From 60a80bb4d29a0d6a41ae21431ad75fb4e6def837 Mon Sep 17 00:00:00 2001 From: Uladzislau Harbuz Date: Tue, 19 Sep 2017 14:13:56 +0200 Subject: [PATCH] Destroy tizen context, get right uid of client Change-Id: I85cbd1773a304d376c61477e9b1202e366e3f32c --- simulatordaemon/inc/SecurityContext.h | 2 +- simulatordaemon/src/SecurityContext.cpp | 46 ++++++++++++++++++++++----------- 2 files changed, 32 insertions(+), 16 deletions(-) diff --git a/simulatordaemon/inc/SecurityContext.h b/simulatordaemon/inc/SecurityContext.h index b9b7655..2ebf6b6 100644 --- a/simulatordaemon/inc/SecurityContext.h +++ b/simulatordaemon/inc/SecurityContext.h @@ -44,7 +44,7 @@ private: TEE_TASTORE_ROOT, }; - static std::string getCaFullPathFromPkgId(char*); + std::string getCaFullPathFromPkgId(char*); public: SecurityContext(); diff --git a/simulatordaemon/src/SecurityContext.cpp b/simulatordaemon/src/SecurityContext.cpp index 699f6be..a70c9e8 100644 --- a/simulatordaemon/src/SecurityContext.cpp +++ b/simulatordaemon/src/SecurityContext.cpp @@ -32,10 +32,12 @@ #include #include #include +#include +#include using p_char = std::unique_ptr>; using p_cynara_conf = std::unique_ptr>; -using p_tzplatform_context= std::unique_ptr>; +using p_tzplatform_context = std::unique_ptr>; namespace fs = boost::filesystem; @@ -51,40 +53,54 @@ pthread_mutex_t cynara_mutex = PTHREAD_MUTEX_INITIALIZER; #define BOOST_FILESYSTEM_VERSION 3 #define RETURN_UNLOCK(ret, mtx) {pthread_mutex_unlock(&mtx); return ret;} -/* TODO: this function needs to be tested. - */ + std::string SecurityContext::getCaFullPathFromPkgId(char* pkgid) { std::string path; tzplatform_variable ids[3] = {TZ_USER_APP, TZ_SYS_RW_APP, TZ_SYS_RO_APP}; tzplatform_context *ctx; - if (! tzplatform_context_create(&ctx)) { - LOGE(SIM_DAEMON, "Can't create tizen context"); - return path; + if (tzplatform_context_create(&ctx) != 0) { + LOGE(SIM_DAEMON, "Can't create tizen context"); + return ""; + } + + p_tzplatform_context p_ctx(ctx, &tzplatform_context_destroy); + + auto len = sizeof(struct ucred); + struct ucred ucred; + + if (getsockopt(connFd, SOL_SOCKET, SO_PEERCRED, &ucred, &len) == -1) { + LOGE(SIM_DAEMON, "Can't get uid of client"); + return ""; } - p_tzplatform_context p_ctx(ctx, &free); + auto clientUID = ucred.uid; - if (! tzplatform_context_set_user(p_ctx.get(), getuid())) { - LOGE(SIM_DAEMON, "Can not set user for context"); - return path; + if (tzplatform_context_set_user(p_ctx.get(), clientUID) != 0) { + LOGE(SIM_DAEMON, "Can not set user for context"); + return ""; } for (auto &id : ids) { - path = std::move(tzplatform_context_getenv(p_ctx.get(), id)); - LOGD(SIM_DAEMON, "Path is : %s", path.c_str()); - if (! path.empty()) break; + path = std::move(tzplatform_context_getenv(p_ctx.get(), id)); + LOGD(SIM_DAEMON, "Path is : %s", path.c_str()); + if (!path.empty()) break; + } + + if (!fs::exists(path)) { + LOGE(SIM_DAEMON, "Path doesn't exist: %s", path.c_str()); + return ""; } - path = fs::read_symlink(fs::path(path)).parent_path().string(); + path = fs::read_symlink(fs::path(path)).string(); if (path.empty()) { LOGE(SIM_DAEMON, "Bad CA path. Does this directory exist: %s ?", path.c_str()); } path += "/" + std::string(pkgid) + TA_LOCAL_PATH; - LOGD(SIM_DAEMON, "Path::::: &s", path.c_str()); + LOGD(SIM_DAEMON, "Path: %s", path.c_str()); return path; } -- 2.7.4