From 1712f0ba24e0bca9e40f09b0518da630ceb177be Mon Sep 17 00:00:00 2001 From: Uladzislau Harbuz Date: Tue, 24 Oct 2017 17:40:16 +0200 Subject: [PATCH] Remove dead code related to downloadable TA Change-Id: Ieff27f29b34432c0d572b85a652c05246541a9eb --- packaging/tef-simulator.spec | 1 - simulatordaemon/CMakeLists.txt | 1 - simulatordaemon/inc/SecurityContext.h | 12 ---- simulatordaemon/inc/TAFactory.h | 2 +- simulatordaemon/src/SecurityContext.cpp | 79 ---------------------- .../src/TABinaryManager/TABinaryManager.cpp | 18 ++--- .../src/TABinaryManager/TABinaryManager.h | 4 +- simulatordaemon/src/TAFactory.cpp | 16 ++--- 8 files changed, 17 insertions(+), 116 deletions(-) diff --git a/packaging/tef-simulator.spec b/packaging/tef-simulator.spec index 99f1571..e9696c5 100644 --- a/packaging/tef-simulator.spec +++ b/packaging/tef-simulator.spec @@ -13,7 +13,6 @@ BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(cynara-client) BuildRequires: pkgconfig(cynara-session) BuildRequires: pkgconfig(cynara-creds-socket) -BuildRequires: pkgconfig(libtzplatform-config) BuildRequires: pkgconfig(security-manager) BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(tef-libteec) diff --git a/simulatordaemon/CMakeLists.txt b/simulatordaemon/CMakeLists.txt index 033b098..21b789b 100644 --- a/simulatordaemon/CMakeLists.txt +++ b/simulatordaemon/CMakeLists.txt @@ -23,7 +23,6 @@ PKG_CHECK_MODULES(DAEMON_DEPS REQUIRED cynara-creds-socket security-manager libsystemd-daemon - libtzplatform-config dlog ) diff --git a/simulatordaemon/inc/SecurityContext.h b/simulatordaemon/inc/SecurityContext.h index 2ebf6b6..6dddfef 100644 --- a/simulatordaemon/inc/SecurityContext.h +++ b/simulatordaemon/inc/SecurityContext.h @@ -52,18 +52,6 @@ public: ~SecurityContext(); /** - * This function tries to find TA by name in directories, - * which are allowed for CA according to security policies - * - * @param taName Name of ta to connect for. - * @param allowedPath Out parameter, if function returns true, it - * contains found path to TA with given name, - * otherwise it's empty. - * @return true if TA was found, otherwise false. - */ - bool findRequestedTa(const std::string &taName, std::string& allowedPath); - -/** * Check if client has Tizen permission for use TEE. * * @param privilege Privilege to be checked for client. diff --git a/simulatordaemon/inc/TAFactory.h b/simulatordaemon/inc/TAFactory.h index 9063fed..3f7b092 100644 --- a/simulatordaemon/inc/TAFactory.h +++ b/simulatordaemon/inc/TAFactory.h @@ -55,7 +55,7 @@ private: TAFactory(); bool checkIfTARunning(string TAUUID); TAInstancePtr createUninitalizedTAInstance(string TAUUID, ISession* session); - bool launchTA(string TAPath, string TAUUID, std::stringstream& str, bool debug, pid_t& pid); + bool launchTA(string TAUUID, std::stringstream& str, bool debug, pid_t& pid); static void* waitForChild(void *pid); void cleanupTAInstance(pid_t PID); ~TAFactory(); diff --git a/simulatordaemon/src/SecurityContext.cpp b/simulatordaemon/src/SecurityContext.cpp index 3cd4e1a..109170f 100644 --- a/simulatordaemon/src/SecurityContext.cpp +++ b/simulatordaemon/src/SecurityContext.cpp @@ -24,22 +24,16 @@ #include "SecurityContext.h" #include #include -#include #include #include "log.h" -#include #include #include -#include #include #include #include using p_char = std::unique_ptr>; using p_cynara_conf = std::unique_ptr>; -using p_tzplatform_context = std::unique_ptr>; - -namespace fs = boost::filesystem; constexpr const char* SecurityContext::sysTaPaths[]; @@ -47,83 +41,10 @@ cynara* SecurityContext::_cynara = SecurityContext::initCynara(); pthread_mutex_t cynara_mutex = PTHREAD_MUTEX_INITIALIZER; -#define FILE_WAS_FOUND 1 -#define MAX_OPENED_FD 5 -#define MAX_PATH_LENGTH 100 #define BOOST_FILESYSTEM_VERSION 3 #define RETURN_UNLOCK(ret, mtx) {pthread_mutex_unlock(&mtx); return ret;} -std::string SecurityContext::getCaFullPathFromPkgId(char* pkgid) { - std::string path; - - tzplatform_variable ids[3] = {TZ_USER_APP, TZ_SYS_RW_APP, TZ_SYS_RO_APP}; - tzplatform_context *ctx; - if (tzplatform_context_create(&ctx) != 0) { - LOGE(SIM_DAEMON, "Can't create tizen context"); - return ""; - } - - p_tzplatform_context p_ctx(ctx, &tzplatform_context_destroy); - - socklen_t len = (socklen_t) sizeof(struct ucred); - struct ucred ucred; - - if (getsockopt(connFd, SOL_SOCKET, SO_PEERCRED, &ucred, &len) == -1) { - LOGE(SIM_DAEMON, "Can't get uid of client"); - return ""; - } - - auto clientUID = ucred.uid; - - if (tzplatform_context_set_user(p_ctx.get(), clientUID) != 0) { - LOGE(SIM_DAEMON, "Can not set user for context"); - return ""; - } - - for (auto &id : ids) { - path = std::move(tzplatform_context_getenv(p_ctx.get(), id)); - LOGD(SIM_DAEMON, "Path is : %s", path.c_str()); - if (!path.empty()) break; - } - - if (!fs::exists(path)) { - LOGE(SIM_DAEMON, "Path doesn't exist: %s", path.c_str()); - return ""; - } - if (fs::is_symlink(path)) { - path = fs::read_symlink(path).string(); - } - if (path.empty()) { - LOGE(SIM_DAEMON, "Bad CA path. Does this directory exist: %s ?", path.c_str()); - } - - path += "/" + std::string(pkgid) + TA_LOCAL_PATH; - LOGD(SIM_DAEMON, "Path: %s", path.c_str()); - if (!fs::exists(path)) { - LOGE(SIM_DAEMON, "Path: %s not found", path.c_str()); - return ""; - } - - return path; -} - - -bool SecurityContext::findRequestedTa(const std::string &ta_name, std::string &allowed_path) { - LOGD(SIM_DAEMON, "Entry"); - std::string ta_full_path; - /* Check if any of system ta directories contains our ta */ - for (const std::string& path : sysTaPaths) { - ta_full_path = path + ta_name; - if (fs::exists(ta_full_path)){ - allowed_path = path; - return true; - } - } - return false; -} - - bool SecurityContext::clientHasCynaraPermission(const std::string &privelege) { int ret = -1; diff --git a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp index f0cae26..4561b2e 100644 --- a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp +++ b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp @@ -25,6 +25,7 @@ * Include files *-----------------------------------------------------------------------------*/ #include "TABinaryManager.h" +#include "Config.h" #include #include #include @@ -155,10 +156,10 @@ TABinaryManager* TABinaryManager::getInstance() { } /** - * This function add TA at given path to BinaryManager if it exists. + * This function add TA to BinaryManager if it exists. * @return On successful completion of above operations returns true else false. */ -bool TABinaryManager::initTAatPath(const string &path, const string &uuid) { +bool TABinaryManager::initTA(const string &uuid) { LOGD(SIM_DAEMON, "Entry"); pthread_rwlock_wrlock(&binaryMapLock); @@ -166,10 +167,10 @@ bool TABinaryManager::initTAatPath(const string &path, const string &uuid) { bool res = false; StructBinaryInfo info; - if (boost::filesystem::exists(path + uuid)) { + if (boost::filesystem::exists(TA_STORE_PATH + uuid)) { pthread_mutex_lock(&taLock); try { - if (unpackBinary(uuid, path, info)) { + if (unpackBinary(uuid, info)) { binaryMap[uuid] = info; res = true; } @@ -244,15 +245,14 @@ void TABinaryManager::decryptImage(StructBinaryInfo& info) { * It is very important to check for return value from this function. */ -bool TABinaryManager::unpackBinary(const string &uuid, const string &path, StructBinaryInfo& info) { +bool TABinaryManager::unpackBinary(const string &uuid, StructBinaryInfo& info) { TAUnpack* unpacker = TAUnpack::getInstance(); bool ret = false; - LOGD(SIM_DAEMON, "Unpacking TA %s in %s", uuid.c_str(), path.c_str()); - if (0 == unpacker->unpackTA(path, uuid)) { + if (0 == unpacker->unpackTA(string(TA_STORE_PATH), uuid)) { LOGD(SIM_DAEMON, "Unpacked, filling info"); // 1. Set binary info - info.path = path + uuid; - info.extractpath = path + uuid + "-ext/"; + info.path = string(TA_STORE_PATH)+ uuid; + info.extractpath = string(TA_STORE_PATH) + uuid + "-ext/"; info.imagePath = info.extractpath + uuid + ".image"; info.manifestPath = info.extractpath + uuid + ".manifest"; // 2. Parse manifest and store results diff --git a/simulatordaemon/src/TABinaryManager/TABinaryManager.h b/simulatordaemon/src/TABinaryManager/TABinaryManager.h index bf7366e..108fff0 100644 --- a/simulatordaemon/src/TABinaryManager/TABinaryManager.h +++ b/simulatordaemon/src/TABinaryManager/TABinaryManager.h @@ -64,7 +64,7 @@ private: // map < string uuid, StructBinaryInfo> map binaryMap; TABinaryManager(); - bool unpackBinary(const string &uuid, const string &path, StructBinaryInfo& info); + bool unpackBinary(const string &uuid, StructBinaryInfo& info); template std::string IntToHex(T i, int width = sizeof(T) * 2) { std::stringstream stream; @@ -85,7 +85,7 @@ public: */ pthread_mutex_t taLock; static TABinaryManager* getInstance(); - bool initTAatPath(const string &path, const string &uuid); + bool initTA (const string &uuid); /* * Query functions on Binary Manager diff --git a/simulatordaemon/src/TAFactory.cpp b/simulatordaemon/src/TAFactory.cpp index f55e11d..4c5bcbe 100644 --- a/simulatordaemon/src/TAFactory.cpp +++ b/simulatordaemon/src/TAFactory.cpp @@ -194,12 +194,7 @@ TAInstancePtr TAFactory::createUninitalizedTAInstance(string TAUUID, str << TAUUID << "-"; str << InstID; - string allowedTAPath; - if(!session->getSecurityContext().findRequestedTa(TAUUID, allowedTAPath)) { - LOGE(SIM_DAEMON, "Access for TA %s forbidden", TAUUID.c_str()); - return TAInstancePtr(); - } - if (launchTA(allowedTAPath, TAUUID, str, debug, pid)) { + if (launchTA(TAUUID, str, debug, pid)) { // TA is launched successfully, Create a new instance of TAInstance class /* Check if TA is to be keep alive and accordingly set TAInstance's @@ -347,22 +342,21 @@ void TAFactory::cleanupTAInstance(pid_t PID) { * @param debug debug flag * @param pid PID to be update for launched TA */ -bool TAFactory::launchTA(string path, string TAUUID, std::stringstream& str, bool debug, +bool TAFactory::launchTA(string TAUUID, std::stringstream& str, bool debug, pid_t& pid) { int32_t result = -1; pthread_t thread; LOGD(SIM_DAEMON, "Entry"); - LOGD(SIM_DAEMON, "Path: %s", path.c_str()); // Get TABinaryManager instance TABinaryManager *TABin = TABinaryManager::getInstance(); // Get TA Image path for launching string argvPath = ""; - if (TABin->initTAatPath(path, TAUUID)) { - argvPath = TABin->getImagePath(TAUUID); - LOGD(SIM_DAEMON, "argvPath: ", argvPath.c_str()); + if (TABin->initTA(TAUUID)) { + argvPath = TABin->getImagePath(TAUUID); } + if ("" == argvPath) { LOGE(SIM_DAEMON, "Trusted Application does not exist"); return false; -- 2.7.4