_DAEMON_FOLDER}) ADD_SUBDIRECTORY(${UNIT_TESTS_FOLDER}) diff --git a/container-daemon/CMakeLists.txt b/container-daemon/CMakeLists.txt new file mode 100644 index 0000000..5cce2ad --- /dev/null +++ b/container-daemon/CMakeLists.txt @@ -0,0 +1,44 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# @file CMakeLists.txt +# @author Jan Olszak (j.olszak@samsung.com) +# + +MESSAGE(STATUS "Generating makefile for the Container Daemon...") +FILE(GLOB project_SRCS *.cpp *.hpp) +FILE(GLOB common_SRCS ${COMMON_FOLDER}/dbus/*.cpp ${COMMON_FOLDER}/dbus/*.hpp + ${COMMON_FOLDER}/log/*.cpp ${COMMON_FOLDER}/log/*.hpp + ${COMMON_FOLDER}/utils/*.cpp ${COMMON_FOLDER}/utils/*.hpp) + +## Setup target ################################################################ +SET(CONTAINER_DAEMON_CODENAME "${PROJECT_NAME}-container-daemon") +ADD_EXECUTABLE(${CONTAINER_DAEMON_CODENAME} ${project_SRCS} ${common_SRCS}) + + +## Link libraries ############################################################## +FIND_PACKAGE (Boost COMPONENTS program_options REQUIRED) + +PKG_CHECK_MODULES(CONTAINER_DAEMON_DEPS REQUIRED gio-2.0 libsystemd-journal) +INCLUDE_DIRECTORIES(${COMMON_FOLDER}) +INCLUDE_DIRECTORIES(SYSTEM ${CONTAINER_DAEMON_DEPS_INCLUDE_DIRS} ${Boost_INCLUDE_DIRS}) +TARGET_LINK_LIBRARIES(${CONTAINER_DAEMON_CODENAME} ${CONTAINER_DAEMON_DEPS_LIBRARIES} ${Boost_LIBRARIES}) + + +## Install ##################################################################### +INSTALL(TARGETS ${CONTAINER_DAEMON_CODENAME} DESTINATION bin) + +INSTALL(FILES configs/com.samsung.container.daemon.conf + DESTINATION /etc/dbus-1/system.d/) diff --git a/container-daemon/configs/com.samsung.container.daemon.conf b/container-daemon/configs/com.samsung.container.daemon.conf new file mode 100644 index 0000000..26dbddd --- /dev/null +++ b/container-daemon/configs/com.samsung.container.daemon.conf @@ -0,0 +1,14 @@ + + + + + + + + + + + + + diff --git a/container-daemon/daemon-connection.cpp b/container-daemon/daemon-connection.cpp new file mode 100644 index 0000000..714d987 --- /dev/null +++ b/container-daemon/daemon-connection.cpp @@ -0,0 +1,140 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jan Olszak + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Jan Olszak (j.olszak@samsung.com) + * @brief Dbus API for the Container Daemon + */ + +#include "daemon-connection.hpp" +#include "daemon-dbus-definitions.hpp" +#include "exception.hpp" + +#include "log/logger.hpp" + + +namespace security_containers { +namespace container_daemon { + +namespace { + +// Timeout in ms for waiting for dbus name. +// Can happen if glib loop is busy or not present. +const unsigned int NAME_ACQUIRED_TIMEOUT = 5 * 1000; + +} // namespace + + +DaemonConnection::DaemonConnection(const NameLostCallback& nameLostCallback, + const GainFocusCallback& gainFocusCallback, + const LoseFocusCallback& loseFocusCallback) + : mNameAcquired(false) + , mNameLost(false) +{ + LOGD("Connecting to DBUS on system bus"); + mDbusConnection = dbus::DbusConnection::createSystem(); + + LOGD("Setting DBUS name"); + mDbusConnection->setName(container_daemon::api::BUS_NAME, + std::bind(&DaemonConnection::onNameAcquired, this), + std::bind(&DaemonConnection::onNameLost, this)); + + if (!waitForNameAndSetCallback(NAME_ACQUIRED_TIMEOUT, nameLostCallback)) { + LOGE("Could not acquire dbus name: " << container_daemon::api::BUS_NAME); + throw ContainerDaemonException("Could not acquire dbus name: " + container_daemon::api::BUS_NAME); + } + + LOGD("Setting callbacks"); + mGainFocusCallback = gainFocusCallback; + mLoseFocusCallback = loseFocusCallback; + + + LOGD("Registering DBUS interface"); + using namespace std::placeholders; + mDbusConnection->registerObject(container_daemon::api::OBJECT_PATH, + container_daemon::api::DEFINITION, + std::bind(&DaemonConnection::onMessageCall, + this, _1, _2, _3, _4, _5)); + LOGD("Connected"); +} + +DaemonConnection::~DaemonConnection() +{ +} + +bool DaemonConnection::waitForNameAndSetCallback(const unsigned int timeoutMs, + const NameLostCallback& nameLostCallback) +{ + std::unique_lock lock(mNameMutex); + mNameCondition.wait_for(lock, + std::chrono::milliseconds(timeoutMs), + [this] { + return mNameAcquired || mNameLost; + }); + + if (mNameAcquired) { + mNameLostCallback = nameLostCallback; + } + + return mNameAcquired; +} + +void DaemonConnection::onNameAcquired() +{ + std::unique_lock lock(mNameMutex); + mNameAcquired = true; + mNameCondition.notify_one(); +} + +void DaemonConnection::onNameLost() +{ + std::unique_lock lock(mNameMutex); + mNameLost = true; + mNameCondition.notify_one(); + + if (mNameLostCallback) { + mNameLostCallback(); + } +} + +void DaemonConnection::onMessageCall(const std::string& objectPath, + const std::string& interface, + const std::string& methodName, + GVariant* /*parameters*/, + dbus::MethodResultBuilder& result) +{ + if (objectPath != api::OBJECT_PATH || interface != api::INTERFACE) { + return; + } + + if (methodName == api::METHOD_GAIN_FOCUS) { + if (mGainFocusCallback) { + mGainFocusCallback(); + result.setVoid(); + } + } else if (methodName == api::METHOD_LOSE_FOCUS) { + if (mLoseFocusCallback) { + mLoseFocusCallback(); + result.setVoid(); + } + } +} + +} // namespace container_daemon +} // namespace security_containers diff --git a/container-daemon/daemon-connection.hpp b/container-daemon/daemon-connection.hpp new file mode 100644 index 0000000..e2e5154 --- /dev/null +++ b/container-daemon/daemon-connection.hpp @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jan Olszak + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Jan Olszak (j.olszak@samsung.com) + * @brief Declaration of a class for communication between container and server + */ + + +#ifndef CONTAINER_DAEMON_DAEMON_CONNECTION_HPP +#define CONTAINER_DAEMON_DAEMON_CONNECTION_HPP + +#include "dbus/connection.hpp" + +#include +#include + + +namespace security_containers { +namespace container_daemon { + + +class DaemonConnection { + +public: + typedef std::function NameLostCallback; + typedef std::function GainFocusCallback; + typedef std::function LoseFocusCallback; + + DaemonConnection(const NameLostCallback& nameLostCallback, + const GainFocusCallback& gainFocusCallback, + const LoseFocusCallback& loseFocusCallback); + ~DaemonConnection(); + + +private: + dbus::DbusConnection::Pointer mDbusConnection; + std::mutex mNameMutex; + std::condition_variable mNameCondition; + bool mNameAcquired; + bool mNameLost; + + NameLostCallback mNameLostCallback; + GainFocusCallback mGainFocusCallback; + LoseFocusCallback mLoseFocusCallback; + + void onNameAcquired(); + void onNameLost(); + bool waitForNameAndSetCallback(const unsigned int timeoutMs, const NameLostCallback& callback); + + void onMessageCall(const std::string& objectPath, + const std::string& interface, + const std::string& methodName, + GVariant* parameters, + dbus::MethodResultBuilder& result); +}; + + +} // namespace container_daemon +} // namespace security_containers + + +#endif // CONTAINER_DAEMON_DAEMON_CONNECTION_HPP diff --git a/container-daemon/daemon-dbus-definitions.hpp b/container-daemon/daemon-dbus-definitions.hpp new file mode 100644 index 0000000..785a9cb --- /dev/null +++ b/container-daemon/daemon-dbus-definitions.hpp @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jan Olszak + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Jan Olszak (j.olszak@samsung.com) + * @brief container-daemon dbus api definitions + */ + +#ifndef CONTAINER_DAEMON_DAEMON_DBUS_DEFINITIONS_HPP +#define CONTAINER_DAEMON_DAEMON_DBUS_DEFINITIONS_HPP + +#include + + +namespace security_containers { +namespace container_daemon { +namespace api { + +const std::string BUS_NAME = "com.samsung.container.daemon"; +const std::string OBJECT_PATH = "/com/samsung/container/daemon"; +const std::string INTERFACE = "com.samsung.container.daemon"; + +const std::string METHOD_GAIN_FOCUS = "GainFocus"; +const std::string METHOD_LOSE_FOCUS = "LoseFocus"; + +const std::string DEFINITION = + "" + " " + " " + " " + " " + " " + " " + ""; + + +} // namespace api +} // namespace container_daemon +} // namespace security_containers + + +#endif // CONTAINER_DAEMON_DAEMON_DBUS_DEFINITIONS_HPP diff --git a/container-daemon/daemon.cpp b/container-daemon/daemon.cpp new file mode 100644 index 0000000..9dd1c7b --- /dev/null +++ b/container-daemon/daemon.cpp @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jan Olszak (j.olszak@samsung.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Jan Olszak (j.olszak@samsung.com) + * @brief Definition of the Daemon, implementation of the logic of the daemon. + */ + +#include "daemon.hpp" + +#include "log/logger.hpp" + + +namespace security_containers { +namespace container_daemon { + + +Daemon::Daemon() +{ + mConnectionPtr.reset(new DaemonConnection(std::bind(&Daemon::onNameLostCallback, this), + std::bind(&Daemon::onGainFocusCallback, this), + std::bind(&Daemon::onLoseFocusCallback, this))); + +} + +Daemon::~Daemon() +{ +} + +void Daemon::onNameLostCallback() +{ + //TODO: Try to reconnect or close the daemon. + LOGE("Dbus name lost"); +} + +void Daemon::onGainFocusCallback() +{ + LOGD("Gained Focus"); +} + +void Daemon::onLoseFocusCallback() +{ + LOGD("Lost Focus"); + +} + +} // namespace container_daemon +} // namespace security_containers diff --git a/container-daemon/daemon.hpp b/container-daemon/daemon.hpp new file mode 100644 index 0000000..1731f6a --- /dev/null +++ b/container-daemon/daemon.hpp @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jan Olszak + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Jan Olszak (j.olszak@samsung.com) + * @brief Declaration of the Daemon, implementation of the logic of the daemon. + */ + + +#ifndef CONTAINER_DAEMON_DAEMON_HPP +#define CONTAINER_DAEMON_DAEMON_HPP + +#include "daemon-connection.hpp" + +#include + + +namespace security_containers { +namespace container_daemon { + +class Daemon { +public: + Daemon(); + virtual ~Daemon(); + +private: + void onNameLostCallback(); + void onGainFocusCallback(); + void onLoseFocusCallback(); + std::unique_ptr mConnectionPtr; +}; + + +} // namespace container_daemon +} // namespace security_containers + + +#endif // CONTAINER_DAEMON_DAEMON_HPP diff --git a/container-daemon/exception.hpp b/container-daemon/exception.hpp new file mode 100644 index 0000000..2cd4d12 --- /dev/null +++ b/container-daemon/exception.hpp @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jan Olszak + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Jan Olszak (j.olszak@samsung.com) + * @brief Exceptions for the container-daemon + */ + + +#ifndef CONTAINER_DAEMON_EXCEPTION_HPP +#define CONTAINER_DAEMON_EXCEPTION_HPP + +#include "base-exception.hpp" + + +namespace security_containers { +namespace container_daemon { + +/** + * Base class for exceptions in Security Containers Container Daemon + */ +struct ContainerDaemonException: public SecurityContainersException { + using SecurityContainersException::SecurityContainersException; +}; + + +} // container_daemon +} // security_containers + + +#endif // CONTAINER_DAEMON_EXCEPTION_HPP diff --git a/container-daemon/main.cpp b/container-daemon/main.cpp new file mode 100644 index 0000000..40e7fd9 --- /dev/null +++ b/container-daemon/main.cpp @@ -0,0 +1,153 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jan Olszak + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + + +/** + * @file + * @author Jan Olszak (j.olszak@samsung.com) + * @brief Main file for the Security Containers Daemon + */ + +// Always log to console in DEBUG mode +#if !defined(LOG_TO_CONSOLE) && !defined(NDEBUG) +#define LOG_TO_CONSOLE +#endif + +#include "log/logger.hpp" +#include "log/backend-stderr.hpp" +#include "log/backend-journal.hpp" +#include "utils/typeinfo.hpp" + +#include "exception.hpp" +#include "runner.hpp" + +#include +#include +#include + +using namespace security_containers::log; +using namespace security_containers; + +namespace po = boost::program_options; + + +namespace { + +const std::string PROGRAM_NAME_AND_VERSION = + "Security Containers Containers Daemon " PROGRAM_VERSION; + +/** + * TODO: This is a copied function, move to common/log + * Resolve if given log severity level is valid + * + * @param s log severity level + * @return LogLevel when valid, + * otherwise exception po::validation_error::invalid_option_value thrown + */ +LogLevel validateLogLevel(const std::string& s) +{ + std::string s_capitalized = boost::to_upper_copy(s); + + if (s_capitalized == "ERROR") { + return LogLevel::ERROR; + } else if (s_capitalized == "WARN") { + return LogLevel::WARN; + } else if (s_capitalized == "INFO") { + return LogLevel::INFO; + } else if (s_capitalized == "DEBUG") { + return LogLevel::DEBUG; + } else if (s_capitalized == "TRACE") { + return LogLevel::TRACE; + } else { + throw po::validation_error(po::validation_error::invalid_option_value); + } +} + +} // namespace + + +int main(int argc, char* argv[]) +{ + std::string configPath ; + + try { + po::options_description desc("Allowed options"); + + desc.add_options() + ("help,h", "print this help") + ("version,v", "show application version") + ("log-level,l", po::value()->default_value("DEBUG"), "set log level") + ; + + po::variables_map vm; + po::basic_parsed_options< char > parsed = + po::command_line_parser(argc, argv).options(desc).allow_unregistered().run(); + + std::vector unrecognized_options = + po::collect_unrecognized(parsed.options, po::include_positional); + + if (!unrecognized_options.empty()) { + std::cerr << "Unrecognized options: "; + + for (auto& uo : unrecognized_options) { + std::cerr << ' ' << uo; + } + + std::cerr << std::endl << std::endl; + std::cerr << desc << std::endl; + + return 1; + } + + po::store(parsed, vm); + po::notify(vm); + + if (vm.count("help")) { + std::cout << desc << std::endl; + return 0; + } else if (vm.count("version")) { + std::cout << PROGRAM_NAME_AND_VERSION << std::endl; + return 0; + } + + LogLevel level = validateLogLevel(vm["log-level"].as()); + Logger::setLogLevel(level); +#ifdef LOG_TO_CONSOLE + Logger::setLogBackend(new StderrBackend()); +#else + Logger::setLogBackend(new SystemdJournalBackend()); +#endif + + + } catch (std::exception& e) { + std::cerr << e.what() << std::endl; + return 1; + } + + try { + container_daemon::Runner daemon; + daemon.run(); + + } catch (std::exception& e) { + LOGE("Unexpected: " << utils::getTypeName(e) << ": " << e.what()); + return 1; + } + + return 0; +} + diff --git a/container-daemon/runner.cpp b/container-daemon/runner.cpp new file mode 100644 index 0000000..5c5f9b0 --- /dev/null +++ b/container-daemon/runner.cpp @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jan Olszak (j.olszak@samsung.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Jan Olszak (j.olszak@samsung.com) + * @brief Definition of the Runner class, that manages daemon's lifetime + */ + +#include "runner.hpp" +#include "daemon.hpp" + +#include "log/logger.hpp" +#include "utils/glib-loop.hpp" +#include "utils/latch.hpp" + +#include + + +namespace security_containers { +namespace container_daemon { + + +Runner::Runner() +{ +} + + +Runner::~Runner() +{ +} + + +namespace { +utils::Latch gSignalLatch; + +void signalHandler(const int sig) +{ + LOGI("Got signal " << sig); + gSignalLatch.set(); +} +} // namespace + + +void Runner::run() +{ + signal(SIGINT, signalHandler); + signal(SIGTERM, signalHandler); + + LOGI("Starting Container Daemon..."); + { + utils::ScopedGlibLoop loop; + LOGI("Container Daemon started"); + + // Connects to dbus and registers API + container_daemon::Daemon daemon; + + gSignalLatch.wait(); + + LOGI("Stopping Container Daemon..."); + + } + LOGI("Daemon stopped"); +} + +void Runner::terminate() +{ + LOGI("Terminating Container Daemon"); + gSignalLatch.set(); +} + +} // namespace container_daemon +} // namespace security_containers diff --git a/container-daemon/runner.hpp b/container-daemon/runner.hpp new file mode 100644 index 0000000..cdc0913 --- /dev/null +++ b/container-daemon/runner.hpp @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Jan Olszak + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Jan Olszak (j.olszak@samsung.com) + * @brief Declaration of the Runner class, that manages daemon's lifetime + */ + + +#ifndef CONTAINER_DAEMON_RUNNER_HPP +#define CONTAINER_DAEMON_RUNNER_HPP + + +namespace security_containers { +namespace container_daemon { + + +class Runner { +public: + Runner(); + virtual ~Runner(); + + /** + * Starts all the daemon and blocks until SIGINT or SIGTERM + */ + void run(); + + /** + * Terminates the daemon. + * Equivalent of sending SIGINT or SIGTERM signal + */ + void terminate(); +}; + + +} // namespace container_daemon +} // namespace security_containers + + +#endif // CONTAINER_DAEMON_RUNNER_HPP diff --git a/packaging/security-containers.spec b/packaging/security-containers.spec index a3a042e..d30b3a4 100644 --- a/packaging/security-containers.spec +++ b/packaging/security-containers.spec @@ -83,6 +83,23 @@ Development package including the header files for the client library %{_libdir}/pkgconfig/* +## Container Daemon Package #################################################### +%package container-daemon +Summary: Security Containers Containers Daemon +Group: Security/Other +Requires: security-containers = %{version}-%{release} +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(libsystemd-journal) + +%description container-daemon +Daemon running inside every container. + +%files container-daemon +%defattr(644,root,root,755) +%attr(755,root,root) %{_bindir}/security-containers-container-daemon +/etc/dbus-1/system.d/com.samsung.container.daemon.conf + + ## Test Package ################################################################ %package unit-tests Summary: Security Containers Unit Tests -- 2.7.4