From 4bbf85fa0ca8ecd5bd0d15e74a17a6564d2f85b6 Mon Sep 17 00:00:00 2001
From: "sanghyeok.oh" <sanghyeok.oh@samsung.com>
Date: Tue, 7 Nov 2017 18:03:24 +0900
Subject: [PATCH] policy checking scheme: add mutex lock for data
 structure(std::map and std::vector)

Change-Id: I4a213d90dca2447cbd5678083a41c18f10e958fa
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
(cherry picked from commit 82139a81405a9e4ce38ce37439612079643864be)
---
 src/internal/internal.cpp        |  6 ++++
 src/internal/internal.h          |  5 ++++
 src/internal/naive_policy_db.cpp | 62 ++++++++++++++++++++++++----------------
 src/internal/naive_policy_db.hpp |  4 ++-
 src/internal/policy.cpp          |  5 ++++
 src/internal/policy.hpp          |  1 +
 src/internal/xml_parser.hpp      |  7 +++--
 src/libdbuspolicy1.c             |  2 ++
 8 files changed, 65 insertions(+), 27 deletions(-)
 mode change 100644 => 100755 src/internal/policy.hpp
 mode change 100644 => 100755 src/internal/xml_parser.hpp

diff --git a/src/internal/internal.cpp b/src/internal/internal.cpp
index aa0e947..3c3d82b 100755
--- a/src/internal/internal.cpp
+++ b/src/internal/internal.cpp
@@ -55,6 +55,12 @@ void __internal_init_flush_logs()
 	}
 }
 
+void __internal_init_sup_group(bool bus_type)
+{
+	ldp_xml_parser::XmlParser p;
+	p.updateGroupPolicy(bus_type);
+}
+
 void __internal_enter()
 {
 	if (tslog::enabled())
diff --git a/src/internal/internal.h b/src/internal/internal.h
index 94db50b..c10b789 100755
--- a/src/internal/internal.h
+++ b/src/internal/internal.h
@@ -46,6 +46,11 @@ extern pthread_mutex_t g_mutex;
 /** Flushes logs. */
 void __internal_init_flush_logs(void);
 
+/** Initializes supplementary groups for current process
+ * \param[in] bus_type Bus type (system/session)
+ */
+void __internal_init_sup_group(bool bus_type);
+
 /** Enables logger mutex */
 void __internal_enter(void);
 
diff --git a/src/internal/naive_policy_db.cpp b/src/internal/naive_policy_db.cpp
index 4c88baf..68f23a3 100755
--- a/src/internal/naive_policy_db.cpp
+++ b/src/internal/naive_policy_db.cpp
@@ -296,36 +296,26 @@ void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSetOwn& set,
 	}
 }
 
-void NaivePolicyDb::updateSupplementaryGroups(uid_t uid, gid_t gid)
+void NaivePolicyDb::updateSupplementaryGroups(uid_t uid, gid_t gid, const ItemType type)
 {
 	auto vsend = &mapSendGroup[uid];
 	auto vrecv = &mapRecvGroup[uid];
-	auto vown = &mapOwnGroup[uid];
+	auto vown = (type == ItemType::GENERIC || type == ItemType::OWN) ? &mapOwnGroup[uid] : nullptr;
 	int ngroups = 100;
 	gid_t groups[100];
-
 	struct passwd *user_pw;
+
 	user_pw = getpwuid(uid);
 	if (!user_pw) {
 		if (tslog::enabled())
 			std::cout << "getpwuid failed" << " uid:" << uid << " gid:" << gid << "\n";
-
-		(*vsend).push_back(gid);
-		(*vrecv).push_back(gid);
-		(*vown).push_back(gid);
-
-		return ;
+		goto err;
 	}
 
 	if (getgrouplist(user_pw->pw_name, gid, groups, &ngroups) == -1) {
 		if (tslog::enabled())
 			std::cout << "getgrouplist failed" << " uid:" << uid << " gid:" << gid << "\n";
-
-		(*vsend).push_back(gid);
-		(*vrecv).push_back(gid);
-		(*vown).push_back(gid);
-
-		return ;
+		goto err;
 	}
 
 	/* insert supplementary group */
@@ -334,36 +324,60 @@ void NaivePolicyDb::updateSupplementaryGroups(uid_t uid, gid_t gid)
 			(*vsend).push_back(groups[i]);
 		if (m_receive_set.group.find(groups[i]) != m_receive_set.group.end())
 			(*vrecv).push_back(groups[i]);
-		if (m_own_set.group.find(groups[i]) != m_own_set.group.end())
-			(*vown).push_back(groups[i]);
 	}
 
 	if ((*vsend).size() == 0 )
 		(*vsend).push_back(-1);
 	if ((*vrecv).size() == 0 )
 		(*vrecv).push_back(-1);
-	if ((*vown).size() == 0 )
+	if (type == ItemType::GENERIC || type == ItemType::OWN) {
+		for (int i = 0; i < ngroups; i++) {
+			if (m_own_set.group.find(groups[i]) != m_own_set.group.end())
+				(*vown).push_back(groups[i]);
+		}
+
+		if ((*vown).size() == 0 )
 		(*vown).push_back(-1);
+	}
+
+	return ;
+err:
+	(*vsend).push_back(gid);
+	(*vrecv).push_back(gid);
+	if (type == ItemType::GENERIC || type == ItemType::OWN)
+		(*vown).push_back(gid);
 }
 
 std::vector<gid_t> * NaivePolicyDb::getGroups(uid_t uid, gid_t gid)
 {
-	if (mapOwnGroup[uid].size() == 0)
-		updateSupplementaryGroups(uid, gid);
-	if (mapOwnGroup[uid][0] == (gid_t)-1)
-		return nullptr;
-
+	gid = gid;
 	return &mapOwnGroup[uid];
 }
 
 std::vector<gid_t> * NaivePolicyDb::getGroups(uid_t uid, gid_t gid, ItemType type)
 {
+	static gid_t mygid = getgid();
+	static uid_t myuid = getgid();
+
+	if (uid == myuid && gid ==mygid)
+		return (type == ItemType::SEND) ? &mapSendGroup[uid] : &mapRecvGroup[uid];
+
+	pthread_mutex_lock(&mutexGroup);
 	auto vgid = (type == ItemType::SEND) ? &mapSendGroup[uid] : &mapRecvGroup[uid];
 
 	if ((*vgid).size() == 0)
-		updateSupplementaryGroups(uid, gid);
+		updateSupplementaryGroups(uid, gid, type);
+	pthread_mutex_unlock(&mutexGroup);
+
 	if ((*vgid)[0] == (gid_t)-1)
 		return nullptr;
 
 	return vgid;
 }
+
+void NaivePolicyDb::updateSupGroup()
+{
+	pthread_mutex_lock(&mutexGroup);
+	updateSupplementaryGroups(getuid(), getgid(), ItemType::GENERIC);
+	pthread_mutex_unlock(&mutexGroup);
+}
\ No newline at end of file
diff --git a/src/internal/naive_policy_db.hpp b/src/internal/naive_policy_db.hpp
index dc3ed61..571c31c 100755
--- a/src/internal/naive_policy_db.hpp
+++ b/src/internal/naive_policy_db.hpp
@@ -34,10 +34,12 @@ namespace ldp_xml_parser
 		std::map<gid_t, std::vector<gid_t>> mapOwnGroup;
 		std::map<gid_t, std::vector<gid_t>> mapSendGroup;
 		std::map<gid_t, std::vector<gid_t>> mapRecvGroup;
-		void updateSupplementaryGroups(uid_t uid, gid_t gid);
+		pthread_mutex_t mutexGroup = PTHREAD_MUTEX_INITIALIZER;
+		void updateSupplementaryGroups(uid_t uid, gid_t gid, const ItemType type);
 	public:
 		std::vector<gid_t> * getGroups(uid_t uid, gid_t gid);
 		std::vector<gid_t> *getGroups(uid_t uid, gid_t gid, const ItemType type);
+		void updateSupGroup();
 	public:
 		/** Class containing policy with send/receive rules */
 		class PolicySR {
diff --git a/src/internal/policy.cpp b/src/internal/policy.cpp
index 07caa3a..5286cd8 100755
--- a/src/internal/policy.cpp
+++ b/src/internal/policy.cpp
@@ -204,6 +204,11 @@ void DbAdapter::updateDb(bool bus, boost::property_tree::ptree& xmlTree, std::ve
 	}
 }
 
+void DbAdapter::updateGroupDb(bool bus)
+{
+	policy_checker().db(bus).updateSupGroup();
+}
+
 DecisionItem::DecisionItem(Decision decision, const char* privilege)
 	: __decision(decision), __privilege(privilege)
 {
diff --git a/src/internal/policy.hpp b/src/internal/policy.hpp
old mode 100644
new mode 100755
index 344c841..4dd7a6c
--- a/src/internal/policy.hpp
+++ b/src/internal/policy.hpp
@@ -264,6 +264,7 @@ namespace ldp_xml_parser
 	public:
 		DbAdapter();
 		void updateDb(bool bus, boost::property_tree::ptree& xmlTree, std::vector<std::string>& incl_dirs);
+		void updateGroupDb(bool bus);
 	};
 }
 #endif
diff --git a/src/internal/xml_parser.hpp b/src/internal/xml_parser.hpp
old mode 100644
new mode 100755
index f874320..6eea72b
--- a/src/internal/xml_parser.hpp
+++ b/src/internal/xml_parser.hpp
@@ -37,12 +37,15 @@ namespace ldp_xml_parser
     class XmlParser : boost::noncopyable
     {
         public:
-	    /** Parses given config file for declared bus type */
+            /** Parses given config file for declared bus type */
             ErrCode parsePolicy(bool bus,
                     std::string const &fname) {
                 ErrCode err = parse(bus, fname);
                 return err;
             }
+            void updateGroupPolicy(bool bus) {
+                __adapter.updateGroupDb(bus);
+            }
 
         private:
             /** Vector containing parsed policy */
@@ -51,7 +54,7 @@ namespace ldp_xml_parser
             /** Adapter which allows to access parsed policies */
             DbAdapter __adapter;
 
-	    /** Parses config file and all files included in it */
+            /** Parses config file and all files included in it */
             ErrCode parse(bool bus, std::string const &filename) {
                 ErrCode err;
                 std::vector<std::string> incl_files;
diff --git a/src/libdbuspolicy1.c b/src/libdbuspolicy1.c
index 0cd422b..2c04814 100755
--- a/src/libdbuspolicy1.c
+++ b/src/libdbuspolicy1.c
@@ -244,6 +244,8 @@ DBUSPOLICY1_EXPORT void* dbuspolicy1_init(const char *bus_path)
 		if (rp < 0 && rs < 0) /* when both negative */
 			goto err_close;
 
+		__internal_init_sup_group(bus_type);
+
 		init_once[bus_type] = true;
 	}
 
-- 
2.7.4