From fb4847987e9d6a8f462e8af9f8040cd736dcd7a8 Mon Sep 17 00:00:00 2001 From: "shingil.kang" Date: Mon, 25 Jul 2016 16:56:52 +0900 Subject: [PATCH 01/16] Removed that debug-launchpad is started or stopped by sdbd Change-Id: Id6aa4c6d6fee7976b929c33d4b1b4ede0647dff1 Signed-off-by: shingil.kang --- src/sdb.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/src/sdb.c b/src/sdb.c index 39b874a..5667e73 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -139,9 +139,6 @@ void handle_sig_term(int sig) { if (access(SDB_PIDPATH, F_OK) == 0) sdb_unlink(SDB_PIDPATH); #endif - char * const cmd1_args[] = {"/usr/bin/killall", "/usr/bin/debug_launchpad_preloading_preinitializing_daemon", NULL}; - spawn("/usr/bin/killall", cmd1_args); - sdb_sleep_ms(1000); } static const char *sdb_device_banner = "device"; @@ -1560,12 +1557,6 @@ int set_sdk_user_privileges() { return 0; } -static void execute_required_process() { - char * const cmd_args[] = {"/usr/bin/debug_launchpad_preloading_preinitializing_daemon",NULL}; - - spawn("/usr/bin/debug_launchpad_preloading_preinitializing_daemon", cmd_args); -} - /* default plugin proc */ static int get_plugin_capability(const char* in_buf, sdbd_plugin_param out) { int ret = SDBD_PLUGIN_RET_NOT_SUPPORT; @@ -1910,8 +1901,6 @@ static void init_sdk_requirements() { } } - execute_required_process(); - if (is_emulator()) { register_bootdone_cb(); } -- 2.7.4 From c0ec4a47c302c53b1c27627eb376338457a16a5e Mon Sep 17 00:00:00 2001 From: woojin Date: Wed, 27 Jul 2016 16:54:46 +0900 Subject: [PATCH 02/16] get valgrind binary path from platform configuration get valgrind binary path from /etc/tizen-platform.conf so that valgrind terminates normally Change-Id: I7f88c193cd32a7c347122ce053851eb04b64d1b4 Signed-off-by: woojin --- script/profile_command | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/script/profile_command b/script/profile_command index f8abd42..32c3e80 100755 --- a/script/profile_command +++ b/script/profile_command @@ -8,6 +8,9 @@ FIND=/usr/bin/find GETAPPINSTALLPATH="/usr/bin/pkgcmd -a" PORTFILE=/tmp/port.da +source /etc/tizen-platform.conf +SDK_TOOLS_PATH=${TZ_SDK_TOOLS} + print_usage() { echo "usage: profile_command [options]" @@ -54,7 +57,7 @@ get_version() kill_valgrind() { - /bin/ps ax | /bin/grep "/home/developer/sdk_tools/valgrind/usr/bin/valgrin[d]" | /usr/bin/awk '{print "kill -3 " $1}' | /bin/sh + /bin/ps ax | /bin/grep "$SDK_TOOLS_PATH/valgrind/usr/bin/valgrin[d]" | /usr/bin/awk '{print "kill -3 " $1}' | /bin/sh } if test $# -ne 1 ; then -- 2.7.4 From 53773d3d66f46553c7b94ca8f24b89c2b4236bbf Mon Sep 17 00:00:00 2001 From: "shingil.kang" Date: Fri, 29 Jul 2016 18:44:24 +0900 Subject: [PATCH 03/16] Added 'environment_variables' capability - Environment variables are applied to sdb shell process environment. - Each environment variable should be separated by new line character('\n'). e.g.) A=B\nC=D - The length of environment string should be less than 4096 byte. - The total number of environment variables should be less than 100. Change-Id: If5b52217b364ecf45eb88f0d8d3644cec40d3d30 Signed-off-by: shingil.kang --- src/sdb.c | 7 +++++++ src/sdbd_plugin.h | 5 +++-- src/services.c | 57 +++++++++++++++++++++++++++++++++++++------------------ src/strutils.c | 7 +++++-- src/strutils.h | 3 ++- 5 files changed, 56 insertions(+), 23 deletions(-) diff --git a/src/sdb.c b/src/sdb.c index 5667e73..22d2794 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1687,6 +1687,11 @@ static int verify_root_cmd(const char* in_buf, sdbd_plugin_param out) { return ret; } +static int get_shell_env(const char* in_buf, sdbd_plugin_param out) { + snprintf(out.data, out.len, "%s", ""); + return SDBD_PLUGIN_RET_SUCCESS; +} + int default_cmd_proc(const char* cmd, const char* in_buf, sdbd_plugin_param out) { int ret = SDBD_PLUGIN_RET_NOT_SUPPORT; @@ -1712,6 +1717,8 @@ int default_cmd_proc(const char* cmd, ret = verify_sdbd_launch(in_buf, out); } else if (SDBD_CMP_CMD(cmd, VERIFY_ROOTCMD)) { ret = verify_root_cmd(in_buf, out); + } else if (SDBD_CMP_CMD(cmd, SHELL_ENVVAR)) { + ret = get_shell_env(in_buf, out); } else { D("Not supported command : %s\n", cmd); ret = SDBD_PLUGIN_RET_NOT_SUPPORT; diff --git a/src/sdbd_plugin.h b/src/sdbd_plugin.h index 9bfc4b9..2d94157 100644 --- a/src/sdbd_plugin.h +++ b/src/sdbd_plugin.h @@ -26,6 +26,7 @@ #define SDBD_CMD_VERIFY_PEERIP "verify_peer_ip" #define SDBD_CMD_VERIFY_LAUNCH "verify_sdbd_launch" #define SDBD_CMD_VERIFY_ROOTCMD "verify_root_cmd" +#define SDBD_CMD_SHELL_ENVVAR "sdbd_shell_env_var" /* plugin capabilities */ #define SDBD_CAP_TYPE_SECURE "secure_protocol_support" @@ -36,8 +37,8 @@ #define SDBD_CAP_TYPE_ROOTONOFF "root_onoff_support" #define SDBD_CAP_TYPE_PLUGIN_VER "sdbd_plugin_version" #define SDBD_CAP_TYPE_PRODUCT_VER "product_version" -#define SDBD_CAP_TYPE_LOG_ENABLE "sdbd_log_enable" -#define SDBD_CAP_TYPE_LOG_PATH "sdbd_log_path" +#define SDBD_CAP_TYPE_LOG_ENABLE "sdbd_log_enable" +#define SDBD_CAP_TYPE_LOG_PATH "sdbd_log_path" /* capability return string */ #define SDBD_CAP_RET_ENABLED "enabled" diff --git a/src/services.c b/src/services.c index 84e959b..bc2f35a 100644 --- a/src/services.c +++ b/src/services.c @@ -57,7 +57,6 @@ struct stinfo { void *cookie; }; - void *service_bootstrap_func(void *x) { stinfo *sti = x; @@ -599,22 +598,16 @@ static int create_subproc_thread(const char *name, int lines, int columns) char *trim_value = NULL; char path[PATH_MAX]; memset(path, 0, sizeof(path)); - - char *envp[] = { - "TERM=linux", /* without this, some programs based on screen can't work, e.g. top */ - "DISPLAY=:0", /* without this, some programs based on without launchpad can't work */ - NULL, - NULL, - NULL, - NULL, - NULL - }; + char *envp[MAX_TOKENS]; + int envp_cnt = 0; + envp[envp_cnt++] = strdup("TERM=linux"); + envp[envp_cnt++] = strdup("DISPLAY=:0"); if (should_drop_privileges()) { if (g_sdk_home_dir_env) { - envp[2] = g_sdk_home_dir_env; + envp[envp_cnt++] = strdup(g_sdk_home_dir_env); } else { - envp[2] = "HOME=/home/owner"; + envp[envp_cnt++] = strdup("HOME=/home/owner"); } get_env("ENV_PATH", &value); } else { @@ -622,7 +615,7 @@ static int create_subproc_thread(const char *name, int lines, int columns) if(value == NULL) { get_env("ENV_ROOTPATH", &value); } - envp[2] = "HOME=/root"; + envp[envp_cnt++] = strdup("HOME=/root"); } if (value != NULL) { trim_value = str_trim(value); @@ -633,15 +626,32 @@ static int create_subproc_thread(const char *name, int lines, int columns) } else { snprintf(path, sizeof(path), "%s", trim_value); } - envp[3] = path; + envp[envp_cnt++] = strdup(path); } else { snprintf(path, sizeof(path), "%s", value); - envp[3] = path; + envp[envp_cnt++] = strdup(path); } free(value); } - D("path env:%s,%s,%s,%s\n", envp[0], envp[1], envp[2], envp[3]); + /* get environment variables from plugin */ + char *envp_plugin = NULL; + envp_plugin = malloc(SDBD_PLUGIN_OUTBUF_MAX); + if (envp_plugin == NULL) { + D("Cannot allocate the shell commnad buffer."); + return -1; + } + memset(envp_plugin, 0, SDBD_PLUGIN_OUTBUF_MAX); + if (!request_plugin_cmd(SDBD_CMD_SHELL_ENVVAR, "", envp_plugin, SDBD_PLUGIN_OUTBUF_MAX)) { + D("Failed to convert the shell command. (%s)\n", name); + free(envp_plugin); + return -1; + } else { + if(envp_plugin[0] != '\0') { + envp_cnt = tokenize_append(envp_plugin, "\n", envp, MAX_TOKENS, envp_cnt); + } + } + free(envp_plugin); if(name) { // in case of shell execution directly // Check the shell command validation. @@ -709,6 +719,18 @@ static int create_subproc_thread(const char *name, int lines, int columns) } #endif } + + /* free environment variables */ + int i = 0; + if(envp_cnt > 0) { + for(i = 0; i < envp_cnt; i++) { + if(envp[i]) { + D("envp[%d] = %s\n", i, envp[i]); + free(envp[i]); + } + } + } + D("create_subprocess() ret_fd=%d pid=%d\n", ret_fd, pid); if (ret_fd < 0) { @@ -958,7 +980,6 @@ static void get_capability(int fd, void *cookie) { offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, "log_path", g_capabilities.log_path); - offset++; // for '\0' character writex(fd, &offset, sizeof(uint16_t)); diff --git a/src/strutils.c b/src/strutils.c index 910e3be..cba6a23 100644 --- a/src/strutils.c +++ b/src/strutils.c @@ -8,9 +8,12 @@ #define PATH_MAX 4096 #endif - size_t tokenize(const char *str, const char *delim, char *tokens[], size_t max_tokens ) { - int cnt = 0; + return tokenize_append(str, delim, tokens, max_tokens, 0); +} + +size_t tokenize_append(const char *str, const char *delim, char *tokens[], size_t max_tokens, int append_position) { + int cnt = append_position; char tmp[PATH_MAX+1]; char *ptr; diff --git a/src/strutils.h b/src/strutils.h index 897579f..e101091 100644 --- a/src/strutils.h +++ b/src/strutils.h @@ -1,9 +1,10 @@ #ifndef _STRUTILS_H_ #define _STRUTILS_H_ -#define MAX_TOKENS 30 +#define MAX_TOKENS 100 size_t tokenize(const char *str, const char *delim, char *tokens[], size_t max_tokens); +size_t tokenize_append(const char *str, const char *delim, char *tokens[], size_t max_tokens, int append_position); void free_strings(char **array, int n); int read_line(const int fd, char* ptr, const unsigned int maxlen); char *s_strncpy(char *dest, const char *source, size_t n); -- 2.7.4 From dac34aa6a9feae52a3a986ccda169026dfd63c5b Mon Sep 17 00:00:00 2001 From: Kim Gunsoo Date: Mon, 11 Jan 2016 13:39:14 +0900 Subject: [PATCH 04/16] Checks whether socket transport is duplicated. - When connecting with sdb server, to prevent abnormal connection request the check routine is added. Change-Id: Ifd59f87f826dba442aa5af08145a5dcab9fd61c8 Signed-off-by: Kim Gunsoo --- src/transport.c | 51 ++++++++++++++++++++++++++++++++++++++++++++------- src/transport_local.c | 3 +++ 2 files changed, 47 insertions(+), 7 deletions(-) diff --git a/src/transport.c b/src/transport.c index caecd13..2083fbc 100644 --- a/src/transport.c +++ b/src/transport.c @@ -32,6 +32,12 @@ static atransport transport_list = { .prev = &transport_list, }; +static atransport pending_list = { + .next = &pending_list, + .prev = &pending_list, +}; + + SDB_MUTEX_DEFINE( transport_lock ); #if SDB_TRACE @@ -302,7 +308,7 @@ static void *output_thread(void *_t) } oops: - D("%s: transport output thread is exiting\n", t->serial); + D("%s: transport output thread is exiting, fd %d, sfd %d\n", t->serial, t->fd, t->sfd); kick_transport(t); transport_unref(t); return 0; @@ -360,7 +366,7 @@ static void *input_thread(void *_t) // while a client socket is still active. close_all_sockets(t); - D("%s: transport input thread is exiting, fd %d\n", t->serial, t->fd); + D("%s: transport input thread is exiting, fd %d, sfd %d\n", t->serial, t->fd, t->sfd); kick_transport(t); transport_unref(t); return 0; @@ -649,8 +655,13 @@ static void transport_registration_func(int _fd, unsigned ev, void *data) } } - /* put us on the master device list */ sdb_mutex_lock(&transport_lock); + if (t->type == kTransportLocal) { + /* remove the transport from pending list */ + t->next->prev = t->prev; + t->prev->next = t->next; + } + /* put us on the master device list */ t->next = &transport_list; t->prev = transport_list.prev; t->next->prev = t; @@ -709,7 +720,7 @@ static void transport_unref_locked(atransport *t) { t->ref_count--; if (t->ref_count == 0) { - D("transport: %s unref (kicking and closing)\n", t->serial); + D("transport: %s unref (kicking and closing), fd %d, sfd %d\n", t->serial, t->fd, t->sfd); if (!t->kicked) { t->kicked = 1; t->kick(t); @@ -910,9 +921,35 @@ void register_socket_transport(int s, const char *serial, int port, int local, c #endif return; } - if(serial) { - t->serial = strdup(serial); - } + + /* Allow ONLY a single connection with sdb server. */ + sdb_mutex_lock(&transport_lock); + atransport *old_t; + for(old_t = pending_list.next; old_t != &pending_list; old_t = old_t->next) { + if (old_t->serial && !strcmp(serial, old_t->serial)) { + sdb_mutex_unlock(&transport_lock); + sdb_close(s); + free(t); + return; + } + } + + for(old_t = transport_list.next; old_t != &transport_list; old_t = old_t->next) { + if (old_t->serial && !strcmp(serial, old_t->serial)) { + sdb_mutex_unlock(&transport_lock); + sdb_close(s); + free(t); + return; + } + } + + t->next = &pending_list; + t->prev = pending_list.prev; + t->next->prev = t; + t->prev->next = t; + t->serial = strdup(serial); + sdb_mutex_unlock(&transport_lock); + #if SDB_HOST /* tizen specific */ if (device_name) {/* tizen specific */ t->device_name = strdup(device_name); diff --git a/src/transport_local.c b/src/transport_local.c index 527e1f5..ff4aa36 100644 --- a/src/transport_local.c +++ b/src/transport_local.c @@ -296,6 +296,9 @@ static void *server_socket_thread(void * arg) } else { register_socket_transport(fd, "host", port, 1, NULL); } + } else { + D("failed to accept() from sdb server\n"); + //FIXME: implements error handle for EMFILE or ENFILE } } D("transport: server_socket_thread() exiting\n"); -- 2.7.4 From 4523b8e3c98535323865e17d6d53ae183d04b7c3 Mon Sep 17 00:00:00 2001 From: "shingil.kang" Date: Tue, 9 Aug 2016 17:49:14 +0900 Subject: [PATCH 05/16] Fixed the build problem for emulator 64 bit architecture. - modified the way which determines device type (emulator or target) Change-Id: I1742336fcf128649362d4b855777fa6312636b8d Signed-off-by: shingil.kang --- packaging/sdbd.spec | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index e8539f8..a880c80 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -2,7 +2,7 @@ Name: sdbd Summary: SDB daemon -Version: 3.0.12 +Version: 3.0.13 Release: 0 License: Apache-2.0 Summary: SDB daemon @@ -41,7 +41,7 @@ cp %{SOURCE1003} . %else %define wearable_profile off %endif -%ifarch %{ix86} +%if %{with emulator} %define target_arch x86 %else %define target_arch arm @@ -57,17 +57,16 @@ mkdir -p %{buildroot}/usr/share/license cp LICENSE %{buildroot}/usr/share/license/%{name} %make_install -mkdir -p %{buildroot}%{_libdir}/systemd/system mkdir -p %{buildroot}%{_unitdir} -%ifarch %{ix86} +%if %{with emulator} %if "%{profile}" == "tv" -install -m 0644 %SOURCE1006 %{buildroot}%{_libdir}/systemd/system/sdbd.service +install -m 0644 %SOURCE1006 %{buildroot}%{_unitdir}/sdbd.service %else -install -m 0644 %SOURCE1002 %{buildroot}%{_libdir}/systemd/system/sdbd.service +install -m 0644 %SOURCE1002 %{buildroot}%{_unitdir}/sdbd.service %endif -mkdir -p %{buildroot}/%{_libdir}/systemd/system/emulator_preinit.target.wants -ln -s %{_libdir}/systemd/system/sdbd.service %{buildroot}/%{_libdir}/systemd/system/emulator_preinit.target.wants/ +mkdir -p %{buildroot}/%{_unitdir}/emulator_preinit.target.wants +ln -s %{_unitdir}/sdbd.service %{buildroot}/%{_unitdir}/emulator_preinit.target.wants/ %else %if "%{profile}" == "tv" @@ -76,8 +75,8 @@ install -m 0644 %SOURCE1005 %{buildroot}%{_unitdir}/sdbd.service install -m 0644 %SOURCE1001 %{buildroot}%{_unitdir}/sdbd.service %endif install -m 0644 %SOURCE1004 %{buildroot}%{_unitdir}/sdbd_tcp.service -mkdir -p %{buildroot}/%{_libdir}/systemd/system/multi-user.target.wants -ln -s %{_libdir}/systemd/system/sdbd.service %{buildroot}/%{_libdir}/systemd/system/multi-user.target.wants/ +mkdir -p %{buildroot}/%{_unitdir}/multi-user.target.wants +ln -s %{_unitdir}/sdbd.service %{buildroot}/%{_unitdir}/multi-user.target.wants/ %endif mkdir -p %{buildroot}%{_prefix}/sbin @@ -105,11 +104,11 @@ fi %{_prefix}/sbin/sdk_launch %attr(0755, root, root) %{_sysconfdir}/init.d/sdbd %{_unitdir}/sdbd.service -%ifarch %{ix86} -%{_libdir}/systemd/system/emulator_preinit.target.wants/sdbd.service +%if %{with emulator} +%{_unitdir}/emulator_preinit.target.wants/sdbd.service %else %{_unitdir}/sdbd_tcp.service -%{_libdir}/systemd/system/multi-user.target.wants/sdbd.service +%{_unitdir}/multi-user.target.wants/sdbd.service %endif /usr/share/license/%{name} %{TZ_SYS_BIN}/profile_command -- 2.7.4 From 8281cfe87c62ac5dc792701ccb357da1e0c7ca2a Mon Sep 17 00:00:00 2001 From: Kim Gunsoo Date: Mon, 23 Nov 2015 15:20:53 +0900 Subject: [PATCH 06/16] Add the can_launch member to capability structure. - The can_launch member is used to determine whether to install/launch an Application for the corresponding platform in the IDE. - To obtain the can_launch information, queries the sdbd plugin. Change-Id: Ic39cc0dce2267190de2e6052172a6333a1e5882b Signed-off-by: Kim Gunsoo --- src/sdb.c | 26 +++++++++++++++++++++++--- src/sdb.h | 4 ++++ src/sdbd_plugin.h | 1 + src/services.c | 12 ++++++++++-- 4 files changed, 38 insertions(+), 5 deletions(-) diff --git a/src/sdb.c b/src/sdb.c index 22d2794..f44b32d 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1599,6 +1599,10 @@ static int get_plugin_capability(const char* in_buf, sdbd_plugin_param out) { } else { snprintf(out.data, out.len, "%s", SDBD_CAP_RET_DISABLED); } + ret = SDBD_PLUGIN_RET_SUCCESS; + } else if (SDBD_CMP_CAP(in_buf, CANLAUNCH)) { + snprintf(out.data, out.len, "%s", UNKNOWN); + ret = SDBD_PLUGIN_RET_SUCCESS; } else if (SDBD_CMP_CAP(in_buf, PLUGIN_VER)) { snprintf(out.data, out.len, "%s", UNKNOWN); ret = SDBD_PLUGIN_RET_SUCCESS; @@ -2093,6 +2097,16 @@ static void init_capabilities(void) { } + // Target name of the launch possible + if(!request_plugin_cmd(SDBD_CMD_PLUGIN_CAP, SDBD_CAP_TYPE_CANLAUNCH, + g_capabilities.can_launch, + sizeof(g_capabilities.can_launch))) { + D("failed to request. (%s:%s) \n", SDBD_CMD_PLUGIN_CAP, SDBD_CAP_TYPE_CANLAUNCH); + snprintf(g_capabilities.can_launch, sizeof(g_capabilities.can_launch), + "%s", UNKNOWN); + } + + // Platform version ret = system_info_get_platform_string("http://tizen.org/feature/platform.version", &value); if (ret != SYSTEM_INFO_ERROR_NONE) { @@ -2132,6 +2146,7 @@ static void init_capabilities(void) { "%s", UNKNOWN); } + // sdbd log enable if(!request_plugin_cmd(SDBD_CMD_PLUGIN_CAP, SDBD_CAP_TYPE_LOG_ENABLE, g_capabilities.log_enable, @@ -2139,16 +2154,21 @@ static void init_capabilities(void) { D("failed to request. (%s:%s) \n", SDBD_CMD_PLUGIN_CAP, SDBD_CAP_TYPE_LOG_ENABLE); snprintf(g_capabilities.log_enable, sizeof(g_capabilities.log_enable), "%s", DISABLED); - } + } - // sdbd log path + // sdbd log path if(!request_plugin_cmd(SDBD_CMD_PLUGIN_CAP, SDBD_CAP_TYPE_LOG_PATH, g_capabilities.log_path, sizeof(g_capabilities.log_path))) { D("failed to request. (%s:%s) \n", SDBD_CMD_PLUGIN_CAP, SDBD_CAP_TYPE_LOG_PATH); snprintf(g_capabilities.log_path, sizeof(g_capabilities.log_path), "%s", UNKNOWN); - } + } + + + // Capability version + snprintf(g_capabilities.sdbd_cap_version, sizeof(g_capabilities.sdbd_cap_version), + "%d.%d", SDBD_CAP_VERSION_MAJOR, SDBD_CAP_VERSION_MINOR); } static int is_support_usbproto() diff --git a/src/sdb.h b/src/sdb.h index c9a9e0c..75dba43 100644 --- a/src/sdb.h +++ b/src/sdb.h @@ -247,6 +247,8 @@ typedef struct platform_info { #define CAPBUF_ITEMSIZE 32 #define CAPBUF_L_ITEMSIZE 256 #define CAPBUF_LL_ITEMSIZE PATH_MAX +#define SDBD_CAP_VERSION_MAJOR 1 +#define SDBD_CAP_VERSION_MINOR 0 typedef struct platform_capabilities { char secure_protocol[CAPBUF_ITEMSIZE]; // enabled or disabled @@ -266,11 +268,13 @@ typedef struct platform_capabilities char profile_name[CAPBUF_ITEMSIZE]; // profile name (ex. mobile) char vendor_name[CAPBUF_ITEMSIZE]; // vendor name (ex. Tizen) char sdk_toolpath[CAPBUF_L_ITEMSIZE]; // sdk tool path + char can_launch[CAPBUF_L_ITEMSIZE]; // target name char platform_version[CAPBUF_ITEMSIZE]; // platform version (ex. 2.3.0) char product_version[CAPBUF_ITEMSIZE]; // product version (ex. 1.0) char sdbd_version[CAPBUF_ITEMSIZE]; // sdbd version char sdbd_plugin_version[CAPBUF_ITEMSIZE]; // sdbd plugin version + char sdbd_cap_version[CAPBUF_ITEMSIZE]; // capability version } pcap; pcap g_capabilities; diff --git a/src/sdbd_plugin.h b/src/sdbd_plugin.h index 2d94157..dce56e1 100644 --- a/src/sdbd_plugin.h +++ b/src/sdbd_plugin.h @@ -35,6 +35,7 @@ #define SDBD_CAP_TYPE_USBPROTO "usb_protocol_support" #define SDBD_CAP_TYPE_SOCKPROTO "socket_protocol_support" #define SDBD_CAP_TYPE_ROOTONOFF "root_onoff_support" +#define SDBD_CAP_TYPE_CANLAUNCH "can_launch_target" #define SDBD_CAP_TYPE_PLUGIN_VER "sdbd_plugin_version" #define SDBD_CAP_TYPE_PRODUCT_VER "product_version" #define SDBD_CAP_TYPE_LOG_ENABLE "sdbd_log_enable" diff --git a/src/services.c b/src/services.c index bc2f35a..2fbcaa7 100644 --- a/src/services.c +++ b/src/services.c @@ -924,6 +924,10 @@ static void get_capability(int fd, void *cookie) { offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, "sockproto_support", g_capabilities.sockproto_support); + // Window size synchronization support + offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, + "syncwinsz_support", g_capabilities.syncwinsz_support); + // Root command support offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, "rootonoff_support", g_capabilities.rootonoff_support); @@ -952,6 +956,10 @@ static void get_capability(int fd, void *cookie) { offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, "vendor_name", g_capabilities.vendor_name); + // Target name of the launch possible + offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, + "can_launch", g_capabilities.can_launch); + // Platform version offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, "platform_version", g_capabilities.platform_version); @@ -968,9 +976,9 @@ static void get_capability(int fd, void *cookie) { offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, "sdbd_plugin_version", g_capabilities.sdbd_plugin_version); - // Window size synchronization support + // Capability version offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, - "syncwinsz_support", g_capabilities.syncwinsz_support); + "sdbd_cap_version", g_capabilities.sdbd_cap_version); // Sdbd log enable offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, -- 2.7.4 From f17729d36596c1bb347a3ade5d86f6d05bd931e3 Mon Sep 17 00:00:00 2001 From: greatim Date: Thu, 25 Aug 2016 20:05:12 +0900 Subject: [PATCH 07/16] change umask value to 022 from 000 because of security reason change umask value to 022 from 000 because of security reason add S_IWOTH for pushed file to owner's content directory Change-Id: Ie0677c4bfa8c494c13ab0ac32cdb730f90d22864 Signed-off-by: greatim --- src/file_sync_service.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++-- src/sdb.c | 10 +++---- src/sdb.h | 2 ++ 3 files changed, 75 insertions(+), 7 deletions(-) diff --git a/src/file_sync_service.c b/src/file_sync_service.c index 5fc6642..b0a0f07 100644 --- a/src/file_sync_service.c +++ b/src/file_sync_service.c @@ -14,6 +14,7 @@ * limitations under the License. */ +#include #include #include #include @@ -58,6 +59,8 @@ struct sync_permit_rule sdk_sync_permit_rule[] = { */ #define DIR_PERMISSION 0777 +static struct tzplatform_context* sdk_user_context = NULL; + void init_sdk_sync_permit_rule_regx(void) { int ret; @@ -334,6 +337,62 @@ static void sync_mediadb(char *path) { return; } +static void deinit_sdk_user_context(void) { + if (sdk_user_context != NULL) { + tzplatform_context_destroy(sdk_user_context); + sdk_user_context = NULL; + } +} + +// return 0 if success to initialize +// return negative value otherwise +static int init_sdk_user_context() { + if (sdk_user_context == NULL) { + int ret = tzplatform_context_create(&sdk_user_context); + if (ret < 0) { + D ("failed to create tzplatform context by error (%d)\n", ret); + return ret; + } + + ret = tzplatform_context_set_user(sdk_user_context, g_sdk_user_id); + if (ret < 0) { + D ("failed to set user to sdk_user_context\n"); + return ret; + } + + atexit(deinit_sdk_user_context); + } + + return 0; +} + +// return 1 if given directory is writable by others +// return 0 otherwise +static int is_writable_by_others(char* path) { + int ret = 0; + + if ( init_sdk_user_context() == 0 ) { + const char* content_path = tzplatform_context_getenv(sdk_user_context, TZ_USER_CONTENT); + char* abpath = realpath(path, NULL); + D ("tzplatform getenv : %s\n", content_path); + + if (abpath != NULL) { + if (strncmp(abpath, content_path, strlen(content_path)) == 0) { + D("path (%s) is writable by others\n", path); + ret = 1; + } + free(abpath); + } else { + D("failed to get realpath of (%s)\n", path); + } + } else { + // do nothing + // no directory is writable by others + } + + return ret; +} + static int handle_send_file(int s, int noti_fd, char *path, mode_t mode, char *buffer) { syncmsg msg; @@ -495,6 +554,8 @@ static int do_send(int s, int noti_fd, char *path, char *buffer) return -1; } + D("send path (%s)\n", path); + tmp = strrchr(path,','); if(tmp) { *tmp = 0; @@ -505,7 +566,6 @@ static int do_send(int s, int noti_fd, char *path, char *buffer) #endif // extracts file permission from stat.mode. (ex 100644 & 0777 = 644); mode &= 0777; // combination of (S_IRWXU | S_IRWXG | S_IRWXO) - mode |= S_IWOTH; // SDK requirement from N_SE-43337 } if(!tmp || errno) { mode = 0644; // set default permission value in most of unix system. @@ -523,7 +583,6 @@ static int do_send(int s, int noti_fd, char *path, char *buffer) // sdb does not allow to check that file exists or not. After deleting old file and creating new file again unconditionally. sdb_unlink(path); - #ifdef HAVE_SYMLINKS if(is_link) ret = handle_send_link(s, noti_fd, path, buffer); @@ -539,6 +598,13 @@ static int do_send(int s, int noti_fd, char *path, char *buffer) //mode |= ((mode >> 3) & 0070); //mode |= ((mode >> 3) & 0007); ret = handle_send_file(s, noti_fd, path, mode, buffer); + if (is_writable_by_others(path)) { + mode_t realmode = mode & ~(SDBD_UMASK); + realmode |= S_IWOTH; + if (chmod(path, realmode) != 0) { + D ("failed to chmod of writable path by others\n"); + } + } } return ret; diff --git a/src/sdb.c b/src/sdb.c index 22d2794..a30b3c4 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1084,9 +1084,6 @@ void start_device_log(void) int daemonize(void) { - // set file creation mask to 0 - umask(0); - switch (fork()) { case -1: return -1; @@ -1095,6 +1092,11 @@ int daemonize(void) { default: _exit(0); } + + // 2016-08-25 : modified umask to 022 from 000 because of security reason + // there is a problem that the file created by sdb shell command could be written by 'others' + umask(SDBD_UMASK); + #ifdef SDB_PIDPATH FILE *f = fopen(SDB_PIDPATH, "w"); @@ -2200,8 +2202,6 @@ int sdb_main(int is_daemon, int server_port) D("sdbd should be launched in develop mode.\n"); return -1; } - - umask(000); #endif atexit(sdb_cleanup); diff --git a/src/sdb.h b/src/sdb.h index c9a9e0c..36f28e1 100644 --- a/src/sdb.h +++ b/src/sdb.h @@ -47,6 +47,8 @@ #define SDB_SERVER_VERSION 0 // Increment this when we want to force users to start a new sdb server +#define SDBD_UMASK 0022 // default file creation mask of sdbd + typedef struct amessage amessage; typedef struct apacket apacket; typedef struct asocket asocket; -- 2.7.4 From 32d8f697b178247d59333685e2b476ae91a91606 Mon Sep 17 00:00:00 2001 From: "shingil.kang" Date: Fri, 23 Sep 2016 17:50:37 +0900 Subject: [PATCH 08/16] Fixed a buffer underflow which could happen during processing sdb shell command. Change-Id: I0faa48855632d00e18b9e054b4f83e786b24bdd9 Signed-off-by: shingil.kang --- src/services.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services.c b/src/services.c index 2fbcaa7..64cc80b 100644 --- a/src/services.c +++ b/src/services.c @@ -563,7 +563,7 @@ static void get_env(char *key, char **env) e = buf + (strlen(buf) - 1); // trim string - while(*e == ' ' || *e == '\n' || *e == '\t') { + while( (e > s) && (*e == ' ' || *e == '\n' || *e == '\t')) { e--; } *(e+1) ='\0'; -- 2.7.4 From 8f64f2f8e369cb60aa96fd90193c7438043738a7 Mon Sep 17 00:00:00 2001 From: Kim Gunsoo Date: Mon, 26 Sep 2016 15:21:56 +0900 Subject: [PATCH 09/16] Fixed execve EFAULT error on the asan environment. - the envp array of pointers must be terminated by a NULL pointer. Change-Id: Ieb64b20c1fdf24aec16ae248faf051889ddb76d4 Signed-off-by: Kim Gunsoo --- src/services.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/services.c b/src/services.c index 2fbcaa7..6fe6b71 100644 --- a/src/services.c +++ b/src/services.c @@ -597,9 +597,12 @@ static int create_subproc_thread(const char *name, int lines, int columns) char *value = NULL; char *trim_value = NULL; char path[PATH_MAX]; - memset(path, 0, sizeof(path)); char *envp[MAX_TOKENS]; int envp_cnt = 0; + + memset(path, 0, sizeof(path)); + memset(envp, 0, sizeof(envp)); + envp[envp_cnt++] = strdup("TERM=linux"); envp[envp_cnt++] = strdup("DISPLAY=:0"); -- 2.7.4 From b194539380929a0535f336677086c7a978d5d01f Mon Sep 17 00:00:00 2001 From: Kim Gunsoo Date: Fri, 26 Feb 2016 14:41:50 +0900 Subject: [PATCH 10/16] Add KEEP_ALIVE option to the socket connected with sdb server. - After connected with sdb server through TCP socket, add KEEP_ALIVE option to the socket. Change-Id: I16ff01721dd8f919782c666871053a6e7599ec0e Signed-off-by: Kim Gunsoo --- src/transport_local.c | 10 ++++++++++ src/utils.c | 33 +++++++++++++++++++++++++++++++++ src/utils.h | 5 +++++ 3 files changed, 48 insertions(+) diff --git a/src/transport_local.c b/src/transport_local.c index ff4aa36..16a595c 100644 --- a/src/transport_local.c +++ b/src/transport_local.c @@ -36,6 +36,7 @@ #if !SDB_HOST #include "commandline_sdbd.h" #endif +#include "utils.h" #ifdef HAVE_BIG_ENDIAN #define H4(x) (((x) & 0xFF000000) >> 24) | (((x) & 0x00FF0000) >> 8) | (((x) & 0x0000FF00) << 8) | (((x) & 0x000000FF) << 24) @@ -294,6 +295,15 @@ static void *server_socket_thread(void * arg) && !request_plugin_verification(SDBD_CMD_VERIFY_PEERIP, inet_ntoa(addr.sin_addr))) { sdb_close(fd); } else { + int ret = -1; + ret = keep_alive(fd, 1, SDB_KEEPALIVE_CNT, SDB_KEEPALIVE_IDLE, SDB_KEEPALIVE_INTVL); + if (ret < 0) { + D("failed to set keep alive option. FD(%d), error=%s\n", fd, strerror(errno)); + } else { + D("Success to set keep alive option. FD(%d), cnt=%d, idle=%d(sec), interval=%d(sec)\n", + fd, SDB_KEEPALIVE_CNT, SDB_KEEPALIVE_IDLE, SDB_KEEPALIVE_INTVL); + } + register_socket_transport(fd, "host", port, 1, NULL); } } else { diff --git a/src/utils.c b/src/utils.c index acf8c5a..6f48ba2 100644 --- a/src/utils.c +++ b/src/utils.c @@ -25,6 +25,9 @@ #include #include +#include +#include + #define STRING_MAXLEN 1024 char* buff_addc (char* buff, char* buffEnd, int c) @@ -222,3 +225,33 @@ char** str_split(char* a_str, const char a_delim) { return result; } +int keep_alive(int fd, int onoff, int cnt, int idle, int interval) +{ + int ret = -1; + + ret = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &onoff, sizeof(onoff)); + if (ret == -1) { + return ret; + } + + /* override /proc/sys/net/ipv4/tcp_keepalive_probes */ + ret = setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &cnt, sizeof(cnt)); + if (ret == -1) { + return ret; + } + + /* override /proc/sys/net/ipv4/tcp_keepalive_time */ + ret = setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &idle, sizeof(idle)); + if (ret == -1) { + return ret; + } + + /* override /proc/sys/net/ipv4/tcp_keepalive_intvl */ + ret = setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &interval, sizeof(interval)); + if (ret == -1) { + return ret; + } + + return 0; +} + diff --git a/src/utils.h b/src/utils.h index ce17442..7e78b6e 100644 --- a/src/utils.h +++ b/src/utils.h @@ -76,4 +76,9 @@ int spawn(const char* program, char * const arg_list[]); char** str_split(char* a_str, const char a_delim); +#define SDB_KEEPALIVE_CNT (9) +#define SDB_KEEPALIVE_IDLE (1) +#define SDB_KEEPALIVE_INTVL (1) +int keep_alive(int fd, int onoff, int cnt, int idle, int interval); + #endif /* _SDB_UTILS_H */ -- 2.7.4 From 679d5a6846cc20d290d35cc6d7b091cc3936c807 Mon Sep 17 00:00:00 2001 From: Slava Barinov Date: Mon, 26 Sep 2016 18:06:29 +0300 Subject: [PATCH 11/16] Fix the sdb shell malfunction in ASan build Accordingly to exec(3) manual the envp argument is an array of pointers to null-terminated strings and must be terminated by a null pointer. Without the terminator execvp fails and errno is set to 'Bad address' Change-Id: I00e6927fd62323b7a9bea918cc79b0c4e02d77fd Signed-off-by: Slava Barinov --- src/services.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/services.c b/src/services.c index 2fbcaa7..c3f72c1 100644 --- a/src/services.c +++ b/src/services.c @@ -653,6 +653,9 @@ static int create_subproc_thread(const char *name, int lines, int columns) } free(envp_plugin); + /* Last element of envp must be the NULL-terminator to prevent execvp fail */ + envp[envp_cnt] = NULL; + if(name) { // in case of shell execution directly // Check the shell command validation. if (!request_plugin_verification(SDBD_CMD_VERIFY_SHELLCMD, name)) { -- 2.7.4 From 6c50e44f5468b1b905a5d8692942361a8e41b103 Mon Sep 17 00:00:00 2001 From: Jaewon Lim Date: Tue, 4 Oct 2016 04:13:51 -0700 Subject: [PATCH 12/16] Revert "change umask value to 022 from 000 because of security reason" This reverts commit f17729d36596c1bb347a3ade5d86f6d05bd931e3. Change-Id: Id9368d876bf0c3cfe068d7e4567dff8b4bec135b --- src/file_sync_service.c | 70 ++----------------------------------------------- src/sdb.c | 10 +++---- src/sdb.h | 2 -- 3 files changed, 7 insertions(+), 75 deletions(-) diff --git a/src/file_sync_service.c b/src/file_sync_service.c index b0a0f07..5fc6642 100644 --- a/src/file_sync_service.c +++ b/src/file_sync_service.c @@ -14,7 +14,6 @@ * limitations under the License. */ -#include #include #include #include @@ -59,8 +58,6 @@ struct sync_permit_rule sdk_sync_permit_rule[] = { */ #define DIR_PERMISSION 0777 -static struct tzplatform_context* sdk_user_context = NULL; - void init_sdk_sync_permit_rule_regx(void) { int ret; @@ -337,62 +334,6 @@ static void sync_mediadb(char *path) { return; } -static void deinit_sdk_user_context(void) { - if (sdk_user_context != NULL) { - tzplatform_context_destroy(sdk_user_context); - sdk_user_context = NULL; - } -} - -// return 0 if success to initialize -// return negative value otherwise -static int init_sdk_user_context() { - if (sdk_user_context == NULL) { - int ret = tzplatform_context_create(&sdk_user_context); - if (ret < 0) { - D ("failed to create tzplatform context by error (%d)\n", ret); - return ret; - } - - ret = tzplatform_context_set_user(sdk_user_context, g_sdk_user_id); - if (ret < 0) { - D ("failed to set user to sdk_user_context\n"); - return ret; - } - - atexit(deinit_sdk_user_context); - } - - return 0; -} - -// return 1 if given directory is writable by others -// return 0 otherwise -static int is_writable_by_others(char* path) { - int ret = 0; - - if ( init_sdk_user_context() == 0 ) { - const char* content_path = tzplatform_context_getenv(sdk_user_context, TZ_USER_CONTENT); - char* abpath = realpath(path, NULL); - D ("tzplatform getenv : %s\n", content_path); - - if (abpath != NULL) { - if (strncmp(abpath, content_path, strlen(content_path)) == 0) { - D("path (%s) is writable by others\n", path); - ret = 1; - } - free(abpath); - } else { - D("failed to get realpath of (%s)\n", path); - } - } else { - // do nothing - // no directory is writable by others - } - - return ret; -} - static int handle_send_file(int s, int noti_fd, char *path, mode_t mode, char *buffer) { syncmsg msg; @@ -554,8 +495,6 @@ static int do_send(int s, int noti_fd, char *path, char *buffer) return -1; } - D("send path (%s)\n", path); - tmp = strrchr(path,','); if(tmp) { *tmp = 0; @@ -566,6 +505,7 @@ static int do_send(int s, int noti_fd, char *path, char *buffer) #endif // extracts file permission from stat.mode. (ex 100644 & 0777 = 644); mode &= 0777; // combination of (S_IRWXU | S_IRWXG | S_IRWXO) + mode |= S_IWOTH; // SDK requirement from N_SE-43337 } if(!tmp || errno) { mode = 0644; // set default permission value in most of unix system. @@ -583,6 +523,7 @@ static int do_send(int s, int noti_fd, char *path, char *buffer) // sdb does not allow to check that file exists or not. After deleting old file and creating new file again unconditionally. sdb_unlink(path); + #ifdef HAVE_SYMLINKS if(is_link) ret = handle_send_link(s, noti_fd, path, buffer); @@ -598,13 +539,6 @@ static int do_send(int s, int noti_fd, char *path, char *buffer) //mode |= ((mode >> 3) & 0070); //mode |= ((mode >> 3) & 0007); ret = handle_send_file(s, noti_fd, path, mode, buffer); - if (is_writable_by_others(path)) { - mode_t realmode = mode & ~(SDBD_UMASK); - realmode |= S_IWOTH; - if (chmod(path, realmode) != 0) { - D ("failed to chmod of writable path by others\n"); - } - } } return ret; diff --git a/src/sdb.c b/src/sdb.c index a30b3c4..22d2794 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1084,6 +1084,9 @@ void start_device_log(void) int daemonize(void) { + // set file creation mask to 0 + umask(0); + switch (fork()) { case -1: return -1; @@ -1092,11 +1095,6 @@ int daemonize(void) { default: _exit(0); } - - // 2016-08-25 : modified umask to 022 from 000 because of security reason - // there is a problem that the file created by sdb shell command could be written by 'others' - umask(SDBD_UMASK); - #ifdef SDB_PIDPATH FILE *f = fopen(SDB_PIDPATH, "w"); @@ -2202,6 +2200,8 @@ int sdb_main(int is_daemon, int server_port) D("sdbd should be launched in develop mode.\n"); return -1; } + + umask(000); #endif atexit(sdb_cleanup); diff --git a/src/sdb.h b/src/sdb.h index 36f28e1..c9a9e0c 100644 --- a/src/sdb.h +++ b/src/sdb.h @@ -47,8 +47,6 @@ #define SDB_SERVER_VERSION 0 // Increment this when we want to force users to start a new sdb server -#define SDBD_UMASK 0022 // default file creation mask of sdbd - typedef struct amessage amessage; typedef struct apacket apacket; typedef struct asocket asocket; -- 2.7.4 From d4cba1fb28283edc518e28be6b03d523688b38c2 Mon Sep 17 00:00:00 2001 From: Kim Gunsoo Date: Fri, 7 Oct 2016 13:50:46 +0900 Subject: [PATCH 13/16] Fixed SVACE issue. - Remove the vulnerable function 'strerror()'. Change-Id: I6f056b85a6ec55ab7221fd977e6da61558432904 Signed-off-by: Kim Gunsoo --- src/transport_local.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/transport_local.c b/src/transport_local.c index 16a595c..32e1f49 100644 --- a/src/transport_local.c +++ b/src/transport_local.c @@ -298,7 +298,7 @@ static void *server_socket_thread(void * arg) int ret = -1; ret = keep_alive(fd, 1, SDB_KEEPALIVE_CNT, SDB_KEEPALIVE_IDLE, SDB_KEEPALIVE_INTVL); if (ret < 0) { - D("failed to set keep alive option. FD(%d), error=%s\n", fd, strerror(errno)); + D("failed to set keep alive option. FD(%d), errno=%d\n", fd, errno); } else { D("Success to set keep alive option. FD(%d), cnt=%d, idle=%d(sec), interval=%d(sec)\n", fd, SDB_KEEPALIVE_CNT, SDB_KEEPALIVE_IDLE, SDB_KEEPALIVE_INTVL); -- 2.7.4 From 132b5df548d46f1c378bd6e6ef2a9b5dbf65907b Mon Sep 17 00:00:00 2001 From: greatim Date: Thu, 13 Oct 2016 16:30:08 +0900 Subject: [PATCH 14/16] modify spec file to make dev package To support pkgconfig for sdbd plugin, modify spec file to make dev package Change-Id: Ic9095cab424273d1ca3c526a779f5a4c23556abb Signed-off-by: greatim --- packaging/sdbd.pc | 9 +++++++++ packaging/sdbd.spec | 16 ++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100755 packaging/sdbd.pc diff --git a/packaging/sdbd.pc b/packaging/sdbd.pc new file mode 100755 index 0000000..8221e52 --- /dev/null +++ b/packaging/sdbd.pc @@ -0,0 +1,9 @@ +prefix=/usr +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include + +Name: sdbd +Description: sdb daemon +Version: 3.0 +Cflags: -I${includedir}/sdb diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index a880c80..1cf6758 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -30,6 +30,12 @@ Requires: dbus %description Description: SDB daemon. +%package -n sdbd-devel +Summary: SDBD plugin API +Group: Development/Libraries + +%description -n sdbd-devel +SDBD plugin API library %prep %setup -q @@ -85,6 +91,12 @@ install -m 755 script/sdk_launch %{buildroot}%{_prefix}/sbin/ mkdir -p %{buildroot}%{TZ_SYS_BIN} install -m 755 script/profile_command %{buildroot}%{TZ_SYS_BIN}/ +mkdir -p %{buildroot}%{_includedir}/sdb/ +install -m 0644 src/sdbd_plugin.h %{buildroot}%{_includedir}/sdb/ + +mkdir -p %{buildroot}%{_libdir}/pkgconfig/ +install -m 0644 packaging/sdbd.pc %{buildroot}%{_libdir}/pkgconfig/ + %post . %{_sysconfdir}/tizen-platform.conf if ! getent passwd "${TZ_SDK_USER_NAME}" > /dev/null; then @@ -113,4 +125,8 @@ fi /usr/share/license/%{name} %{TZ_SYS_BIN}/profile_command +%files -n sdbd-devel +%{_includedir}/sdb/sdbd_plugin.h +%{_libdir}/pkgconfig/sdbd.pc + %changelog -- 2.7.4 From fc5ae2a5431e479d1328f79b2da485f1b3ce0df3 Mon Sep 17 00:00:00 2001 From: Kim Gunsoo Date: Thu, 20 Oct 2016 13:59:50 +0900 Subject: [PATCH 15/16] Adds error handling when a change of user privilege has failed. - When the authority to change the shell and sync service process has failed, add the error handling. Change-Id: I78a5ee314cad9a881a16dc7817ab6c85e11f0d57 Signed-off-by: Kim Gunsoo --- src/file_sync_service.c | 5 ++++- src/sdb.c | 3 +++ src/services.c | 5 ++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/file_sync_service.c b/src/file_sync_service.c index 5fc6642..bd0bf98 100644 --- a/src/file_sync_service.c +++ b/src/file_sync_service.c @@ -685,7 +685,10 @@ void file_sync_service(int fd, void *cookie) D("sync: '%s' '%s'\n", (char*) &msg.req, name); if (should_drop_privileges() && !verify_sync_rule(name)) { - set_sdk_user_privileges(); + if (getuid() != g_sdk_user_id && set_sdk_user_privileges() < 0) { + fail_message(fd, "failed to set SDK user privileges."); + goto fail; + } } switch(msg.req.id) { diff --git a/src/sdb.c b/src/sdb.c index f257a0f..d421ba7 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1538,14 +1538,17 @@ int set_sdk_user_privileges() { if (sdbd_set_groups() < 0) { D("set groups failed (errno: %d)\n", errno); + return -1; } if (setgid(g_sdk_group_id) != 0) { D("set group id failed (errno: %d)\n", errno); + return -1; } if (setuid(g_sdk_user_id) != 0) { D("set user id failed (errno: %d)\n", errno); + return -1; } if (chdir(g_sdk_home_dir) < 0) { diff --git a/src/services.c b/src/services.c index b6d960a..2478680 100644 --- a/src/services.c +++ b/src/services.c @@ -493,7 +493,10 @@ static int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], c // do nothing D("sdb: executes root commands!!:%s\n", argv[2]); } else { - set_sdk_user_privileges(); + if (getuid() != g_sdk_user_id && set_sdk_user_privileges() < 0) { + fprintf(stderr, "failed to set SDK user privileges\n"); + exit(-1); + } } } redirect_and_exec(pts, cmd, argv, envp); -- 2.7.4 From c251d7bc0e50deb4511cdc7ce5a5f28bd68c390c Mon Sep 17 00:00:00 2001 From: Kim Gunsoo Date: Thu, 3 Nov 2016 12:23:34 +0900 Subject: [PATCH 16/16] Modify the type reading CPU architecture type from sysinfo. - To support 64bit CPU architecture, the type reading from sysinfo was changed to string. Change-Id: I88ac5d7ad2e76d4c2a83cb2912fa2db49d3cc809 Signed-off-by: Kim Gunsoo --- src/sdb.c | 41 ++++++++++++----------------------------- src/sdb.h | 3 --- 2 files changed, 12 insertions(+), 32 deletions(-) diff --git a/src/sdb.c b/src/sdb.c index d421ba7..0d8cf47 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1943,33 +1943,6 @@ int request_plugin_verification(const char* cmd, const char* in_buf) { return 1; } -static char* get_cpu_architecture() -{ - int ret = 0; - bool b_value = false; - - ret = system_info_get_platform_bool( - "http://tizen.org/feature/platform.core.cpu.arch.armv6", &b_value); - if (ret == SYSTEM_INFO_ERROR_NONE && b_value) { - return CPUARCH_ARMV6; - } - - ret = system_info_get_platform_bool( - "http://tizen.org/feature/platform.core.cpu.arch.armv7", &b_value); - if (ret == SYSTEM_INFO_ERROR_NONE && b_value) { - return CPUARCH_ARMV7; - } - - ret = system_info_get_platform_bool( - "http://tizen.org/feature/platform.core.cpu.arch.x86", &b_value); - if (ret == SYSTEM_INFO_ERROR_NONE && b_value) { - return CPUARCH_X86; - } - - D("fail to get the CPU architecture of model:%d\n", errno); - return UNKNOWN; -} - static void init_capabilities(void) { int ret = -1; char *value = NULL; @@ -1977,8 +1950,18 @@ static void init_capabilities(void) { memset(&g_capabilities, 0, sizeof(g_capabilities)); // CPU Architecture of model - snprintf(g_capabilities.cpu_arch, sizeof(g_capabilities.cpu_arch), - "%s", get_cpu_architecture()); + ret = system_info_get_platform_string("http://tizen.org/feature/platform.core.cpu.arch", &value); + if (ret != SYSTEM_INFO_ERROR_NONE) { + snprintf(g_capabilities.cpu_arch, sizeof(g_capabilities.cpu_arch), + "%s", UNKNOWN); + D("fail to get the CPU architecture of model:%d\n", errno); + } else { + snprintf(g_capabilities.cpu_arch, sizeof(g_capabilities.cpu_arch), + "%s", value); + if (value != NULL) { + free(value); + } + } // Secure protocol support diff --git a/src/sdb.h b/src/sdb.h index 67f365f..b3b78f3 100644 --- a/src/sdb.h +++ b/src/sdb.h @@ -240,9 +240,6 @@ typedef struct platform_info { #define ENABLED "enabled" #define DISABLED "disabled" -#define CPUARCH_ARMV6 "armv6" -#define CPUARCH_ARMV7 "armv7" -#define CPUARCH_X86 "x86" #define CAPBUF_SIZE 4096 #define CAPBUF_ITEMSIZE 32 #define CAPBUF_L_ITEMSIZE 256 -- 2.7.4