From c694b9b417683f29ddf331ec5122df37a2766403 Mon Sep 17 00:00:00 2001 From: greatim Date: Wed, 21 Dec 2016 10:06:21 +0900 Subject: [PATCH 01/16] fix potential bugs fix NO_LOCK.STAT bugs for errno Change-Id: Ic24d17fdf755d9d7b007db68b50b6fb2b30cee37 Signed-off-by: greatim --- src/file_sync_service.c | 3 +-- src/transport.c | 4 +--- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/file_sync_service.c b/src/file_sync_service.c index 9377078..4dd0860 100644 --- a/src/file_sync_service.c +++ b/src/file_sync_service.c @@ -387,8 +387,7 @@ static int handle_send_file(int s, int noti_fd, char *path, mode_t mode, char *b sdb_close(fd); sdb_unlink(path); fd = -1; - errno = saved_errno; - if(fail_errno(s, errno)) return -1; + if(fail_errno(s, saved_errno)) return -1; } } diff --git a/src/transport.c b/src/transport.c index 616acab..7811628 100644 --- a/src/transport.c +++ b/src/transport.c @@ -242,9 +242,7 @@ void send_packet(apacket *p, atransport *t) if (t == NULL) { D("Transport is null \n"); - // Zap errno because print_packet() and other stuff have errno effect. - errno = 0; - fatal_errno("Transport is null"); + fatal("Transport is null"); } if(write_packet(t->transport_socket, t->serial, &p)){ -- 2.7.4 From 8b42e21eaefd8589d4306f0ed26e57e387a56588 Mon Sep 17 00:00:00 2001 From: SangJin Kim Date: Wed, 21 Dec 2016 19:32:08 +0900 Subject: [PATCH 02/16] Fix SVACE issue. Change-Id: I640624dc49117b8eca6034b41ae33b2e52b8eb8c Signed-off-by: SangJin Kim --- src/default_plugin_appcmd.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/src/default_plugin_appcmd.c b/src/default_plugin_appcmd.c index 4bc158e..07a41d1 100644 --- a/src/default_plugin_appcmd.c +++ b/src/default_plugin_appcmd.c @@ -332,11 +332,15 @@ static void appcmd_receiver_packagelist(int fd_in, int fd_out) char out_buf[4096] = {0,}; int out_ptr = 0; int r; + char* sub1; + char* sub2; snprintf(out_buf, sizeof(out_buf), "\n%s", MESSAGE_PREFIX_APPCMD_RETURN); out_ptr = strlen(out_buf); for(;;) { + sub1 = NULL; + sub2 = NULL; memset(buf, 0, sizeof(buf)); r = read_line(fd_in, buf, sizeof(buf)); if (r == 0) { @@ -350,17 +354,22 @@ static void appcmd_receiver_packagelist(int fd_in, int fd_out) } D("pkgcmd output : %s\n", buf); - char* sub1 = NULL; - char* sub2 = NULL; sub1 = strstr(buf, "pkgid ["); - if (sub1 != NULL) { - sub1 = strstr(sub1, "[")+1; - sub2 = strstr(sub1, "]"); - sub2[0] = '\0'; - - snprintf(out_buf+out_ptr, sizeof(out_buf)-out_ptr, ":%s", sub1); - out_ptr += strlen(sub1)+1; + if (sub1 == NULL) { + continue; + } + sub1 = strstr(sub1, "[")+1; + if (sub1 == NULL) { + continue; } + sub2 = strstr(sub1, "]"); + if (sub2 == NULL) { + continue; + } + sub2[0] = '\0'; + + snprintf(out_buf+out_ptr, sizeof(out_buf)-out_ptr, ":%s", sub1); + out_ptr += strlen(sub1)+1; } snprintf(out_buf+out_ptr, sizeof(out_buf)-out_ptr, "\n"); -- 2.7.4 From cb4d1bb8af186a59661e4e35bdb13fecdc1a0163 Mon Sep 17 00:00:00 2001 From: Jaewon Lim Date: Thu, 22 Dec 2016 23:57:25 -0800 Subject: [PATCH 03/16] Revert "Revert "Modify the SMACK label for SDB shell."" This reverts commit 37ca0ed4a0610cc20f954cb94a2ac7698ba52d56. Change-Id: Idc727cc0a259d750634d3ef70b4f71dc9a160eba --- packaging/sdbd.spec | 4 ++++ src/default_plugin_appcmd.c | 5 +++-- src/sdb.c | 54 +++++++++++++++++++++++++++++++++++++++------ src/sdb.h | 3 ++- src/sdktools.h | 1 + src/services.c | 16 ++++++++++++++ 6 files changed, 73 insertions(+), 10 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index bc9408f..15eb808 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -109,6 +109,10 @@ if ! getent passwd "${TZ_SDK_USER_NAME}" > /dev/null; then done fi +cp -f /bin/sh /bin/sh-user +chsmack -a "_" /bin/sh-user +chsmack -e "User::Shell" /bin/sh-user + %files %manifest sdbd.manifest %license LICENSE diff --git a/src/default_plugin_appcmd.c b/src/default_plugin_appcmd.c index 4bc158e..83cecca 100644 --- a/src/default_plugin_appcmd.c +++ b/src/default_plugin_appcmd.c @@ -38,6 +38,7 @@ #include +#define SHELL_COMMAND "/bin/sh" #define APPCMD_RESULT_BUFSIZE (4096) typedef struct appcmd_info appcmd_info; @@ -641,10 +642,10 @@ static void run_appcmd_appinstallpath(appcmd_info* p_info) { p_info->exitcode = -1; - const char* path = tzplatform_getenv(TZ_SDK_HOME); + const char* path = tzplatform_getenv(TZ_SDK_TOOLS); if (path != NULL) { p_info->exitcode = 0; - snprintf(result_buf, sizeof(result_buf), "\n%s:%s/apps_rw/\n", MESSAGE_PREFIX_APPCMD_RETURN, path); + snprintf(result_buf, sizeof(result_buf), "\n%s:%s\n", MESSAGE_PREFIX_APPCMD_RETURN, path); writex(p_info->fd, result_buf, strlen(result_buf)); } else { D("failed to get application install path from tzplatform_getenv."); diff --git a/src/sdb.c b/src/sdb.c index ac7f573..2be2345 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -31,6 +31,7 @@ #include #include #include +#include #include "sysdeps.h" #include "log.h" @@ -58,6 +59,7 @@ #define PROC_CMDLINE_PATH "/proc/cmdline" #define USB_SERIAL_PATH "/sys/class/usb_mode/usb0/iSerial" +#define APPID2PID_PATH "/usr/bin/appid2pid" #include #include @@ -125,6 +127,29 @@ int is_emulator(void) { #endif } +int is_appid2pid_supported(void) { + + if (access(APPID2PID_PATH, F_OK) == 0) { + /* It is necessary to confirm that it is possible + * to run "appid2pid" in the sdk user/group privileges. */ + struct stat st; + if (stat(APPID2PID_PATH, &st) == 0) { + D("appid2pid uid=%d, gid=%d, mode=0x%x.\n", st.st_uid, st.st_gid, st.st_mode); + if ( (st.st_uid == STATIC_SDK_USER_ID && st.st_mode & S_IXUSR) + || (st.st_gid == STATIC_SDK_GROUP_ID && st.st_mode & S_IXGRP) + || (st.st_mode & S_IXOTH) ) { + D("appid2pid is supported.\n"); + return 1; + } + } + } else { + D("failed to access appid2pid file: %d\n", errno); + } + + D("appid2pid is NOT supported.\n"); + return 0; +} + int is_container_enabled(void) { bool value; int ret; @@ -373,7 +398,7 @@ void print_packet(const char *label, apacket *p) #endif #ifdef SUPPORT_ENCRYPT -/* +/* desc. : 암호화 실패 메시지 전송 parameter : [in] apacket* p : sdbd로 들어온 메시지 [in] atransport *t : 현재 연결에 대한 atransport @@ -389,7 +414,7 @@ void send_encr_fail(apacket* p, atransport *t, unsigned failed_value){ //put_apacket(enc_p); } -/* +/* desc. : 암호화 메시지 핸들링 parameter : [in] apacket* p : sdbd로 들어온 메시지 [in/out] atransport *t : 현재 연결에 대한 atransport @@ -403,12 +428,12 @@ int handle_encr_packet(apacket* p, atransport *t){ if(p->msg.arg0 == ENCR_SET_ON_REQ){ // hello 메시지인 경우 t->sessionID = sessionID; - if((retVal = security_init(t->sessionID, NULL)) == 1){ // 암호화 handshaking을 위한 init + if((retVal = security_init(t->sessionID, NULL)) == 1){ // 암호화 handshaking을 위한 init if(security_parse_server_hello(t->sessionID, p) == 1){ // hello 메시지 파싱 D("security_parse_server_hello success\n"); enc_p = get_apacket(); if(security_gen_client_hello(t->sessionID, enc_p) == 1){ // hello 메시지 생성 - D("security_gen_client_hello success\n"); + D("security_gen_client_hello success\n"); enc_p->msg.command = A_ENCR; enc_p->msg.arg0 = ENCR_SET_ON_REQ; enc_p->msg.arg1 = p->msg.arg1; @@ -419,7 +444,7 @@ int handle_encr_packet(apacket* p, atransport *t){ D("security_gen_client_hello error\n"); send_encr_fail(p, t, ENCR_ON_FAIL); // 암호화 on 실패 메시지 전송 t->encryption = ENCR_OFF; // 암호화 모드는 off - security_deinit(t->sessionID); + security_deinit(t->sessionID); return -1; } } @@ -428,7 +453,7 @@ int handle_encr_packet(apacket* p, atransport *t){ send_encr_fail(p, t, ENCR_ON_FAIL); t->encryption = ENCR_OFF; security_deinit(t->sessionID); - + return -1; } } else { // init 실패 @@ -511,7 +536,7 @@ int handle_encr_packet(apacket* p, atransport *t){ } //put_apacket(enc_p); return 0; - + } #endif @@ -1228,6 +1253,10 @@ void start_device_log(void) return; } + if (smack_setlabel(path, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { + D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); + } + // redirect stdout and stderr to the log file dup2(fd, 1); dup2(fd, 2); @@ -1992,6 +2021,17 @@ static void init_capabilities(void) { "%s", UNKNOWN); } + // appid2pid support + ret = is_appid2pid_supported(); + snprintf(g_capabilities.appid2pid_support, sizeof(g_capabilities.appid2pid_support), + "%s", ret == 1 ? ENABLED : DISABLED); + + + // pkgcmd debug mode support + snprintf(g_capabilities.pkgcmd_debugmode, sizeof(g_capabilities.pkgcmd_debugmode), + "%s", ENABLED); + + // Capability version snprintf(g_capabilities.sdbd_cap_version, sizeof(g_capabilities.sdbd_cap_version), "%d.%d", SDBD_CAP_VERSION_MAJOR, SDBD_CAP_VERSION_MINOR); diff --git a/src/sdb.h b/src/sdb.h index 348a7eb..052d49d 100644 --- a/src/sdb.h +++ b/src/sdb.h @@ -275,6 +275,8 @@ typedef struct platform_capabilities char sockproto_support[CAPBUF_ITEMSIZE]; // enabled or disabled char appcmd_support[CAPBUF_ITEMSIZE]; // enabled or disabled char encryption_support[CAPBUF_ITEMSIZE]; // enabled or disabled + char appid2pid_support[CAPBUF_ITEMSIZE]; // enabled or disabled + char pkgcmd_debugmode[CAPBUF_ITEMSIZE]; // enabled or disabled char log_enable[CAPBUF_ITEMSIZE]; // enabled or disabled char log_path[CAPBUF_LL_ITEMSIZE]; // path of sdbd log @@ -542,7 +544,6 @@ int read_line(const int fd, char* ptr, const size_t maxlen); #define USB_FUNCFS_SDB_PATH "/dev/usbgadget/sdb" #define USB_NODE_FILE "/dev/samsung_sdb" -#define SHELL_COMMAND "/bin/sh" int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * const envp[]); void get_env(char *key, char **env); diff --git a/src/sdktools.h b/src/sdktools.h index 9027970..e73bfec 100644 --- a/src/sdktools.h +++ b/src/sdktools.h @@ -37,6 +37,7 @@ struct arg_permit_rule #define APPID_MAX_LENGTH 50 #define SDBD_LABEL_NAME "sdbd" #define SDK_HOME_LABEL_NAME "sdbd::home" +#define SDK_SHELL_LABEL_NAME "User::Shell" int verify_root_commands(const char *arg1); int verify_app_path(const char* path); diff --git a/src/services.c b/src/services.c index d2d1500..76c28d1 100644 --- a/src/services.c +++ b/src/services.c @@ -44,6 +44,7 @@ #include "utils.h" #include #include +#include #include #include @@ -461,6 +462,12 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c return -1; } + if (smack_setlabel(devname, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { + D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); + sdb_close(ptm); + return -1; + } + *pid = fork(); if(*pid < 0) { D("- fork failed: errno:%d -\n", errno); @@ -521,6 +528,7 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c } #endif /* !SDB_HOST */ +#define SHELL_COMMAND "/bin/sh-user" #define LOGIN_COMMAND "/bin/login" #define SUPER_USER "root" #define LOGIN_CONFIG "/etc/login.defs" @@ -1012,6 +1020,14 @@ static void get_capability(int fd, void *cookie) { offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, "appcmd_support", g_capabilities.appcmd_support); + // appid2pid support + offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, + "appid2pid_support", g_capabilities.appid2pid_support); + + // pkgcmd debug mode support + offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, + "pkgcmd_debugmode", g_capabilities.pkgcmd_debugmode); + offset++; // for '\0' character writex(fd, &offset, sizeof(uint16_t)); -- 2.7.4 From 3b551c517915ee6b2c4709a57dc066ea64c29973 Mon Sep 17 00:00:00 2001 From: greatim Date: Fri, 23 Dec 2016 17:32:50 +0900 Subject: [PATCH 04/16] remove smack_setlabel function usage for security reason remove smack_setlabel function usage change sdbd log directory change sdbd smack label to "System" Change-Id: I242c08d177f456768f3b6e3d3ee90bbb70d7dbe9 Signed-off-by: greatim --- packaging/sdbd.spec | 2 ++ packaging/sdbd_device.service | 3 +-- packaging/sdbd_emulator.service | 3 +-- packaging/sdbd_tcp.service | 2 +- src/default_plugin_basic.c | 11 +++++++++-- src/file_sync_service.c | 4 +++- src/sdb.c | 4 ---- src/services.c | 6 ------ 8 files changed, 17 insertions(+), 18 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 15eb808..6ddcae3 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -112,6 +112,8 @@ fi cp -f /bin/sh /bin/sh-user chsmack -a "_" /bin/sh-user chsmack -e "User::Shell" /bin/sh-user +mkdir -p %{TZ_SDK_HOME}/share/sdbdlog +chown owner:users %{TZ_SDK_HOME}/share/sdbdlog %files %manifest sdbd.manifest diff --git a/packaging/sdbd_device.service b/packaging/sdbd_device.service index cd60922..0537fcd 100644 --- a/packaging/sdbd_device.service +++ b/packaging/sdbd_device.service @@ -6,11 +6,10 @@ After=tmp.mount [Service] Type=forking #location of SDBD log file -#Environment=SDBD_LOG_PATH=/tmp EnvironmentFile=-/run/tizen-system-env PIDFile=/tmp/.sdbd.pid Restart=on-failure -SmackProcessLabel=System::Privileged +SmackProcessLabel=System ExecStart=/usr/sbin/sdbd [Install] diff --git a/packaging/sdbd_emulator.service b/packaging/sdbd_emulator.service index bed8cce..2129436 100644 --- a/packaging/sdbd_emulator.service +++ b/packaging/sdbd_emulator.service @@ -7,12 +7,11 @@ After=tmp.mount dbus.service [Service] Type=forking #location of SDBD log file -#Environment=SDBD_LOG_PATH=/tmp Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes #ExecStartPre=/bin/bash -c "/bin/echo '10.0.2.15/32 system::debugging_network' >> /smack/netlabel" -SmackProcessLabel=System::Privileged +SmackProcessLabel=System ExecStart=/bin/sh -c "/usr/sbin/sdbd `/usr/bin/awk '{match($0, /sdb_port=([0-9]+)/,port_match); match($0, /vm_name=([^, ]*)/,vm_match); print \"--emulator=\" vm_match[1] \":\" port_match[1] \" --connect-to=10.0.2.2:26099\" \" --sensors=10.0.2.2:\"port_match[1]+3 }' /proc/cmdline`" [Install] diff --git a/packaging/sdbd_tcp.service b/packaging/sdbd_tcp.service index e360a7c..ade025c 100644 --- a/packaging/sdbd_tcp.service +++ b/packaging/sdbd_tcp.service @@ -7,5 +7,5 @@ Type=forking Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes -SmackProcessLabel=System::Privileged +SmackProcessLabel=System ExecStart=/usr/sbin/sdbd --listen-port=26101 diff --git a/src/default_plugin_basic.c b/src/default_plugin_basic.c index 91d8df2..61611f6 100644 --- a/src/default_plugin_basic.c +++ b/src/default_plugin_basic.c @@ -20,6 +20,8 @@ #include #include +#include + #define TRACE_TAG TRACE_SDB #include "log.h" @@ -28,7 +30,7 @@ #include "sdbd_plugin.h" #include "sdktools.h" -#define LOG_DIRECTORY "/tmp" +#define LOG_DIRECTORY "/home/owner/share/sdbdlog" int get_plugin_capability ( parameters* in, parameters* out ) { @@ -75,7 +77,12 @@ int get_plugin_capability ( parameters* in, parameters* out ) } else if ( capability == CAPABILITY_LOG_ENABLE ) { make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_DISABLED ); } else if ( capability == CAPABILITY_LOG_PATH ) { - make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", LOG_DIRECTORY ); + const char* sdkhome = tzplatform_getenv(TZ_SDK_HOME); + if (sdkhome != NULL) { + make_string_parameter ( & ( out->array_of_parameter[0] ), "%s/share/sdbdlog", sdkhome ); + } else { + make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", LOG_DIRECTORY ); + } } else if ( capability == CAPABILITY_APPCMD ) { make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_ENABLED ); } else { diff --git a/src/file_sync_service.c b/src/file_sync_service.c index 6c418a5..7efb161 100644 --- a/src/file_sync_service.c +++ b/src/file_sync_service.c @@ -77,6 +77,7 @@ void init_sdk_sync_permit_rule_regx(void) } } +#if 0 static void set_syncfile_smack_label(char *src) { char *label_transmuted = NULL; char *label = NULL; @@ -127,6 +128,7 @@ static void set_syncfile_smack_label(char *src) { */ } } +#endif static int sync_send_label_notify(int s, const char *path, int success) { @@ -157,7 +159,7 @@ static void sync_read_label_notify(int s) char *path = buffer; path++; path++; - set_syncfile_smack_label(path); + // set_syncfile_smack_label(path); } } diff --git a/src/sdb.c b/src/sdb.c index 2be2345..2f6f5d8 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1253,10 +1253,6 @@ void start_device_log(void) return; } - if (smack_setlabel(path, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { - D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); - } - // redirect stdout and stderr to the log file dup2(fd, 1); dup2(fd, 2); diff --git a/src/services.c b/src/services.c index 76c28d1..a1481f8 100644 --- a/src/services.c +++ b/src/services.c @@ -462,12 +462,6 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c return -1; } - if (smack_setlabel(devname, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { - D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); - sdb_close(ptm); - return -1; - } - *pid = fork(); if(*pid < 0) { D("- fork failed: errno:%d -\n", errno); -- 2.7.4 From 7d1c2eecd0f6ab44be3d4d4d1d9634af9b0a3aa7 Mon Sep 17 00:00:00 2001 From: greatim Date: Tue, 27 Dec 2016 17:41:19 +0900 Subject: [PATCH 05/16] remove mkdir for sdbd log file remove mkdir for sdbd log file Change-Id: I50a7902cd1738a687bc8c315998b29a33a8b720f Signed-off-by: greatim --- packaging/sdbd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 6ddcae3..dc10820 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -112,8 +112,8 @@ fi cp -f /bin/sh /bin/sh-user chsmack -a "_" /bin/sh-user chsmack -e "User::Shell" /bin/sh-user -mkdir -p %{TZ_SDK_HOME}/share/sdbdlog -chown owner:users %{TZ_SDK_HOME}/share/sdbdlog +#mkdir -p %{TZ_SDK_HOME}/share/sdbdlog +#chown owner:users %{TZ_SDK_HOME}/share/sdbdlog %files %manifest sdbd.manifest -- 2.7.4 From ec96660d649e7eb961046f6f456eade9a0ea6920 Mon Sep 17 00:00:00 2001 From: SangJin Kim Date: Tue, 27 Dec 2016 19:54:36 +0900 Subject: [PATCH 06/16] remove mkdir again for sdbd log file Change-Id: I3ca69e6cce164c1df13dcbee6c453e17d3bf60da Signed-off-by: SangJin Kim --- packaging/sdbd.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index dc10820..1374f57 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -2,7 +2,7 @@ Name: sdbd Summary: SDB daemon -Version: 3.0.13 +Version: 3.0.14 Release: 0 License: Apache-2.0 Summary: SDB daemon @@ -112,8 +112,6 @@ fi cp -f /bin/sh /bin/sh-user chsmack -a "_" /bin/sh-user chsmack -e "User::Shell" /bin/sh-user -#mkdir -p %{TZ_SDK_HOME}/share/sdbdlog -#chown owner:users %{TZ_SDK_HOME}/share/sdbdlog %files %manifest sdbd.manifest -- 2.7.4 From 22ee2bf467e3e798ee9b0811fef172e6b231f93a Mon Sep 17 00:00:00 2001 From: Sangjin Kim Date: Tue, 27 Dec 2016 04:50:54 -0800 Subject: [PATCH 07/16] Revert "remove mkdir again for sdbd log file" This reverts commit ec96660d649e7eb961046f6f456eade9a0ea6920. Change-Id: I8ed9f39eea79ab0a96dee071e491387843e84345 --- packaging/sdbd.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 1374f57..dc10820 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -2,7 +2,7 @@ Name: sdbd Summary: SDB daemon -Version: 3.0.14 +Version: 3.0.13 Release: 0 License: Apache-2.0 Summary: SDB daemon @@ -112,6 +112,8 @@ fi cp -f /bin/sh /bin/sh-user chsmack -a "_" /bin/sh-user chsmack -e "User::Shell" /bin/sh-user +#mkdir -p %{TZ_SDK_HOME}/share/sdbdlog +#chown owner:users %{TZ_SDK_HOME}/share/sdbdlog %files %manifest sdbd.manifest -- 2.7.4 From bdaaa8e914baf89a727c013d6b3e00a81a100aff Mon Sep 17 00:00:00 2001 From: Sangjin Kim Date: Tue, 27 Dec 2016 04:50:41 -0800 Subject: [PATCH 08/16] Revert "remove mkdir for sdbd log file" This reverts commit 7d1c2eecd0f6ab44be3d4d4d1d9634af9b0a3aa7. Change-Id: I59138c8c1b068100e45eb5d0511934cdab7f0a4a --- packaging/sdbd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index dc10820..6ddcae3 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -112,8 +112,8 @@ fi cp -f /bin/sh /bin/sh-user chsmack -a "_" /bin/sh-user chsmack -e "User::Shell" /bin/sh-user -#mkdir -p %{TZ_SDK_HOME}/share/sdbdlog -#chown owner:users %{TZ_SDK_HOME}/share/sdbdlog +mkdir -p %{TZ_SDK_HOME}/share/sdbdlog +chown owner:users %{TZ_SDK_HOME}/share/sdbdlog %files %manifest sdbd.manifest -- 2.7.4 From 9acf96cbd8e41c699e2f059c1bef256910215178 Mon Sep 17 00:00:00 2001 From: Sangjin Kim Date: Tue, 27 Dec 2016 04:51:05 -0800 Subject: [PATCH 09/16] Revert "remove smack_setlabel function usage for security reason" This reverts commit 3b551c517915ee6b2c4709a57dc066ea64c29973. Change-Id: Ie6f76b81f12a736ac797ccb882ff7b922c0b621e --- packaging/sdbd.spec | 2 -- packaging/sdbd_device.service | 3 ++- packaging/sdbd_emulator.service | 3 ++- packaging/sdbd_tcp.service | 2 +- src/default_plugin_basic.c | 11 ++--------- src/file_sync_service.c | 4 +--- src/sdb.c | 4 ++++ src/services.c | 6 ++++++ 8 files changed, 18 insertions(+), 17 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 6ddcae3..15eb808 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -112,8 +112,6 @@ fi cp -f /bin/sh /bin/sh-user chsmack -a "_" /bin/sh-user chsmack -e "User::Shell" /bin/sh-user -mkdir -p %{TZ_SDK_HOME}/share/sdbdlog -chown owner:users %{TZ_SDK_HOME}/share/sdbdlog %files %manifest sdbd.manifest diff --git a/packaging/sdbd_device.service b/packaging/sdbd_device.service index 0537fcd..cd60922 100644 --- a/packaging/sdbd_device.service +++ b/packaging/sdbd_device.service @@ -6,10 +6,11 @@ After=tmp.mount [Service] Type=forking #location of SDBD log file +#Environment=SDBD_LOG_PATH=/tmp EnvironmentFile=-/run/tizen-system-env PIDFile=/tmp/.sdbd.pid Restart=on-failure -SmackProcessLabel=System +SmackProcessLabel=System::Privileged ExecStart=/usr/sbin/sdbd [Install] diff --git a/packaging/sdbd_emulator.service b/packaging/sdbd_emulator.service index 2129436..bed8cce 100644 --- a/packaging/sdbd_emulator.service +++ b/packaging/sdbd_emulator.service @@ -7,11 +7,12 @@ After=tmp.mount dbus.service [Service] Type=forking #location of SDBD log file +#Environment=SDBD_LOG_PATH=/tmp Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes #ExecStartPre=/bin/bash -c "/bin/echo '10.0.2.15/32 system::debugging_network' >> /smack/netlabel" -SmackProcessLabel=System +SmackProcessLabel=System::Privileged ExecStart=/bin/sh -c "/usr/sbin/sdbd `/usr/bin/awk '{match($0, /sdb_port=([0-9]+)/,port_match); match($0, /vm_name=([^, ]*)/,vm_match); print \"--emulator=\" vm_match[1] \":\" port_match[1] \" --connect-to=10.0.2.2:26099\" \" --sensors=10.0.2.2:\"port_match[1]+3 }' /proc/cmdline`" [Install] diff --git a/packaging/sdbd_tcp.service b/packaging/sdbd_tcp.service index ade025c..e360a7c 100644 --- a/packaging/sdbd_tcp.service +++ b/packaging/sdbd_tcp.service @@ -7,5 +7,5 @@ Type=forking Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes -SmackProcessLabel=System +SmackProcessLabel=System::Privileged ExecStart=/usr/sbin/sdbd --listen-port=26101 diff --git a/src/default_plugin_basic.c b/src/default_plugin_basic.c index 61611f6..91d8df2 100644 --- a/src/default_plugin_basic.c +++ b/src/default_plugin_basic.c @@ -20,8 +20,6 @@ #include #include -#include - #define TRACE_TAG TRACE_SDB #include "log.h" @@ -30,7 +28,7 @@ #include "sdbd_plugin.h" #include "sdktools.h" -#define LOG_DIRECTORY "/home/owner/share/sdbdlog" +#define LOG_DIRECTORY "/tmp" int get_plugin_capability ( parameters* in, parameters* out ) { @@ -77,12 +75,7 @@ int get_plugin_capability ( parameters* in, parameters* out ) } else if ( capability == CAPABILITY_LOG_ENABLE ) { make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_DISABLED ); } else if ( capability == CAPABILITY_LOG_PATH ) { - const char* sdkhome = tzplatform_getenv(TZ_SDK_HOME); - if (sdkhome != NULL) { - make_string_parameter ( & ( out->array_of_parameter[0] ), "%s/share/sdbdlog", sdkhome ); - } else { - make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", LOG_DIRECTORY ); - } + make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", LOG_DIRECTORY ); } else if ( capability == CAPABILITY_APPCMD ) { make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_ENABLED ); } else { diff --git a/src/file_sync_service.c b/src/file_sync_service.c index 81f6841..4dd0860 100644 --- a/src/file_sync_service.c +++ b/src/file_sync_service.c @@ -77,7 +77,6 @@ void init_sdk_sync_permit_rule_regx(void) } } -#if 0 static void set_syncfile_smack_label(char *src) { char *label_transmuted = NULL; char *label = NULL; @@ -128,7 +127,6 @@ static void set_syncfile_smack_label(char *src) { */ } } -#endif static int sync_send_label_notify(int s, const char *path, int success) { @@ -159,7 +157,7 @@ static void sync_read_label_notify(int s) char *path = buffer; path++; path++; - // set_syncfile_smack_label(path); + set_syncfile_smack_label(path); } } diff --git a/src/sdb.c b/src/sdb.c index b21303d..4a1ca97 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1261,6 +1261,10 @@ void start_device_log(void) return; } + if (smack_setlabel(path, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { + D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); + } + // redirect stdout and stderr to the log file dup2(fd, 1); dup2(fd, 2); diff --git a/src/services.c b/src/services.c index 9a40a83..2b52bc8 100644 --- a/src/services.c +++ b/src/services.c @@ -409,6 +409,12 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c return -1; } + if (smack_setlabel(devname, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { + D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); + sdb_close(ptm); + return -1; + } + *pid = fork(); if(*pid < 0) { D("- fork failed: errno:%d -\n", errno); -- 2.7.4 From b3894c7aa4e819c5cde88c7d389fb8300af6fdb1 Mon Sep 17 00:00:00 2001 From: Sangjin Kim Date: Tue, 27 Dec 2016 04:51:21 -0800 Subject: [PATCH 10/16] Revert "Revert "Revert "Modify the SMACK label for SDB shell.""" This reverts commit cb4d1bb8af186a59661e4e35bdb13fecdc1a0163. Change-Id: I0e22b3fe0cb56f38cc562182bef7a65de998a59f --- packaging/sdbd.spec | 4 ---- src/default_plugin_appcmd.c | 5 ++--- src/sdb.c | 54 ++++++--------------------------------------- src/sdb.h | 3 +-- src/sdktools.h | 1 - src/services.c | 16 -------------- 6 files changed, 10 insertions(+), 73 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 15eb808..bc9408f 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -109,10 +109,6 @@ if ! getent passwd "${TZ_SDK_USER_NAME}" > /dev/null; then done fi -cp -f /bin/sh /bin/sh-user -chsmack -a "_" /bin/sh-user -chsmack -e "User::Shell" /bin/sh-user - %files %manifest sdbd.manifest %license LICENSE diff --git a/src/default_plugin_appcmd.c b/src/default_plugin_appcmd.c index c929cf2..07a41d1 100644 --- a/src/default_plugin_appcmd.c +++ b/src/default_plugin_appcmd.c @@ -38,7 +38,6 @@ #include -#define SHELL_COMMAND "/bin/sh" #define APPCMD_RESULT_BUFSIZE (4096) typedef struct appcmd_info appcmd_info; @@ -651,10 +650,10 @@ static void run_appcmd_appinstallpath(appcmd_info* p_info) { p_info->exitcode = -1; - const char* path = tzplatform_getenv(TZ_SDK_TOOLS); + const char* path = tzplatform_getenv(TZ_SDK_HOME); if (path != NULL) { p_info->exitcode = 0; - snprintf(result_buf, sizeof(result_buf), "\n%s:%s\n", MESSAGE_PREFIX_APPCMD_RETURN, path); + snprintf(result_buf, sizeof(result_buf), "\n%s:%s/apps_rw/\n", MESSAGE_PREFIX_APPCMD_RETURN, path); writex(p_info->fd, result_buf, strlen(result_buf)); } else { D("failed to get application install path from tzplatform_getenv."); diff --git a/src/sdb.c b/src/sdb.c index 4a1ca97..a07a881 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -31,7 +31,6 @@ #include #include #include -#include #include "sysdeps.h" #include "log.h" @@ -59,7 +58,6 @@ #define PROC_CMDLINE_PATH "/proc/cmdline" #define USB_SERIAL_PATH "/sys/class/usb_mode/usb0/iSerial" -#define APPID2PID_PATH "/usr/bin/appid2pid" #include #include @@ -127,29 +125,6 @@ int is_emulator(void) { #endif } -int is_appid2pid_supported(void) { - - if (access(APPID2PID_PATH, F_OK) == 0) { - /* It is necessary to confirm that it is possible - * to run "appid2pid" in the sdk user/group privileges. */ - struct stat st; - if (stat(APPID2PID_PATH, &st) == 0) { - D("appid2pid uid=%d, gid=%d, mode=0x%x.\n", st.st_uid, st.st_gid, st.st_mode); - if ( (st.st_uid == STATIC_SDK_USER_ID && st.st_mode & S_IXUSR) - || (st.st_gid == STATIC_SDK_GROUP_ID && st.st_mode & S_IXGRP) - || (st.st_mode & S_IXOTH) ) { - D("appid2pid is supported.\n"); - return 1; - } - } - } else { - D("failed to access appid2pid file: %d\n", errno); - } - - D("appid2pid is NOT supported.\n"); - return 0; -} - int is_container_enabled(void) { bool value; int ret; @@ -398,7 +373,7 @@ void print_packet(const char *label, apacket *p) #endif #ifdef SUPPORT_ENCRYPT -/* +/* desc. : 암호화 실패 메시지 전송 parameter : [in] apacket* p : sdbd로 들어온 메시지 [in] atransport *t : 현재 연결에 대한 atransport @@ -414,7 +389,7 @@ void send_encr_fail(apacket* p, atransport *t, unsigned failed_value){ //put_apacket(enc_p); } -/* +/* desc. : 암호화 메시지 핸들링 parameter : [in] apacket* p : sdbd로 들어온 메시지 [in/out] atransport *t : 현재 연결에 대한 atransport @@ -428,12 +403,12 @@ int handle_encr_packet(apacket* p, atransport *t){ if(p->msg.arg0 == ENCR_SET_ON_REQ){ // hello 메시지인 경우 t->sessionID = sessionID; - if((retVal = security_init(t->sessionID, NULL)) == 1){ // 암호화 handshaking을 위한 init + if((retVal = security_init(t->sessionID, NULL)) == 1){ // 암호화 handshaking을 위한 init if(security_parse_server_hello(t->sessionID, p) == 1){ // hello 메시지 파싱 D("security_parse_server_hello success\n"); enc_p = get_apacket(); if(security_gen_client_hello(t->sessionID, enc_p) == 1){ // hello 메시지 생성 - D("security_gen_client_hello success\n"); + D("security_gen_client_hello success\n"); enc_p->msg.command = A_ENCR; enc_p->msg.arg0 = ENCR_SET_ON_REQ; enc_p->msg.arg1 = p->msg.arg1; @@ -444,7 +419,7 @@ int handle_encr_packet(apacket* p, atransport *t){ D("security_gen_client_hello error\n"); send_encr_fail(p, t, ENCR_ON_FAIL); // 암호화 on 실패 메시지 전송 t->encryption = ENCR_OFF; // 암호화 모드는 off - security_deinit(t->sessionID); + security_deinit(t->sessionID); return -1; } } @@ -453,7 +428,7 @@ int handle_encr_packet(apacket* p, atransport *t){ send_encr_fail(p, t, ENCR_ON_FAIL); t->encryption = ENCR_OFF; security_deinit(t->sessionID); - + return -1; } } else { // init 실패 @@ -536,7 +511,7 @@ int handle_encr_packet(apacket* p, atransport *t){ } //put_apacket(enc_p); return 0; - + } #endif @@ -1261,10 +1236,6 @@ void start_device_log(void) return; } - if (smack_setlabel(path, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { - D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); - } - // redirect stdout and stderr to the log file dup2(fd, 1); dup2(fd, 2); @@ -2029,17 +2000,6 @@ static void init_capabilities(void) { "%s", UNKNOWN); } - // appid2pid support - ret = is_appid2pid_supported(); - snprintf(g_capabilities.appid2pid_support, sizeof(g_capabilities.appid2pid_support), - "%s", ret == 1 ? ENABLED : DISABLED); - - - // pkgcmd debug mode support - snprintf(g_capabilities.pkgcmd_debugmode, sizeof(g_capabilities.pkgcmd_debugmode), - "%s", ENABLED); - - // Capability version snprintf(g_capabilities.sdbd_cap_version, sizeof(g_capabilities.sdbd_cap_version), "%d.%d", SDBD_CAP_VERSION_MAJOR, SDBD_CAP_VERSION_MINOR); diff --git a/src/sdb.h b/src/sdb.h index b339f26..226da64 100644 --- a/src/sdb.h +++ b/src/sdb.h @@ -279,8 +279,6 @@ typedef struct platform_capabilities char sockproto_support[CAPBUF_ITEMSIZE]; // enabled or disabled char appcmd_support[CAPBUF_ITEMSIZE]; // enabled or disabled char encryption_support[CAPBUF_ITEMSIZE]; // enabled or disabled - char appid2pid_support[CAPBUF_ITEMSIZE]; // enabled or disabled - char pkgcmd_debugmode[CAPBUF_ITEMSIZE]; // enabled or disabled char log_enable[CAPBUF_ITEMSIZE]; // enabled or disabled char log_path[CAPBUF_LL_ITEMSIZE]; // path of sdbd log @@ -549,6 +547,7 @@ int read_line(const int fd, char* ptr, const size_t maxlen); #define USB_FUNCFS_SDB_PATH "/dev/usbgadget/sdb" #define USB_NODE_FILE "/dev/samsung_sdb" +#define SHELL_COMMAND "/bin/sh" int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * const envp[]); void get_env(char *key, char **env); diff --git a/src/sdktools.h b/src/sdktools.h index e73bfec..9027970 100644 --- a/src/sdktools.h +++ b/src/sdktools.h @@ -37,7 +37,6 @@ struct arg_permit_rule #define APPID_MAX_LENGTH 50 #define SDBD_LABEL_NAME "sdbd" #define SDK_HOME_LABEL_NAME "sdbd::home" -#define SDK_SHELL_LABEL_NAME "User::Shell" int verify_root_commands(const char *arg1); int verify_app_path(const char* path); diff --git a/src/services.c b/src/services.c index 2b52bc8..b0f2e08 100644 --- a/src/services.c +++ b/src/services.c @@ -44,7 +44,6 @@ #include "utils.h" #include #include -#include #include #include @@ -409,12 +408,6 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c return -1; } - if (smack_setlabel(devname, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { - D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); - sdb_close(ptm); - return -1; - } - *pid = fork(); if(*pid < 0) { D("- fork failed: errno:%d -\n", errno); @@ -475,7 +468,6 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c } #endif /* !SDB_HOST */ -#define SHELL_COMMAND "/bin/sh-user" #define LOGIN_COMMAND "/bin/login" #define SUPER_USER "root" #define LOGIN_CONFIG "/etc/login.defs" @@ -967,14 +959,6 @@ static void get_capability(int fd, void *cookie) { offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, "appcmd_support", g_capabilities.appcmd_support); - // appid2pid support - offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, - "appid2pid_support", g_capabilities.appid2pid_support); - - // pkgcmd debug mode support - offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, - "pkgcmd_debugmode", g_capabilities.pkgcmd_debugmode); - offset++; // for '\0' character writex(fd, &offset, sizeof(uint16_t)); -- 2.7.4 From 6d784d7cf0b5ef9184be46123361318cb0e26ffb Mon Sep 17 00:00:00 2001 From: greatim Date: Thu, 12 Jan 2017 15:49:37 +0900 Subject: [PATCH 11/16] fix a bug that device is still offline when reboot (USB connected) modify broadcast_transport (send device status) not to send packet to offline devices Change-Id: Iabf9f6987a12f4f091089b5982c5f8cc45ab97f4 Signed-off-by: greatim --- src/transport.c | 59 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/src/transport.c b/src/transport.c index 7811628..8d889e3 100644 --- a/src/transport.c +++ b/src/transport.c @@ -74,6 +74,20 @@ static void dump_hex( const unsigned char* ptr, size_t len ) *pb++ = '\0'; DR("%s\n", buffer); } + +static const char *statename(atransport *t) +{ + switch(t->connection_state){ + case CS_OFFLINE: return "offline"; + case CS_BOOTLOADER: return "bootloader"; + case CS_DEVICE: return "device"; + case CS_HOST: return "host"; + case CS_RECOVERY: return "recovery"; + case CS_SIDELOAD: return "sideload"; + case CS_NOPERM: return "no permissions"; + default: return "unknown"; + } +} #endif void @@ -365,7 +379,7 @@ static void *input_thread(void *_t) } } else { if(active) { - D("%s: transport got packet, sending to remote\n", t->serial); + D("%s: transport got packet, sending to remote, state(%s)\n", t->serial, statename(t)); #ifdef SUPPORT_ENCRYPT if (t->encryption == ENCR_ON && p->msg.command != A_ENCR) // 현재 연결이 암호화 모드이고, 암호화 관련 메시지가 아닌 경우, 메시지를 암호화 @@ -865,20 +879,6 @@ atransport *acquire_one_transport(int state, transport_type ttype, const char* s } #if SDB_HOST -static const char *statename(atransport *t) -{ - switch(t->connection_state){ - case CS_OFFLINE: return "offline"; - case CS_BOOTLOADER: return "bootloader"; - case CS_DEVICE: return "device"; - case CS_HOST: return "host"; - case CS_RECOVERY: return "recovery"; - case CS_SIDELOAD: return "sideload"; - case CS_NOPERM: return "no permissions"; - default: return "unknown"; - } -} - int list_transports(char *buf, size_t bufsize) { char* p = buf; @@ -1068,23 +1068,24 @@ void broadcast_transport(apacket *p) atransport *t; sdb_mutex_lock(&transport_lock); for(t = transport_list.next; t != &transport_list; t = t->next) { - D("broadcast device transport:%d\n", t->connection_state); - apacket* ap = get_apacket(); - copy_packet(ap, p); - send_packet(ap, t); + D("broadcast device transport:%s\n", statename(t)); + if (t->connection_state != CS_OFFLINE && t->connection_state != CS_NOPERM) { + apacket* ap = get_apacket(); + copy_packet(ap, p); + send_packet(ap, t); - if (ap->msg.command == A_STAT && ap->msg.arg1 == 0) { - // lock state message - if (ap->msg.arg0 == 0) { - // unlocked - t->connection_state = CS_DEVICE; - } else { - // locked - t->connection_state = CS_PWLOCK; + if (ap->msg.command == A_STAT && ap->msg.arg1 == 0) { + // lock state message + if (ap->msg.arg0 == 0) { + // unlocked + t->connection_state = CS_DEVICE; + } else { + // locked + t->connection_state = CS_PWLOCK; + } } } - - } + } sdb_mutex_unlock(&transport_lock); } -- 2.7.4 From d728000742c24c5e921d47087e9630f6c2d378d6 Mon Sep 17 00:00:00 2001 From: Munkyu Im Date: Wed, 25 Jan 2017 18:04:22 +0900 Subject: [PATCH 12/16] cap: Add new "pkgcmd_debugmode" capability for pkgcmd debug mode To support screenshot, App should be installed with "pkgcmd -G" command. It is activated by enabling "pkgcmd_debugmode" capability. Change-Id: I0c65fbff2155f6d96cc1cfc39102844fce7c4ea6 Signed-off-by: Munkyu Im --- src/default_plugin_basic.c | 2 ++ src/sdb.c | 9 +++++++++ src/sdb.h | 1 + src/sdbd_plugin.h | 1 + src/services.c | 3 +++ 5 files changed, 16 insertions(+) diff --git a/src/default_plugin_basic.c b/src/default_plugin_basic.c index 91d8df2..1046bdc 100644 --- a/src/default_plugin_basic.c +++ b/src/default_plugin_basic.c @@ -78,6 +78,8 @@ int get_plugin_capability ( parameters* in, parameters* out ) make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", LOG_DIRECTORY ); } else if ( capability == CAPABILITY_APPCMD ) { make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_ENABLED ); + } else if (capability == CAPABILITY_DEBUGMODE ) { + make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_ENABLED ); } else { out->number_of_parameter = 0; free ( out->array_of_parameter ); diff --git a/src/sdb.c b/src/sdb.c index a07a881..a5e853d 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1867,6 +1867,15 @@ static void init_capabilities(void) { } + // pkgcmd debug mode support + if(!request_capability_to_plugin(CAPABILITY_DEBUGMODE, g_capabilities.pkgcmd_debugmode, + sizeof(g_capabilities.pkgcmd_debugmode))) { + D("failed to request. (%d:%d) \n", PLUGIN_SYNC_CMD_CAPABILITY, CAPABILITY_DEBUGMODE); + snprintf(g_capabilities.pkgcmd_debugmode, sizeof(g_capabilities.pkgcmd_debugmode), + "%s", ENABLED); + } + + // Zone support ret = is_container_enabled(); snprintf(g_capabilities.zone_support, sizeof(g_capabilities.zone_support), diff --git a/src/sdb.h b/src/sdb.h index 226da64..fd71307 100644 --- a/src/sdb.h +++ b/src/sdb.h @@ -294,6 +294,7 @@ typedef struct platform_capabilities char sdbd_version[CAPBUF_ITEMSIZE]; // sdbd version char sdbd_plugin_version[CAPBUF_ITEMSIZE]; // sdbd plugin version char sdbd_cap_version[CAPBUF_ITEMSIZE]; // capability version + char pkgcmd_debugmode[CAPBUF_ITEMSIZE]; // enabled or disabled } pcap; extern pcap g_capabilities; diff --git a/src/sdbd_plugin.h b/src/sdbd_plugin.h index e98ef69..0a9287a 100644 --- a/src/sdbd_plugin.h +++ b/src/sdbd_plugin.h @@ -73,6 +73,7 @@ #define CAPABILITY_LOG_PATH 10010 #define CAPABILITY_APPCMD 10011 #define CAPABILITY_ENCRYPTION 10012 +#define CAPABILITY_DEBUGMODE 10013 // =============================================================================== // priority definition diff --git a/src/services.c b/src/services.c index b0f2e08..6b61d94 100644 --- a/src/services.c +++ b/src/services.c @@ -955,6 +955,9 @@ static void get_capability(int fd, void *cookie) { offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, "log_path", g_capabilities.log_path); + offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, + "pkgcmd_debugmode", g_capabilities.pkgcmd_debugmode); + // Application command support offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, "appcmd_support", g_capabilities.appcmd_support); -- 2.7.4 From 588e1ea24c365e37236010893a42f5c07b8db890 Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Tue, 7 Feb 2017 15:50:10 +0900 Subject: [PATCH 13/16] Revert "Revert "Revert "Revert "Modify the SMACK label for SDB shell."""" This reverts commit b3894c7aa4e819c5cde88c7d389fb8300af6fdb1. Change-Id: I98cbf82cdc47392e8c3b8038c0e395bcc9e6ac3b Signed-off-by: Sooyoung Ha --- packaging/sdbd.spec | 4 ++++ src/default_plugin_appcmd.c | 5 +++-- src/sdb.c | 54 +++++++++++++++++++++++++++++++++++++++------ src/sdb.h | 3 ++- src/sdktools.h | 1 + src/services.c | 16 ++++++++++++++ 6 files changed, 73 insertions(+), 10 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index bc9408f..15eb808 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -109,6 +109,10 @@ if ! getent passwd "${TZ_SDK_USER_NAME}" > /dev/null; then done fi +cp -f /bin/sh /bin/sh-user +chsmack -a "_" /bin/sh-user +chsmack -e "User::Shell" /bin/sh-user + %files %manifest sdbd.manifest %license LICENSE diff --git a/src/default_plugin_appcmd.c b/src/default_plugin_appcmd.c index 07a41d1..c929cf2 100644 --- a/src/default_plugin_appcmd.c +++ b/src/default_plugin_appcmd.c @@ -38,6 +38,7 @@ #include +#define SHELL_COMMAND "/bin/sh" #define APPCMD_RESULT_BUFSIZE (4096) typedef struct appcmd_info appcmd_info; @@ -650,10 +651,10 @@ static void run_appcmd_appinstallpath(appcmd_info* p_info) { p_info->exitcode = -1; - const char* path = tzplatform_getenv(TZ_SDK_HOME); + const char* path = tzplatform_getenv(TZ_SDK_TOOLS); if (path != NULL) { p_info->exitcode = 0; - snprintf(result_buf, sizeof(result_buf), "\n%s:%s/apps_rw/\n", MESSAGE_PREFIX_APPCMD_RETURN, path); + snprintf(result_buf, sizeof(result_buf), "\n%s:%s\n", MESSAGE_PREFIX_APPCMD_RETURN, path); writex(p_info->fd, result_buf, strlen(result_buf)); } else { D("failed to get application install path from tzplatform_getenv."); diff --git a/src/sdb.c b/src/sdb.c index a5e853d..452616f 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -31,6 +31,7 @@ #include #include #include +#include #include "sysdeps.h" #include "log.h" @@ -58,6 +59,7 @@ #define PROC_CMDLINE_PATH "/proc/cmdline" #define USB_SERIAL_PATH "/sys/class/usb_mode/usb0/iSerial" +#define APPID2PID_PATH "/usr/bin/appid2pid" #include #include @@ -125,6 +127,29 @@ int is_emulator(void) { #endif } +int is_appid2pid_supported(void) { + + if (access(APPID2PID_PATH, F_OK) == 0) { + /* It is necessary to confirm that it is possible + * to run "appid2pid" in the sdk user/group privileges. */ + struct stat st; + if (stat(APPID2PID_PATH, &st) == 0) { + D("appid2pid uid=%d, gid=%d, mode=0x%x.\n", st.st_uid, st.st_gid, st.st_mode); + if ( (st.st_uid == STATIC_SDK_USER_ID && st.st_mode & S_IXUSR) + || (st.st_gid == STATIC_SDK_GROUP_ID && st.st_mode & S_IXGRP) + || (st.st_mode & S_IXOTH) ) { + D("appid2pid is supported.\n"); + return 1; + } + } + } else { + D("failed to access appid2pid file: %d\n", errno); + } + + D("appid2pid is NOT supported.\n"); + return 0; +} + int is_container_enabled(void) { bool value; int ret; @@ -373,7 +398,7 @@ void print_packet(const char *label, apacket *p) #endif #ifdef SUPPORT_ENCRYPT -/* +/* desc. : 암호화 실패 메시지 전송 parameter : [in] apacket* p : sdbd로 들어온 메시지 [in] atransport *t : 현재 연결에 대한 atransport @@ -389,7 +414,7 @@ void send_encr_fail(apacket* p, atransport *t, unsigned failed_value){ //put_apacket(enc_p); } -/* +/* desc. : 암호화 메시지 핸들링 parameter : [in] apacket* p : sdbd로 들어온 메시지 [in/out] atransport *t : 현재 연결에 대한 atransport @@ -403,12 +428,12 @@ int handle_encr_packet(apacket* p, atransport *t){ if(p->msg.arg0 == ENCR_SET_ON_REQ){ // hello 메시지인 경우 t->sessionID = sessionID; - if((retVal = security_init(t->sessionID, NULL)) == 1){ // 암호화 handshaking을 위한 init + if((retVal = security_init(t->sessionID, NULL)) == 1){ // 암호화 handshaking을 위한 init if(security_parse_server_hello(t->sessionID, p) == 1){ // hello 메시지 파싱 D("security_parse_server_hello success\n"); enc_p = get_apacket(); if(security_gen_client_hello(t->sessionID, enc_p) == 1){ // hello 메시지 생성 - D("security_gen_client_hello success\n"); + D("security_gen_client_hello success\n"); enc_p->msg.command = A_ENCR; enc_p->msg.arg0 = ENCR_SET_ON_REQ; enc_p->msg.arg1 = p->msg.arg1; @@ -419,7 +444,7 @@ int handle_encr_packet(apacket* p, atransport *t){ D("security_gen_client_hello error\n"); send_encr_fail(p, t, ENCR_ON_FAIL); // 암호화 on 실패 메시지 전송 t->encryption = ENCR_OFF; // 암호화 모드는 off - security_deinit(t->sessionID); + security_deinit(t->sessionID); return -1; } } @@ -428,7 +453,7 @@ int handle_encr_packet(apacket* p, atransport *t){ send_encr_fail(p, t, ENCR_ON_FAIL); t->encryption = ENCR_OFF; security_deinit(t->sessionID); - + return -1; } } else { // init 실패 @@ -511,7 +536,7 @@ int handle_encr_packet(apacket* p, atransport *t){ } //put_apacket(enc_p); return 0; - + } #endif @@ -1236,6 +1261,10 @@ void start_device_log(void) return; } + if (smack_setlabel(path, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { + D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); + } + // redirect stdout and stderr to the log file dup2(fd, 1); dup2(fd, 2); @@ -2009,6 +2038,17 @@ static void init_capabilities(void) { "%s", UNKNOWN); } + // appid2pid support + ret = is_appid2pid_supported(); + snprintf(g_capabilities.appid2pid_support, sizeof(g_capabilities.appid2pid_support), + "%s", ret == 1 ? ENABLED : DISABLED); + + + // pkgcmd debug mode support + snprintf(g_capabilities.pkgcmd_debugmode, sizeof(g_capabilities.pkgcmd_debugmode), + "%s", ENABLED); + + // Capability version snprintf(g_capabilities.sdbd_cap_version, sizeof(g_capabilities.sdbd_cap_version), "%d.%d", SDBD_CAP_VERSION_MAJOR, SDBD_CAP_VERSION_MINOR); diff --git a/src/sdb.h b/src/sdb.h index fd71307..0c4f7cc 100644 --- a/src/sdb.h +++ b/src/sdb.h @@ -279,6 +279,8 @@ typedef struct platform_capabilities char sockproto_support[CAPBUF_ITEMSIZE]; // enabled or disabled char appcmd_support[CAPBUF_ITEMSIZE]; // enabled or disabled char encryption_support[CAPBUF_ITEMSIZE]; // enabled or disabled + char appid2pid_support[CAPBUF_ITEMSIZE]; // enabled or disabled + char pkgcmd_debugmode[CAPBUF_ITEMSIZE]; // enabled or disabled char log_enable[CAPBUF_ITEMSIZE]; // enabled or disabled char log_path[CAPBUF_LL_ITEMSIZE]; // path of sdbd log @@ -548,7 +550,6 @@ int read_line(const int fd, char* ptr, const size_t maxlen); #define USB_FUNCFS_SDB_PATH "/dev/usbgadget/sdb" #define USB_NODE_FILE "/dev/samsung_sdb" -#define SHELL_COMMAND "/bin/sh" int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * const envp[]); void get_env(char *key, char **env); diff --git a/src/sdktools.h b/src/sdktools.h index 9027970..e73bfec 100644 --- a/src/sdktools.h +++ b/src/sdktools.h @@ -37,6 +37,7 @@ struct arg_permit_rule #define APPID_MAX_LENGTH 50 #define SDBD_LABEL_NAME "sdbd" #define SDK_HOME_LABEL_NAME "sdbd::home" +#define SDK_SHELL_LABEL_NAME "User::Shell" int verify_root_commands(const char *arg1); int verify_app_path(const char* path); diff --git a/src/services.c b/src/services.c index 6b61d94..2e1b577 100644 --- a/src/services.c +++ b/src/services.c @@ -44,6 +44,7 @@ #include "utils.h" #include #include +#include #include #include @@ -408,6 +409,12 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c return -1; } + if (smack_setlabel(devname, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { + D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); + sdb_close(ptm); + return -1; + } + *pid = fork(); if(*pid < 0) { D("- fork failed: errno:%d -\n", errno); @@ -468,6 +475,7 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c } #endif /* !SDB_HOST */ +#define SHELL_COMMAND "/bin/sh-user" #define LOGIN_COMMAND "/bin/login" #define SUPER_USER "root" #define LOGIN_CONFIG "/etc/login.defs" @@ -962,6 +970,14 @@ static void get_capability(int fd, void *cookie) { offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, "appcmd_support", g_capabilities.appcmd_support); + // appid2pid support + offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, + "appid2pid_support", g_capabilities.appid2pid_support); + + // pkgcmd debug mode support + offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE, + "pkgcmd_debugmode", g_capabilities.pkgcmd_debugmode); + offset++; // for '\0' character writex(fd, &offset, sizeof(uint16_t)); -- 2.7.4 From 79579f5f65b6692dd234d7f031066d5971a0395b Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Tue, 7 Feb 2017 15:51:18 +0900 Subject: [PATCH 14/16] Revert "Revert "remove smack_setlabel function usage for security reason"" This reverts commit 9acf96cbd8e41c699e2f059c1bef256910215178. Change-Id: I75479ca94a011a79764556da3776587addf413c1 Signed-off-by: Sooyoung Ha --- packaging/sdbd.spec | 2 ++ packaging/sdbd_device.service | 3 +-- packaging/sdbd_emulator.service | 3 +-- packaging/sdbd_tcp.service | 2 +- src/default_plugin_basic.c | 11 +++++++++-- src/file_sync_service.c | 4 +++- src/sdb.c | 4 ---- src/services.c | 6 ------ 8 files changed, 17 insertions(+), 18 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 15eb808..6ddcae3 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -112,6 +112,8 @@ fi cp -f /bin/sh /bin/sh-user chsmack -a "_" /bin/sh-user chsmack -e "User::Shell" /bin/sh-user +mkdir -p %{TZ_SDK_HOME}/share/sdbdlog +chown owner:users %{TZ_SDK_HOME}/share/sdbdlog %files %manifest sdbd.manifest diff --git a/packaging/sdbd_device.service b/packaging/sdbd_device.service index cd60922..0537fcd 100644 --- a/packaging/sdbd_device.service +++ b/packaging/sdbd_device.service @@ -6,11 +6,10 @@ After=tmp.mount [Service] Type=forking #location of SDBD log file -#Environment=SDBD_LOG_PATH=/tmp EnvironmentFile=-/run/tizen-system-env PIDFile=/tmp/.sdbd.pid Restart=on-failure -SmackProcessLabel=System::Privileged +SmackProcessLabel=System ExecStart=/usr/sbin/sdbd [Install] diff --git a/packaging/sdbd_emulator.service b/packaging/sdbd_emulator.service index bed8cce..2129436 100644 --- a/packaging/sdbd_emulator.service +++ b/packaging/sdbd_emulator.service @@ -7,12 +7,11 @@ After=tmp.mount dbus.service [Service] Type=forking #location of SDBD log file -#Environment=SDBD_LOG_PATH=/tmp Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes #ExecStartPre=/bin/bash -c "/bin/echo '10.0.2.15/32 system::debugging_network' >> /smack/netlabel" -SmackProcessLabel=System::Privileged +SmackProcessLabel=System ExecStart=/bin/sh -c "/usr/sbin/sdbd `/usr/bin/awk '{match($0, /sdb_port=([0-9]+)/,port_match); match($0, /vm_name=([^, ]*)/,vm_match); print \"--emulator=\" vm_match[1] \":\" port_match[1] \" --connect-to=10.0.2.2:26099\" \" --sensors=10.0.2.2:\"port_match[1]+3 }' /proc/cmdline`" [Install] diff --git a/packaging/sdbd_tcp.service b/packaging/sdbd_tcp.service index e360a7c..ade025c 100644 --- a/packaging/sdbd_tcp.service +++ b/packaging/sdbd_tcp.service @@ -7,5 +7,5 @@ Type=forking Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid RemainAfterExit=yes -SmackProcessLabel=System::Privileged +SmackProcessLabel=System ExecStart=/usr/sbin/sdbd --listen-port=26101 diff --git a/src/default_plugin_basic.c b/src/default_plugin_basic.c index 1046bdc..6078e7e 100644 --- a/src/default_plugin_basic.c +++ b/src/default_plugin_basic.c @@ -20,6 +20,8 @@ #include #include +#include + #define TRACE_TAG TRACE_SDB #include "log.h" @@ -28,7 +30,7 @@ #include "sdbd_plugin.h" #include "sdktools.h" -#define LOG_DIRECTORY "/tmp" +#define LOG_DIRECTORY "/home/owner/share/sdbdlog" int get_plugin_capability ( parameters* in, parameters* out ) { @@ -75,7 +77,12 @@ int get_plugin_capability ( parameters* in, parameters* out ) } else if ( capability == CAPABILITY_LOG_ENABLE ) { make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_DISABLED ); } else if ( capability == CAPABILITY_LOG_PATH ) { - make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", LOG_DIRECTORY ); + const char* sdkhome = tzplatform_getenv(TZ_SDK_HOME); + if (sdkhome != NULL) { + make_string_parameter ( & ( out->array_of_parameter[0] ), "%s/share/sdbdlog", sdkhome ); + } else { + make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", LOG_DIRECTORY ); + } } else if ( capability == CAPABILITY_APPCMD ) { make_string_parameter ( & ( out->array_of_parameter[0] ), "%s", PLUGIN_RET_ENABLED ); } else if (capability == CAPABILITY_DEBUGMODE ) { diff --git a/src/file_sync_service.c b/src/file_sync_service.c index 4dd0860..81f6841 100644 --- a/src/file_sync_service.c +++ b/src/file_sync_service.c @@ -77,6 +77,7 @@ void init_sdk_sync_permit_rule_regx(void) } } +#if 0 static void set_syncfile_smack_label(char *src) { char *label_transmuted = NULL; char *label = NULL; @@ -127,6 +128,7 @@ static void set_syncfile_smack_label(char *src) { */ } } +#endif static int sync_send_label_notify(int s, const char *path, int success) { @@ -157,7 +159,7 @@ static void sync_read_label_notify(int s) char *path = buffer; path++; path++; - set_syncfile_smack_label(path); + // set_syncfile_smack_label(path); } } diff --git a/src/sdb.c b/src/sdb.c index 452616f..6d2bf42 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1261,10 +1261,6 @@ void start_device_log(void) return; } - if (smack_setlabel(path, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { - D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); - } - // redirect stdout and stderr to the log file dup2(fd, 1); dup2(fd, 2); diff --git a/src/services.c b/src/services.c index 2e1b577..cafffc9 100644 --- a/src/services.c +++ b/src/services.c @@ -409,12 +409,6 @@ int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], char * c return -1; } - if (smack_setlabel(devname, SDK_SHELL_LABEL_NAME, SMACK_LABEL_ACCESS) == -1) { - D("unable to set sdk shell smack label %s due to (errno:%d)\n", SDK_SHELL_LABEL_NAME, errno); - sdb_close(ptm); - return -1; - } - *pid = fork(); if(*pid < 0) { D("- fork failed: errno:%d -\n", errno); -- 2.7.4 From f1ae83204b3faf6f7d2590efa987074cf0bbf200 Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Tue, 7 Feb 2017 15:51:40 +0900 Subject: [PATCH 15/16] Revert "Revert "remove mkdir for sdbd log file"" This reverts commit bdaaa8e914baf89a727c013d6b3e00a81a100aff. Change-Id: I980f16a44b33c0e8a60be956d04e9d36541d81ca Signed-off-by: Sooyoung Ha --- packaging/sdbd.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 6ddcae3..dc10820 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -112,8 +112,8 @@ fi cp -f /bin/sh /bin/sh-user chsmack -a "_" /bin/sh-user chsmack -e "User::Shell" /bin/sh-user -mkdir -p %{TZ_SDK_HOME}/share/sdbdlog -chown owner:users %{TZ_SDK_HOME}/share/sdbdlog +#mkdir -p %{TZ_SDK_HOME}/share/sdbdlog +#chown owner:users %{TZ_SDK_HOME}/share/sdbdlog %files %manifest sdbd.manifest -- 2.7.4 From e95df470e413ac5bf5fe76fbec00cec8c5ae2a0b Mon Sep 17 00:00:00 2001 From: Sooyoung Ha Date: Tue, 7 Feb 2017 15:52:06 +0900 Subject: [PATCH 16/16] Revert "Revert "remove mkdir again for sdbd log file"" This reverts commit 22ee2bf467e3e798ee9b0811fef172e6b231f93a. Change-Id: Ibdb42d07d508fe53f49ba75f4d0c2a9bff7d9df9 Signed-off-by: Sooyoung Ha --- packaging/sdbd.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index dc10820..1374f57 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -2,7 +2,7 @@ Name: sdbd Summary: SDB daemon -Version: 3.0.13 +Version: 3.0.14 Release: 0 License: Apache-2.0 Summary: SDB daemon @@ -112,8 +112,6 @@ fi cp -f /bin/sh /bin/sh-user chsmack -a "_" /bin/sh-user chsmack -e "User::Shell" /bin/sh-user -#mkdir -p %{TZ_SDK_HOME}/share/sdbdlog -#chown owner:users %{TZ_SDK_HOME}/share/sdbdlog %files %manifest sdbd.manifest -- 2.7.4