From 9acf96cbd8e41c699e2f059c1bef256910215178 Mon Sep 17 00:00:00 2001
From: Sangjin Kim <sangjin3.kim@samsung.com>
Date: Tue, 27 Dec 2016 04:51:05 -0800
Subject: [PATCH] Revert "remove smack_setlabel function usage for security
 reason"

This reverts commit 3b551c517915ee6b2c4709a57dc066ea64c29973.

Change-Id: Ie6f76b81f12a736ac797ccb882ff7b922c0b621e
---
 packaging/sdbd.spec             |  2 --
 packaging/sdbd_device.service   |  3 ++-
 packaging/sdbd_emulator.service |  3 ++-
 packaging/sdbd_tcp.service      |  2 +-
 src/default_plugin_basic.c      | 11 ++---------
 src/file_sync_service.c         |  4 +---
 src/sdb.c                       |  4 ++++
 src/services.c                  |  6 ++++++
 8 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec
index 6ddcae3..15eb808 100644
--- a/packaging/sdbd.spec
+++ b/packaging/sdbd.spec
@@ -112,8 +112,6 @@ fi
 cp -f /bin/sh /bin/sh-user
 chsmack -a "_" /bin/sh-user
 chsmack -e "User::Shell" /bin/sh-user
-mkdir -p %{TZ_SDK_HOME}/share/sdbdlog
-chown owner:users %{TZ_SDK_HOME}/share/sdbdlog
 
 %files
 %manifest sdbd.manifest
diff --git a/packaging/sdbd_device.service b/packaging/sdbd_device.service
index 0537fcd..cd60922 100644
--- a/packaging/sdbd_device.service
+++ b/packaging/sdbd_device.service
@@ -6,10 +6,11 @@ After=tmp.mount
 [Service]
 Type=forking
 #location of SDBD log file
+#Environment=SDBD_LOG_PATH=/tmp
 EnvironmentFile=-/run/tizen-system-env
 PIDFile=/tmp/.sdbd.pid
 Restart=on-failure
-SmackProcessLabel=System
+SmackProcessLabel=System::Privileged
 ExecStart=/usr/sbin/sdbd
 
 [Install]
diff --git a/packaging/sdbd_emulator.service b/packaging/sdbd_emulator.service
index 2129436..bed8cce 100644
--- a/packaging/sdbd_emulator.service
+++ b/packaging/sdbd_emulator.service
@@ -7,11 +7,12 @@ After=tmp.mount dbus.service
 [Service]
 Type=forking
 #location of SDBD log file
+#Environment=SDBD_LOG_PATH=/tmp
 Environment=DISPLAY=:0
 PIDFile=/tmp/.sdbd.pid
 RemainAfterExit=yes
 #ExecStartPre=/bin/bash -c "/bin/echo '10.0.2.15/32 system::debugging_network' >> /smack/netlabel"
-SmackProcessLabel=System
+SmackProcessLabel=System::Privileged
 ExecStart=/bin/sh -c "/usr/sbin/sdbd `/usr/bin/awk '{match($0, /sdb_port=([0-9]+)/,port_match); match($0, /vm_name=([^, ]*)/,vm_match); print \"--emulator=\" vm_match[1] \":\" port_match[1] \" --connect-to=10.0.2.2:26099\" \" --sensors=10.0.2.2:\"port_match[1]+3 }' /proc/cmdline`"
 
 [Install]
diff --git a/packaging/sdbd_tcp.service b/packaging/sdbd_tcp.service
index ade025c..e360a7c 100644
--- a/packaging/sdbd_tcp.service
+++ b/packaging/sdbd_tcp.service
@@ -7,5 +7,5 @@ Type=forking
 Environment=DISPLAY=:0
 PIDFile=/tmp/.sdbd.pid
 RemainAfterExit=yes
-SmackProcessLabel=System
+SmackProcessLabel=System::Privileged
 ExecStart=/usr/sbin/sdbd --listen-port=26101
diff --git a/src/default_plugin_basic.c b/src/default_plugin_basic.c
index 61611f6..91d8df2 100644
--- a/src/default_plugin_basic.c
+++ b/src/default_plugin_basic.c
@@ -20,8 +20,6 @@
 #include <stdarg.h>
 #include <unistd.h>
 
-#include <tzplatform_config.h>
-
 #define TRACE_TAG TRACE_SDB
 #include "log.h"
 
@@ -30,7 +28,7 @@
 #include "sdbd_plugin.h"
 #include "sdktools.h"
 
-#define LOG_DIRECTORY   "/home/owner/share/sdbdlog"
+#define LOG_DIRECTORY   "/tmp"
 
 int get_plugin_capability ( parameters* in, parameters* out )
 {
@@ -77,12 +75,7 @@ int get_plugin_capability ( parameters* in, parameters* out )
     } else if ( capability == CAPABILITY_LOG_ENABLE ) {
         make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_DISABLED );
     } else if ( capability == CAPABILITY_LOG_PATH ) {
-        const char* sdkhome = tzplatform_getenv(TZ_SDK_HOME);
-        if (sdkhome != NULL) {
-            make_string_parameter ( & ( out->array_of_parameter[0] ), "%s/share/sdbdlog", sdkhome );
-        } else {
-            make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", LOG_DIRECTORY );
-        }
+        make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", LOG_DIRECTORY );
     } else if ( capability == CAPABILITY_APPCMD ) {
         make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_ENABLED );
     } else {
diff --git a/src/file_sync_service.c b/src/file_sync_service.c
index 81f6841..4dd0860 100644
--- a/src/file_sync_service.c
+++ b/src/file_sync_service.c
@@ -77,7 +77,6 @@ void init_sdk_sync_permit_rule_regx(void)
     }
 }
 
-#if 0
 static void set_syncfile_smack_label(char *src) {
     char *label_transmuted = NULL;
     char *label = NULL;
@@ -128,7 +127,6 @@ static void set_syncfile_smack_label(char *src) {
         */
     }
 }
-#endif
 
 static int sync_send_label_notify(int s, const char *path, int success)
 {
@@ -159,7 +157,7 @@ static void sync_read_label_notify(int s)
         char *path = buffer;
         path++;
         path++;
-        // set_syncfile_smack_label(path);
+        set_syncfile_smack_label(path);
     }
 }
 
diff --git a/src/sdb.c b/src/sdb.c
index b21303d..4a1ca97 100644
--- a/src/sdb.c
+++ b/src/sdb.c
@@ -1261,6 +1261,10 @@ void start_device_log(void)
         return;
     }
 
+    if (smack_setlabel(path, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) {
+        D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno);
+    }
+
     // redirect stdout and stderr to the log file
     dup2(fd, 1);
     dup2(fd, 2);
diff --git a/src/services.c b/src/services.c
index 9a40a83..2b52bc8 100644
--- a/src/services.c
+++ b/src/services.c
@@ -409,6 +409,12 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c
         return -1;
     }
 
+    if (smack_setlabel(devname, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) {
+        D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno);
+        sdb_close(ptm);
+        return -1;
+    }
+
     *pid = fork();
     if(*pid < 0) {
         D("- fork failed: errno:%d -\n", errno);
-- 
2.7.4