From 38e9524a303fed2373c4b48258ebefe4fd9c83a1 Mon Sep 17 00:00:00 2001 From: Hwankyu Jhun Date: Wed, 10 Jan 2018 14:33:55 +0900 Subject: [PATCH] Cleanup security context after application termination. security_manager_prepare_app() and security_manager_cleanup_app() are a pair of functions to setup/clean security context of application. Each application is launched in a separate mount namespace and linked to this namespace. Such design allows to change privacy privilege status at app runtime. After application termination this link should be removed. Change-Id: I96bb6b88d3822d736e2985c750ec5697165abef2 Signed-off-by: Hwankyu Jhun --- src/launchpad.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/src/launchpad.c b/src/launchpad.c index 7e79a65..31e6841 100755 --- a/src/launchpad.c +++ b/src/launchpad.c @@ -113,6 +113,7 @@ static int user_slot_offset; static GList *candidate_slot_list; static app_labels_monitor *label_monitor; static GList *launcher_info_list; +static GHashTable *__pid_table; static candidate_process_context_t *__add_slot(int type, int loader_id, int caller_pid, const char *loader_path, const char *extra, @@ -1050,6 +1051,7 @@ static gboolean __handle_sigchild(gpointer data) int fd = lc->gpollfd->fd; struct signalfd_siginfo siginfo; ssize_t s; + char *appid; do { s = read(fd, &siginfo, sizeof(struct signalfd_siginfo)); @@ -1060,6 +1062,15 @@ static gboolean __handle_sigchild(gpointer data) break; _signal_process_sigchld(&siginfo); + + appid = g_hash_table_lookup(__pid_table, + GINT_TO_POINTER(siginfo.ssi_pid)); + if (appid) { + security_manager_cleanup_app(appid, siginfo.ssi_uid); + g_hash_table_remove(__pid_table, + GINT_TO_POINTER(siginfo.ssi_pid)); + } + cpc = __find_slot_from_pid(siginfo.ssi_pid); if (cpc != NULL) { __reset_slot(cpc); @@ -1501,8 +1512,11 @@ end: if (clifd != -1) close(clifd); - if (pid > 0) + if (pid > 0) { _signal_send_app_launch_signal(pid, menu_info->appid); + g_hash_table_insert(__pid_table, GINT_TO_POINTER(pid), + strdup(menu_info->appid)); + } if (menu_info != NULL) _appinfo_free(menu_info); @@ -1863,11 +1877,21 @@ static int __before_loop(int argc, char **argv) if (ret < 0) _W("Failed to send cmd(%d) to amd", LAUNCHPAD_LAUNCH_SIGNAL); + __pid_table = g_hash_table_new_full(g_direct_hash, g_direct_equal, + NULL, free); + if (!__pid_table) { + _E("Failed to create pid table"); + return -1; + } + return 0; } static void __after_loop(void) { + if (__pid_table) + g_hash_table_destroy(__pid_table); + if (_send_cmd_to_amd(LAUNCHPAD_DEAD_SIGNAL) < 0) _W("Failed to send cmd(%d) to amd", LAUNCHPAD_DEAD_SIGNAL); -- 2.7.4