From 18276391dbc8644cb8ba3b0b841b02b4a5b55a11 Mon Sep 17 00:00:00 2001 From: Youngjae Cho Date: Thu, 9 Jan 2025 12:22:32 +0900 Subject: [PATCH] libcommon: Replace direct access to smack node with cynara/security-manager API Considering no-smack environment, used API provided by cynara and security-manager instead of direct access to the smack label node /proc//attr/current. Change-Id: I6b2ce39a787726ad6c4b97fff0608ae2963f92fb Signed-off-by: Youngjae Cho --- CMakeLists.txt | 4 +++- packaging/libsyscommon.spec | 2 ++ src/libcommon/proc.c | 48 ++++++++++++++++++++++++------------- tests/CMakeLists.txt | 4 +++- 4 files changed, 39 insertions(+), 19 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 87314e3..92a0050 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -38,7 +38,9 @@ pkg_check_modules(syscommon REQUIRED gio-unix-2.0 dlog json-c - capi-system-info) + capi-system-info + cynara-creds-pid + security-manager) FOREACH(flag ${syscommon_CFLAGS}) SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") diff --git a/packaging/libsyscommon.spec b/packaging/libsyscommon.spec index 1d112a6..bf61062 100644 --- a/packaging/libsyscommon.spec +++ b/packaging/libsyscommon.spec @@ -22,6 +22,8 @@ BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(json-c) BuildRequires: pkgconfig(capi-system-info) BuildRequires: pkgconfig(capi-system-resource) +BuildRequires: pkgconfig(cynara-creds-pid) +BuildRequires: pkgconfig(security-manager) Requires: /bin/cp Requires(post): /sbin/ldconfig diff --git a/src/libcommon/proc.c b/src/libcommon/proc.c index 12ea071..c229632 100644 --- a/src/libcommon/proc.c +++ b/src/libcommon/proc.c @@ -3,6 +3,10 @@ #include #include #include +#include + +#include +#include #include "shared/log.h" #include "libsyscommon/proc.h" @@ -73,28 +77,38 @@ int syscommon_proc_get_cmdline(pid_t pid, char *buf, int len) int syscommon_proc_get_attr_current(pid_t pid, char *buf, int len) { - return proc_get_string(buf, len, "/proc/%d/attr/current", pid); + char *client = NULL; + int ret; + + if (!buf) + return -EINVAL; + + ret = cynara_creds_pid_get_client(pid, CLIENT_METHOD_DEFAULT, &client); + if (ret != CYNARA_API_SUCCESS) + return -EINVAL; + + ret = snprintf(buf, len, "%s", client); + + free(client); + client = NULL; + + if (ret < 0) + return -EIO; + + if (ret >= len) + return -EOVERFLOW; + + return 0; } int syscommon_proc_is_app(pid_t pid) { - char attr[NAME_MAX] = { 0 ,}; - int ret = 0; + bool is_app = false; + int ret; - ret = syscommon_proc_get_attr_current(pid, attr, sizeof(attr)); - if (ret != 0) { - _E("Failed to read privilege, %d", ret); + ret = security_manager_is_app_from_pid(pid, &is_app); + if (ret != SECURITY_MANAGER_SUCCESS) return -1; - } - - if (!strncmp("System", attr, sizeof("System"))) - return 0; - - if (!strncmp("User", attr, sizeof("User"))) - return 0; - - if (!strncmp("System::Privileged", attr, sizeof("System::Privileged"))) - return 0; - return 1; + return is_app; } diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index e53ee04..a8064bc 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -36,7 +36,9 @@ PKG_CHECK_MODULES(REQUIRED_PKGS REQUIRED glib-2.0 json-c capi-system-info - cmocka) + cmocka + cynara-creds-pid + security-manager) ADD_EXECUTABLE(${TEST_DRIVER} ${SRCS}) TARGET_LINK_LIBRARIES(${TEST_DRIVER} "${REQUIRED_PKGS_LDFLAGS} -ldl") -- 2.34.1