From 3b551c517915ee6b2c4709a57dc066ea64c29973 Mon Sep 17 00:00:00 2001 From: greatim Date: Fri, 23 Dec 2016 17:32:50 +0900 Subject: [PATCH] remove smack_setlabel function usage for security reason remove smack_setlabel function usage change sdbd log directory change sdbd smack label to "System" Change-Id: I242c08d177f456768f3b6e3d3ee90bbb70d7dbe9 Signed-off-by: greatim --- packaging/sdbd.spec | 2 ++ packaging/sdbd_device.service | 3 +-- packaging/sdbd_emulator.service | 3 +-- packaging/sdbd_tcp.service | 2 +- src/default_plugin_basic.c | 11 +++++++++-- src/file_sync_service.c | 4 +++- src/sdb.c | 4 ---- src/services.c | 6 ------ 8 files changed, 17 insertions(+), 18 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 15eb808..6ddcae3 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -112,6 +112,8 @@ fi cp -f /bin/sh /bin/sh-user chsmack -a "_" /bin/sh-user chsmack -e "User::Shell" /bin/sh-user +mkdir -p %{TZ_SDK_HOME}/share/sdbdlog +chown owner:users %{TZ_SDK_HOME}/share/sdbdlog %files %manifest sdbd.manifest diff --git a/packaging/sdbd_device.service b/packaging/sdbd_device.service index cd60922..0537fcd 100644 --- a/packaging/sdbd_device.service +++ b/packaging/sdbd_device.service @@ -6,11 +6,10 @@ After=tmp.mount [Service] Type=forking #location of SDBD log file -#Environment=SDBD_LOG_PATH=/tmp EnvironmentFile=-/run/tizen-system-env PIDFile=/tmp/.sdbd.pid Restart=on-failure -SmackProcessLabel=System::Privileged +SmackProcessLabel=System ExecStart=/usr/sbin/sdbd [Install] diff --git a/packaging/sdbd_emulator.service b/packaging/sdbd_emulator.service index bed8cce..2129436 100644 --- a/packaging/sdbd_emulator.service +++ b/packaging/sdbd_emulator.service @@ -7,12 +7,11 @@ After=tmp.mount dbus.service [Service] Type=forking #location of SDBD log file -#Environment=SDBD_LOG_PATH=/tmp Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes #ExecStartPre=/bin/bash -c "/bin/echo '10.0.2.15/32 system::debugging_network' >> /smack/netlabel" -SmackProcessLabel=System::Privileged +SmackProcessLabel=System ExecStart=/bin/sh -c "/usr/sbin/sdbd `/usr/bin/awk '{match($0, /sdb_port=([0-9]+)/,port_match); match($0, /vm_name=([^, ]*)/,vm_match); print \"--emulator=\" vm_match[1] \":\" port_match[1] \" --connect-to=10.0.2.2:26099\" \" --sensors=10.0.2.2:\"port_match[1]+3 }' /proc/cmdline`" [Install] diff --git a/packaging/sdbd_tcp.service b/packaging/sdbd_tcp.service index e360a7c..ade025c 100644 --- a/packaging/sdbd_tcp.service +++ b/packaging/sdbd_tcp.service @@ -7,5 +7,5 @@ Type=forking Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes -SmackProcessLabel=System::Privileged +SmackProcessLabel=System ExecStart=/usr/sbin/sdbd --listen-port=26101 diff --git a/src/default_plugin_basic.c b/src/default_plugin_basic.c index 91d8df2..61611f6 100644 --- a/src/default_plugin_basic.c +++ b/src/default_plugin_basic.c @@ -20,6 +20,8 @@ #include #include +#include + #define TRACE_TAG TRACE_SDB #include "log.h" @@ -28,7 +30,7 @@ #include "sdbd_plugin.h" #include "sdktools.h" -#define LOG_DIRECTORY "/tmp" +#define LOG_DIRECTORY "/home/owner/share/sdbdlog" int get_plugin_capability ( parameters* in, parameters* out ) { @@ -75,7 +77,12 @@ int get_plugin_capability ( parameters* in, parameters* out ) } else if ( capability == CAPABILITY_LOG_ENABLE ) { make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_DISABLED ); } else if ( capability == CAPABILITY_LOG_PATH ) { - make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", LOG_DIRECTORY ); + const char* sdkhome = tzplatform_getenv(TZ_SDK_HOME); + if (sdkhome != NULL) { + make_string_parameter ( & ( out->array_of_parameter[0] ), "%s/share/sdbdlog", sdkhome ); + } else { + make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", LOG_DIRECTORY ); + } } else if ( capability == CAPABILITY_APPCMD ) { make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_ENABLED ); } else { diff --git a/src/file_sync_service.c b/src/file_sync_service.c index 6c418a5..7efb161 100644 --- a/src/file_sync_service.c +++ b/src/file_sync_service.c @@ -77,6 +77,7 @@ void init_sdk_sync_permit_rule_regx(void) } } +#if 0 static void set_syncfile_smack_label(char *src) { char *label_transmuted = NULL; char *label = NULL; @@ -127,6 +128,7 @@ static void set_syncfile_smack_label(char *src) { */ } } +#endif static int sync_send_label_notify(int s, const char *path, int success) { @@ -157,7 +159,7 @@ static void sync_read_label_notify(int s) char *path = buffer; path++; path++; - set_syncfile_smack_label(path); + // set_syncfile_smack_label(path); } } diff --git a/src/sdb.c b/src/sdb.c index 2be2345..2f6f5d8 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1253,10 +1253,6 @@ void start_device_log(void) return; } - if (smack_setlabel(path, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { - D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); - } - // redirect stdout and stderr to the log file dup2(fd, 1); dup2(fd, 2); diff --git a/src/services.c b/src/services.c index 76c28d1..a1481f8 100644 --- a/src/services.c +++ b/src/services.c @@ -462,12 +462,6 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c return -1; } - if (smack_setlabel(devname, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { - D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); - sdb_close(ptm); - return -1; - } - *pid = fork(); if(*pid < 0) { D("- fork failed: errno:%d -\n", errno); -- 2.7.4