From 36e40dddbda41db1f8cad529664dbae3d1bc664f Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Tue, 14 Nov 2017 15:27:02 +0100 Subject: [PATCH] Send (correct) response to client when cynara danied access Change-Id: I53b11b0149725dc88679febb6706af42b8d37cb3 --- simulatordaemon/inc/TEEContext.h | 1 + simulatordaemon/src/ConnectionSession.cpp | 17 +++++++++-------- simulatordaemon/src/TEEContext.cpp | 14 ++++++++++++++ 3 files changed, 24 insertions(+), 8 deletions(-) diff --git a/simulatordaemon/inc/TEEContext.h b/simulatordaemon/inc/TEEContext.h index 4db8506..ab68665 100644 --- a/simulatordaemon/inc/TEEContext.h +++ b/simulatordaemon/inc/TEEContext.h @@ -61,6 +61,7 @@ public: uint32_t mContextID; /* Security context wich stores info about low-level connection data*/ SecurityContext secContext; + bool cynara_check_result; /* For TA internal APIs support, dummy Context is created and for recognizing * the context as dummy isInternal member variable is used diff --git a/simulatordaemon/src/ConnectionSession.cpp b/simulatordaemon/src/ConnectionSession.cpp index 31fb181..8fadf2f 100644 --- a/simulatordaemon/src/ConnectionSession.cpp +++ b/simulatordaemon/src/ConnectionSession.cpp @@ -48,22 +48,23 @@ void ConnectionSession::start() { // init SecurityContext of current session after initializing socket this->secContext = SecurityContext(clientSocket.native()); + // Create a new Context + pthread_rwlock_wrlock(&ctxIDLock); + TEECtx = new TEEContext(ctxID, this); + // Increment the Context ID to be assigned to next Context + ctxID++; + if (ctxID == 0) ctxID++; + pthread_rwlock_unlock(&ctxIDLock); + #ifdef _CYNARA_INTEGRATION /* Check if client has cynara permission */ const string privilege("http://tizen.org/privilege/tee.client"); if (!secContext.clientHasCynaraPermission(privilege)) { LOGE(SIM_DAEMON, "Client has no permission to use TEE"); - return; + TEECtx->cynara_check_result = false; } #endif /* _CYNARA_INTEGRATION */ - // Create a new Context - pthread_rwlock_wrlock(&ctxIDLock); - TEECtx = new TEEContext(ctxID, this); - // Increment the Context ID to be assigned to next Context - ctxID++; - if (ctxID == 0) ctxID++; - pthread_rwlock_unlock(&ctxIDLock); currentState = CMD_READ; // read exactly 1 byte to identify the command and execute callback when diff --git a/simulatordaemon/src/TEEContext.cpp b/simulatordaemon/src/TEEContext.cpp index f85729c..189f918 100644 --- a/simulatordaemon/src/TEEContext.cpp +++ b/simulatordaemon/src/TEEContext.cpp @@ -57,6 +57,8 @@ TEEContext::TEEContext(uint32_t contextID, IConnectionSession* connSession): /* Clear the shared memory list (mShmList) and Session map (mSessionMap) */ mSessionMap.clear(); mShmList.clear(); + + cynara_check_result = true; } /** @@ -75,6 +77,17 @@ TEEC_Result TEEContext::initContext(InitContextData* data) { */ isInternal = false; + if (!cynara_check_result) { + result = TEEC_ERROR_ACCESS_DENIED; + data->returnValue = result; + result = mConnSess->write(INITIALIZE_CONTEXT, (char*)data, + sizeof(InitContextData)); + if (result != TEEC_SUCCESS) { + LOGE(SIM_DAEMON, "Initialize Context response write to CA FAILED"); + } + return result; + } + /* Check if the TEEName is proper or not */ if (data->nameLength != 0) { string TName(data->TEEName); @@ -167,6 +180,7 @@ TEEC_Result TEEContext::openSession(OpenSessionData data) { LOGD(SIM_DAEMON, "Entry"); data.returnOrigin = TEEC_ORIGIN_TEE; data.returnValue = TEEC_ERROR_GENERIC; + pthread_rwlock_wrlock(&sessIDLock); data.sessionID = sessID; sessID++; -- 2.7.4