From 385524bc2aa6c4c717f2ddb9f7506c85e9a82925 Mon Sep 17 00:00:00 2001 From: Hwankyu Jhun Date: Tue, 14 Jun 2016 11:47:36 +0900 Subject: [PATCH 01/16] Add the root path to the environment Change-Id: I08a4bdc9013a25ef447324d920301bd8bc05d8eb Signed-off-by: Hwankyu Jhun --- src/launchpad_common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/launchpad_common.c b/src/launchpad_common.c index 0aca7c1..960c53f 100644 --- a/src/launchpad_common.c +++ b/src/launchpad_common.c @@ -597,6 +597,8 @@ void _set_env(appinfo_t *menu_info, bundle *kb) setenv("HWACC", menu_info->hwacc, 1); if (menu_info->taskmanage != NULL) setenv("TASKMANAGE", menu_info->taskmanage, 1); + if (menu_info->root_path != NULL) + setenv("AUL_ROOT_PATH", menu_info->root_path, 1); str = bundle_get_val(kb, AUL_K_WAYLAND_DISPLAY); if (str != NULL) -- 2.7.4 From ff6081f9f71a9fd255991897b66ae09cb1fb1edf Mon Sep 17 00:00:00 2001 From: Hwankyu Jhun Date: Wed, 15 Jun 2016 11:17:51 +0900 Subject: [PATCH 02/16] Fix line buffer size Change-Id: I8465638c20736ffc60e2980255114b93b3706152 Signed-off-by: Hwankyu Jhun --- inc/loader_info.h | 2 +- src/loader_info.c | 38 ++++++++++++++++++++------------------ 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/inc/loader_info.h b/inc/loader_info.h index 950aa3c..6c411ed 100644 --- a/inc/loader_info.h +++ b/inc/loader_info.h @@ -38,7 +38,7 @@ typedef struct _loader_info { GList *_loader_info_load(const char *path); void _loader_info_dispose(GList *info); -int _loader_info_find_type(GList *info, const char *app_type, bool hwacc); +int _loader_info_find_type(GList *info, const char *app_type, bool hwacc); int *_loader_get_alternative_types(GList *info, int type, int *len); diff --git a/src/loader_info.c b/src/loader_info.c index fc86f29..2c02a68 100644 --- a/src/loader_info.c +++ b/src/loader_info.c @@ -63,7 +63,7 @@ static void __parse_detection_method(loader_info_t *info, char *line) { char *token; char *savedptr; - char refined_tok[MAX_LOCAL_BUFSZ]; + char refined_tok[LINE_MAX]; token = strtok_r(line, "|", &savedptr); info->detection_method = 0; @@ -86,7 +86,7 @@ static void __parse_app_types(loader_info_t *info, char *line) { char *token; char *savedptr; - char refined_tok[MAX_LOCAL_BUFSZ]; + char refined_tok[LINE_MAX]; token = strtok_r(line, "|", &savedptr); while (token) { @@ -100,9 +100,9 @@ static void __parse_app_types(loader_info_t *info, char *line) static void __parse_extra(loader_info_t *info, char *line) { - char tok1[MAX_LOCAL_BUFSZ] = { 0, }; - char tok2[MAX_LOCAL_BUFSZ] = { 0, }; - char tok3[MAX_LOCAL_BUFSZ] = { 0, }; + char tok1[LINE_MAX] = { 0, }; + char tok2[LINE_MAX] = { 0, }; + char tok3[LINE_MAX] = { 0, }; if (info->extra == NULL) return; @@ -151,26 +151,26 @@ static void __flush_extra_array(bundle *b, char *key, GList *list) static GList *__parse_file(GList *list, const char *path) { FILE *fp; - char buf[MAX_LOCAL_BUFSZ]; - char tok1[MAX_LOCAL_BUFSZ]; - char tok2[MAX_LOCAL_BUFSZ]; + char buf[LINE_MAX]; + char tok1[LINE_MAX]; + char tok2[LINE_MAX]; loader_info_t *cur_info = NULL; char *key = NULL; GList *extra_array = NULL; fp = fopen(path, "rt"); - if (fp == NULL) return list; - while (fgets(buf, MAX_LOCAL_BUFSZ, fp) != NULL) { + while (fgets(buf, sizeof(buf), fp) != NULL) { tok1[0] = '\0'; tok2[0] = '\0'; sscanf(buf, "%s %s", tok1, tok2); - if (strcasecmp(TAG_LOADER, tok1) == 0) { + if (strcasecmp(TAG_LOADER, tok1) == 0) { if (cur_info != NULL) { - __flush_extra_array(cur_info->extra, key, extra_array); + __flush_extra_array(cur_info->extra, key, + extra_array); extra_array = NULL; key = NULL; list = g_list_append(list, cur_info); @@ -182,7 +182,7 @@ static GList *__parse_file(GList *list, const char *path) if (tok1[0] == '\0' || tok2[0] == '\0' || tok1[0] == '#') continue; - if (strcasecmp(TAG_NAME, tok1) == 0) { + if (strcasecmp(TAG_NAME, tok1) == 0) { cur_info->name = strdup(tok2); } else if (strcasecmp(TAG_EXE, tok1) == 0) { cur_info->exe = strdup(tok2); @@ -190,11 +190,11 @@ static GList *__parse_file(GList *list, const char *path) __parse_app_types(cur_info, &buf[strlen(tok1)]); } else if (strcasecmp(TAG_DETECTION_METHOD, tok1) == 0) { __parse_detection_method(cur_info, &buf[strlen(tok1)]); - } else if (strcasecmp(TAG_TIMEOUT, tok1) == 0) { + } else if (strcasecmp(TAG_TIMEOUT, tok1) == 0) { cur_info->timeout_val = atoi(tok2); - } else if (strcasecmp(TAG_EXTRA, tok1) == 0) { + } else if (strcasecmp(TAG_EXTRA, tok1) == 0) { __parse_extra(cur_info, buf); - } else if (strcasecmp(TAG_EXTRA_ARRAY, tok1) == 0) { + } else if (strcasecmp(TAG_EXTRA_ARRAY,tok1) == 0) { __flush_extra_array(cur_info->extra, key, extra_array); extra_array = NULL; key = strdup(tok2); @@ -203,7 +203,9 @@ static GList *__parse_file(GList *list, const char *path) } else if (strcasecmp(TAG_HW_ACC, tok1) == 0) { cur_info->hw_acc = strdup(tok2); } else if (strcasecmp(TAG_ALTERNATIVE_LOADER, tok1) == 0) { - cur_info->alternative_loaders = g_list_append(cur_info->alternative_loaders, strdup(tok2)); + cur_info->alternative_loaders = + g_list_append(cur_info->alternative_loaders, + strdup(tok2)); } } @@ -223,7 +225,7 @@ GList *_loader_info_load(const char *path) struct dirent entry; struct dirent *result = NULL; GList *list = NULL; - char buf[MAX_LOCAL_BUFSZ]; + char buf[PATH_MAX]; char *ext; dir_info = opendir(path); -- 2.7.4 From 3d99a02f34291d3193b7d550ad17bc8a0fafcd94 Mon Sep 17 00:00:00 2001 From: Junghoon Park Date: Thu, 16 Jun 2016 10:56:30 +0900 Subject: [PATCH 03/16] Remove alternative-loader in case of common loader Change-Id: I423ae6d6e3243d36172eafad913ccf3032b890dd Signed-off-by: Junghoon Park --- packaging/default.loader.in | 1 - 1 file changed, 1 deletion(-) diff --git a/packaging/default.loader.in b/packaging/default.loader.in index fb335b2..d0d151c 100644 --- a/packaging/default.loader.in +++ b/packaging/default.loader.in @@ -30,7 +30,6 @@ EXTRA_ARRAY_VAL @LIB_INSTALL_DIR@/libappcore-efl.so.1 EXTRA_ARRAY_VAL @LIB_INSTALL_DIR@/libappcore-common.so.1 EXTRA_ARRAY_VAL @LIB_INSTALL_DIR@/libcapi-appfw-application.so.0 EXTRA_ARRAY_VAL @LIB_INSTALL_DIR@/ecore_imf/modules/wayland/v-1.16/libwltextinputmodule.so -ALTERNATIVE_LOADER hw-loader1 -- 2.7.4 From aa24d55c9137ea3b2d971d34793c1bd8311bf04f Mon Sep 17 00:00:00 2001 From: Junghoon Park Date: Thu, 16 Jun 2016 13:01:40 +0900 Subject: [PATCH 04/16] Select the loader to launch explicitly - Caller may add extra data about loader name to launch an app. - If it exist, the loader will be used with first priority. Change-Id: I195341ab46a6f2610997ff18fada3c3ddc8d2a88 Signed-off-by: Junghoon Park --- inc/key.h | 1 + inc/launchpad_common.h | 1 + inc/loader_info.h | 1 + src/launchpad.c | 12 +++++++----- src/launchpad_common.c | 6 ++++++ src/loader_info.c | 18 ++++++++++++++++-- 6 files changed, 32 insertions(+), 7 deletions(-) diff --git a/inc/key.h b/inc/key.h index d2f09f8..7d0201f 100644 --- a/inc/key.h +++ b/inc/key.h @@ -42,6 +42,7 @@ extern "C" { #define AUL_K_WAYLAND_WORKING_DIR "__AUL_WAYLAND_WORKING_DIR__" #define AUL_K_ROOT_PATH "__AUL_ROOT_PATH__" #define AUL_K_API_VERSION "__AUL_API_VERSION__" +#define AUL_K_LOADER_NAME "__AUL_LOADER_NAME__" #ifdef __cplusplus } diff --git a/inc/launchpad_common.h b/inc/launchpad_common.h index 8ae9705..aad42c8 100644 --- a/inc/launchpad_common.h +++ b/inc/launchpad_common.h @@ -95,6 +95,7 @@ typedef struct { char *comp_type; char *internal_pool; char *root_path; + char *loader_name; } appinfo_t; char *_proc_get_cmdline_bypid(int pid); diff --git a/inc/loader_info.h b/inc/loader_info.h index 6c411ed..4bc89ec 100644 --- a/inc/loader_info.h +++ b/inc/loader_info.h @@ -39,6 +39,7 @@ typedef struct _loader_info { GList *_loader_info_load(const char *path); void _loader_info_dispose(GList *info); int _loader_info_find_type(GList *info, const char *app_type, bool hwacc); +int _loader_info_find_type_by_loader_name(GList *info, const char *loader_name); int *_loader_get_alternative_types(GList *info, int type, int *len); diff --git a/src/launchpad.c b/src/launchpad.c index 1933365..9474862 100755 --- a/src/launchpad.c +++ b/src/launchpad.c @@ -912,7 +912,7 @@ static bool __is_hw_acc(const char *hwacc) } static candidate_process_context_t *__find_available_slot(const char *hwacc, - const char *app_type) + const char *app_type, const char *loader_name) { int type; candidate_process_context_t *cpc; @@ -920,7 +920,10 @@ static candidate_process_context_t *__find_available_slot(const char *hwacc, int len = 0; int i; - type = _loader_info_find_type(loader_info_list, app_type, __is_hw_acc(hwacc)); + if (loader_name) + type = _loader_info_find_type_by_loader_name(loader_info_list, loader_name); + else + type = _loader_info_find_type(loader_info_list, app_type, __is_hw_acc(hwacc)); cpc = __find_slot(type, PAD_LOADER_ID_STATIC); if (!cpc) return NULL; @@ -1043,12 +1046,11 @@ static gboolean __handle_launch_event(gpointer data) SECURE_LOGD("app_type : %s\n", menu_info->app_type); SECURE_LOGD("pkg_type : %s\n", menu_info->pkg_type); - if (menu_info->comp_type && - strcmp(menu_info->comp_type, "svcapp") == 0) { + strcmp(menu_info->comp_type, "svcapp") == 0) { loader_id = PAD_LOADER_ID_DIRECT; } else if ((loader_id = __get_loader_id(kb)) <= PAD_LOADER_ID_STATIC) { - cpc = __find_available_slot(menu_info->hwacc, menu_info->app_type); + cpc = __find_available_slot(menu_info->hwacc, menu_info->app_type, menu_info->loader_name); } else { type = LAUNCHPAD_TYPE_DYNAMIC; cpc = __find_slot(type, loader_id); diff --git a/src/launchpad_common.c b/src/launchpad_common.c index 960c53f..ef42c0a 100644 --- a/src/launchpad_common.c +++ b/src/launchpad_common.c @@ -415,6 +415,10 @@ appinfo_t *_appinfo_create(bundle *kb) if (ptr) menu_info->root_path = strdup(ptr); + ptr = bundle_get_val(kb, AUL_K_LOADER_NAME); + if (ptr) + menu_info->loader_name = strdup(ptr); + if (!_appinfo_get_app_path(menu_info)) { _appinfo_free(menu_info); return NULL; @@ -483,6 +487,8 @@ void _appinfo_free(appinfo_t *menu_info) free(menu_info->internal_pool); if (menu_info->root_path != NULL) free(menu_info->root_path); + if (menu_info->loader_name != NULL) + free(menu_info->loader_name); free(menu_info); } diff --git a/src/loader_info.c b/src/loader_info.c index 2c02a68..b683539 100644 --- a/src/loader_info.c +++ b/src/loader_info.c @@ -92,7 +92,7 @@ static void __parse_app_types(loader_info_t *info, char *line) while (token) { refined_tok[0] = '\0'; sscanf(token, "%s", refined_tok); - if (refined_tok[0] != '\0') + if (refined_tok[0] != '\0' && strcasecmp("null", refined_tok) != 0) info->app_types = g_list_append(info->app_types, strdup(refined_tok)); token = strtok_r(NULL, "|", &savedptr); } @@ -275,6 +275,8 @@ void _loader_info_dispose(GList *info) static int __comp_str(gconstpointer a, gconstpointer b) { + if (!a || !b) + return -1; return strcmp(a, b); } @@ -320,7 +322,6 @@ int _loader_info_find_type(GList *info, const char *app_type, bool hwacc) { GList *cur = NULL; - if (hwacc) cur = g_list_find_custom(info, app_type, __comp_app_type_with_hw_acc); else @@ -334,6 +335,19 @@ int _loader_info_find_type(GList *info, const char *app_type, bool hwacc) return cur_info->type; } +int _loader_info_find_type_by_loader_name(GList *info, const char *loader_name) +{ + GList *cur = NULL; + + cur = g_list_find_custom(info, loader_name, __comp_name); + if (cur == NULL) + return -1; + + loader_info_t *cur_info = (loader_info_t *)cur->data; + + return cur_info->type; +} + static int *__make_type_array(GList *info, GList *loaders, int *len) { int l; -- 2.7.4 From ac6af2da54aeb3a34dc2a0a2046e05d44c95cf21 Mon Sep 17 00:00:00 2001 From: Junghoon Park Date: Thu, 16 Jun 2016 18:56:50 +0900 Subject: [PATCH 05/16] apply app-label-monitor to remove CAP_MAC_ADMIN Change-Id: I49d5d19a778fbd7e39ab363cddcd99adf571728f Signed-off-by: Junghoon Park --- packaging/launchpad.spec | 2 +- src/launchpad.c | 83 ++++++++++++++++++++++++++++++++++++++++++++---- src/launchpad_lib.c | 10 ++---- 3 files changed, 79 insertions(+), 16 deletions(-) diff --git a/packaging/launchpad.spec b/packaging/launchpad.spec index 53613dd..c737c49 100644 --- a/packaging/launchpad.spec +++ b/packaging/launchpad.spec @@ -83,7 +83,7 @@ cp %{_builddir}/%{name}-%{version}/LICENSE %{buildroot}/usr/share/license/%{nam %{_unitdir_user}/sockets.target.wants/launchpad-process-pool.socket %{_unitdir_user}/default.target.wants/launchpad-process-pool.service %caps(cap_mac_admin,cap_mac_override,cap_setgid=ei) %{_bindir}/launchpad-process-pool -%caps(cap_mac_admin,cap_mac_override,cap_setgid=ei) %{_bindir}/launchpad-loader +%caps(cap_mac_override,cap_setgid=ei) %{_bindir}/launchpad-loader %attr(0644,root,root) %{_libdir}/liblaunchpad.so.* %files devel diff --git a/src/launchpad.c b/src/launchpad.c index 9474862..86b7bde 100755 --- a/src/launchpad.c +++ b/src/launchpad.c @@ -77,6 +77,8 @@ static int __sys_hwacc; static GList *loader_info_list; static int user_slot_offset; static GList *candidate_slot_list; +static app_labels_monitor *label_monitor; + static candidate_process_context_t *__add_slot(int type, int loader_id, int caller_pid, const char *loader_path, const char *extra, int detection_method, int timeout_val); @@ -281,11 +283,6 @@ error: return -1; } -static int __set_access(const char *appid) -{ - return security_manager_prepare_app(appid); -} - static int __get_loader_id(bundle *kb) { const char *val; @@ -507,8 +504,8 @@ static int __prepare_exec(const char *appid, const char *app_path, /* SET PRIVILEGES*/ if (bundle_get_val(kb, AUL_K_PRIVACY_APPID) == NULL) { _D("appId: %s / app_path : %s ", appid, app_path); - ret = __set_access(appid); - if (ret != 0) { + ret = security_manager_prepare_app(appid); + if (ret != SECURITY_MANAGER_SUCCESS) { _D("fail to set privileges - check " "your package's credential : %d\n", ret); @@ -823,6 +820,42 @@ static gboolean __handle_sigchild(gpointer data) return G_SOURCE_CONTINUE; } +static gboolean __handle_label_monitor(gpointer data) +{ + candidate_process_context_t *cpc; + GList *iter = candidate_slot_list; + + _D("__handle_label_monitor()"); + security_manager_app_labels_monitor_process(label_monitor); + + while (iter) { + cpc = (candidate_process_context_t *)iter->data; + if (cpc->prepared) { + _D("Dispose candidate process %d", cpc->pid); + __kill_process(cpc->pid); + close(cpc->send_fd); + cpc->prepared = false; + cpc->pid = CANDIDATE_NONE; + cpc->send_fd = -1; + if (cpc->source > 0) { + g_source_remove(cpc->source); + cpc->source = 0; + } + + if (cpc->timer > 0) { + g_source_remove(cpc->timer); + cpc->timer = 0; + } + __set_timer(cpc); + __prepare_candidate_process(cpc->type, cpc->loader_id); + } + + iter = g_list_next(iter); + } + + return G_SOURCE_CONTINUE; +} + static int __dispatch_cmd_hint(bundle *kb, int detection_method) { candidate_process_context_t *cpc; @@ -1221,6 +1254,33 @@ static int __init_sigchild_fd(void) return 0; } +static int __init_label_monitor_fd(void) +{ + int fd = -1; + guint pollfd; + + if (security_manager_app_labels_monitor_init(&label_monitor) + != SECURITY_MANAGER_SUCCESS) + return -1; + if (security_manager_app_labels_monitor_process(label_monitor) + != SECURITY_MANAGER_SUCCESS) + return -1; + security_manager_app_labels_monitor_get_fd(label_monitor, &fd); + + if (fd < 0) { + _E("failed to get fd"); + return -1; + } + + pollfd = __poll_fd(fd, G_IO_IN, (GSourceFunc)__handle_label_monitor, 0, 0); + if (pollfd == 0) { + close(fd); + return -1; + } + + return 0; +} + static void __add_slot_from_info(gpointer data, gpointer user_data) { loader_info_t *info = (loader_info_t *)data; @@ -1300,6 +1360,12 @@ static int __before_loop(int argc, char **argv) return -1; } + ret = __init_label_monitor_fd(); + if (ret != 0) { + _E("__init_launchpad_fd() failed"); + return -1; + } + ret = vconf_get_int(VCONFKEY_SETAPPL_APP_HW_ACCELERATION, &__sys_hwacc); if (ret != VCONF_OK) { _E("Failed to get vconf int: %s", @@ -1351,6 +1417,9 @@ int main(int argc, char **argv) #endif g_main_loop_run(mainloop); + if (label_monitor) + security_manager_app_labels_monitor_finish(label_monitor); + return -1; } diff --git a/src/launchpad_lib.c b/src/launchpad_lib.c index f655ed6..378ccc0 100644 --- a/src/launchpad_lib.c +++ b/src/launchpad_lib.c @@ -71,12 +71,6 @@ static void __release_at_exit(void) free(__root_path); } -static int __set_access(const char *appid, const char *pkg_type, - const char *app_path) -{ - return security_manager_prepare_app(appid); -} - static int __prepare_exec(const char *appid, const char *app_path, const char *pkg_type, int type) { @@ -89,8 +83,8 @@ static int __prepare_exec(const char *appid, const char *app_path, /* SET PRIVILEGES*/ SECURE_LOGD("[candidata] appid : %s / pkg_type : %s / app_path : %s", appid, pkg_type, app_path); - ret = __set_access(appid, pkg_type, app_path); - if (ret < 0) { + ret = security_manager_prepare_app(appid); + if (ret != SECURITY_MANAGER_SUCCESS) { _D("fail to set privileges - check your package's credential: " "%d\n", ret); return -1; -- 2.7.4 From b471207fdecc3f2bf902bbed13fbb044c77d2bc8 Mon Sep 17 00:00:00 2001 From: Junghoon Park Date: Tue, 21 Jun 2016 14:04:49 +0900 Subject: [PATCH 06/16] Add null checkers Change-Id: I6efa4c92f7467484ca8ea95a3625985773145eaa Signed-off-by: Junghoon Park --- src/launchpad_common.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/launchpad_common.c b/src/launchpad_common.c index ef42c0a..19ad650 100644 --- a/src/launchpad_common.c +++ b/src/launchpad_common.c @@ -636,8 +636,15 @@ char *_get_libdir(const char *path) char buf[PATH_MAX]; char *ptr; + if (path == NULL) + return NULL; path_dup = strdup(path); + if (path_dup == NULL) + return NULL; ptr = strrchr(path_dup, '/'); + if (ptr == NULL) + return NULL; + *ptr = '\0'; snprintf(buf, sizeof(buf), "%s/../lib/", path_dup); -- 2.7.4 From d1fa59bb255a323ad993dc9e01abe342aaf6291b Mon Sep 17 00:00:00 2001 From: Junghoon Park Date: Tue, 21 Jun 2016 14:55:56 +0900 Subject: [PATCH 07/16] Fix issue about making duplicated loaders Change-Id: I8550b50c6fed43e8aa704fcf3b895d09ad82b43d Signed-off-by: Junghoon Park --- src/launchpad.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/launchpad.c b/src/launchpad.c index 86b7bde..cf7514b 100755 --- a/src/launchpad.c +++ b/src/launchpad.c @@ -831,12 +831,6 @@ static gboolean __handle_label_monitor(gpointer data) while (iter) { cpc = (candidate_process_context_t *)iter->data; if (cpc->prepared) { - _D("Dispose candidate process %d", cpc->pid); - __kill_process(cpc->pid); - close(cpc->send_fd); - cpc->prepared = false; - cpc->pid = CANDIDATE_NONE; - cpc->send_fd = -1; if (cpc->source > 0) { g_source_remove(cpc->source); cpc->source = 0; @@ -846,7 +840,13 @@ static gboolean __handle_label_monitor(gpointer data) g_source_remove(cpc->timer); cpc->timer = 0; } - __set_timer(cpc); + + _D("Dispose candidate process %d", cpc->pid); + __kill_process(cpc->pid); + close(cpc->send_fd); + cpc->prepared = false; + cpc->pid = CANDIDATE_NONE; + cpc->send_fd = -1; __prepare_candidate_process(cpc->type, cpc->loader_id); } -- 2.7.4 From 689b26cd7c77473c9a62e2ae1405d9d35664ae06 Mon Sep 17 00:00:00 2001 From: Hwankyu Jhun Date: Wed, 8 Jun 2016 20:22:30 +0900 Subject: [PATCH 08/16] Prepare a server socket of an application - The launchpad socket path are changed to "/run/aul/daemons//". - Before executing an application, the child process creates an aul socket of the application for communication. And then, the application uses the socket. - Requires [aul] https://review.tizen.org/gerrit/#/c/73534/ [amd] https://review.tizen.org/gerrit/#/c/73537/ Change-Id: I872b5faf1681725e51a3c5647ff1195ebeaabba9 Signed-off-by: Hwankyu Jhun --- inc/launchpad_common.h | 3 ++- inc/sigchild.h | 7 ++++--- packaging/launchpad-process-pool.service | 4 ++++ packaging/launchpad-process-pool.socket | 4 ++-- src/launchpad.c | 12 ++++++++---- src/launchpad_common.c | 32 ++++++++++++++++++++++++++++---- src/launchpad_lib.c | 3 +++ src/launchpad_loader.c | 14 +++++++++++--- 8 files changed, 62 insertions(+), 17 deletions(-) diff --git a/inc/launchpad_common.h b/inc/launchpad_common.h index aad42c8..dce37ed 100644 --- a/inc/launchpad_common.h +++ b/inc/launchpad_common.h @@ -31,7 +31,7 @@ #define LOG_TAG "LAUNCHPAD" #endif -#define SOCKET_PATH "/run/user" +#define SOCKET_PATH "/run/aul" #define LAUNCHPAD_LOADER_SOCKET_NAME ".launchpad-type" #define MAX_PENDING_CONNECTIONS 10 #define MAX_LOCAL_BUFSZ 128 @@ -109,6 +109,7 @@ void _set_sock_option(int fd, int cli); void _set_env(appinfo_t *menu_info, bundle *kb); char **_create_argc_argv(bundle *kb, int *margc); char *_get_libdir(const char *path); +void _prepare_listen_sock(void); appinfo_t *_appinfo_create(bundle *kb); void _appinfo_free(appinfo_t *menu_info); diff --git a/inc/sigchild.h b/inc/sigchild.h index c982fba..2ed7c62 100644 --- a/inc/sigchild.h +++ b/inc/sigchild.h @@ -34,7 +34,7 @@ static inline void __socket_garbage_collector(void) struct dirent *dentry; char tmp[MAX_LOCAL_BUFSZ]; - snprintf(tmp, sizeof(tmp), "/run/user/%d", getuid()); + snprintf(tmp, sizeof(tmp), "/run/aul/apps/%d", getuid()); dp = opendir(tmp); if (dp == NULL) return; @@ -45,7 +45,7 @@ static inline void __socket_garbage_collector(void) snprintf(tmp, MAX_LOCAL_BUFSZ, "/proc/%s", dentry->d_name); if (access(tmp, F_OK) < 0) { /* Flawfinder: ignore */ - snprintf(tmp, MAX_LOCAL_BUFSZ, "/run/user/%d/%s", + snprintf(tmp, MAX_LOCAL_BUFSZ, "/run/aul/apps/%d/%s", getuid(), dentry->d_name); unlink(tmp); continue; @@ -145,7 +145,8 @@ static int __sigchild_action(pid_t dead_pid) __send_app_dead_signal_dbus(dead_pid); - snprintf(buf, MAX_LOCAL_BUFSZ, "/run/user/%d/%d", getuid(), dead_pid); + snprintf(buf, sizeof(buf), "/run/aul/apps/%d/%d", + getuid(), dead_pid); unlink(buf); __socket_garbage_collector(); diff --git a/packaging/launchpad-process-pool.service b/packaging/launchpad-process-pool.service index 0667cd5..6128e1e 100644 --- a/packaging/launchpad-process-pool.service +++ b/packaging/launchpad-process-pool.service @@ -6,5 +6,9 @@ Description=Start the USER Access Control Agent [Service] +ExecStartPre=-/usr/bin/mkdir -p /run/aul/daemons/%U +ExecStartPre=-/usr/bin/chmod 0777 /run/aul/daemons/%U +ExecStartPre=-/usr/bin/mkdir -p /run/aul/apps/%U +ExecStartPre=-/usr/bin/chmod 0777 /run/aul/apps/%U ExecStart=/bin/sh -l -c "/usr/bin/launchpad-process-pool" Sockets=launchpad-process-pool.socket diff --git a/packaging/launchpad-process-pool.socket b/packaging/launchpad-process-pool.socket index 6d68ff5..2306963 100644 --- a/packaging/launchpad-process-pool.socket +++ b/packaging/launchpad-process-pool.socket @@ -1,6 +1,6 @@ [Socket] -ListenStream=/run/user/%U/.launchpad-process-pool-sock - +ListenStream=/run/aul/daemons/%U/.launchpad-process-pool-sock +DirectoryMode=0777 Service=launchpad-process-pool.service [Install] diff --git a/src/launchpad.c b/src/launchpad.c index cf7514b..a11c9b6 100755 --- a/src/launchpad.c +++ b/src/launchpad.c @@ -249,7 +249,7 @@ static int __listen_candidate_process(int type, int loader_id) memset(&addr, 0x00, sizeof(struct sockaddr_un)); addr.sun_family = AF_UNIX; - snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%d/%s%d-%d", + snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/daemons/%d/%s%d-%d", SOCKET_PATH, getuid(), LAUNCHPAD_LOADER_SOCKET_NAME, type, loader_id); @@ -414,8 +414,8 @@ static int __send_launchpad_loader(candidate_process_context_t *cpc, char sock_path[PATH_MAX]; int pid = -1; - snprintf(sock_path, sizeof(sock_path), "/run/user/%d/%d", getuid(), - cpc->pid); + snprintf(sock_path, sizeof(sock_path), "/run/aul/apps/%d/%d", + getuid(), cpc->pid); unlink(sock_path); __candidate_process_real_launch(cpc->send_fd, pkt); @@ -512,6 +512,7 @@ static int __prepare_exec(const char *appid, const char *app_path, return -1; } } + /* SET DUMPABLE - for coredump*/ prctl(PR_SET_DUMPABLE, 1); @@ -525,6 +526,9 @@ static int __prepare_exec(const char *appid, const char *app_path, _D("can't locate file name to execute"); return -1; } + + _prepare_listen_sock(); + memset(process_name, '\0', AUL_PR_NAME); snprintf(process_name, AUL_PR_NAME, "%s", file_name); prctl(PR_SET_NAME, process_name); @@ -555,7 +559,7 @@ static int __launch_directly(const char *appid, const char *app_path, int clifd, for (iter_fd = 3; iter_fd <= max_fd; iter_fd++) close(iter_fd); - snprintf(sock_path, sizeof(sock_path), "/run/user/%d/%d", + snprintf(sock_path, sizeof(sock_path), "/run/aul/apps/%d/%d", getuid(), getpid()); unlink(sock_path); diff --git a/src/launchpad_common.c b/src/launchpad_common.c index 19ad650..32a70dd 100644 --- a/src/launchpad_common.c +++ b/src/launchpad_common.c @@ -184,7 +184,10 @@ int _create_server_sock(const char *name) struct sockaddr_un saddr; int fd; - fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0); + if (name) + fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0); + else + fd = socket(AF_UNIX, SOCK_STREAM, 0); /* support above version 2.6.27*/ if (fd < 0) { if (errno == EINVAL) { @@ -201,8 +204,16 @@ int _create_server_sock(const char *name) memset(&saddr, 0, sizeof(saddr)); saddr.sun_family = AF_UNIX; - snprintf(saddr.sun_path, sizeof(saddr.sun_path), "/run/user/%d/%s", - getuid(), name); + + if (name) { + snprintf(saddr.sun_path, sizeof(saddr.sun_path), + "%s/daemons/%d/%s", + SOCKET_PATH, getuid(), name); + } else { + snprintf(saddr.sun_path, sizeof(saddr.sun_path), + "%s/apps/%d/%d", + SOCKET_PATH, getuid(), getpid()); + } unlink(saddr.sun_path); if (bind(fd, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) { @@ -557,7 +568,7 @@ int _connect_to_launchpad(int type, int id) memset(&addr, 0x00, sizeof(struct sockaddr_un)); addr.sun_family = AF_UNIX; - snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%d/%s%d-%d", + snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/daemons/%d/%s%d-%d", SOCKET_PATH, getuid(), LAUNCHPAD_LOADER_SOCKET_NAME, type, id); @@ -669,3 +680,16 @@ int _proc_get_attr_by_pid(int pid, char *buf, int size) return 0; } +void _prepare_listen_sock(void) +{ + int fd; + char buf[12]; + + fd = _create_server_sock(NULL); + if (fd < 0) + return; + + snprintf(buf, sizeof(buf), "%d", fd); + setenv("AUL_LISTEN_SOCK", buf, 1); +} + diff --git a/src/launchpad_lib.c b/src/launchpad_lib.c index 378ccc0..ec2b1d2 100644 --- a/src/launchpad_lib.c +++ b/src/launchpad_lib.c @@ -108,6 +108,9 @@ static int __prepare_exec(const char *appid, const char *app_path, _D("can't locate file name to execute"); return -1; } + + _prepare_listen_sock(); + memset(process_name, '\0', AUL_PR_NAME); snprintf(process_name, AUL_PR_NAME, "%s", file_name); prctl(PR_SET_NAME, process_name); diff --git a/src/launchpad_loader.c b/src/launchpad_loader.c index fbde22a..2e9d18b 100644 --- a/src/launchpad_loader.c +++ b/src/launchpad_loader.c @@ -25,11 +25,11 @@ #include #include #include -#include #include #include "launchpad_common.h" #include "launchpad.h" +#include "key.h" #define KEY_LOADER_TYPE "loader_type" #define LOADER_TYPE_COMMON "common-loader" @@ -268,9 +268,17 @@ static void __close_fds(void) { int iter_fd; int max_fd = sysconf(_SC_OPEN_MAX); + int fd = -1; + const char *sockfd; - for (iter_fd = 3; iter_fd <= max_fd; iter_fd++) - close(iter_fd); + sockfd = getenv("AUL_LISTEN_SOCK"); + if (sockfd) + fd = atoi(sockfd); + + for (iter_fd = 3; iter_fd <= max_fd; iter_fd++) { + if (iter_fd != fd) + close(iter_fd); + } } static int __loader_terminate_cb(int argc, char **argv, void *user_data) -- 2.7.4 From 6e99bfc21c07496687fb93d5afdba1f9d5bcd9a9 Mon Sep 17 00:00:00 2001 From: Hwankyu Jhun Date: Thu, 23 Jun 2016 14:54:10 +0900 Subject: [PATCH 09/16] Remove others permission about the user's directory Change-Id: I48f782f8dcfde1f7bed9639771339344a692289c Signed-off-by: Hwankyu Jhun --- packaging/launchpad-process-pool.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/launchpad-process-pool.service b/packaging/launchpad-process-pool.service index 6128e1e..a627161 100644 --- a/packaging/launchpad-process-pool.service +++ b/packaging/launchpad-process-pool.service @@ -9,6 +9,6 @@ Description=Start the USER Access Control Agent ExecStartPre=-/usr/bin/mkdir -p /run/aul/daemons/%U ExecStartPre=-/usr/bin/chmod 0777 /run/aul/daemons/%U ExecStartPre=-/usr/bin/mkdir -p /run/aul/apps/%U -ExecStartPre=-/usr/bin/chmod 0777 /run/aul/apps/%U +ExecStartPre=-/usr/bin/chmod 0700 /run/aul/apps/%U ExecStart=/bin/sh -l -c "/usr/bin/launchpad-process-pool" Sockets=launchpad-process-pool.socket -- 2.7.4 From 7adac4ecd68167ca9bc5d84b18403abd5eb33254 Mon Sep 17 00:00:00 2001 From: Hwankyu Jhun Date: Thu, 23 Jun 2016 15:59:20 +0900 Subject: [PATCH 10/16] Prevent app sockets from being deleted by attacker - Requires: https://review.tizen.org/gerrit/#/c/76214/ Change-Id: Ibb967aea776c58f491352cace203a2f7ae5fb872 Signed-off-by: Hwankyu Jhun --- inc/launchpad_common.h | 1 + inc/sigchild.h | 12 +++------ src/launchpad.c | 13 ++++----- src/launchpad_common.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 83 insertions(+), 16 deletions(-) diff --git a/inc/launchpad_common.h b/inc/launchpad_common.h index dce37ed..4f13aaa 100644 --- a/inc/launchpad_common.h +++ b/inc/launchpad_common.h @@ -110,6 +110,7 @@ void _set_env(appinfo_t *menu_info, bundle *kb); char **_create_argc_argv(bundle *kb, int *margc); char *_get_libdir(const char *path); void _prepare_listen_sock(void); +int _delete_sock_path(int pid, uid_t uid); appinfo_t *_appinfo_create(bundle *kb); void _appinfo_free(appinfo_t *menu_info); diff --git a/inc/sigchild.h b/inc/sigchild.h index 2ed7c62..9ea5b0f 100644 --- a/inc/sigchild.h +++ b/inc/sigchild.h @@ -20,6 +20,8 @@ #include #include +#include "launchpad_common.h" + #define AUL_DBUS_PATH "/aul/dbus_handler" #define AUL_DBUS_SIGNAL_INTERFACE "org.tizen.aul.signal" #define AUL_DBUS_APPDEAD_SIGNAL "app_dead" @@ -45,9 +47,7 @@ static inline void __socket_garbage_collector(void) snprintf(tmp, MAX_LOCAL_BUFSZ, "/proc/%s", dentry->d_name); if (access(tmp, F_OK) < 0) { /* Flawfinder: ignore */ - snprintf(tmp, MAX_LOCAL_BUFSZ, "/run/aul/apps/%d/%s", - getuid(), dentry->d_name); - unlink(tmp); + _delete_sock_path(atoi(dentry->d_name), getuid()); continue; } } @@ -138,16 +138,12 @@ static inline int __send_app_launch_signal_dbus(int launch_pid, static int __sigchild_action(pid_t dead_pid) { - char buf[MAX_LOCAL_BUFSZ]; - if (dead_pid <= 0) goto end; __send_app_dead_signal_dbus(dead_pid); - snprintf(buf, sizeof(buf), "/run/aul/apps/%d/%d", - getuid(), dead_pid); - unlink(buf); + _delete_sock_path(dead_pid, getuid()); __socket_garbage_collector(); end: diff --git a/src/launchpad.c b/src/launchpad.c index a11c9b6..c12abc6 100755 --- a/src/launchpad.c +++ b/src/launchpad.c @@ -411,12 +411,12 @@ static void __set_timer(candidate_process_context_t *cpc) static int __send_launchpad_loader(candidate_process_context_t *cpc, app_pkt_t *pkt, const char *app_path, int clifd) { - char sock_path[PATH_MAX]; int pid = -1; + int ret; - snprintf(sock_path, sizeof(sock_path), "/run/aul/apps/%d/%d", - getuid(), cpc->pid); - unlink(sock_path); + ret = _delete_sock_path(cpc->pid, getuid()); + if (ret != 0) + return -1; __candidate_process_real_launch(cpc->send_fd, pkt); SECURE_LOGD("Request to candidate process, pid: %d, bin path: %s", @@ -543,7 +543,6 @@ static int __launch_directly(const char *appid, const char *app_path, int clifd, bundle *kb, appinfo_t *menu_info, candidate_process_context_t *cpc) { - char sock_path[PATH_MAX]; int pid = fork(); int max_fd; int iter_fd; @@ -559,9 +558,7 @@ static int __launch_directly(const char *appid, const char *app_path, int clifd, for (iter_fd = 3; iter_fd <= max_fd; iter_fd++) close(iter_fd); - snprintf(sock_path, sizeof(sock_path), "/run/aul/apps/%d/%d", - getuid(), getpid()); - unlink(sock_path); + _delete_sock_path(getpid(), getuid()); PERF("prepare exec - first done"); _D("lock up test log(no error) : prepare exec - first done"); diff --git a/src/launchpad_common.c b/src/launchpad_common.c index 32a70dd..83489d4 100644 --- a/src/launchpad_common.c +++ b/src/launchpad_common.c @@ -28,6 +28,9 @@ #include #include #include +#include +#include +#include #include "launchpad_common.h" #include "key.h" @@ -183,6 +186,7 @@ int _create_server_sock(const char *name) { struct sockaddr_un saddr; int fd; + int ret; if (name) fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0); @@ -213,6 +217,25 @@ int _create_server_sock(const char *name) snprintf(saddr.sun_path, sizeof(saddr.sun_path), "%s/apps/%d/%d", SOCKET_PATH, getuid(), getpid()); + ret = mkdir(saddr.sun_path, 0700); + if (ret != 0) { + if (errno == EEXIST) { + if (access(saddr.sun_path, R_OK) != 0) { + _E("Failed to access %s directory - %d", + saddr.sun_path, errno); + close(fd); + return -1; + } + } else { + _E("Failed to create %s directory - %d", + saddr.sun_path, errno); + close(fd); + return -1; + } + } + snprintf(saddr.sun_path, sizeof(saddr.sun_path), + "%s/apps/%d/%d/.app-sock", + SOCKET_PATH, getuid(), getpid()); } unlink(saddr.sun_path); @@ -693,3 +716,53 @@ void _prepare_listen_sock(void) setenv("AUL_LISTEN_SOCK", buf, 1); } +static int __delete_dir(const char *path) +{ + DIR *dp; + struct dirent dentry; + struct dirent *result = NULL; + char buf[PATH_MAX]; + struct stat statbuf; + int ret; + + if (path == NULL) + return -1; + + dp = opendir(path); + if (dp == NULL) + return -1; + + while (readdir_r(dp, &dentry, &result) == 0 && result) { + if (!strcmp(dentry.d_name, ".") || !strcmp(dentry.d_name, "..")) + continue; + + snprintf(buf, sizeof(buf), "%s/%s", path, dentry.d_name); + ret = stat(buf, &statbuf); + if (ret == 0) { + if (S_ISDIR(statbuf.st_mode)) + __delete_dir(buf); + else + unlink(buf); + } + } + + rmdir(path); + closedir(dp); + + return 0; +} + +int _delete_sock_path(int pid, uid_t uid) +{ + char path[PATH_MAX]; + + snprintf(path, sizeof(path), "/run/aul/apps/%d/%d", uid, pid); + if (access(path, F_OK) == 0) + __delete_dir(path); + + if (access(path, F_OK) == 0) + return -1; + + return 0; +} + -- 2.7.4 From 8539e2b64630cacd33358e2af927f7d3bd38fb87 Mon Sep 17 00:00:00 2001 From: Hawnkyu Jhun Date: Sat, 25 Jun 2016 20:01:16 +0900 Subject: [PATCH 11/16] Exclude unused headers Change-Id: I44a4636d9cd1d418e8f87244a0a5215359253640 Signed-off-by: Hawnkyu Jhun --- src/launchpad_common.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/launchpad_common.c b/src/launchpad_common.c index 83489d4..f9f318d 100644 --- a/src/launchpad_common.c +++ b/src/launchpad_common.c @@ -29,8 +29,6 @@ #include #include #include -#include -#include #include "launchpad_common.h" #include "key.h" -- 2.7.4 From f2dfa51637ed2e0b556549857ce9ab57f5945bba Mon Sep 17 00:00:00 2001 From: Junghoon Park Date: Wed, 29 Jun 2016 14:05:52 +0900 Subject: [PATCH 12/16] Adjust timeout value Change-Id: I0b1173d7059573f020920edd06ce468ca6c3210e Signed-off-by: Junghoon Park --- packaging/default.loader.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packaging/default.loader.in b/packaging/default.loader.in index d0d151c..0ea64e5 100644 --- a/packaging/default.loader.in +++ b/packaging/default.loader.in @@ -3,8 +3,8 @@ NAME hw-loader1 EXE /usr/bin/launchpad-loader APP_TYPE capp|c++app HW_ACC ON -DETECTION_METHOD TIMEOUT|VISIBILITY -TIMEOUT 5000 +DETECTION_METHOD TIMEOUT +TIMEOUT 2000 EXTRA loader_type hw-loader EXTRA_ARRAY preload EXTRA_ARRAY_VAL @LIB_INSTALL_DIR@/libappcore-efl.so.1 @@ -22,8 +22,8 @@ ALTERNATIVE_LOADER common-loader1 NAME common-loader1 EXE /usr/bin/launchpad-loader APP_TYPE capp|c++app -DETECTION_METHOD TIMEOUT|VISIBILITY -TIMEOUT 5000 +DETECTION_METHOD TIMEOUT +TIMEOUT 2000 EXTRA loader_type common-loader EXTRA_ARRAY preload EXTRA_ARRAY_VAL @LIB_INSTALL_DIR@/libappcore-efl.so.1 -- 2.7.4 From 42cd958b6a32dc8b6dd5635b8b300ebb243c32d8 Mon Sep 17 00:00:00 2001 From: Hwankyu Jhun Date: Wed, 29 Jun 2016 20:56:52 +0900 Subject: [PATCH 13/16] Remove unnecessary capability Change-Id: I3b5083baebaad31c2cdf4d614079c1a380abb548 Signed-off-by: Hwankyu Jhun --- packaging/launchpad.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/launchpad.spec b/packaging/launchpad.spec index c737c49..c99b544 100644 --- a/packaging/launchpad.spec +++ b/packaging/launchpad.spec @@ -82,8 +82,8 @@ cp %{_builddir}/%{name}-%{version}/LICENSE %{buildroot}/usr/share/license/%{nam %{_unitdir_user}/launchpad-process-pool.socket %{_unitdir_user}/sockets.target.wants/launchpad-process-pool.socket %{_unitdir_user}/default.target.wants/launchpad-process-pool.service -%caps(cap_mac_admin,cap_mac_override,cap_setgid=ei) %{_bindir}/launchpad-process-pool -%caps(cap_mac_override,cap_setgid=ei) %{_bindir}/launchpad-loader +%caps(cap_mac_admin,cap_setgid=ei) %{_bindir}/launchpad-process-pool +%caps(cap_setgid=ei) %{_bindir}/launchpad-loader %attr(0644,root,root) %{_libdir}/liblaunchpad.so.* %files devel -- 2.7.4 From 430dbe2e74269dd7f4a2389d7bc98c8f755cdaa4 Mon Sep 17 00:00:00 2001 From: Hwankyu Jhun Date: Wed, 6 Jul 2016 15:24:16 +0900 Subject: [PATCH 14/16] Modify closing all open fds Change-Id: Iafd862f582e9eb9bbeecf542c2dafcb510798cfb Signed-off-by: Hwankyu Jhun --- inc/launchpad_common.h | 1 + src/launchpad.c | 7 +------ src/launchpad_common.c | 41 +++++++++++++++++++++++++++++++++++++++++ src/launchpad_loader.c | 7 +------ 4 files changed, 44 insertions(+), 12 deletions(-) diff --git a/inc/launchpad_common.h b/inc/launchpad_common.h index 4f13aaa..1c07962 100644 --- a/inc/launchpad_common.h +++ b/inc/launchpad_common.h @@ -116,6 +116,7 @@ appinfo_t *_appinfo_create(bundle *kb); void _appinfo_free(appinfo_t *menu_info); char *_appinfo_get_app_path(appinfo_t *menu_info); int _proc_get_attr_by_pid(int pid, char *buf, int size); +int _close_all_fds(int except); #endif /* __LAUNCHPAD_COMMON_H__ */ diff --git a/src/launchpad.c b/src/launchpad.c index c12abc6..4d85ea9 100755 --- a/src/launchpad.c +++ b/src/launchpad.c @@ -544,8 +544,6 @@ static int __launch_directly(const char *appid, const char *app_path, int clifd, candidate_process_context_t *cpc) { int pid = fork(); - int max_fd; - int iter_fd; if (pid == 0) { PERF("fork done"); @@ -554,10 +552,7 @@ static int __launch_directly(const char *appid, const char *app_path, int clifd, __signal_unblock_sigchld(); __signal_fini(); - max_fd = sysconf(_SC_OPEN_MAX); - for (iter_fd = 3; iter_fd <= max_fd; iter_fd++) - close(iter_fd); - + _close_all_fds(0); _delete_sock_path(getpid(), getuid()); PERF("prepare exec - first done"); diff --git a/src/launchpad_common.c b/src/launchpad_common.c index f9f318d..810dc9f 100644 --- a/src/launchpad_common.c +++ b/src/launchpad_common.c @@ -764,3 +764,44 @@ int _delete_sock_path(int pid, uid_t uid) return 0; } +int _close_all_fds(const int except) +{ + DIR *dp; + struct dirent dentry; + struct dirent *result = NULL; + int fd; + int max_fd; + + dp = opendir("/proc/self/fd"); + if (dp == NULL) { + /* fallback */ + max_fd = sysconf(_SC_OPEN_MAX); + for (fd = 3; fd < max_fd; fd++) { + if (fd != except) + close(fd); + } + + return 0; + } + + while (readdir_r(dp, &dentry, &result) == 0 && result) { + if (!isdigit(dentry.d_name[0])) + continue; + + fd = atoi(dentry.d_name); + if (fd < 3) + continue; + + if (fd == dirfd(dp)) + continue; + + if (fd == except) + continue; + + close(fd); + } + closedir(dp); + + return 0; +} + diff --git a/src/launchpad_loader.c b/src/launchpad_loader.c index 2e9d18b..c7d7220 100644 --- a/src/launchpad_loader.c +++ b/src/launchpad_loader.c @@ -266,8 +266,6 @@ static int __loader_launch_cb(int argc, char **argv, const char *app_path, static void __close_fds(void) { - int iter_fd; - int max_fd = sysconf(_SC_OPEN_MAX); int fd = -1; const char *sockfd; @@ -275,10 +273,7 @@ static void __close_fds(void) if (sockfd) fd = atoi(sockfd); - for (iter_fd = 3; iter_fd <= max_fd; iter_fd++) { - if (iter_fd != fd) - close(iter_fd); - } + _close_all_fds(fd); } static int __loader_terminate_cb(int argc, char **argv, void *user_data) -- 2.7.4 From 17b8e02a1ff7f3eb87dd28c56ac4d562608328ba Mon Sep 17 00:00:00 2001 From: Hwankyu Jhun Date: Thu, 7 Jul 2016 19:06:22 +0900 Subject: [PATCH 15/16] Add the appid and the pkgid to the enviornment Change-Id: I6bed8f9e62f738944c1702536bddd61576f07a81 Signed-off-by: Hwankyu Jhun --- src/launchpad_common.c | 4 ++++ src/launchpad_lib.c | 45 +++++---------------------------------------- 2 files changed, 9 insertions(+), 40 deletions(-) diff --git a/src/launchpad_common.c b/src/launchpad_common.c index 810dc9f..7109129 100644 --- a/src/launchpad_common.c +++ b/src/launchpad_common.c @@ -637,6 +637,10 @@ void _set_env(appinfo_t *menu_info, bundle *kb) setenv("TASKMANAGE", menu_info->taskmanage, 1); if (menu_info->root_path != NULL) setenv("AUL_ROOT_PATH", menu_info->root_path, 1); + if (menu_info->appid != NULL) + setenv("AUL_APPID", menu_info->appid, 1); + if (menu_info->pkgid != NULL) + setenv("AUL_PKGID", menu_info->pkgid, 1); str = bundle_get_val(kb, AUL_K_WAYLAND_DISPLAY); if (str != NULL) diff --git a/src/launchpad_lib.c b/src/launchpad_lib.c index ec2b1d2..3cb5daf 100644 --- a/src/launchpad_lib.c +++ b/src/launchpad_lib.c @@ -47,9 +47,6 @@ static void *__loader_user_data; static int __argc; static char **__argv; static bundle *__bundle; -static char *__appid; -static char *__pkgid; -static char *__root_path; static int __loader_type = LAUNCHPAD_TYPE_UNSUPPORTED; static int __loader_id; @@ -59,18 +56,6 @@ static void __at_exit_to_release_bundle() bundle_free(__bundle); } -static void __release_at_exit(void) -{ - if (__appid != NULL) - free(__appid); - - if (__pkgid != NULL) - free(__pkgid); - - if (__root_path != NULL) - free(__root_path); -} - static int __prepare_exec(const char *appid, const char *app_path, const char *pkg_type, int type) { @@ -174,7 +159,6 @@ static int __candidate_process_launchpad_main_loop(app_pkt_t *pkt, __bundle = kb; atexit(__at_exit_to_release_bundle); - atexit(__release_at_exit); menu_info = _appinfo_create(kb); if (menu_info == NULL) { @@ -208,41 +192,22 @@ static int __candidate_process_launchpad_main_loop(app_pkt_t *pkt, _modify_bundle(kb, /*cr.pid - unused parameter*/ 0, menu_info, pkt->cmd); - __appid = strdup(menu_info->appid); - if (__appid == NULL) { - _E("Out of memory"); - exit(-1); - } - aul_set_preinit_appid(__appid); - if (menu_info->pkgid == NULL) { _E("unable to get pkg_id from menu_info"); exit(-1); } - SECURE_LOGD("pkg id: %s", menu_info->pkgid); - - __pkgid = strdup(menu_info->pkgid); - if (__pkgid == NULL) { - _E("Out of memory"); - exit(-1); - } - aul_set_preinit_pkgid(__pkgid); - __root_path = strdup(menu_info->root_path); - if (__root_path == NULL) { - _E("Out of memory"); - exit(-1); - } - aul_set_preinit_root_path(__root_path); + SECURE_LOGD("pkg id: %s", menu_info->pkgid); tmp_argv = _create_argc_argv(kb, &tmp_argc); - __default_launch_cb(kb, __appid, app_path, menu_info->pkg_type, type); + __default_launch_cb(kb, menu_info->appid, app_path, + menu_info->pkg_type, type); if (__loader_callbacks->launch) { ret = __loader_callbacks->launch(tmp_argc, tmp_argv, app_path, - __appid, __pkgid, menu_info->pkg_type, - __loader_user_data); + menu_info->appid, menu_info->pkgid, + menu_info->pkg_type, __loader_user_data); } /* SET ENVIROMENT*/ -- 2.7.4 From 6791e3816c0977f901d88480f5c2c6bfe83a0f3b Mon Sep 17 00:00:00 2001 From: Junghoon Park Date: Mon, 11 Jul 2016 19:09:13 +0900 Subject: [PATCH 16/16] Trim debug messages Change-Id: I1ba22ddca3763ae4f201a715fb73799e1697ad99 Signed-off-by: Junghoon Park --- src/launchpad.c | 45 ++++++++++++++++++--------------------------- 1 file changed, 18 insertions(+), 27 deletions(-) diff --git a/src/launchpad.c b/src/launchpad.c index 4d85ea9..f2ca786 100755 --- a/src/launchpad.c +++ b/src/launchpad.c @@ -50,6 +50,11 @@ #define LOADER_PATH_DEFAULT "/usr/bin/launchpad-loader" #define LOADER_INFO_PATH "/usr/share/aul" #define REGULAR_UID_MIN 5000 +#define PAD_ERR_FAILED -1 +#define PAD_ERR_REJECTED -2 +#define PAD_ERR_INVALID_ARGUMENT -3 +#define PAD_ERR_INVALID_PATH -4 + typedef struct { int type; @@ -503,29 +508,21 @@ static int __prepare_exec(const char *appid, const char *app_path, /* SET PRIVILEGES*/ if (bundle_get_val(kb, AUL_K_PRIVACY_APPID) == NULL) { - _D("appId: %s / app_path : %s ", appid, app_path); ret = security_manager_prepare_app(appid); - if (ret != SECURITY_MANAGER_SUCCESS) { - _D("fail to set privileges - check " - "your package's credential : %d\n", - ret); - return -1; - } + if (ret != SECURITY_MANAGER_SUCCESS) + return PAD_ERR_REJECTED; } /* SET DUMPABLE - for coredump*/ prctl(PR_SET_DUMPABLE, 1); /* SET PROCESS NAME*/ - if (app_path == NULL) { - _D("app_path should not be NULL - check menu db"); - return -1; - } + if (app_path == NULL) + return PAD_ERR_INVALID_ARGUMENT; + file_name = strrchr(app_path, '/') + 1; - if (file_name == NULL) { - _D("can't locate file name to execute"); - return -1; - } + if (file_name == NULL) + return PAD_ERR_INVALID_PATH; _prepare_listen_sock(); @@ -544,6 +541,7 @@ static int __launch_directly(const char *appid, const char *app_path, int clifd, candidate_process_context_t *cpc) { int pid = fork(); + int ret; if (pid == 0) { PERF("fork done"); @@ -556,19 +554,13 @@ static int __launch_directly(const char *appid, const char *app_path, int clifd, _delete_sock_path(getpid(), getuid()); PERF("prepare exec - first done"); - _D("lock up test log(no error) : prepare exec - first done"); - - if (__prepare_exec(appid, app_path, menu_info, kb) < 0) { - SECURE_LOGE("preparing work fail to launch - " - "can not launch %s\n", appid); - exit(-1); - } + if ((ret = __prepare_exec(appid, app_path, menu_info, kb)) < 0) + exit(ret); PERF("prepare exec - second done"); - _D("lock up test log(no error) : prepare exec - second done"); __real_launch(app_path, kb); - exit(-1); + exit(PAD_ERR_FAILED); } SECURE_LOGD("==> real launch pid : %d %s\n", pid, app_path); @@ -795,10 +787,9 @@ static gboolean __handle_sigchild(gpointer data) if (s == 0) break; - if (s != sizeof(struct signalfd_siginfo)) { - _E("error reading sigchld info"); + if (s != sizeof(struct signalfd_siginfo)) break; - } + __launchpad_process_sigchld(&siginfo); cpc = __find_slot_from_pid(siginfo.ssi_pid); if (cpc != NULL) { -- 2.7.4