From c207de353fb9731b4641ab783014075504c782c1 Mon Sep 17 00:00:00 2001 From: Seungha Son Date: Tue, 23 May 2017 11:07:29 +0900 Subject: [PATCH] Add logic to check smack label If the daemon requests the operation of the badge, it is allowed Check the smack label if it is a daemon. Signed-off-by: Seungha Son Change-Id: Id5b0cbcb6a4c2c43003b4c78d0816213db0ea475 --- CMakeLists.txt | 1 + include/badge_db.h | 4 ++-- include/badge_internal.h | 4 ++-- packaging/badge.spec | 1 + src/badge_db.c | 8 ++++---- src/badge_internal.c | 43 ++++++++++++++++++++++++++++++++++++++----- 6 files changed, 48 insertions(+), 13 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c71e161..1fa0c6a 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -51,6 +51,7 @@ pkg_check_modules(pkgs REQUIRED db-util libtzplatform-config pkgmgr-info + libsmack ) FOREACH(flag ${pkgs_CFLAGS}) diff --git a/include/badge_db.h b/include/badge_db.h index 85bdbda..1f342cf 100755 --- a/include/badge_db.h +++ b/include/badge_db.h @@ -34,9 +34,9 @@ extern "C" { #define BADGE_SETTING_DB_TABLE "badge_setting" int badge_db_insert(const char *pkgname, const char *writable_pkg, const char *caller, uid_t uid); -int badge_db_delete(const char *pkgname, const char *caller_pkg, uid_t uid); +int badge_db_delete(const char *pkgname, const char *caller_pkg, uid_t uid, pid_t pid); int badge_db_delete_by_pkgname(const char *pkgname, uid_t uid); -int badge_db_set_count(const char *pkgname, const char *caller_pkg, unsigned int count, uid_t uid); +int badge_db_set_count(const char *pkgname, const char *caller_pkg, unsigned int count, uid_t uid, pid_t pid); int badge_db_get_count(const char *pkgname, unsigned int *count, uid_t uid); int badge_db_set_display_option(const char *pkgname, unsigned int is_display, uid_t uid); int badge_db_get_display_option(const char *pkgname, unsigned int *is_display, uid_t uid); diff --git a/include/badge_internal.h b/include/badge_internal.h index 4fca569..64e55f0 100755 --- a/include/badge_internal.h +++ b/include/badge_internal.h @@ -141,12 +141,12 @@ int _badge_get_list(GList **badge_list, uid_t uid); int _badge_insert(badge_h *badge, uid_t uid); -int _badge_remove(const char *caller, const char *pkgname, uid_t uid); +int _badge_remove(const char *caller, const char *pkgname, uid_t uid, pid_t pid); int _badge_remove_by_pkgname(const char *pkgname, uid_t uid); int _badge_set_count(const char *caller, const char *pkgname, - unsigned int count, uid_t uid); + unsigned int count, uid_t uid, pid_t pid); int _badge_get_count(const char *pkgname, unsigned int *count, uid_t uid); diff --git a/packaging/badge.spec b/packaging/badge.spec index ac8f15a..a2db5ed 100755 --- a/packaging/badge.spec +++ b/packaging/badge.spec @@ -14,6 +14,7 @@ BuildRequires: pkgconfig(capi-appfw-package-manager) BuildRequires: pkgconfig(db-util) BuildRequires: pkgconfig(libtzplatform-config) BuildRequires: pkgconfig(pkgmgr-info) +BuildRequires: pkgconfig(libsmack) BuildRequires: cmake Requires(post): /sbin/ldconfig requires(postun): /sbin/ldconfig diff --git a/src/badge_db.c b/src/badge_db.c index cc31605..fdd2ee5 100755 --- a/src/badge_db.c +++ b/src/badge_db.c @@ -141,9 +141,9 @@ int badge_db_insert(const char *pkgname, const char *writable_pkg, const char *c } EXPORT_API -int badge_db_delete(const char *pkgname, const char *caller, uid_t uid) +int badge_db_delete(const char *pkgname, const char *caller, uid_t uid, pid_t pid) { - return _badge_remove(caller, pkgname, uid); + return _badge_remove(caller, pkgname, uid, pid); } EXPORT_API @@ -153,9 +153,9 @@ int badge_db_delete_by_pkgname(const char *pkgname, uid_t uid) } EXPORT_API -int badge_db_set_count(const char *pkgname, const char *caller, unsigned int count, uid_t uid) +int badge_db_set_count(const char *pkgname, const char *caller, unsigned int count, uid_t uid, pid_t pid) { - return _badge_set_count(caller, pkgname, count, uid); + return _badge_set_count(caller, pkgname, count, uid, pid); } EXPORT_API diff --git a/src/badge_internal.c b/src/badge_internal.c index 467f517..f9f2ab7 100755 --- a/src/badge_internal.c +++ b/src/badge_internal.c @@ -29,6 +29,7 @@ #include #include #include +#include #include "badge_log.h" #include "badge_error.h" @@ -253,8 +254,37 @@ static int _is_same_certinfo(const char *caller, const char *pkgname) return 0; } +static bool __check_label(pid_t pid) +{ +#define SMACK_LABEL_LEN 255 +#define COMPARE_LABEL_COUNT 3 + + bool ret = false; + int i; + ssize_t len; + char *label = NULL; + char check_label[COMPARE_LABEL_COUNT][SMACK_LABEL_LEN+1] = { "System", "System::Privileged", "User"}; + + len = smack_new_label_from_process(pid, &label); + if (len < 0 || label == NULL) + goto out; + + for (i = 0; i < COMPARE_LABEL_COUNT; i++) { + if (g_strcmp0(label, check_label[i]) == 0) { + ret = true; + goto out; + } + } + +out: + if (label) + free(label); + + return ret; +} + static int _badge_check_writable(const char *caller, - const char *pkgname, sqlite3 *db, uid_t uid) + const char *pkgname, sqlite3 *db, uid_t uid, pid_t pid) { sqlite3_stmt *stmt = NULL; int count = 0; @@ -268,6 +298,9 @@ static int _badge_check_writable(const char *caller, if (g_strcmp0(caller, pkgname) == 0) return BADGE_ERROR_NONE; + if (__check_label(pid) == true) + return BADGE_ERROR_NONE; + /* LCOV_EXCL_START */ if (_is_same_certinfo(caller, pkgname) == 1) return BADGE_ERROR_NONE; @@ -535,7 +568,7 @@ return_close_db: return result; } -int _badge_remove(const char *caller, const char *pkgname, uid_t uid) +int _badge_remove(const char *caller, const char *pkgname, uid_t uid, pid_t pid) { int ret = BADGE_ERROR_NONE; int result = BADGE_ERROR_NONE; @@ -560,7 +593,7 @@ int _badge_remove(const char *caller, const char *pkgname, uid_t uid) goto return_close_db; } - ret = _badge_check_writable(caller, pkgname, db, uid); + ret = _badge_check_writable(caller, pkgname, db, uid, pid); if (ret != BADGE_ERROR_NONE) { result = ret; goto return_close_db; @@ -791,7 +824,7 @@ out: } int _badge_set_count(const char *caller, const char *pkgname, - unsigned int count, uid_t uid) + unsigned int count, uid_t uid, pid_t pid) { int ret = BADGE_ERROR_NONE; int result = BADGE_ERROR_NONE; @@ -816,7 +849,7 @@ int _badge_set_count(const char *caller, const char *pkgname, goto return_close_db; } - ret = _badge_check_writable(caller, pkgname, db, uid); + ret = _badge_check_writable(caller, pkgname, db, uid, pid); if (ret != BADGE_ERROR_NONE) { result = ret; goto return_close_db; -- 2.7.4