From 1afdb1628d5f84a166aa23ff41d52fe246b9c23a Mon Sep 17 00:00:00 2001 From: Rafal Krypa Date: Mon, 31 Aug 2015 10:50:03 +0200 Subject: [PATCH] Convert ServiceImpl namespace to a class This class will be used in future patches: - to hold ownership of Cynara and PrivilegeDb objects - to polymorph into basic, slave and off-line versions - to synchronize multiple concurrent clients (multi-threading is coming) Change-Id: I54f0ecda081db17350209c3e56debd91927e364e Signed-off-by: Rafal Krypa --- src/client/client-security-manager.cpp | 4 +- src/common/include/service_impl.h | 323 ++++++++++++++-------------- src/common/service_impl.cpp | 62 +++--- src/server/service/base-service.cpp | 24 +++ src/server/service/include/base-service.h | 15 ++ src/server/service/include/master-service.h | 2 + src/server/service/include/service.h | 2 + src/server/service/master-service.cpp | 11 +- src/server/service/service.cpp | 44 ++-- 9 files changed, 255 insertions(+), 232 deletions(-) diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index a995aa0..3949867 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -171,7 +171,7 @@ int security_manager_app_install(const app_inst_req *p_req) int retval; ClientOffline offlineMode; if (offlineMode.isOffline()) { - retval = SecurityManager::ServiceImpl::appInstall(*p_req, geteuid(), false); + retval = SecurityManager::ServiceImpl().appInstall(*p_req, geteuid(), false); } else { MessageBuffer send, recv; @@ -575,7 +575,7 @@ int security_manager_user_add(const user_req *p_req) int retval; ClientOffline offlineMode; if (offlineMode.isOffline()) { - retval = SecurityManager::ServiceImpl::userAdd(p_req->uid, p_req->utype, geteuid(), + retval = SecurityManager::ServiceImpl().userAdd(p_req->uid, p_req->utype, geteuid(), false); } else { MessageBuffer send, recv; diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h index 4444f52..0b6e3c6 100644 --- a/src/common/include/service_impl.h +++ b/src/common/include/service_impl.h @@ -32,166 +32,171 @@ #include "security-manager.h" namespace SecurityManager { -namespace ServiceImpl { -/** - * Retrieves ID (UID and PID) of peer connected to socket - * - * @param[in] Socket file descriptor - * @param[out] UID of connected peer. Function does not modify the variable if ID retrieval fails. - * @param[out] PID of connected peer. Function does not modify the variable if ID retrieval fails. - * - * @return True if peer ID was successfully retrieved, false otherwise. - */ -bool getPeerID(int sock, uid_t &uid, pid_t &pid); - -/** - * Process application installation request. - * - * @param[in] req installation request - * @param[in] uid id of the requesting user - * @param[in] isSlave Indicates if function should be called under slave mode - * - * @return API return code, as defined in protocols.h - */ -int appInstall(const app_inst_req &req, uid_t uid, bool isSlave); - -/** - * Process application uninstallation request. - * - * @param[in] req uninstallation request - * @param[in] uid id of the requesting user - * @param[in] isSlave Indicates if function should be called under slave mode - * - * @return API return code, as defined in protocols.h - */ -int appUninstall(const std::string &appId, uid_t uid, bool isSlave); - -/** - * Process package id query. - * Retrieves the package id associated with given application id. - * - * @param[in] appId application identifier - * @param[out] pkgId returned package identifier - * - * @return API return code, as defined in protocols.h - */ -int getPkgId(const std::string &appId, std::string &pkgId); - -/** - * Process query for supplementary groups allowed for the application. - * For given appId and uid, calculate allowed privileges that give - * direct access to file system resources. For each permission Cynara will be - * queried. - * Returns set of group ids that are permitted. - * - * @param[in] appId application identifier - * @param[in] uid id of the requesting user - * @param[in] pid id of the requesting process (to construct Cynara session id) - * @param[in] isSlave Indicates if function should be called under slave mode - * @param[out] gids returned set of allowed group ids - * - * @return API return code, as defined in protocols.h - */ -int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave, - std::unordered_set &gids); - -/** - * Process user adding request. - * - * @param[in] uidAdded uid of newly created user - * @param[in] userType type of newly created user - * @param[in] uid uid of requesting user - * @param[in] isSlave Indicates if function should be called under slave mode - * - * @return API return code, as defined in protocols.h - */ -int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave); - -/** - * Process user deletion request. - * - * @param[in] uidDeleted uid of removed user - * @param[in] uid uid of requesting user - * @param[in] isSlave Indicates if function should be called under slave mode - * - * @return API return code, as defined in protocols.h - */ -int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave); - -/** - * Update policy in Cynara - proper privilege: http://tizen.org/privilege/systemsettings.admin - * is needed for this to succeed - * - * @param[in] policyEntries vector of policy chunks with instructions - * @param[in] uid identifier of requesting user - * @param[in] pid PID of requesting process - * @param[in] smackLabel smack label of requesting app - * - * @return API return code, as defined in protocols.h - */ - -int policyUpdate(const std::vector &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel); -/** - * Fetch all configured privileges from user configurable bucket. - * Depending on forAdmin value: personal user policies or admin enforced - * policies are returned. - * - * @param[in] forAdmin determines if user is asking as ADMIN or not - * @param[in] filter filter for limiting the query - * @param[in] uid identifier of queried user - * @param[in] pid PID of requesting process - * @param[out] policyEntries vector of policy entries with result - * - * @return API return code, as defined in protocols.h - */ -int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries); - -/** - * Fetch all privileges for all apps installed for specific user. - * - * @param[in] forAdmin determines if user is asking as ADMIN or not - * @param[in] filter filter for limiting the query - * @param[in] uid identifier of queried user - * @param[in] pid PID of requesting process - * @param[out] policyEntries vector of policy entries with result - * - * @return API return code, as defined in protocols.h - */ -int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries); - -/** - * Process getting policy descriptions list. - * - * @param[in] descriptions empty vector for descriptions strings - * - * @return API return code, as defined in protocols.h - */ -int policyGetDesc(std::vector &descriptions); - -/** - * Process getting privileges mappings from one version to another. - * - * @param[in] version_from version to be mapped from - * @param[in] version_to version to be mapped to - * @param[in] privileges vector of privileges to be mapped - * @param[out] mappings mappings of given privileges - */ -int getPrivilegesMappings(const std::string &version_from, - const std::string &version_to, - const std::vector &privileges, - std::vector &mappings); - -/** - * Process getting resources group list. - * - * @param[out] groups empty vector for group strings - * - * @return API return code, as defined in protocols.h - */ -int policyGetGroups(std::vector &groups); - -} /* namespace ServiceImpl */ +class ServiceImpl { +private: + static uid_t getGlobalUserId(void); + + static void checkGlobalUser(uid_t &uid, std::string &cynaraUserStr); + + static bool isSubDir(const char *parent, const char *subdir); + + static bool getUserAppDir(const uid_t &uid, std::string &userAppDir); + + static bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath); + + static bool getZoneId(std::string &zoneId); + +public: + ServiceImpl(); + virtual ~ServiceImpl(); + + /** + * Process application installation request. + * + * @param[in] req installation request + * @param[in] uid id of the requesting user + * @param[in] isSlave Indicates if function should be called under slave mode + * + * @return API return code, as defined in protocols.h + */ + int appInstall(const app_inst_req &req, uid_t uid, bool isSlave); + + /** + * Process application uninstallation request. + * + * @param[in] req uninstallation request + * @param[in] uid id of the requesting user + * @param[in] isSlave Indicates if function should be called under slave mode + * + * @return API return code, as defined in protocols.h + */ + int appUninstall(const std::string &appId, uid_t uid, bool isSlave); + + /** + * Process package id query. + * Retrieves the package id associated with given application id. + * + * @param[in] appId application identifier + * @param[out] pkgId returned package identifier + * + * @return API return code, as defined in protocols.h + */ + int getPkgId(const std::string &appId, std::string &pkgId); + + /** + * Process query for supplementary groups allowed for the application. + * For given appId and uid, calculate allowed privileges that give + * direct access to file system resources. For each permission Cynara will be + * queried. + * Returns set of group ids that are permitted. + * + * @param[in] appId application identifier + * @param[in] uid id of the requesting user + * @param[in] pid id of the requesting process (to construct Cynara session id) + * @param[in] isSlave Indicates if function should be called under slave mode + * @param[out] gids returned set of allowed group ids + * + * @return API return code, as defined in protocols.h + */ + int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave, + std::unordered_set &gids); + + /** + * Process user adding request. + * + * @param[in] uidAdded uid of newly created user + * @param[in] userType type of newly created user + * @param[in] uid uid of requesting user + * @param[in] isSlave Indicates if function should be called under slave mode + * + * @return API return code, as defined in protocols.h + */ + int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave); + + /** + * Process user deletion request. + * + * @param[in] uidDeleted uid of removed user + * @param[in] uid uid of requesting user + * @param[in] isSlave Indicates if function should be called under slave mode + * + * @return API return code, as defined in protocols.h + */ + int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave); + + /** + * Update policy in Cynara - proper privilege: http://tizen.org/privilege/systemsettings.admin + * is needed for this to succeed + * + * @param[in] policyEntries vector of policy chunks with instructions + * @param[in] uid identifier of requesting user + * @param[in] pid PID of requesting process + * @param[in] smackLabel smack label of requesting app + * + * @return API return code, as defined in protocols.h + */ + + int policyUpdate(const std::vector &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel); + /** + * Fetch all configured privileges from user configurable bucket. + * Depending on forAdmin value: personal user policies or admin enforced + * policies are returned. + * + * @param[in] forAdmin determines if user is asking as ADMIN or not + * @param[in] filter filter for limiting the query + * @param[in] uid identifier of queried user + * @param[in] pid PID of requesting process + * @param[out] policyEntries vector of policy entries with result + * + * @return API return code, as defined in protocols.h + */ + int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries); + + /** + * Fetch all privileges for all apps installed for specific user. + * + * @param[in] forAdmin determines if user is asking as ADMIN or not + * @param[in] filter filter for limiting the query + * @param[in] uid identifier of queried user + * @param[in] pid PID of requesting process + * @param[out] policyEntries vector of policy entries with result + * + * @return API return code, as defined in protocols.h + */ + int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries); + + /** + * Process getting policy descriptions list. + * + * @param[in] descriptions empty vector for descriptions strings + * + * @return API return code, as defined in protocols.h + */ + int policyGetDesc(std::vector &descriptions); + + /** + * Process getting privileges mappings from one version to another. + * + * @param[in] version_from version to be mapped from + * @param[in] version_to version to be mapped to + * @param[in] privileges vector of privileges to be mapped + * @param[out] mappings mappings of given privileges + */ + int getPrivilegesMappings(const std::string &version_from, + const std::string &version_to, + const std::vector &privileges, + std::vector &mappings); + + /** + * Process getting resources group list. + * + * @param[out] groups empty vector for group strings + * + * @return API return code, as defined in protocols.h + */ + int policyGetGroups(std::vector &groups); +}; } /* namespace SecurityManager */ #endif /* _SECURITY_MANAGER_SERVICE_IMPL_ */ diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index 95f09c0..3f959a9 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -48,7 +48,6 @@ #include "master-req.h" namespace SecurityManager { -namespace ServiceImpl { static const std::string ADMIN_PRIVILEGE = "http://tizen.org/privilege/systemsettings.admin"; static const std::string SELF_PRIVILEGE = "http://tizen.org/privilege/systemsettings"; @@ -133,7 +132,15 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr, } } // end of anonymous namespace -static uid_t getGlobalUserId(void) +ServiceImpl::ServiceImpl() +{ +} + +ServiceImpl::~ServiceImpl() +{ +} + +uid_t ServiceImpl::getGlobalUserId(void) { static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER); return globaluid; @@ -144,7 +151,7 @@ static uid_t getGlobalUserId(void) * @param uid peer's uid - may be changed during process * @param cynaraUserStr string to which cynara user parameter will be put */ -static void checkGlobalUser(uid_t &uid, std::string &cynaraUserStr) +void ServiceImpl::checkGlobalUser(uid_t &uid, std::string &cynaraUserStr) { static uid_t globaluid = getGlobalUserId(); if (uid == 0 || uid == globaluid) { @@ -154,7 +161,8 @@ static void checkGlobalUser(uid_t &uid, std::string &cynaraUserStr) cynaraUserStr = std::to_string(static_cast(uid)); } } -static inline bool isSubDir(const char *parent, const char *subdir) + +bool ServiceImpl::isSubDir(const char *parent, const char *subdir) { while (*parent && *subdir) if (*parent++ != *subdir++) @@ -163,21 +171,7 @@ static inline bool isSubDir(const char *parent, const char *subdir) return (*subdir == '/'); } -bool getPeerID(int sock, uid_t &uid, pid_t &pid) -{ - struct ucred cr; - socklen_t len = sizeof(cr); - - if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) { - uid = cr.uid; - pid = cr.pid; - return true; - } - - return false; -} - -static bool getUserAppDir(const uid_t &uid, std::string &userAppDir) +bool ServiceImpl::getUserAppDir(const uid_t &uid, std::string &userAppDir) { struct tzplatform_context *tz_ctx = nullptr; @@ -207,7 +201,7 @@ static bool getUserAppDir(const uid_t &uid, std::string &userAppDir) return true; } -static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath) +bool ServiceImpl::installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath) { std::string userHome; std::string userAppDir; @@ -258,7 +252,7 @@ static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, b return true; } -static inline bool getZoneId(std::string &zoneId) +bool ServiceImpl::getZoneId(std::string &zoneId) { if (!getZoneIdFromPid(getpid(), zoneId)) { LogError("Failed to get zone ID from current PID"); @@ -274,7 +268,7 @@ static inline bool getZoneId(std::string &zoneId) return true; } -int appInstall(const app_inst_req &req, uid_t uid, bool isSlave) +int ServiceImpl::appInstall(const app_inst_req &req, uid_t uid, bool isSlave) { std::vector addedPermissions; std::vector removedPermissions; @@ -408,7 +402,7 @@ int appInstall(const app_inst_req &req, uid_t uid, bool isSlave) return SECURITY_MANAGER_API_SUCCESS; } -int appUninstall(const std::string &appId, uid_t uid, bool isSlave) +int ServiceImpl::appUninstall(const std::string &appId, uid_t uid, bool isSlave) { std::string pkgId; std::string smackLabel; @@ -519,7 +513,7 @@ int appUninstall(const std::string &appId, uid_t uid, bool isSlave) return SECURITY_MANAGER_API_SUCCESS; } -int getPkgId(const std::string &appId, std::string &pkgId) +int ServiceImpl::getPkgId(const std::string &appId, std::string &pkgId) { LogDebug("appId: " << appId); @@ -538,7 +532,7 @@ int getPkgId(const std::string &appId, std::string &pkgId) return SECURITY_MANAGER_API_SUCCESS; } -int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave, +int ServiceImpl::getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave, std::unordered_set &gids) { // FIXME Temporary solution, see below @@ -616,7 +610,7 @@ int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave, return SECURITY_MANAGER_API_SUCCESS; } -int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave) +int ServiceImpl::userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave) { if (uid != 0) return SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED; @@ -639,7 +633,7 @@ int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave) return SECURITY_MANAGER_API_SUCCESS; } -int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave) +int ServiceImpl::userDelete(uid_t uidDeleted, uid_t uid, bool isSlave) { int ret = SECURITY_MANAGER_API_SUCCESS; if (uid != 0) @@ -675,7 +669,7 @@ int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave) return ret; } -int policyUpdate(const std::vector &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel) +int ServiceImpl::policyUpdate(const std::vector &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel) { enum { NOT_CHECKED, @@ -735,7 +729,7 @@ int policyUpdate(const std::vector &policyEntries, uid_t uid, pid_ return SECURITY_MANAGER_API_SUCCESS; } -int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, +int ServiceImpl::getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries) { try { @@ -845,7 +839,7 @@ int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pi return SECURITY_MANAGER_API_SUCCESS; } -int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries) +int ServiceImpl::getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries) { try { std::string uidStr = std::to_string(uid); @@ -962,7 +956,7 @@ int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::strin return SECURITY_MANAGER_API_SUCCESS; } -int policyGetDesc(std::vector &levels) +int ServiceImpl::policyGetDesc(std::vector &levels) { int ret = SECURITY_MANAGER_API_SUCCESS; @@ -985,7 +979,7 @@ int policyGetDesc(std::vector &levels) return ret; } -int getPrivilegesMappings(const std::string &version_from, +int ServiceImpl::getPrivilegesMappings(const std::string &version_from, const std::string &version_to, const std::vector &privileges, std::vector &mappings) @@ -1031,7 +1025,8 @@ int getPrivilegesMappings(const std::string &version_from, return errorRet; } -int policyGetGroups(std::vector &groups) { +int ServiceImpl::policyGetGroups(std::vector &groups) +{ int ret = SECURITY_MANAGER_API_SUCCESS; try { @@ -1044,5 +1039,4 @@ int policyGetGroups(std::vector &groups) { return ret; } -} /* namespace ServiceImpl */ } /* namespace SecurityManager */ diff --git a/src/server/service/base-service.cpp b/src/server/service/base-service.cpp index 519c46a..32360cb 100644 --- a/src/server/service/base-service.cpp +++ b/src/server/service/base-service.cpp @@ -22,6 +22,10 @@ * @brief Implementation of security-manager base service. */ +#include +#include +#include + #include #include @@ -35,6 +39,26 @@ BaseService::BaseService() { } +bool BaseService::getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel) +{ + struct ucred cr; + socklen_t len = sizeof(cr); + + if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) { + char *smk; + ssize_t ret = smack_new_label_from_socket(sock, &smk); + if (ret < 0) + return false; + smackLabel = smk; + uid = cr.uid; + pid = cr.pid; + free(smk); + return true; + } + + return false; +} + void BaseService::accept(const AcceptEvent &event) { LogDebug("Accept event. ConnectionID.sock: " << event.connectionID.sock << diff --git a/src/server/service/include/base-service.h b/src/server/service/include/base-service.h index b2d06f3..5acb212 100644 --- a/src/server/service/include/base-service.h +++ b/src/server/service/include/base-service.h @@ -29,6 +29,7 @@ #include #include #include +#include namespace SecurityManager { @@ -58,9 +59,23 @@ public: void close(const CloseEvent &event); protected: + ServiceImpl serviceImpl; + ConnectionInfoMap m_connectionInfoMap; /** + * Retrieves ID (UID and PID) of peer connected to socket + * + * @param[in] sock Socket file descriptor + * @param[out] uid PID of connected peer. + * @param[out] pid PID of connected peer. + * @param[out] smackLabel Smack label of connected peer. + * + * @return True if peer ID was successfully retrieved, false otherwise. + */ + bool getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel); + + /** * Handle request from a client * * @param conn Socket connection information diff --git a/src/server/service/include/master-service.h b/src/server/service/include/master-service.h index 627cce9..177b5a9 100644 --- a/src/server/service/include/master-service.h +++ b/src/server/service/include/master-service.h @@ -26,6 +26,7 @@ #define _SECURITY_MANAGER_MASTER_SERVICE_ #include "base-service.h" +#include "service_impl.h" namespace SecurityManager { @@ -44,6 +45,7 @@ public: ServiceDescriptionVector GetServiceDescription(); private: + ServiceImpl serviceImpl; /** * Handle request from a client diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h index 8087899..30d6b0f 100644 --- a/src/server/service/include/service.h +++ b/src/server/service/include/service.h @@ -26,6 +26,7 @@ #define _SECURITY_MANAGER_SERVICE_ #include "base-service.h" +#include "service_impl.h" namespace SecurityManager { @@ -45,6 +46,7 @@ public: private: const bool m_isSlave; + ServiceImpl serviceImpl; /** * Handle request from a client diff --git a/src/server/service/master-service.cpp b/src/server/service/master-service.cpp index f018abb..2440419 100644 --- a/src/server/service/master-service.cpp +++ b/src/server/service/master-service.cpp @@ -65,8 +65,9 @@ bool MasterService::processOne(const ConnectionID &conn, MessageBuffer &buffer, uid_t uid; pid_t pid; + std::string smackLabel; - if (!ServiceImpl::getPeerID(conn.sock, uid, pid)) { + if (!getPeerID(conn.sock, uid, pid, smackLabel)) { LogError("Closing socket because of error: unable to get peer's uid and pid"); m_serviceManager->Close(conn); return false; @@ -249,7 +250,7 @@ void MasterService::processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &se Deserialization::Deserialize(buffer, pid); Deserialization::Deserialize(buffer, smackLabel); - ret = ServiceImpl::policyUpdate(policyEntries, uid, pid, smackLabel); + ret = serviceImpl.policyUpdate(policyEntries, uid, pid, smackLabel); Serialization::Serialize(send, ret); } @@ -269,7 +270,7 @@ void MasterService::processGetConfiguredPolicy(MessageBuffer &buffer, MessageBuf Deserialization::Deserialize(buffer, pid); Deserialization::Deserialize(buffer, smackLabel); - ret = ServiceImpl::getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries); + ret = serviceImpl.getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) Serialization::Serialize(send, policyEntries); @@ -294,7 +295,7 @@ void MasterService::processGetPolicy(MessageBuffer &buffer, MessageBuffer &send) Deserialization::Deserialize(buffer, pid); Deserialization::Deserialize(buffer, smackLabel); - ret = ServiceImpl::getPolicy(filter, uid, pid, smackLabel, policyEntries);*/ + ret = serviceImpl.getPolicy(filter, uid, pid, smackLabel, policyEntries);*/ Serialization::Serialize(send, ret); /*if (ret == SECURITY_MANAGER_API_SUCCESS) Serialization::Serialize(send, policyEntries);*/ @@ -305,7 +306,7 @@ void MasterService::processPolicyGetDesc(MessageBuffer &send) int ret = SECURITY_MANAGER_API_ERROR_SERVER_ERROR; std::vector descriptions; - ret = ServiceImpl::policyGetDesc(descriptions); + ret = serviceImpl.policyGetDesc(descriptions); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) Serialization::Serialize(send, descriptions); diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index 9409ec8..994acd1 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -64,26 +64,6 @@ GenericSocketService::ServiceDescriptionVector Service::GetServiceDescription() }; } -static bool getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel) -{ - struct ucred cr; - socklen_t len = sizeof(cr); - - if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) { - char *smk; - ssize_t ret = smack_new_label_from_socket(sock, &smk); - if (ret < 0) - return false; - smackLabel = smk; - uid = cr.uid; - pid = cr.pid; - free(smk); - return true; - } - - return false; -} - bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, InterfaceID interfaceID) { @@ -200,7 +180,7 @@ void Service::processAppInstall(MessageBuffer &buffer, MessageBuffer &send, uid_ Deserialization::Deserialize(buffer, req.privileges); Deserialization::Deserialize(buffer, req.appPaths); Deserialization::Deserialize(buffer, req.uid); - Serialization::Serialize(send, ServiceImpl::appInstall(req, uid, m_isSlave)); + Serialization::Serialize(send, serviceImpl.appInstall(req, uid, m_isSlave)); } void Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid) @@ -208,7 +188,7 @@ void Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, ui std::string appId; Deserialization::Deserialize(buffer, appId); - Serialization::Serialize(send, ServiceImpl::appUninstall(appId, uid, m_isSlave)); + Serialization::Serialize(send, serviceImpl.appUninstall(appId, uid, m_isSlave)); } void Service::processGetPkgId(MessageBuffer &buffer, MessageBuffer &send) @@ -218,7 +198,7 @@ void Service::processGetPkgId(MessageBuffer &buffer, MessageBuffer &send) int ret; Deserialization::Deserialize(buffer, appId); - ret = ServiceImpl::getPkgId(appId, pkgId); + ret = serviceImpl.getPkgId(appId, pkgId); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) Serialization::Serialize(send, pkgId); @@ -231,7 +211,7 @@ void Service::processGetAppGroups(MessageBuffer &buffer, MessageBuffer &send, ui int ret; Deserialization::Deserialize(buffer, appId); - ret = ServiceImpl::getAppGroups(appId, uid, pid, m_isSlave, gids); + ret = serviceImpl.getAppGroups(appId, uid, pid, m_isSlave, gids); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) { Serialization::Serialize(send, static_cast(gids.size())); @@ -250,7 +230,7 @@ void Service::processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t u Deserialization::Deserialize(buffer, uidAdded); Deserialization::Deserialize(buffer, userType); - ret = ServiceImpl::userAdd(uidAdded, userType, uid, m_isSlave); + ret = serviceImpl.userAdd(uidAdded, userType, uid, m_isSlave); Serialization::Serialize(send, ret); } @@ -261,7 +241,7 @@ void Service::processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_ Deserialization::Deserialize(buffer, uidRemoved); - ret = ServiceImpl::userDelete(uidRemoved, uid, m_isSlave); + ret = serviceImpl.userDelete(uidRemoved, uid, m_isSlave); Serialization::Serialize(send, ret); } @@ -275,7 +255,7 @@ void Service::processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &send, ui if (m_isSlave) { ret = MasterReq::PolicyUpdate(policyEntries, uid, pid, smackLabel); } else { - ret = ServiceImpl::policyUpdate(policyEntries, uid, pid, smackLabel); + ret = serviceImpl.policyUpdate(policyEntries, uid, pid, smackLabel); } Serialization::Serialize(send, ret); } @@ -290,7 +270,7 @@ void Service::processGetConfiguredPolicy(MessageBuffer &buffer, MessageBuffer &s if (m_isSlave) { ret = MasterReq::GetConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries); } else { - ret = ServiceImpl::getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, + ret = serviceImpl.getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries); } @@ -311,7 +291,7 @@ void Service::processGetPolicy(MessageBuffer &buffer, MessageBuffer &send, uid_t if (m_isSlave) { ret = MasterReq::GetPolicy(filter, uid, pid, smackLabel, policyEntries); } else { - ret = ServiceImpl::getPolicy(filter, uid, pid, smackLabel, policyEntries); + ret = serviceImpl.getPolicy(filter, uid, pid, smackLabel, policyEntries); } Serialization::Serialize(send, ret); @@ -329,7 +309,7 @@ void Service::processPolicyGetDesc(MessageBuffer &send) if (m_isSlave) { ret = MasterReq::PolicyGetDesc(descriptions); } else { - ret = ServiceImpl::policyGetDesc(descriptions); + ret = serviceImpl.policyGetDesc(descriptions); } Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) { @@ -350,7 +330,7 @@ void Service::processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send Deserialization::Deserialize(recv, privileges); std::vector mappings; - int ret = ServiceImpl::getPrivilegesMappings(version_from, version_to, privileges, mappings); + int ret = serviceImpl.getPrivilegesMappings(version_from, version_to, privileges, mappings); Serialization::Serialize(send, ret); Serialization::Serialize(send, mappings); @@ -359,7 +339,7 @@ void Service::processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send void Service::processGroupsGet(MessageBuffer &send) { std::vector groups; - int ret = ServiceImpl::policyGetGroups(groups); + int ret = serviceImpl.policyGetGroups(groups); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) { -- 2.7.4