From 8627bafd36104243cbff6b147742188d367c7b88 Mon Sep 17 00:00:00 2001 From: "jk7744.park" Date: Tue, 8 Sep 2015 22:15:00 +0900 Subject: [PATCH] tizen 2.3.1 release --- CMakeLists.txt | 4 +- LICENSE.APLv2 => LICENSE | 0 debug-launchpad.manifest | 8 ++ include/access_control.h | 2 +- include/app_signal.h | 2 +- include/app_sock.h | 1 + include/menu_db_util.h | 1 + packaging/debug-launchpad.spec | 11 +-- src/fileutils.c | 29 ++++++- src/launchpad.c | 181 ++++++++++++++--------------------------- src/sigchild.h | 6 +- src/simple_util.c | 4 +- 12 files changed, 112 insertions(+), 137 deletions(-) rename LICENSE.APLv2 => LICENSE (100%) create mode 100644 debug-launchpad.manifest mode change 100644 => 100755 packaging/debug-launchpad.spec diff --git a/CMakeLists.txt b/CMakeLists.txt index 9a65cf3..f830197 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,7 +20,7 @@ MESSAGE("Build type: ${CMAKE_BUILD_TYPE}") # Set required packages INCLUDE(FindPkgConfig) -pkg_check_modules(pkgs REQUIRED dlog x11 libprivilege-control dbus-glib-1 sqlite3 bundle vconf libsmack aul) +pkg_check_modules(pkgs REQUIRED dlog x11 libprivilege-control dbus-glib-1 sqlite3 bundle vconf libsmack aul pkgmgr-info) FIND_LIBRARY(LIB_DL dl) @@ -69,7 +69,7 @@ add_executable(${AVATAR_NAME} ) MESSAGE(" "${pkgs_LDFLAGS}) -target_link_libraries(${AVATAR_NAME} aul cap ${pkgs_LDFLAGS} ${LIB_DL}) +target_link_libraries(${AVATAR_NAME} aul cap ${pkgs_LDFLAGS} ${LIB_DL} "-pie") set_target_properties(${AVATAR_NAME} PROPERTIES SKIP_BUILD_RPATH true ) # remove rpath option that is automatically generated by cmake. diff --git a/LICENSE.APLv2 b/LICENSE similarity index 100% rename from LICENSE.APLv2 rename to LICENSE diff --git a/debug-launchpad.manifest b/debug-launchpad.manifest new file mode 100644 index 0000000..5874aa8 --- /dev/null +++ b/debug-launchpad.manifest @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/include/access_control.h b/include/access_control.h index 604b095..cdbe8f2 100755 --- a/include/access_control.h +++ b/include/access_control.h @@ -27,7 +27,7 @@ #define INHOUSE_UID 5000 static inline int __set_access(const char* pkg_name, const char* pkg_type, const char* app_path) { - return set_app_privilege(pkg_name, pkg_type, app_path); + return perm_app_set_privilege_debug(pkg_name, pkg_type, app_path); } #else diff --git a/include/app_signal.h b/include/app_signal.h index 474def5..f84a54c 100755 --- a/include/app_signal.h +++ b/include/app_signal.h @@ -28,7 +28,7 @@ #include #define AUL_DBUS_PATH "/aul/dbus_handler" -#define AUL_DBUS_SIGNAL_INTERFACE "org.tizen.aul.signal" +#define AUL_DBUS_SIGNAL_INTERFACE "com.samsung.aul.signal" #define AUL_DBUS_APPDEAD_SIGNAL "app_dead" #define AUL_DBUS_APPLAUNCH_SIGNAL "app_launch" diff --git a/include/app_sock.h b/include/app_sock.h index 35d400c..a7544d5 100755 --- a/include/app_sock.h +++ b/include/app_sock.h @@ -59,6 +59,7 @@ enum app_cmd { #define ELOCALLAUNCH_ID 128 #define EILLEGALACCESS 127 #define ETERMINATING 126 +#define EHIDDENFORGUEST 8 typedef struct _app_pkt_t { int cmd; diff --git a/include/menu_db_util.h b/include/menu_db_util.h index 2179d85..8737c11 100755 --- a/include/menu_db_util.h +++ b/include/menu_db_util.h @@ -49,6 +49,7 @@ typedef struct { char *original_app_path; /* exec */ char *pkg_type; /* x_slp_packagetype */ char *hwacc; /* hwacceleration */ + char *taskmanage; /* taskmanage */ } app_info_from_db; static inline char *_get_pkgname(app_info_from_db *menu_info) diff --git a/packaging/debug-launchpad.spec b/packaging/debug-launchpad.spec old mode 100644 new mode 100755 index 7ccda1f..20c7f22 --- a/packaging/debug-launchpad.spec +++ b/packaging/debug-launchpad.spec @@ -3,7 +3,7 @@ Summary: Debug Launchpad Version: 0.0.12 Release: 1 Group: System Environment/Daemons -License: Apache License, Version 2.0 +License: Apache-2.0 Source0: %{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -24,6 +24,7 @@ BuildRequires: pkgconfig(vconf) BuildRequires: pkgconfig(libsmack) BuildRequires: pkgconfig(aul) BuildRequires: libcap-devel +BuildRequires: pkgconfig(pkgmgr-info) %description @@ -42,10 +43,9 @@ make %{?jobs:-j%jobs} %install rm -rf %{buildroot} -%make_install - mkdir -p %{buildroot}/usr/share/license -cp LICENSE.APLv2 %{buildroot}/usr/share/license/%{name} +cp LICENSE %{buildroot}/usr/share/license/%{name} +%make_install %clean rm -rf %{buildroot} @@ -53,5 +53,6 @@ rm -rf %{buildroot} %post %files -%attr(0755, root, root) %{_bindir}/debug_launchpad_preloading_preinitializing_daemon /usr/share/license/%{name} +%manifest debug-launchpad.manifest +%attr(0755, root, root) %{_bindir}/debug_launchpad_preloading_preinitializing_daemon diff --git a/src/fileutils.c b/src/fileutils.c index 061d437..f8ac2c1 100644 --- a/src/fileutils.c +++ b/src/fileutils.c @@ -25,6 +25,7 @@ #include #include #include +#include static int recurse(const char *path, mode_t mode, int (*fn)(const char *,mode_t, int)) { struct stat st; @@ -54,14 +55,36 @@ int dlp_chmod(const char *path, mode_t mode, int recursive) { fprintf(stderr, "error: dlp_chmod not implemented on Win32 (%s)\n", path); return -1; #else - struct stat st; + int fd; + struct stat lstat_info; + struct stat fstat_info; + + if (lstat (path, &lstat_info) == -1) + return -1; - if (stat (path, &st) == -1) + fd = open(path, O_WRONLY, S_IRWXU); + if(fd == -1) return -1; - if (chmod (path, mode) == -1) { + if (fstat (fd, &fstat_info) == -1) + { + close(fd); return -1; } + + // this complex check is required because of 'chmod' security issue. + // otherwise hacker can change other file's permission by using race condition and symbolic link. + if(lstat_info.st_mode == fstat_info.st_mode && + lstat_info.st_ino == fstat_info.st_ino && + lstat_info.st_dev == fstat_info.st_dev){ + if (fchmod (fd, mode) == -1) { + close(fd); + return -1; + } + } + + close(fd); + if (recursive) { return recurse(path, mode, dlp_chmod); } diff --git a/src/launchpad.c b/src/launchpad.c index feb124f..8c81ff4 100755 --- a/src/launchpad.c +++ b/src/launchpad.c @@ -1,9 +1,9 @@ /* * debug-launchpad * - * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd. All rights reserved. * - * Contact: Jungmin Cho , Gwangho Hwang + * Contact: MooChang Kim * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -50,6 +50,7 @@ #include "perf.h" #include "sigchild.h" #include "aul_util.h" +#include "pkgmgr-info.h" #include "heap_dbg.h" @@ -65,7 +66,6 @@ #define SQLITE_FLUSH_MAX (1048576) /* (1024*1024) */ #define AUL_POLL_CNT 15 #define AUL_PR_NAME 16 -#define APPID_LEN 10 #define PATH_TMP "/tmp" #define PATH_DATA "/data" @@ -74,13 +74,11 @@ #define SDK_DYNAMIC_ANALYSIS "DYNAMIC_ANALYSIS" #define SDK_UNIT_TEST "UNIT_TEST" #define SDK_VALGRIND "VALGRIND" -#define SDK_LD_FLAG "LD_FLAG" /* DLP is short for debug-launchpad */ #define DLP_K_DEBUG_ARG "__DLP_DEBUG_ARG__" #define DLP_K_UNIT_TEST_ARG "__DLP_UNIT_TEST_ARG__" #define DLP_K_VALGRIND_ARG "__DLP_VALGRIND_ARG__" -#define DLP_K_LD_FLAG "__DLP_LD_FLAG__" #define PATH_GDBSERVER "/home/developer/sdk_tools/gdbserver/gdbserver" #define PATH_VALGRIND "/home/developer/sdk_tools/valgrind/usr/bin/valgrind" @@ -96,7 +94,7 @@ #define POLL_VALGRIND_LOGFILE 0x00000001 #define POLL_VALGRIND_XMLFILE 0x00000002 -#define CAPABILITY_SET_ORIGINAL 0 +#define CAPABILITY_GET_ORIGINAL 0 #define CAPABILITY_SET_INHERITABLE 1 static int need_to_set_inh_cap_after_fork = 0; @@ -106,7 +104,6 @@ static int initialized = 0; static int poll_outputfile = 0; static int is_gdbserver_launched; -void __set_oom(); void __set_env(app_info_from_db * menu_info, bundle * kb); int __prepare_exec(const char *pkg_name, const char *app_path, app_info_from_db * menu_info, @@ -130,22 +127,7 @@ extern ail_error_e ail_db_close(void); -void __set_oom() -{ - char buf[MAX_LOCAL_BUFSZ]; - FILE *fp; - - /* we should reset oomadj value as default because child - inherits from parent oom_adj*/ - snprintf(buf, MAX_LOCAL_BUFSZ, "/proc/%d/oom_adj", getpid()); - fp = fopen(buf, "w"); - if (fp == NULL) - return; - fprintf(fp, "%d", -16); - fclose(fp); -} - -void __set_sdk_env(app_info_from_db* menu_info, char* str, bundle * kb) { +void __set_sdk_env(app_info_from_db* menu_info, char* str) { char buf_pkgname[MAX_LOCAL_BUFSZ]; char buf[MAX_LOCAL_BUFSZ]; int ret; @@ -166,44 +148,10 @@ void __set_sdk_env(app_info_from_db* menu_info, char* str, bundle * kb) { _D("GCOV_PREFIX : %d", ret); ret = setenv("GCOV_PREFIX_STRIP", "0", 1); _D("GCOV_PREFIX_STRIP : %d", ret); - } - else if (strncmp(str, SDK_DYNAMIC_ANALYSIS, strlen(str)) == 0) - { + } else if (strncmp(str, SDK_DYNAMIC_ANALYSIS, strlen(str)) == 0) { ret = setenv("LD_PRELOAD", PATH_DA_SO, 1); _D("LD_PRELOAD : %d", ret); } - else if (strncmp(str, SDK_LD_FLAG, strlen(str)) == 0) - { - const char *flag_str = NULL; - const char **flag_str_array = NULL; - int flag_len; - if(bundle_get_type(kb, DLP_K_LD_FLAG) & BUNDLE_TYPE_ARRAY) { - flag_str_array = bundle_get_str_array(kb, DLP_K_LD_FLAG, &flag_len); - } else { - flag_str = bundle_get_val(kb, DLP_K_LD_FLAG); - if(flag_str) { - flag_str_array = &flag_str; - flag_len = 1; - } - } - if(flag_str_array != NULL) { - int i; - char * f_name; - char * f_value; - for (i = 0; i < flag_len; i++) { - strncpy(buf,flag_str_array[i],MAX_LOCAL_BUFSZ); - f_name = strtok(buf,"="); - f_value = strtok(NULL,"="); - if(f_value) { - ret = setenv(f_name,f_value,1); - _D("LD_FLAG : %s %s %d",f_name,f_value,ret); - } else { - _E("LD_FLAG : Wrong option! %s", flag_str_array[i]); - } - } - } - - } } @@ -227,17 +175,19 @@ void __set_env(app_info_from_db * menu_info, bundle * kb) if(str_array != NULL) { for (i = 0; i < len; i++) { _D("index : [%d]", i); - __set_sdk_env(menu_info, (char *)str_array[i], kb); + __set_sdk_env(menu_info, (char *)str_array[i]); } } } else { str = bundle_get_val(kb, AUL_K_SDK); if(str != NULL) { - __set_sdk_env(menu_info, (char *)str, kb); + __set_sdk_env(menu_info, (char *)str); } } if (menu_info->hwacc != NULL) setenv("HWACC", menu_info->hwacc, 1); + if (menu_info->taskmanage != NULL) + setenv("TASKMANAGE", menu_info->taskmanage, 1); } int __prepare_exec(const char *pkg_name, @@ -255,20 +205,13 @@ int __prepare_exec(const char *pkg_name, __preexec_run(menu_info->pkg_type, pkg_name, app_path); - /* SET OOM*/ - __set_oom(); - /* SET PRIVILEGES*/ - if(bundle_get_val(kb, AUL_K_PRIVACY_APPID) == NULL) { - _D("pkg_name : %s / pkg_type : %s / app_path : %s ", pkg_name - , menu_info->pkg_type, app_path); - if ((ret = __set_access(pkg_name, menu_info->pkg_type - , app_path)) < 0) - { - _D("fail to set privileges - check your package's credential : %d\n" - , ret); - return -1; - } + _D("pkg_name : %s / pkg_type : %s / app_path : %s", pkg_name + , menu_info->pkg_type, app_path); + if ((ret = __set_access(pkg_name, menu_info->pkg_type, app_path)) < 0) { + _D("fail to set privileges - check your package's credential : %d\n" + , ret); + return -1; } /* SET DUMPABLE - for coredump*/ prctl(PR_SET_DUMPABLE, 1); @@ -425,7 +368,12 @@ char **__create_argc_argv(bundle * kb, int *margc, const char *app_path) char buf[MAX_LOCAL_BUFSZ]; if (argv[0]) free(argv[0]); snprintf(buf,MAX_LOCAL_BUFSZ,"%s.exe",app_path); - argv[0] = strdup(buf); + // this code is added because core app don't have '.exe' excutable + // if '.exe' not exist then use app_path + if(access(buf, F_OK) != 0) + argv[0] = strdup(app_path); + else + argv[0] = strdup(buf); new_argv = __add_arg(kb, argv, &argc, DLP_K_DEBUG_ARG); new_argv[0] = strdup(PATH_GDBSERVER); argv = new_argv; @@ -598,6 +546,7 @@ void __modify_bundle(bundle * kb, int caller_pid, bundle_del(kb, AUL_K_EXEC); bundle_del(kb, AUL_K_PACKAGETYPE); bundle_del(kb, AUL_K_HWACC); + bundle_del(kb, AUL_K_TASKMANAGE); /* Parse app_path to retrieve default bundle*/ if (cmd == APP_START || cmd == APP_START_RES || cmd == APP_OPEN @@ -789,6 +738,7 @@ static app_info_from_db *_get_app_info_from_bundle_by_pkgname( menu_info->original_app_path = strdup(menu_info->app_path); menu_info->pkg_type = strdup(bundle_get_val(kb, AUL_K_PACKAGETYPE)); menu_info->hwacc = strdup(bundle_get_val(kb, AUL_K_HWACC)); + menu_info->taskmanage = strdup(bundle_get_val(kb, AUL_K_TASKMANAGE)); if (!_get_app_path(menu_info)) { _free_app_info_from_db(menu_info); @@ -809,23 +759,6 @@ int get_native_appid(const char* app_path, char** appid) { return -1; } - if (strlen(*appid) != APPID_LEN) { - _E("wrong native appid : %s", *appid); - return -1; - } - - if (strlen(app_path) < sizeof(PATH_NATIVE_APP)+APPID_LEN-1) { - _E("wrong native app_path : %s", app_path); - return -1; - } - else if ( strncmp(app_path, PATH_NATIVE_APP, sizeof(PATH_NATIVE_APP)-1) - || strncmp(&app_path[sizeof(PATH_NATIVE_APP)-1] - , *appid,APPID_LEN) ) - { - _E("wrong native app_path : %s", app_path); - return -1; - } - _D("get_appid return : %s", *appid); return 0; } @@ -849,9 +782,9 @@ int apply_smack_rules(const char* subject, const char* object } if (smack_accesses_apply(rules)) { - smack_accesses_free(rules); + // smack_accesses_free(rules); _E("smack_accesses_apply fail"); - return -1; + // return -1; } smack_accesses_free(rules); @@ -941,15 +874,12 @@ extern int capset(cap_user_header_t hdrp, const cap_user_data_t datap); int __adjust_process_capability(int sv) { static struct __user_cap_header_struct h; - static struct __user_cap_data_struct ori_d[_LINUX_CAPABILITY_U32S_2]; static struct __user_cap_data_struct inh_d[_LINUX_CAPABILITY_U32S_2]; - static int isinit = 0; - if(isinit==0) { + if(sv == CAPABILITY_GET_ORIGINAL) { h.version = _LINUX_CAPABILITY_VERSION_2; h.pid = getpid(); - capget(&h, ori_d); capget(&h, inh_d); inh_d[CAP_TO_INDEX(CAP_NET_RAW)].inheritable |= @@ -957,24 +887,10 @@ int __adjust_process_capability(int sv) inh_d[CAP_TO_INDEX(CAP_SYS_CHROOT)].inheritable |= CAP_TO_MASK(CAP_SYS_CHROOT); - isinit++; - - if(sv == CAPABILITY_SET_ORIGINAL) return 0; - } - - if(isinit==0) { - _E("__adjust_process_capability init failed"); - return -1; - } - - if(sv == CAPABILITY_SET_ORIGINAL) { - h.pid = getpid(); - if (capset(&h, ori_d) < 0) { - _E("Capability setting error"); - return -1; - } + return 0; } - else if (sv == CAPABILITY_SET_INHERITABLE) { + + if (sv == CAPABILITY_SET_INHERITABLE) { h.pid = getpid(); if (capset(&h, inh_d) < 0) { _E("Capability setting error"); @@ -1000,6 +916,9 @@ int __prepare_fork(bundle *kb, char *appid) const char **str_array = NULL; int len = 0; int i; + pkgmgrinfo_pkginfo_h handle; + bool bPreloaded = false; + char *storeclientid = NULL; need_to_set_inh_cap_after_fork=0; poll_outputfile = 0; @@ -1023,9 +942,31 @@ int __prepare_fork(bundle *kb, char *appid) /* gdbserver */ if (strncmp(str_array[i], SDK_DEBUG, strlen(str_array[i])) == 0) { + // because of security issue, prevent debugging(ptrace) for preloaded app and downloaed app + if(pkgmgrinfo_pkginfo_get_pkginfo(appid, &handle) == PMINFO_R_OK) + { + if(pkgmgrinfo_pkginfo_is_preload(handle, &bPreloaded) != PMINFO_R_OK) + return -1; + if(pkgmgrinfo_pkginfo_get_storeclientid(handle, &storeclientid) != PMINFO_R_OK) + return -1; + if(bPreloaded || (storeclientid[0] != '\0')) + { + _E("debugging is not allowed"); + return -1; + } + } + if(apply_smack_rules("sdbd",appid,"w")) { - _E("unable to set sdbd rules"); - return -1; + _E("smack_accesses_apply fail"); + // return -1; + } + + // fixed debug-as fail issue (grant permission to use 10.0.2.2, 10.0.2.16) + if(apply_smack_rules(appid, "system::debugging_network", "rw")) { + _E("smack_accesses_apply fail"); + } + if(apply_smack_rules("system::debugging_network", appid, "w")) { + _E("smack_accesses_apply fail"); } // FIXME: set gdbfolder to 755 also @@ -1044,7 +985,7 @@ int __prepare_fork(bundle *kb, char *appid) else if (strncmp(str_array[i], SDK_VALGRIND , strlen(str_array[i])) == 0) { - if (__prepare_valgrind_outputfile(kb) == -1) + if (__prepare_valgrind_outputfile(kb) == -1) return -1; __adjust_file_capability(PATH_MEMCHECK); } @@ -1073,7 +1014,7 @@ void __waiting_outputfile() __chmod_chsmack_toread(PATH_VALGRIND_XMLFILE); poll_outputfile &= ~POLL_VALGRIND_XMLFILE; } - + if(poll_outputfile) { _D("-- now wait for creating the file --"); usleep(50 * 1000); /* 50ms sleep*/ @@ -1228,7 +1169,7 @@ void __launchpad_main_loop(int main_fd) if(is_gdbserver_launched) { char buf[MAX_LOCAL_BUFSZ]; - usleep(100 * 1000); /* 100ms sleep */ + usleep(100 * 1000); /* 100ms sleep */ snprintf(buf, MAX_LOCAL_BUFSZ, "%s.exe", app_path); gdbserver_app_pid = __proc_iter_cmdline(NULL, buf); @@ -1329,7 +1270,7 @@ int main(int argc, char **argv) struct pollfd pfds[POLLFD_MAX]; int i; - __adjust_process_capability(CAPABILITY_SET_ORIGINAL); + __adjust_process_capability(CAPABILITY_GET_ORIGINAL); /* init without concerning X & EFL*/ main_fd = __launchpad_pre_init(argc, argv); diff --git a/src/sigchild.h b/src/sigchild.h index 903d105..900ebde 100755 --- a/src/sigchild.h +++ b/src/sigchild.h @@ -148,9 +148,9 @@ static int __sigchild_action(void *data) if (dead_pid <= 0) goto end; - /* send app pid instead of gdbserver pid */ - if(dead_pid == gdbserver_pid) - dead_pid = gdbserver_app_pid; + /* send app pid instead of gdbserver pid */ + if(dead_pid == gdbserver_pid) + dead_pid = gdbserver_app_pid; /* valgrind xml file */ if(access(PATH_VALGRIND_XMLFILE,F_OK)==0) diff --git a/src/simple_util.c b/src/simple_util.c index dadc183..d2a891d 100755 --- a/src/simple_util.c +++ b/src/simple_util.c @@ -146,7 +146,7 @@ char *__proc_get_cmdline_bypid(int pid) static inline int __get_pgid_from_stat(int pid) { char buf[MAX_LOCAL_BUFSZ]; - char *str; + char *str = NULL; int ret; int i; int count = 0; @@ -171,7 +171,7 @@ static inline int __get_pgid_from_stat(int pid) } } - if (count == PROC_STAT_GID_POS) + if ((count == PROC_STAT_GID_POS) && (str)) pid = atoi(str); else pid = -1; -- 2.7.4