From 2cbb0aa0420dc0909665aec1ac9cd9827c0ecf5f Mon Sep 17 00:00:00 2001
From: Hwankyu Jhun <h.jhun@samsung.com>
Date: Wed, 12 Sep 2018 11:59:02 +0900
Subject: [PATCH] Prevent loader execution by any process

The loader library checks capabilities to checks
whether the process is executed by launchpad-process-pool or not.
The access smack label is added on loader executable file.

Change-Id: I1943ff4076a8296a78891fc4eb3434b4578c6057
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>
---
 CMakeLists.txt         |  2 ++
 inc/launchpad_common.h |  1 +
 launchpad.manifest     |  2 +-
 src/launchpad_common.c | 43 +++++++++++++++++++++++++++++++++++++++++++
 src/launchpad_lib.c    |  7 ++++++-
 5 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 782f03d..4c77152 100755
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -36,6 +36,7 @@ PKG_CHECK_MODULES(${this_target_loader} REQUIRED
 	libsystemd
 	gio-2.0
 	dbus-1
+	libcap
 	)
 
 FOREACH(flag ${${this_target_loader}_CFLAGS})
@@ -50,6 +51,7 @@ PKG_CHECK_MODULES(${this_target_lib} REQUIRED
 	libtzplatform-config
 	tanchor
 	dbus-1
+	libcap
 	)
 
 FOREACH(flag ${${this_target_lib}_CFLAGS})
diff --git a/inc/launchpad_common.h b/inc/launchpad_common.h
index f842b76..3b789f5 100644
--- a/inc/launchpad_common.h
+++ b/inc/launchpad_common.h
@@ -128,6 +128,7 @@ int _set_priority(int prio);
 int _wait_tep_mount(bundle *b);
 int _prepare_app_socket(void);
 int _enable_external_pkg(bundle *b, const char *pkgid, uid_t pkg_uid);
+int _verify_proc_caps(void);
 
 #endif /* __LAUNCHPAD_COMMON_H__ */
 
diff --git a/launchpad.manifest b/launchpad.manifest
index 9f9511c..ca22179 100644
--- a/launchpad.manifest
+++ b/launchpad.manifest
@@ -4,7 +4,7 @@
 	</request>
 	<assign>
 		<filesystem path="/usr/bin/launchpad-process-pool" exec_label="System::Privileged" />
-		<filesystem path="/usr/bin/launchpad-loader" exec_label="User" />
+		<filesystem path="/usr/bin/launchpad-loader" label="User" exec_label="User" />
 	</assign>
 
 </manifest>
diff --git a/src/launchpad_common.c b/src/launchpad_common.c
index 48f790f..2d7e3b6 100644
--- a/src/launchpad_common.c
+++ b/src/launchpad_common.c
@@ -30,6 +30,7 @@
 #include <sys/un.h>
 #include <linux/limits.h>
 #include <unistd.h>
+#include <sys/capability.h>
 #include <tzplatform_config.h>
 #include <stdio.h>
 #include <stdbool.h>
@@ -1275,3 +1276,45 @@ int _enable_external_pkg(bundle *b, const char *pkgid, uid_t pkg_uid)
 
 	return result;
 }
+
+int _verify_proc_caps(void)
+{
+	cap_t cap_d;
+	cap_flag_value_t eff_state;
+	cap_flag_value_t inh_state;
+	cap_value_t values[] = {CAP_SETGID, CAP_SYS_ADMIN};
+	int i;
+	int r;
+
+	cap_d = cap_get_proc();
+	if (!cap_d) {
+		_E("Failed to get cap from proc. pid(%d)", getpid());
+		return -1;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(values); i++) {
+		r = cap_get_flag(cap_d, values[i], CAP_INHERITABLE, &inh_state);
+		if (r != 0) {
+			_E("Failed to get cap inh - errno(%d)", errno);
+			cap_free(cap_d);
+			return -1;
+		}
+
+		r = cap_get_flag(cap_d, values[i], CAP_EFFECTIVE, &eff_state);
+		if (r != 0) {
+			_E("Failed to get cap eff - errno(%d)", errno);
+			cap_free(cap_d);
+			return -1;
+		}
+
+		if ((inh_state != CAP_SET) || (eff_state != CAP_SET)) {
+			_E("The process(%d) doesn't have %d cap",
+					getpid(), values[i]);
+			cap_free(cap_d);
+			return -1;
+		}
+	}
+	cap_free(cap_d);
+
+	return 0;
+}
diff --git a/src/launchpad_lib.c b/src/launchpad_lib.c
index 7e3a124..dd7620a 100644
--- a/src/launchpad_lib.c
+++ b/src/launchpad_lib.c
@@ -315,6 +315,9 @@ static int __before_loop(int argc, char **argv)
 	int ret = -1;
 	bundle *extra = NULL;
 
+	if (_verify_proc_caps() < 0)
+		return -1;
+
 	__preexec_init(argc, argv);
 
 	/* Set new session ID & new process group ID*/
@@ -412,8 +415,10 @@ API int launchpad_loader_main(int argc, char **argv,
 	__argc = argc;
 	__argv = argv;
 
-	if (__before_loop(argc, argv) != 0)
+	if (__before_loop(argc, argv) != 0) {
+		_E("Failed to prepare running loader. type(%d)", __loader_type);
 		return -1;
+	}
 
 	_D("[candidate] ecore main loop begin");
 	__loader_adapter->loop_begin(__loader_user_data);
-- 
2.7.4