From d75826d3b7cd409be2037b51e8c790b556d23a67 Mon Sep 17 00:00:00 2001 From: Kim Kibum Date: Sun, 29 Apr 2012 17:01:23 +0900 Subject: [PATCH] upload tizen1.0 source --- AUTHORS | 1 + CMakeLists.txt | 94 +++ LICENSE | 204 +++++++ app_group_list | 88 +++ debian/changelog | 7 + debian/compat | 1 + debian/control | 25 + debian/docs | 0 debian/libprivilege-control-0.install.in | 9 + debian/libprivilege-control-0.postinst | 42 ++ debian/libprivilege-control-dev.install.in | 2 + debian/rules | 121 ++++ dev_group_list | 2 + group | 153 +++++ include/privilege-control.h | 55 ++ libprivilege-control.pc.in | 11 + packaging/libprivilege-control.spec | 97 ++++ passwd | 36 ++ permissions/alarm.dat | 1 + permissions/av_capture.dat | 5 + permissions/bluetooth_pairing.dat | 1 + permissions/calendar.dat | 1 + permissions/contact.dat | 1 + permissions/direct_messaging_telephony.dat | 1 + .../direct_messaging_telephony_information.dat | 1 + permissions/direct_network_telephony.dat | 1 + .../direct_network_telephony_information.dat | 1 + permissions/fm_radio.dat | 4 + permissions/gprs.dat | 1 + permissions/gprs_information.dat | 1 + permissions/internet_setting.dat | 1 + permissions/internet_use.dat | 1 + permissions/location_get.dat | 1 + permissions/media_playback.dat | 4 + permissions/message_lbs.dat | 1 + permissions/message_sync.dat | 1 + permissions/messaging.dat | 2 + permissions/oom_adjustment.dat | 1 + permissions/permanent_process_setting.dat | 1 + permissions/power_control.dat | 1 + permissions/quick_panel.dat | 1 + permissions/sap.dat | 1 + permissions/sat.dat | 1 + permissions/sim.dat | 1 + permissions/sim_information.dat | 1 + permissions/task_management.dat | 1 + permissions/telephone_call.dat | 1 + permissions/telephone_call_information.dat | 1 + permissions/telephony_suplement_service.dat | 1 + .../telephony_suplement_service_information.dat | 1 + permissions/time_setting.dat | 1 + src/account-manage.c | 633 +++++++++++++++++++++ src/debug-util.c | 84 +++ src/kill_app.c | 77 +++ src/privilege-control.c | 236 ++++++++ src/slp-su.c | 102 ++++ udev/rules/95-permissions-slp.rules | 44 ++ 57 files changed, 2168 insertions(+) create mode 100644 AUTHORS create mode 100644 CMakeLists.txt create mode 100644 LICENSE create mode 100644 app_group_list create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/docs create mode 100644 debian/libprivilege-control-0.install.in create mode 100755 debian/libprivilege-control-0.postinst create mode 100644 debian/libprivilege-control-dev.install.in create mode 100755 debian/rules create mode 100644 dev_group_list create mode 100644 group create mode 100644 include/privilege-control.h create mode 100644 libprivilege-control.pc.in create mode 100644 packaging/libprivilege-control.spec create mode 100644 passwd create mode 100644 permissions/alarm.dat create mode 100644 permissions/av_capture.dat create mode 100644 permissions/bluetooth_pairing.dat create mode 100644 permissions/calendar.dat create mode 100644 permissions/contact.dat create mode 100644 permissions/direct_messaging_telephony.dat create mode 100644 permissions/direct_messaging_telephony_information.dat create mode 100644 permissions/direct_network_telephony.dat create mode 100644 permissions/direct_network_telephony_information.dat create mode 100644 permissions/fm_radio.dat create mode 100644 permissions/gprs.dat create mode 100644 permissions/gprs_information.dat create mode 100644 permissions/internet_setting.dat create mode 100644 permissions/internet_use.dat create mode 100644 permissions/location_get.dat create mode 100644 permissions/media_playback.dat create mode 100644 permissions/message_lbs.dat create mode 100644 permissions/message_sync.dat create mode 100644 permissions/messaging.dat create mode 100644 permissions/oom_adjustment.dat create mode 100644 permissions/permanent_process_setting.dat create mode 100644 permissions/power_control.dat create mode 100644 permissions/quick_panel.dat create mode 100644 permissions/sap.dat create mode 100644 permissions/sat.dat create mode 100644 permissions/sim.dat create mode 100644 permissions/sim_information.dat create mode 100644 permissions/task_management.dat create mode 100644 permissions/telephone_call.dat create mode 100644 permissions/telephone_call_information.dat create mode 100644 permissions/telephony_suplement_service.dat create mode 100644 permissions/telephony_suplement_service_information.dat create mode 100644 permissions/time_setting.dat create mode 100644 src/account-manage.c create mode 100644 src/debug-util.c create mode 100644 src/kill_app.c create mode 100644 src/privilege-control.c create mode 100644 src/slp-su.c create mode 100644 udev/rules/95-permissions-slp.rules diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..d695ed5 --- /dev/null +++ b/AUTHORS @@ -0,0 +1 @@ +Kidong Kim diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..b63730a --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,94 @@ +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT(libprivilege-control C) + +SET(PREFIX ${CMAKE_INSTALL_PREFIX}) +SET(EXEC_PREFIX "\${prefix}") +SET(LIBDIR "\${prefix}/lib") +SET(INCLUDEDIR "\${prefix}/include") +SET(VERSION 1.0) + +SET(VERSION_MAJOR 0) +SET(VERSION "${VERSION_MAJOR}.0.2") + +INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include) + +INCLUDE(FindPkgConfig) +pkg_check_modules(pkgs REQUIRED security-server openssl) + +FOREACH(flag ${pkgs_CFLAGS}) + SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") +ENDFOREACH(flag) + +SET(src_dir "./src") +SET(include_dir "./include") + +## Additional flag +SET(activate "-DUSE_PRIVILEGE_CONTROL") + +SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden") +SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}") + +################################################################################################### +## for libprivilege-control.so (library) +SET(libprivilege-control_SOURCES ${src_dir}/privilege-control.c ${src_dir}/account-manage.c) +SET(libprivilege-control_LDFLAGS " -module -avoid-version ") +SET(libprivilege-control_CFLAGS " ${CFLAGS} -fPIC -I${include_dir} ${activate} ") +#SET(libprivilege-control_LIBADD " ") + +ADD_LIBRARY(privilege-control SHARED ${libprivilege-control_SOURCES}) +TARGET_LINK_LIBRARIES(privilege-control ${pkgs_LDFLAGS}) +SET_TARGET_PROPERTIES(privilege-control PROPERTIES COMPILE_FLAGS "${libprivilege-control_CFLAGS}") +SET_TARGET_PROPERTIES(privilege-control PROPERTIES SOVERSION ${VERSION_MAJOR}) +SET_TARGET_PROPERTIES(privilege-control PROPERTIES VERSION ${VERSION}) +################################################################################################### + +################################################################################################### +## for slp-su (excutable) +SET(slp-su_SOURCES ${src_dir}/slp-su.c) +SET(slp-su_LDFLAGS " -module -avoid-version ") +SET(slp-su_CFLAGS " ${CFLAGS} -fPIC -I${include_dir} ${activate} ") + +ADD_EXECUTABLE(slp-su ${slp-su_SOURCES}) +TARGET_LINK_LIBRARIES(slp-su ${pkgs_LDFLAGS} privilege-control) +SET_TARGET_PROPERTIES(slp-su PROPERTIES COMPILE_FLAGS "${slp-su_CFLAGS}") +################################################################################################### + +################################################################################################### +## for debug-util (excutable) +SET(debug-util_SOURCES ${src_dir}/debug-util.c) +SET(debug-util_LDFLAGS " -module -avoid-version ") +SET(debug-util_CFLAGS " ${CFLAGS} -fPIC -I${include_dir} ${activate} ") + +ADD_EXECUTABLE(debug-util ${debug-util_SOURCES}) +TARGET_LINK_LIBRARIES(debug-util ${pkgs_LDFLAGS} privilege-control) +SET_TARGET_PROPERTIES(debug-util PROPERTIES COMPILE_FLAGS "${debug-util_CFLAGS}") +################################################################################################### + +################################################################################################### +## for kill_app (excutable) +SET(kill-app_SOURCES ${src_dir}/kill_app.c) +SET(kill-app_LDFLAGS " -module -avoid-version ") +SET(kill-app_CFLAGS " ${CFLAGS} -fPIC -I${include_dir} ${activate} ") + +ADD_EXECUTABLE(kill_app ${kill-app_SOURCES}) +#TARGET_LINK_LIBRARIES(kill_app ${pkgs_LDFLAGS} privilege-control) +SET_TARGET_PROPERTIES(kill_app PROPERTIES COMPILE_FLAGS "${kill-app_CFLAGS}") +################################################################################################### + +CONFIGURE_FILE(libprivilege-control.pc.in libprivilege-control.pc @ONLY) + +FILE(GLOB datfiles ${CMAKE_CURRENT_SOURCE_DIR}/permissions/*.dat) +FILE(GLOB udevfiles ${CMAKE_CURRENT_SOURCE_DIR}/udev/rules/*) + +INSTALL(TARGETS privilege-control DESTINATION lib COMPONENT RuntimeLibraries) +INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/libprivilege-control.pc DESTINATION lib/pkgconfig) +INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/passwd DESTINATION /opt/etc/) +INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/group DESTINATION /opt/etc/) +INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/privilege-control.h DESTINATION include) +INSTALL(FILES ${datfiles} DESTINATION /usr/share/privilege-control) +INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/app_group_list DESTINATION /usr/share/privilege-control) +INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/dev_group_list DESTINATION /usr/share/privilege-control) +INSTALL(FILES ${udevfiles} DESTINATION /lib/udev/rules.d) +INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/slp-su DESTINATION bin) +INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/debug-util DESTINATION bin) +INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/kill_app DESTINATION bin) diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9f19478 --- /dev/null +++ b/LICENSE @@ -0,0 +1,204 @@ +Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd. All rights reserved. + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/app_group_list b/app_group_list new file mode 100644 index 0000000..2e68058 --- /dev/null +++ b/app_group_list @@ -0,0 +1,88 @@ +20 +29 +44 +5000 +6001 +6002 +6003 +6004 +6005 +6006 +6007 +6008 +6009 +6010 +6011 +6012 +6013 +6014 +6015 +6016 +6017 +6018 +6019 +6020 +6021 +6022 +6023 +6024 +6025 +6026 +6501 +6502 +6503 +6505 +6506 +6508 +6509 +6510 +6511 +6512 +6513 +6514 +6515 +6516 +6517 +6518 +6519 +6520 +6521 +6522 +6523 +6524 +6525 +6526 +6528 +6601 +6602 +6603 +6701 +6702 +6703 +6801 +6802 +6803 +6804 +6805 +6806 +6807 +6808 +6809 +6810 +6811 +6812 +6813 +6814 +6815 +6816 +6817 +6818 +6819 +6820 +6821 +6822 +6823 +6824 +6825 +6826 +6827 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..1743178 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,7 @@ +libprivilege-control (0.0.2-40) unstable; urgency=low + + * Remove 'inhouse' directory + * Tag: libprivilege-control_0.0.2-40 + * Git: pkgs/l/libprivilege-control + + -- Kidong Kim Thu, 09 Feb 2012 17:41:32 +0900 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +5 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..9e8116e --- /dev/null +++ b/debian/control @@ -0,0 +1,25 @@ +Source: libprivilege-control +Priority: extra +Maintainer: Kidong Kim +Build-Depends: debhelper (>= 5), autotools-dev, libsecurity-server-client-dev, libssl-dev, openssl +Standards-Version: 3.7.2 +Section: base +Homepage: N/A + +Package: libprivilege-control-dev +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libprivilege-control-0 (= ${Source-Version}), libssl-dev +Description: development pacakge of library to control privilege of in-house application + +Package: libprivilege-control-0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: library to control privilege of in-house application + +Package: libprivilege-control-dbg +Section: debug +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libprivilege-control-0 (= ${Source-Version}) +Description: debug package of library to control privilege of in-house application diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..e69de29 diff --git a/debian/libprivilege-control-0.install.in b/debian/libprivilege-control-0.install.in new file mode 100644 index 0000000..9554195 --- /dev/null +++ b/debian/libprivilege-control-0.install.in @@ -0,0 +1,9 @@ +/usr/lib/libprivilege-control.so +/usr/lib/libprivilege-control.so.* +/usr/bin/slp-su +/usr/bin/debug-util +/usr/bin/kill_app +/usr/share/privilege-control/* +/opt/etc/passwd +/opt/etc/group +/lib/udev/rules.d diff --git a/debian/libprivilege-control-0.postinst b/debian/libprivilege-control-0.postinst new file mode 100755 index 0000000..bbb1357 --- /dev/null +++ b/debian/libprivilege-control-0.postinst @@ -0,0 +1,42 @@ +#!/bin/sh + +if [ ! -e "/home/app" ] +then + if [ ${USER} = "root" ] + then + mkdir -p /home/app + fi +fi + +if [ ! -e "/home/developer" ] +then + if [ ${USER} = "root" ] + then + mkdir -p /home/developer + fi +fi + +if [ ${USER} = "root" ] +then + chown 5000:5000 /home/app + chmod 755 /home/app + chown 5100:5100 /home/developer + chmod 755 /home/developer +fi + +if [ ! -e "/usr/share/privilege-control" ] +then + mkdir /usr/share/privilege-control/ +fi + +if [ -e "/etc/passwd" ] +then + rm -f /etc/passwd +fi +ln -s /opt/etc/passwd /etc/passwd + +if [ -e "/etc/group" ] +then + rm -f /etc/group +fi +ln -s /opt/etc/group /etc/group diff --git a/debian/libprivilege-control-dev.install.in b/debian/libprivilege-control-dev.install.in new file mode 100644 index 0000000..e8650fb --- /dev/null +++ b/debian/libprivilege-control-dev.install.in @@ -0,0 +1,2 @@ +/usr/include/privilege-control.h +/usr/lib/pkgconfig/libprivilege-control.pc diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..e542ebb --- /dev/null +++ b/debian/rules @@ -0,0 +1,121 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +CFLAGS ?= -Wall -g +CXXFLAGS ?= -Wall -g +LDFLAGS ?= +PREFIX ?= /usr +DATADIR ?= /opt + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 + CXXFLAGS += -O0 +else + CFLAGS += -O2 + CXXFLAGS += -O2 +endif + +LDFLAGS += -Wl,--rpath=$(PREFIX)/lib -Wl,--as-needed + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" cmake . -DCMAKE_INSTALL_PREFIX=$(PREFIX) + + touch configure-stamp + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + $(MAKE) + #docbook-to-man debian/wavplayer.sgml > wavplayer.1 + + for f in `find $(CURDIR)/debian/ -name "*.in"`; do \ + cat $$f > $${f%.in}; \ + sed -i -e "s#@PREFIX@#$(PREFIX)#g" $${f%.in}; \ + sed -i -e "s#@DATADIR@#$(DATADIR)#g" $${f%.in}; \ + done + + + touch $@ + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + -$(MAKE) clean + rm -rf CMakeCache.txt + rm -rf CMakeFiles + rm -rf cmake_install.cmake + rm -rf Makefile + rm -rf install_manifest.txt + rm -rf *.so + rm -rf *.pc + + for f in `find $(CURDIR)/debian/ -name "*.in"`; do \ + rm -f $${f%.in}; \ + done + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/wavplayer. + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installexamples + dh_install --sourcedir=debian/tmp +# dh_installmenu +# dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime +# dh_python +# dh_installinit +# dh_installcron +# dh_installinfo + dh_installman + dh_link +# dh_strip + dh_strip --dbg-package=libprivilege-control-dbg + dh_compress + dh_fixperms +# dh_perl + dh_makeshlibs -plibprivilege-control-0 + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure diff --git a/dev_group_list b/dev_group_list new file mode 100644 index 0000000..bf98a94 --- /dev/null +++ b/dev_group_list @@ -0,0 +1,2 @@ +5100 +6509 diff --git a/group b/group new file mode 100644 index 0000000..3a611aa --- /dev/null +++ b/group @@ -0,0 +1,153 @@ +root:*:0: +daemon:*:1: +bin:*:2: +sys:*:3: +adm:*:4: +tty:*:5: +disk:*:6: +lp:*:7: +mail:*:8: +news:*:9: +uucp:*:10: +man:*:12: +proxy:*:13: +kmem:*:15: +dialout:*:20:app +fax:*:21: +voice:*:22: +cdrom:*:24: +floppy:*:25: +tape:*:26: +sudo:*:27: +audio:*:29:root,app,pulse,media +dip:*:30: +www-data:*:33: +backup:*:34: +operator:*:37: +list:*:38: +irc:*:39: +src:*:40: +gnats:*:41: +shadow:*:42: +utmp:*:43: +video:*:44:app,media +sasl:*:45: +plugdev:*:46: +staff:*:50: +games:*:60: +users:*:100: +nogroup:*:65534: +app:x:5000: +developer:x:5100: +testuser:x:5101: +db_alarm:x:6001:app +db_browser:x:6002:app +db_calendar:x:6003:app +db_cc_list:x:6004:app +db_contact:x:6005:app +db_email_service:x:6006:app +db_java_runtime:x:6007:app +db_logs:x:6008:app +db_memo:x:6009:app +db_menu:x:6010:app +db_msg_service:x:6011:app +db_mtp:x:6012:app +db_spkmgr:x:6013:app +db_t9buffer:x:6014:app +db_worldclock:x:6015:app +db_sns:x:6016:app +db_filemanager:x:6017:app +db_daily_briefing:x:6018:app +db_always:x:6019:app +db_media_browser:x:6020:app +db_music:x:6021:app +db_drm:x:6022:app +db_lbs_landmark:x:6023:app +db_comm:x:6024:app +db_quickpanel:x:6025:app +db_wrt:x:6026:app +camera:x:6501:app,media +message:x:6502:app +myfiles:x:6503:app +admin:x:6504: +pulse:x:6507: +pulse-access:x:6505:root,app,media +pulse-rt:x:6506:root,app,media +app_logging:x:6509:app,media,developer +sys_logging:x:6527:app,media +hwcodec:x:6510:app,media +recording:x:6508:app,pulse,media +java:x:6511:app +radio:x:6512:app +installer:x:6513:app +nfc-manager:x:6517:app +use_cert:x:6524:app +usb_device:x:6525:app +keytone:x:6526:app +video_tel:x:6528:app +vconf_setting:x:6514:app +vconf_hib:x:6515:app +vconf_seven:x:6516:app +vconf_sndprof:x:6518:app +vconf_wifi:x:6519:app +vconf_bt:x:6520:app +vconf_callstate:x:6521:app +vconf_idlelock:x:6522:app +vconf_sync:x:6523:app +ss_drmkey:x:6601:app +ss_ssaccount:x:6602:app +ss_activesync:x:6603:app +system_time:x:6701:app +system_bklight:x:6702:app +system_torch:x:6703:app +lbs:x:6801:app,system +alarm:x:6802:app +dnet_use:x:6803:app +dnet_setting:x:6804:app +tel_call:x:6805:app +tel_call_info:x:6806:app +tel_msg:x:6807:app +tel_msg_info:x:6808:app +tel_net:x:6809:app +tel_net_info:x:6810:app +tel_gprs:x:6811:app +tel_gprs_info:x:6812:app +tel_sim:x:6813:app +tel_sim_info:x:6814:app +tel_sap:x:6815:app +tel_ss:x:6816:app +tel_ss_info:x:6817:app +tel_sat:x:6826:app +task_mgr:x:6818:app +power_mgr:x:6819:app +permanent:x:6820:app +oom_adj:x:6821:app +soundpath:x:6822:app +asm:x:6823:app +message_sync:x:6824:app +message_lbs:x:6825:app +bt_use:x:6827:app,pulse,system +system:x:1000: +bluetooth:x:1002: +graphics:x:1003: +input:x:1004: +log:x:1007: +compass:x:1008: +mount:x:1009: +wifi:x:1010: +adb:x:1011: +install:x:1012: +media:x:1013: +dhcp:x:1014: +sdcard_rw:x:1015: +vpn:x:1016: +keystore:x:1017: +shell:x:2000: +cache:x:2001: +diag:x:2002: +net_bt_admin:x:3001: +net_bt:x:3002: +inet:x:3003: +net_raw:x:3004: +net_admin:x:3005: +misc:x:9998: diff --git a/include/privilege-control.h b/include/privilege-control.h new file mode 100644 index 0000000..e5ded97 --- /dev/null +++ b/include/privilege-control.h @@ -0,0 +1,55 @@ +/* + * libprivilege control + * + * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Kidong Kim + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef _PRIVILEGE_CONTROL_H_ +#define _PRIVILEGE_CONTROL_H_ + +#ifdef __cplusplus +extern "C" { +#endif // __cplusplus + +#ifndef API +#define API __attribute__((visibility("default"))) +#endif // API + +/* error codes */ +#define PC_OPERATION_SUCCESS ((int)0) +#define PC_ERR_FILE_OPERATION -1 +#define PC_ERR_MEM_OPERATION -2 +#define PC_ERR_NOT_PERMITTED -3 +#define PC_ERR_INVALID_PARAM -4 +#define PC_ERR_INVALID_OPERATION -5 + +/* APIs - used by applications */ +int control_privilege(void); + +int set_privilege(const char* pkg_name); + +/* added APIs - add & delete user and group for 3rd party applications */ +int add_user_and_group(const char* pkg_name, const char* permissions); + +int delete_user_and_group(const char* pkg_name); + +#ifdef __cplusplus +} +#endif // __cplusplus + +#endif // _PRIVILEGE_CONTROL_H_ diff --git a/libprivilege-control.pc.in b/libprivilege-control.pc.in new file mode 100644 index 0000000..825a24e --- /dev/null +++ b/libprivilege-control.pc.in @@ -0,0 +1,11 @@ +prefix=@PREFIX@ +exec_prefix=@EXEC_PREFIX@ +libdir=@LIBDIR@ +includedir=@INCLUDEDIR@ + +Name: libprivilege-control +Description: Library to control privilege of application +Version: @VERSION@ +Requires: openssl +Libs: -L${libdir} -lprivilege-control +Cflags: -I${includedir}/ diff --git a/packaging/libprivilege-control.spec b/packaging/libprivilege-control.spec new file mode 100644 index 0000000..5159fe5 --- /dev/null +++ b/packaging/libprivilege-control.spec @@ -0,0 +1,97 @@ +Name: libprivilege-control +Summary: Library to control privilege of application +Version: 0.0.2 +Release: 1.1 +Group: System/Security +License: Apache 2.0 +Source0: %{name}-%{version}.tar.gz +BuildRequires: cmake +BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(security-server) + +%description +development package of library to control privilege of in-house application + +%package devel +Summary: Control privilege of application (devel) +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +Library to control privilege of application (devel) + +%package conf +Summary: Control privilege of application files +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description conf +Library to control privilege of application files + + +%prep +%setup -q + +%build +cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} + +make %{?jobs:-j%jobs} + +%install +rm -rf %{buildroot} +%make_install + + +%post +if [ ! -e "/home/app" ] +then + mkdir -p /home/app +fi + +if [ ! -e "/home/developer" ] +then + mkdir -p /home/developer +fi + +chown 5000:5000 /home/app +chmod 755 /home/app +chown 5100:5100 /home/developer +chmod 755 /home/developer + +if [ ! -e "/usr/share/privilege-control" ] +then + mkdir -p /usr/share/privilege-control/ +fi + +%post conf +if [ -e "/etc/passwd" ] +then + rm -f /etc/passwd +fi +ln -sf /opt/etc/passwd /etc/passwd + +if [ -e "/etc/group" ] +then + rm -f /etc/group +fi +ln -sf /opt/etc/group /etc/group + + + +# FIXME: should split to separate binaries package +%files +/usr/lib/*.so.* +/usr/bin/debug-util +/usr/bin/kill_app +/usr/bin/slp-su +/usr/share/privilege-control/* +/lib/udev/rules.d/95-permissions-slp.rules + +%files conf +/opt/etc/group +/opt/etc/passwd + +%files devel +/usr/include/*.h +/usr/lib/*.so +/usr/lib/pkgconfig/*.pc diff --git a/passwd b/passwd new file mode 100644 index 0000000..697cc2f --- /dev/null +++ b/passwd @@ -0,0 +1,36 @@ +root::0:0:root:/root:/bin/sh +bin:*:1:1:bin:/bin: +daemon:*:2:2:daemon:/sbin: +shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown +halt:*:7:0:halt:/sbin:/sbin/halt +ftp:*:14:50:FTP User:/home/ftp: +nobody:*:99:99:Nobody:/: +sshd:x:112:65534::/var/run/sshd:/usr/sbin/nologin +app:x:5000:5000:In-house application:/home/app:/bin/sh +developer::5100:5100:developer with SDK:/home/developer:/bin/false +testuser:x:5101:5101:test user:/home/testuser:/bin/sh +pulse:x:6507:6507:PulseAudio daemon:/var/run/pulse:/bin/false +system:x:1000:1000:SPLUSA:/home/system:/bin/sh +bluetooth:x:1002:1002:SPLUSA:/home/bluetooth:/bin/false +graphics:x:1003:1003:SPLUSA:/home/graphics:/bin/false +input:x:1004:1004:SPLUSA:/home/input:/bin/false +log:x:1007:1007:SPLUSA:/home/log:/bin/false +compass:x:1008:1008:SPLUSA:/home/compass:/bin/false +mount:x:1009:1009:SPLUSA:/home/mount:/bin/false +wifi:x:1010:1010:SPLUSA:/home/wifi:/bin/false +adb:x:1011:1011:SPLUSA:/home/adb:/bin/false +install:x:1012:1012:SPLUSA:/home/install:/bin/false +media:x:1013:1013:SPLUSA:/home/media:/bin/false +dhcp:x:1014:1014:SPLUSA:/home/dhcp:/bin/false +sdcard_rw:x:1015:1015:SPLUSA:/home/sdcard_rw:/bin/false +vpn:x:1016:1016:SPLUSA:/home/vpn:/bin/false +keystore:x:1017:1017:SPLUSA:/home/keystore:/bin/false +shell:x:2000:2000:SPLUSA:/home/shell:/bin/false +cache:x:2001:2001:SPLUSA:/home/cache:/bin/false +diag:x:2002:2002:SPLUSA:/home/diag:/bin/false +net_bt_admin:x:3001:3001:SPLUSA:/home/net_bt_admin:/bin/false +net_bt:x:3002:3002:SPLUSA:/home/net_bt:/bin/false +inet:x:3003:3003:SPLUSA:/home/inet:/bin/false +net_raw:x:3004:3004:SPLUSA:/home/net_raw:/bin/false +net_admin:x:3005:3005:SPLUSA:/home/net_admin:/bin/false +misc:x:9998:9998:SPLUSA:/home/misc:/bin/false diff --git a/permissions/alarm.dat b/permissions/alarm.dat new file mode 100644 index 0000000..e48d19a --- /dev/null +++ b/permissions/alarm.dat @@ -0,0 +1 @@ +alarm diff --git a/permissions/av_capture.dat b/permissions/av_capture.dat new file mode 100644 index 0000000..c07e43c --- /dev/null +++ b/permissions/av_capture.dat @@ -0,0 +1,5 @@ +camera +recording +hwcodec +soundpath +asm diff --git a/permissions/bluetooth_pairing.dat b/permissions/bluetooth_pairing.dat new file mode 100644 index 0000000..a786a05 --- /dev/null +++ b/permissions/bluetooth_pairing.dat @@ -0,0 +1 @@ +bt_use diff --git a/permissions/calendar.dat b/permissions/calendar.dat new file mode 100644 index 0000000..bde0611 --- /dev/null +++ b/permissions/calendar.dat @@ -0,0 +1 @@ +db_calendar diff --git a/permissions/contact.dat b/permissions/contact.dat new file mode 100644 index 0000000..6bcf385 --- /dev/null +++ b/permissions/contact.dat @@ -0,0 +1 @@ +db_contact diff --git a/permissions/direct_messaging_telephony.dat b/permissions/direct_messaging_telephony.dat new file mode 100644 index 0000000..39e4e3c --- /dev/null +++ b/permissions/direct_messaging_telephony.dat @@ -0,0 +1 @@ +tel_msg diff --git a/permissions/direct_messaging_telephony_information.dat b/permissions/direct_messaging_telephony_information.dat new file mode 100644 index 0000000..4872210 --- /dev/null +++ b/permissions/direct_messaging_telephony_information.dat @@ -0,0 +1 @@ +tel_msg_info diff --git a/permissions/direct_network_telephony.dat b/permissions/direct_network_telephony.dat new file mode 100644 index 0000000..887d2ba --- /dev/null +++ b/permissions/direct_network_telephony.dat @@ -0,0 +1 @@ +tel_net diff --git a/permissions/direct_network_telephony_information.dat b/permissions/direct_network_telephony_information.dat new file mode 100644 index 0000000..c21c602 --- /dev/null +++ b/permissions/direct_network_telephony_information.dat @@ -0,0 +1 @@ +tel_net_info diff --git a/permissions/fm_radio.dat b/permissions/fm_radio.dat new file mode 100644 index 0000000..dc2f701 --- /dev/null +++ b/permissions/fm_radio.dat @@ -0,0 +1,4 @@ +radio +audio +soundpath +asm diff --git a/permissions/gprs.dat b/permissions/gprs.dat new file mode 100644 index 0000000..c30b1bd --- /dev/null +++ b/permissions/gprs.dat @@ -0,0 +1 @@ +tel_gprs diff --git a/permissions/gprs_information.dat b/permissions/gprs_information.dat new file mode 100644 index 0000000..85220d4 --- /dev/null +++ b/permissions/gprs_information.dat @@ -0,0 +1 @@ +tel_gprs_info diff --git a/permissions/internet_setting.dat b/permissions/internet_setting.dat new file mode 100644 index 0000000..f58aaa7 --- /dev/null +++ b/permissions/internet_setting.dat @@ -0,0 +1 @@ +dnet_setting diff --git a/permissions/internet_use.dat b/permissions/internet_use.dat new file mode 100644 index 0000000..5aefe75 --- /dev/null +++ b/permissions/internet_use.dat @@ -0,0 +1 @@ +dnet_use diff --git a/permissions/location_get.dat b/permissions/location_get.dat new file mode 100644 index 0000000..54a7703 --- /dev/null +++ b/permissions/location_get.dat @@ -0,0 +1 @@ +lbs diff --git a/permissions/media_playback.dat b/permissions/media_playback.dat new file mode 100644 index 0000000..c08f4d1 --- /dev/null +++ b/permissions/media_playback.dat @@ -0,0 +1,4 @@ +audio +hwcodec +soundpath +asm diff --git a/permissions/message_lbs.dat b/permissions/message_lbs.dat new file mode 100644 index 0000000..182fc66 --- /dev/null +++ b/permissions/message_lbs.dat @@ -0,0 +1 @@ +message_lbs diff --git a/permissions/message_sync.dat b/permissions/message_sync.dat new file mode 100644 index 0000000..df27921 --- /dev/null +++ b/permissions/message_sync.dat @@ -0,0 +1 @@ +message_sync diff --git a/permissions/messaging.dat b/permissions/messaging.dat new file mode 100644 index 0000000..e56ded0 --- /dev/null +++ b/permissions/messaging.dat @@ -0,0 +1,2 @@ +message +db_msg_service diff --git a/permissions/oom_adjustment.dat b/permissions/oom_adjustment.dat new file mode 100644 index 0000000..0bfb9bd --- /dev/null +++ b/permissions/oom_adjustment.dat @@ -0,0 +1 @@ +oom_adj diff --git a/permissions/permanent_process_setting.dat b/permissions/permanent_process_setting.dat new file mode 100644 index 0000000..052ba84 --- /dev/null +++ b/permissions/permanent_process_setting.dat @@ -0,0 +1 @@ +permanent diff --git a/permissions/power_control.dat b/permissions/power_control.dat new file mode 100644 index 0000000..e6ed828 --- /dev/null +++ b/permissions/power_control.dat @@ -0,0 +1 @@ +power_mgr diff --git a/permissions/quick_panel.dat b/permissions/quick_panel.dat new file mode 100644 index 0000000..f6f272c --- /dev/null +++ b/permissions/quick_panel.dat @@ -0,0 +1 @@ +db_quickpanel diff --git a/permissions/sap.dat b/permissions/sap.dat new file mode 100644 index 0000000..ad0691b --- /dev/null +++ b/permissions/sap.dat @@ -0,0 +1 @@ +tel_sap diff --git a/permissions/sat.dat b/permissions/sat.dat new file mode 100644 index 0000000..162a9bd --- /dev/null +++ b/permissions/sat.dat @@ -0,0 +1 @@ +tel_sat diff --git a/permissions/sim.dat b/permissions/sim.dat new file mode 100644 index 0000000..6c38d3c --- /dev/null +++ b/permissions/sim.dat @@ -0,0 +1 @@ +tel_sim diff --git a/permissions/sim_information.dat b/permissions/sim_information.dat new file mode 100644 index 0000000..d634da7 --- /dev/null +++ b/permissions/sim_information.dat @@ -0,0 +1 @@ +tel_sim_info diff --git a/permissions/task_management.dat b/permissions/task_management.dat new file mode 100644 index 0000000..b001a4f --- /dev/null +++ b/permissions/task_management.dat @@ -0,0 +1 @@ +task_mgr diff --git a/permissions/telephone_call.dat b/permissions/telephone_call.dat new file mode 100644 index 0000000..91fd6eb --- /dev/null +++ b/permissions/telephone_call.dat @@ -0,0 +1 @@ +tel_call diff --git a/permissions/telephone_call_information.dat b/permissions/telephone_call_information.dat new file mode 100644 index 0000000..c6aabf4 --- /dev/null +++ b/permissions/telephone_call_information.dat @@ -0,0 +1 @@ +tel_call_info diff --git a/permissions/telephony_suplement_service.dat b/permissions/telephony_suplement_service.dat new file mode 100644 index 0000000..8d92988 --- /dev/null +++ b/permissions/telephony_suplement_service.dat @@ -0,0 +1 @@ +tel_ss diff --git a/permissions/telephony_suplement_service_information.dat b/permissions/telephony_suplement_service_information.dat new file mode 100644 index 0000000..4ecaa00 --- /dev/null +++ b/permissions/telephony_suplement_service_information.dat @@ -0,0 +1 @@ +tel_ss_info diff --git a/permissions/time_setting.dat b/permissions/time_setting.dat new file mode 100644 index 0000000..7d0b8ab --- /dev/null +++ b/permissions/time_setting.dat @@ -0,0 +1 @@ +system_time diff --git a/src/account-manage.c b/src/account-manage.c new file mode 100644 index 0000000..593a635 --- /dev/null +++ b/src/account-manage.c @@ -0,0 +1,633 @@ +/* + * libprivilege control + * + * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Kidong Kim + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "privilege-control.h" +#include + +#define FIRST_UID 20001 +#define USERNAME_SIZE 128 +#define HOMEDIR_SIZE 128 +#define FILENAME_SIZE 128 +#define PASSWD_LINE 256 +#define GROUP_LINE 256 + +#define base64table "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" +#define base64pad '=' + +int md2_hashing(unsigned char* in, unsigned char* out) +{ + MD2_CTX mctx; + + if(!MD2_Init(&mctx)) + return PC_ERR_INVALID_PARAM; + if(!MD2_Update(&mctx, in, strlen((char*)in))) + return PC_ERR_INVALID_PARAM; + if(!MD2_Final(out, &mctx)) + return PC_ERR_INVALID_PARAM; + + return PC_OPERATION_SUCCESS; +} + +int base64_encode(unsigned char* in, unsigned long int in_len, char** out, unsigned long int* out_len) +{ + unsigned char* current = in; + long int out_num = 0; + int str_len = 0; + + if((in == NULL) || (in_len <= 0) || (out == NULL)) + return -1; // error + + *out_len = (((in_len + 2) / 3) * 4) + 1; + *out = (char*)malloc(*out_len); + + if(*out == NULL) + return 0; + + while(in_len > 2) + { + /* keep going until we have less than 24 bits */ + ((char*)*out)[out_num++] = base64table[current[0] >> 2]; + ((char*)*out)[out_num++] = base64table[((current[0] & 0x03) << 4) + (current[1] >> 4)]; + ((char*)*out)[out_num++] = base64table[((current[1] & 0x0f) << 2) + (current[2] >> 6)]; + ((char*)*out)[out_num++] = base64table[current[2] & 0x3f]; + + current += 3; + in_len -= 3; + str_len += 4; + } + /* now deal with the tail end of things */ + if (in_len != 0) + { + ((char*)*out)[out_num++] = base64table[current[0] >> 2]; + if (in_len > 1) + { + ((char*)*out)[out_num++] = base64table[((current[0] & 0x03) << 4) + (current[1] >> 4)]; + ((char*)*out)[out_num++] = base64table[(current[1] & 0x0f) << 2]; + ((char*)*out)[out_num++] = base64pad; + } + else + { + ((char*)*out)[out_num++] = base64table[(current[0] & 0x03) << 4]; + ((char*)*out)[out_num++] = base64pad; + ((char*)*out)[out_num++] = base64pad; + } + str_len += 4; + } + ((char*)*out)[out_num++] = '\0'; + + return PC_OPERATION_SUCCESS; +} + +int convert_user_name_from_pkgname(const char* pkg_name, char* user_name) +{ + char* hashing = NULL; + char* base64 = NULL; + unsigned long int len = 0; + int ret = PC_OPERATION_SUCCESS; + + if(!pkg_name || !user_name) + { + ret = PC_ERR_INVALID_PARAM; + goto err; + } + + hashing = (char*)malloc(sizeof(char) * MD2_DIGEST_LENGTH); + memset(hashing, 0x00, MD2_DIGEST_LENGTH); + + if(md2_hashing((unsigned char*)pkg_name, (unsigned char*)hashing) != PC_OPERATION_SUCCESS) + { + fprintf(stderr, "[ERR] Fail to hashing\n"); + ret = PC_ERR_INVALID_OPERATION; + goto err; + } + + if(base64_encode((unsigned char*)hashing, MD2_DIGEST_LENGTH, &base64, &len) != PC_OPERATION_SUCCESS) + { + fprintf(stderr, "[ERR] Fail to encode\n"); + ret = PC_ERR_INVALID_OPERATION; + goto err; + } + + strncpy(user_name, base64, 16); + user_name[16] = '\0'; + +err: + if(hashing != NULL) + free(hashing); + return ret; +} + +API int add_user_and_group(const char* pkg_name, const char* permissions) +{ + FILE* fp_passwd = NULL; + FILE* fp_passwd2 = NULL; + FILE* fp_group = NULL; + FILE* fp_group2 = NULL; + FILE* fp_perm = NULL; + char user_name[USERNAME_SIZE]; + char homedir[HOMEDIR_SIZE]; + char linebuf[USERNAME_SIZE + HOMEDIR_SIZE + 128]; + char linebuf2[USERNAME_SIZE + 20]; + char buf_passwd[PASSWD_LINE]; + char buf_group[GROUP_LINE]; + char conf_filename[FILENAME_SIZE]; + char perm_group[20]; + char chown_cmd[32]; + char str_orig[256]; + char seps[] = ", \t\n\r"; + int result = PC_OPERATION_SUCCESS; + int uid = -1, gid = -1, i = 0, cnt = 0, flag = 0; + char* expr = "3rd party user\0"; + char* shell = "/bin/sh\0"; + char* linebuf3 = NULL; + char* tempbuf = NULL; + char* token = NULL; + int inputed, pid, ret; + + memset(user_name, 0x00, USERNAME_SIZE); + memset(homedir, 0x00, HOMEDIR_SIZE); + memset(linebuf, 0x00, (USERNAME_SIZE + HOMEDIR_SIZE + 128)); + memset(linebuf2, 0x00, (USERNAME_SIZE + 20)); + memset(buf_passwd, 0x00, PASSWD_LINE); + memset(buf_group, 0x00, GROUP_LINE); + memset(conf_filename, 0x00, FILENAME_SIZE); + memset(perm_group, 0x00, 20); + memset(str_orig, 0x00, 256); + memset(chown_cmd, 0x00, 32); + + /* 0. this user MUST be 'root' */ + if(getuid() != 0) { // not root + fprintf(stderr, "%s", "[ERR] Only root user can add new user\n"); + result = PC_ERR_NOT_PERMITTED; + goto error; + } + + /* 1. convert pkg_name to real user name */ + result = convert_user_name_from_pkgname(pkg_name, user_name); + if(result != PC_OPERATION_SUCCESS) { + fprintf(stderr, "%s", "[ERR] Fail to convert pkg name\n"); + result = PC_ERR_INVALID_OPERATION; + goto error; + } + /* 1.1. check there is a same user or not */ + if(getpwnam(user_name)) { + fprintf(stderr, "%s", "[ERR] Fail to add new user - already exist\n"); + result = PC_ERR_INVALID_OPERATION; + goto error; + } + + /* 2. add user into /etc/passwd */ + /* 2.1. get uid, gid */ + uid = FIRST_UID; + while(getpwuid(uid) != NULL) // is there same uid? + uid++; + gid = uid; + /* 2.2. get home directory and make home directory */ + snprintf(homedir, HOMEDIR_SIZE, "/opt/apps/%s", pkg_name); + if(mkdir(homedir, 0755) != 0) { // fail to make directory + if(errno == EEXIST) { + fprintf(stderr, "%s%s%s", "[LOG] ", homedir, " is already exist. Does NOT make new one.\n"); + } + else { + fprintf(stderr, "%s", "[ERR] Fail to make home directory\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + } + memset(homedir, 0x00, HOMEDIR_SIZE); + snprintf(homedir, HOMEDIR_SIZE, "/opt/apps/%s/data", pkg_name); + if(mkdir(homedir, 0755) != 0) { // fail to make directory + if(errno == EEXIST) { + fprintf(stderr, "%s%s%s", "[LOG] ", homedir, " is already exist. Does NOT make new one.\n"); + } + else { + fprintf(stderr, "%s", "[ERR] Fail to make home directory\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + } + + pid = fork(); + if(pid == 0) { + snprintf(chown_cmd, 32, "%d:%d", uid, gid); + ret = execl("/bin/chown", "/bin/chown", "-R", chown_cmd, homedir, NULL); + if(ret == -1) { + fprintf(stderr, "%s", "[ERR] fail to execute execl()\n"); + perror("Fail to execute execl()"); + exit(-1); + } + } + else if(pid > 0) { + wait((int*)0); + } + else { + fprintf(stderr, "%s", "[ERR] fail to execute fork()\n"); + exit(-1); + } + /* 2.3. make one line of /etc/passwd */ + snprintf(linebuf, (USERNAME_SIZE + HOMEDIR_SIZE + 128), "%s:x:%d:%d:%s:%s:%s", user_name, uid, gid, expr, homedir, shell); + uid = FIRST_UID; + /* 2.4. write to /etc/passwd */ + if((fp_passwd = fopen("/opt/etc/passwd", "r")) == NULL) { // open original passwd file + fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + if((fp_passwd2 = fopen("/opt/etc/passwd-modi", "w")) == NULL) { // open mofified file + fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd-modi\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + + while(fgets(buf_passwd, PASSWD_LINE, fp_passwd)) + fprintf(fp_passwd2, "%s", buf_passwd); + fprintf(fp_passwd2, "%s\n", linebuf); + + fclose(fp_passwd); + fp_passwd = NULL; + fclose(fp_passwd2); + fp_passwd2 = NULL; + + if(rename("/opt/etc/passwd", "/opt/etc/passwd-") != 0) { // if fail, + fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd)\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + if(rename("/opt/etc/passwd-modi", "/opt/etc/passwd") != 0) { // if fail, + fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd-modi)\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + /* 2.5. make one line of /etc/group */ + snprintf(linebuf2, (USERNAME_SIZE + 20), "%s:x:%d:", user_name, gid); + /* 2.6. write to /etc/group */ + if((fp_group = fopen("/opt/etc/group", "r")) == NULL) { + fprintf(stderr, "%s", "[ERR] Fail to open /etc/grup\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + if((fp_group2 = fopen("/opt/etc/group-modi", "w")) == NULL) { + fprintf(stderr, "%s", "[ERR] Fail to open /etc/group-modi\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + + while(1) { + linebuf3 = (char*)malloc(sizeof(char) * 128); + if(linebuf3 == NULL) { + fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n"); + result = PC_ERR_MEM_OPERATION; + goto error; + } + memset(linebuf3, 0x00, 128); + cnt = 128; + i = 0; + + while(1) { // get one line from /etc/group + inputed = fgetc(fp_group); + if(inputed == EOF) // end of /etc/group, + goto end_of_while; + else if((char)inputed == '\n') { + linebuf3[i] = '\0'; + break; + } + else if((i == cnt) && ((char)inputed != '\n')) { + tempbuf = (char*)realloc(linebuf3, sizeof(char) * (i + 128)); + if(tempbuf == NULL) { + fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n"); + result = PC_ERR_MEM_OPERATION; + goto error; + } + linebuf3 = tempbuf; + linebuf3[i] = (char)inputed; + cnt = i + 128; + } + else + linebuf3[i] = (char)inputed; + + i++; + } + + /* 3. get real group name from permissions */ + strncpy(str_orig, permissions, strlen(permissions)); + token = strtok(str_orig, seps); + while(token != NULL) { + /* 3.1. make dat file name */ + snprintf(conf_filename, FILENAME_SIZE, "/usr/share/privilege-control/%s.dat", token); + if((fp_perm = fopen(conf_filename, "r")) == NULL) { + fprintf(stderr, "%s%s%s", "[ERR] Fail to open ", conf_filename, "\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + while(fgets(perm_group, 20, fp_perm)) { + perm_group[strlen(perm_group) - 1] = ':'; + perm_group[strlen(perm_group)] = '\0'; + if(strncmp(linebuf3, perm_group, strlen(perm_group)) == 0) { // found!! + if(!strncmp(linebuf3, user_name, strlen(user_name))) { // already have same user + flag = 1; + fprintf(fp_group2, "%s\n", linebuf3); + break; + } + if(linebuf3[strlen(linebuf3) - 1] == ':') + strncat(linebuf3, user_name, strlen(user_name)); + else { + strncat(linebuf3, ",", 1); + strncat(linebuf3, user_name, strlen(user_name)); + } + flag = 1; + + fprintf(fp_group2, "%s\n", linebuf3); + break; + } + } + if(fp_perm != NULL) { + fclose(fp_perm); + fp_perm = NULL; + } + memset(conf_filename, 0x00, FILENAME_SIZE); + memset(perm_group, 0x00, 20); + + if(flag == 1) + break; + + token = strtok(NULL, seps); + } + + if(flag != 1) + fprintf(fp_group2, "%s\n", linebuf3); + + flag = 0; + if(linebuf3 != NULL) { + free(linebuf3); + linebuf3 = NULL; + } + } +end_of_while: + fprintf(fp_group2, "%s\n", linebuf2); + + fclose(fp_group); + fp_group = NULL; + fclose(fp_group2); + fp_group2 = NULL; + + if(rename("/opt/etc/group", "/opt/etc/group-") != 0) { // if fail, + fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group)\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + if(rename("/opt/etc/group-modi", "/opt/etc/group") != 0) { // if fail, + fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group-modi)\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + +error: + if(fp_passwd != NULL) + fclose(fp_passwd); + if(fp_passwd2 != NULL) + fclose(fp_passwd2); + if(fp_group != NULL) + fclose(fp_group); + if(fp_group2 != NULL) + fclose(fp_group2); + if(fp_perm != NULL) + fclose(fp_perm); + + if(linebuf3 != NULL) + free(linebuf3); + + return result; +} + +API int delete_user_and_group(const char* pkg_name) +{ + FILE* fp_passwd = NULL; + FILE* fp_passwd2 = NULL; + FILE* fp_group = NULL; + FILE* fp_group2 = NULL; + char user_name[USERNAME_SIZE]; + char user_name2[USERNAME_SIZE]; + char linebuf[512]; + char* linebuf2 = NULL; + char* linebuf3 = NULL; + char* tempbuf = NULL; + char* start = NULL; + char* end = NULL; + int i = 0, cnt = 0, flag = 0; + int result = PC_OPERATION_SUCCESS; + int inputed; + char* temp = NULL; + + memset(user_name, 0x00, USERNAME_SIZE); + memset(user_name2, 0x00, USERNAME_SIZE); + memset(linebuf, 0x00, 512); + + /* 0. user MUST be 'root' */ + if(getuid() != 0) { // not root + fprintf(stderr, "%s", "[ERR] Only root user can add new user\n"); + result = PC_ERR_NOT_PERMITTED; + goto error; + } + + /* 1. convert pkg_name to real user name */ + result = convert_user_name_from_pkgname(pkg_name, user_name); + if(result != PC_OPERATION_SUCCESS) { + fprintf(stderr, "%s", "[ERR] Fail to convert pkg name\n"); + result = PC_ERR_INVALID_OPERATION; + goto error; + } + /* 1.1. check there is a same user or not */ + if(!getpwnam(user_name)) { + fprintf(stderr, "%s", "[ERR] Fail to delete user - not exist\n"); + result = PC_ERR_INVALID_OPERATION; + goto error; + } + + /* 2. delete user from /etc/passwd */ + /* 2.1. open */ + if((fp_passwd = fopen("/opt/etc/passwd", "r")) == NULL) { // open original passwd file + fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + if((fp_passwd2 = fopen("/opt/etc/passwd-modi", "w")) == NULL) { // open mofified file + fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd-modi\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + + /* 2.2. write */ + strncpy(user_name2, user_name, (strlen(user_name) + 1)); + user_name2[strlen(user_name)] = ':'; + + while(fgets(linebuf, 512, fp_passwd)) { + if(!strncmp(linebuf, user_name2, strlen(user_name2))) // found + continue; + fprintf(fp_passwd2, "%s", linebuf); + } + + /* 2.3. rename file */ + if(rename("/opt/etc/passwd", "/opt/etc/passwd-") != 0) { // if fail, + fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd)\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + if(rename("/opt/etc/passwd-modi", "/opt/etc/passwd") != 0) { // if fail, + fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd-modi)\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + + /* 3. delete group from /etc/group */ + /* 3.1. open */ + if((fp_group = fopen("/opt/etc/group", "r")) == NULL) { + fprintf(stderr, "%s", "[ERR] Fail to open /etc/grup\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + if((fp_group2 = fopen("/opt/etc/group-modi", "w")) == NULL) { + fprintf(stderr, "%s", "[ERR] Fail to open /etc/group-modi\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + + /* 3.2. search and delete */ + while(1) { + linebuf2 = (char*)malloc(sizeof(char) * 128); + if(linebuf2 == NULL) { + fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n"); + result = PC_ERR_MEM_OPERATION; + goto error; + } + memset(linebuf2, 0x00, 128); + cnt = 128; + i = 0; + + while(1) { + inputed = fgetc(fp_group); + if(inputed == EOF) + goto end_of_while; + else if((char)inputed == '\n') { + linebuf2[i] = '\0'; + break; + } + else if((i == cnt) && ((char)inputed != '\n')) { + tempbuf = (char*)realloc(linebuf2, sizeof(char) * (i + 128)); + if(tempbuf == NULL) { + fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n"); + result = PC_ERR_MEM_OPERATION; + goto error; + } + linebuf2 = tempbuf; + linebuf2[i] = (char)inputed; + cnt = i + 128; + } + else + linebuf2[i] = (char)inputed; + + i++; + } + + if(strncmp(linebuf2, user_name2, strlen(user_name2)) == 0) // group of user + continue; + + if((start = strstr(strchr(linebuf2, ':'), user_name)) != NULL) { // found!! + linebuf3 = (char*)malloc(sizeof(char) * strlen(linebuf2)); + memset(linebuf3, 0x00, strlen(linebuf2)); + +repeat: + end = start + strlen(user_name); + // end MUST be ',' or '\0' + if(end[0] == ',') + end = end + 1; + else if(end[0] == '\0') { + temp = start - 1; + if(temp[0] == ',') + start = start - 1; + } + else { + start = strstr(end, user_name); + if(start[0] != '\0') + goto repeat; + } + + strncpy(linebuf3, linebuf2, ((int)start - (int)linebuf2)); + linebuf3 = strcat(linebuf3, end); + fprintf(fp_group2, "%s\n", linebuf3); + flag = 1; + } + + if(flag != 1) + fprintf(fp_group2, "%s\n", linebuf2); + flag = 0; + + if(linebuf2 != NULL) { + free(linebuf2); + linebuf2 = NULL; + } + if(linebuf3 != NULL) { + free(linebuf3); + linebuf3 = NULL; + } + } +end_of_while: + fclose(fp_group); + fp_group = NULL; + fclose(fp_group2); + fp_group2 = NULL; + + if(rename("/opt/etc/group", "/opt/etc/group-") != 0) { // if fail, + fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group)\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + if(rename("/opt/etc/group-modi", "/opt/etc/group") != 0) { // if fail, + fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group-modi)\n"); + result = PC_ERR_FILE_OPERATION; + goto error; + } + +error: + if(fp_passwd != NULL) + fclose(fp_passwd); + if(fp_passwd2 != NULL) + fclose(fp_passwd2); + if(fp_group != NULL) + fclose(fp_group); + if(fp_group2 != NULL) + fclose(fp_group2); + + if(linebuf2 != NULL) + free(linebuf2); + if(linebuf3 != NULL) + free(linebuf3); + + return result; +} diff --git a/src/debug-util.c b/src/debug-util.c new file mode 100644 index 0000000..79cd3db --- /dev/null +++ b/src/debug-util.c @@ -0,0 +1,84 @@ +/* + * libprivilege control + * + * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Kidong Kim + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "security-server.h" +#include "privilege-control.h" + +#define DEVELOPER_UID 5100 + +int main(int argc, char *argv[]) +{ + int uid = 0, ret = -1; + + uid = getuid(); + + if(uid == DEVELOPER_UID) { + fprintf(stderr, "%s", "[LOG] Sending request to security server...\n"); + ret = security_server_launch_debug_tool(argc - 1, (const char **)argv + 1); + if(ret != SECURITY_SERVER_API_SUCCESS) { + fprintf(stderr, "[ERR] Failed to launch tool, [%d]\n", ret); + return 0; + } + return 1; + } + else if(uid == 0) { + fprintf(stderr, "%s", "[LOG] Executed as root privilege\n"); + + /* + * argv[0] : /usr/bin/debug-util + * + * argv[1] : package name + * argv[2] : command of developer(SDK) + * argv[3] ~ : parameter(s) of argv[2] + */ + if(!strncmp(argv[1], "/usr/bin/launch_app", 19) || !strncmp(argv[1], "/usr/bin/kill_app", 17)) { + ret = execve(argv[1], (char * const*)argv + 1, NULL); + if(ret == -1) { + perror("[ERR] 1. Fail to execute execve()"); + } + } + else if(set_privilege(argv[1]) == 0) { // success + if(!strncmp(argv[2], "/bin/gdbserver", 14) || !strncmp(argv[2], "/usr/bin/opcontrol", 18) || !strncmp(argv[2], "/usr/bin/valgrind", 17 )) { + ret = execve(argv[2], (char * const*)argv + 2, NULL); + if(ret == -1) { // error + perror("[ERR] 2. Fail to execute execve()"); + } + } + } + else + fprintf(stderr, "[ERR] Fail to execute set_privilege()\n"); + } + else { + fprintf(stderr, "[ERR] Wrong uid: %d\n", uid); + fprintf(stderr, "[ERR] You must run %s under root user or developer(%d) user\n", argv[0], DEVELOPER_UID); + return 0; + } + + return 1; +} diff --git a/src/kill_app.c b/src/kill_app.c new file mode 100644 index 0000000..e61bf92 --- /dev/null +++ b/src/kill_app.c @@ -0,0 +1,77 @@ +/* + * libprivilege control + * + * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Kidong Kim + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include +#include +#include +#include +#include +//#include + +#define FILE_NAME "/tmp/.testpkg" + +int main() +{ + int uid = -1; + int pid = -1; + FILE* fp_in = NULL; + + /* if not root, fail */ + uid = getuid(); + if(uid != 0) { // not root + fprintf(stderr, "[ERR][kill_app] You MUST be root.\n"); + goto err; + } + + /* open file - /tmp/.testpkg */ + if(!(fp_in = fopen(FILE_NAME, "r"))) { + fprintf(stderr, "[ERR][kill_app] Fail to open file, [%s]\n", FILE_NAME); + perror("err: "); + goto err; + } + + /* get pid */ + fscanf(fp_in, "%d", &pid); + if(pid <= 0) { + fprintf(stderr, "[ERR][kill_app] Invalid pid.\n"); + goto err; + } + + /* kill that process */ + if(kill(pid, SIGKILL) < 0) { + fprintf(stderr, "[ERR][kill_app] Fail to kill application which has the pid [%d]\n", pid); + perror("err: "); + goto err; + } + + /* delete the file */ + if(unlink(FILE_NAME) < 0) { + fprintf(stderr, "[ERR][kill_app] Fail to delete file, [%s]\n", FILE_NAME); + perror("err: "); + goto err; + } + +err: + if(fp_in != NULL) + fclose(fp_in); + + return 0; +} diff --git a/src/privilege-control.c b/src/privilege-control.c new file mode 100644 index 0000000..dd39eee --- /dev/null +++ b/src/privilege-control.c @@ -0,0 +1,236 @@ +/* + * libprivilege control + * + * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Kidong Kim + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include +#include +#include + +#include +#include +#include +#include +#include + +#include +#include + +#include "privilege-control.h" + +#define APP_GID 5000 +#define APP_UID 5000 +#define ADMIN_GROUP 6504 +#define DEVELOPER_GID 5100 +#define DEVELOPER_UID 5100 + +#define APP_USER_NAME "app" +#define DEV_USER_NAME "developer" + +#define APP_HOME_DIR "/opt/home/app" +#define DEV_HOME_DIR "/opt/home/developer" + +#define APP_GROUP_PATH "/usr/share/privilege-control/app_group_list" +#define DEV_GROUP_PATH "/usr/share/privilege-control/dev_group_list" + +#ifdef USE_PRIVILEGE_CONTROL + +typedef struct { + char user_name[10]; + int uid; + int gid; + char home_dir[64]; + char group_list[64]; +} new_user; + +API int control_privilege(void) +{ + if(getuid() == APP_UID) // current user is 'app' + return PC_OPERATION_SUCCESS; + + if(set_privilege("org.tizen.") == PC_OPERATION_SUCCESS) + return PC_OPERATION_SUCCESS; + else + return PC_ERR_NOT_PERMITTED; +} + +API int set_privilege(const char* pkg_name) +{ + FILE* fp_group = NULL; // /etc/group + uid_t t_uid = -1; // uid of current process + gid_t *glist = NULL; // group list + gid_t temp_gid = -1; // for group list + char buf[10] = {0, }; // contents in group_list file + int glist_cnt = 0; // for group list + int result; + new_user usr; + + /* + * initialize user structure + */ + memset(usr.user_name, 0x00, 10); + memset(usr.home_dir, 0x00, 64); + memset(usr.group_list, 0x00, 64); + usr.uid = -1; + usr.gid = -1; + + t_uid = getuid(); + + if(t_uid == 0) // current user is 'root' + { + if(!strncmp(pkg_name, "developer", 9)) + { + strncpy(usr.user_name, DEV_USER_NAME, strlen(DEV_USER_NAME)); + usr.uid = DEVELOPER_UID; + usr.gid = DEVELOPER_GID; + strncpy(usr.home_dir, DEV_HOME_DIR, strlen(DEV_HOME_DIR)); + strncpy(usr.group_list, DEV_GROUP_PATH, strlen(DEV_GROUP_PATH)); + } + else + { + strncpy(usr.user_name, APP_USER_NAME, strlen(APP_USER_NAME)); + usr.uid = APP_UID; + usr.gid = APP_GID; + strncpy(usr.home_dir, APP_HOME_DIR, strlen(APP_HOME_DIR)); + strncpy(usr.group_list, APP_GROUP_PATH, strlen(APP_GROUP_PATH)); + } + + /* + * get group information + */ + if(!(fp_group = fopen(usr.group_list, "r"))) + { + fprintf(stderr, "[ERR] file open error: [%s]\n", usr.group_list); + result = PC_ERR_FILE_OPERATION; // return -1 + goto error; + } + + while(fgets(buf, 10, fp_group) != NULL) + { + if(buf == NULL) + { + fprintf(stderr, "[ERR] Fail to get gid\n"); + result = PC_ERR_INVALID_OPERATION; + goto error; + } + + errno = 0; + temp_gid = strtoul(buf, 0, 10); + if(errno != 0) // error occured during strtoul() + { + fprintf(stderr, "[ERR] cannot change string to integer: [%s]\n", buf); + result = PC_ERR_INVALID_OPERATION; + goto error; + } + + glist = (gid_t*)realloc(glist, sizeof(gid_t) * (glist_cnt + 1)); + if(!glist) + { + result = PC_ERR_MEM_OPERATION; // return -2 + goto error; + } + glist[glist_cnt] = temp_gid; + glist_cnt++; + } + fclose(fp_group); + fp_group = NULL; + + /* + * in case of dialer, add admin to glist + */ + if(!strncmp(pkg_name, "org.tizen.phone", 15)) + { + glist = (gid_t*)realloc(glist, sizeof(gid_t) * (glist_cnt + 1)); + glist[glist_cnt] = ADMIN_GROUP; // 6504 + glist_cnt++; + } + + /* + * setgroups() + */ + if(setgroups(glist_cnt, glist) != 0) + { + fprintf(stderr, "[ERR] setgrouops fail\n"); + result = PC_ERR_NOT_PERMITTED; // return -3 + goto error; + } + if(glist != NULL) + { + free(glist); + glist = NULL; + } + + /* + * setgid() & setgid() + */ + if(setgid(usr.gid) != 0) // fail + { + fprintf(stderr, "[ERR] fail to execute setgid().\n"); + result = PC_ERR_INVALID_OPERATION; + goto error; + } + if(setuid(usr.uid) != 0) // fail + { + fprintf(stderr, "[ERR] fail to execute setuid().\n"); + result = PC_ERR_INVALID_OPERATION; + goto error; + } + + if(setenv("USER", usr.user_name, 1) != 0) //fail + { + fprintf(stderr, "[ERR] fail to execute setenv().\n"); + result = PC_ERR_INVALID_OPERATION; + goto error; + } + if(setenv("HOME", usr.home_dir, 1) != 0) // fail + { + fprintf(stderr, "[ERR] fail to execute setenv().\n"); + result = PC_ERR_INVALID_OPERATION; + goto error; + } + } + else // current user is not only 'root' but 'app' + { + fprintf(stderr, "[ERR] current user is NOT root\n"); + result = PC_ERR_NOT_PERMITTED; // return -3 + goto error; + } + + result = PC_OPERATION_SUCCESS; + +error: + if(glist != NULL) + free(glist); + + return result; +} + +#else // USE_PRIVILEGE_CONTROL + +API int control_privilege(void) +{ + return 0; +} + +API int set_privilege(const char* pkg_name) +{ + return 0; +} + +#endif // USE_PRIVILEGE_CONTROL diff --git a/src/slp-su.c b/src/slp-su.c new file mode 100644 index 0000000..9368b0b --- /dev/null +++ b/src/slp-su.c @@ -0,0 +1,102 @@ +/* + * libprivilege control + * + * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Kidong Kim + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include +#include +#include +#include +#include + +#include "privilege-control.h" + +void print_usage(void) +{ + printf("%s", "Usage: slp-su [PKG_NAME]\n\n"); + printf("%s", "Execute new shell which be belonged to user related with PKG_NAME\n\n"); +} + +int main(int argc, char* argv[]) +{ + pid_t pid = -1; + char* buf = NULL; + + if(argc != 2) + { + fprintf(stderr, "%s", "[ERR] Check your argument.\n\n"); + print_usage(); + return 0; + } + + pid = fork(); + switch(pid) + { + case 0: // child + { + if(set_privilege(argv[1]) == 0) // success + { + fprintf(stderr, "%s", "[LOG] Success to execute set_privilege()\n"); + } + else + { + fprintf(stderr, "%s", "[ERR] Fail to execute set_privilege()\n"); + exit(1); + } + + buf = getenv("HOME"); + if(buf == NULL) // fail + { + fprintf(stderr, "%s", "[ERR] Fail to execute getenv()\n"); + exit(0); + } + else + { + fprintf(stderr, "%s: [%s]%s", "[LOG] HOME", buf, "\n"); + } + + if(chdir(buf) == 0) // success + { + fprintf(stderr, "%s", "[LOG] Success to change working directory\n"); + } + else + { + fprintf(stderr, "%s", "[ERR] Fail to execute chdir()\n"); + exit(0); + } + + execl("/bin/sh", "/bin/sh", NULL); + break; + } + case -1: // error + { + fprintf(stderr, "%s", "[ERR] Fail to execute fork()\n"); + exit(1); + break; + } + default: // parent + { + wait((int*)0); + fprintf(stderr, "%s", "[LOG] Parent end\n"); + exit(0); + } + } + + return 1; +} diff --git a/udev/rules/95-permissions-slp.rules b/udev/rules/95-permissions-slp.rules new file mode 100644 index 0000000..85f9294 --- /dev/null +++ b/udev/rules/95-permissions-slp.rules @@ -0,0 +1,44 @@ +ACTION=="remove", GOTO="permissions_slp_end" + +KERNEL=="s3c-jpeg", MODE="0660", GROUP="camera" +KERNEL=="s5p-jpeg", MODE="0660", GROUP="camera" +KERNEL=="radio[0-9]", MODE="0660", GROUP="radio" +KERNEL=="s5p-mfc", MODE="0660", GROUP="hwcodec" +KERNEL=="s3c-mfc", MODE="0660", GROUP="hwcodec" +KERNEL=="srp", MODE="0660", GROUP="hwcodec" +KERNEL=="log_main", MODE="0660", GROUP="app_logging" +KERNEL=="log_events", MODE="0660", GROUP="app_logging" +KERNEL=="log_radio", MODE="0660", GROUP="app_logging" +KERNEL=="log_system", MODE="0660", GROUP="sys_logging" +KERNEL=="controlC0D[0-9]c", MODE="0660", GROUP="recording" +KERNEL=="pcmC0D[0-9]c", MODE="0660", GROUP="recording" +KERNEL=="controlC0", MODE="0660", GROUP="audio" +KERNEL=="pcmC0D[0-9]p", MODE="0660", GROUP="audio" +KERNEL=="fb[0-9]", MODE="0660", GROUP="video" +KERNEL=="video[0-9]", MODE="0660", GROUP="video" +KERNEL=="s3c-mem", MODE="0660", GROUP="video" +KERNEL=="umts_csd", MODE="0660", GROUP="video_tel" + +KERNEL=="pvrsrvkm", MODE="0666" +KERNEL=="ump", MODE="0666" +KERNEL=="mali", MODE="0666" +KERNEL=="slp_global_lock", MODE="0666" + +# Marvell +KERNEL=="uio[0-9]", MODE="0666" + +# Brightness control +SUBSYSTEM=="leds", ATTR{brightness}=="?*", RUN+="/bin/chmod 0664 %S/%p/brightness", RUN+="/bin/chown :system_torch %S/%p/brightness" +SUBSYSTEM=="backlight", ATTR{brightness}=="?*", RUN+="/bin/chmod 0664 %S/%p/brightness", RUN+="/bin/chown :system_bklight %S/%p/brightness" + +# Video4Linux +SUBSYSTEM!="video4linux", GOTO="v4l_slp_end" +IMPORT{program}="v4l_id %N" +#KERNEL=="video*", SYMLINK+="camera", GROUP="camera", MODE="0660" + +# FIXME: video drivers on Proxima have invalid V4L capabilities, workaround by limiting to fimc1 +KERNEL=="video*", ATTR{name}=="s3c-fimc1", ENV{ID_V4L_CAPABILITIES}=="*:capture:*", SYMLINK+="camera", GROUP="camera", MODE="0660" + +LABEL="v4l_slp_end" + +LABEL="permissions_slp_end" -- 2.7.4