From 14dc2ac940e29f28ab70db2085f96b63a55a1c3f Mon Sep 17 00:00:00 2001 From: Youngjae Cho Date: Mon, 6 Jan 2025 16:27:29 +0900 Subject: [PATCH] feedback: Change to get smack label via cynara API Instead of reading '/proc/self/attr/current' directly, used cynara_creds_self_get_client() API to get the smack label. It is especially important at the environment with no-smack. The cynara API has considered such case, so all we need to do is using the cynara API. Change-Id: I6ca7f493c1e710cc1645291aa3e61c6f16ebd3db Signed-off-by: Youngjae Cho --- CMakeLists.txt | 1 + packaging/libfeedback.spec | 1 + src/util/feedback-privilege.c | 19 ++++++++----------- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 40da24a..6ae5db8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -49,6 +49,7 @@ pkg_check_modules(pkgs REQUIRED libsyscommon cynara-client cynara-session + cynara-creds-self ) FOREACH(flag ${pkgs_CFLAGS}) diff --git a/packaging/libfeedback.spec b/packaging/libfeedback.spec index a088c13..6b8648e 100644 --- a/packaging/libfeedback.spec +++ b/packaging/libfeedback.spec @@ -23,6 +23,7 @@ BuildRequires: pkgconfig(capi-system-info) BuildRequires: pkgconfig(libsyscommon) BuildRequires: pkgconfig(cynara-client) BuildRequires: pkgconfig(cynara-session) +BuildRequires: pkgconfig(cynara-creds-self) %if 0%{?gcov:1} BuildRequires: lcov diff --git a/src/util/feedback-privilege.c b/src/util/feedback-privilege.c index 7bdf2de..f823493 100644 --- a/src/util/feedback-privilege.c +++ b/src/util/feedback-privilege.c @@ -22,6 +22,7 @@ #include #include +#include #include "util/feedback-privilege.h" #include "log.h" @@ -34,10 +35,9 @@ extern char *program_invocation_name; bool is_privilege_supported(const char *privilege_name) { cynara *cynara = NULL; - FILE *fp = NULL; char uid[16]; char *session = NULL; - char smack_label[BUFF_MAX] = {0, }; + char *smack_label = NULL; int ret; if (cynara_initialize(&cynara, NULL) != CYNARA_API_SUCCESS) { @@ -45,15 +45,10 @@ bool is_privilege_supported(const char *privilege_name) return false; } - fp = fopen("/proc/self/attr/current", "r"); - if (fp != NULL) { - int ch = 0; - int idx = 0; - while (EOF != (ch = fgetc(fp))) { - smack_label[idx] = ch; - idx++; - } - fclose(fp); + ret = cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &smack_label); + if (ret != CYNARA_API_SUCCESS) { + _E("failed to get smack label"); + return false; } pid_t pid = getpid(); @@ -62,6 +57,8 @@ bool is_privilege_supported(const char *privilege_name) uid[15] = '\0'; ret = cynara_check(cynara, smack_label, session, uid, privilege_name); + if (smack_label) + free(smack_label); if (session) free(session); if (cynara) -- 2.34.1