pid_t pid; /* Client process's PID */
char *path; /* Client process's cmd line string */
int *permissions; /* Array of GID that the client process has */
- char *smack_label; /* SMACK label of the client process */
+ char *smack_label; /* SMACK label of the client process */
+ char is_roots_process; /* Is cookie belongs to roots process */
struct _cookie_list *prev; /* Next cookie list */
struct _cookie_list *next; /* Previous cookie list */
} cookie_list;
if(current == NULL)
break;
+ //searching for cookie
if(memcmp(current->cookie, cookie, SECURITY_SERVER_COOKIE_LEN) == 0)
{
SEC_SVR_DBG("%s", "cookie has been found");
- /* default cookie is for root process which is pid is set to 0 */
- if(current->pid == 0 || privilege == 0)
- {
- retval = current;
- goto finish;
- }
- else
+ //check if this cookie belongs to root process
+ if(current->is_roots_process == 1)
+ {
+ SEC_SVR_DBG("%s", "Root process cookie, special privileges");
+ //we can skip privilege checking
+ retval = current;
+ goto finish;
+ }
+
+ for(i=0 ; i < current->permission_len ; i++)
{
- for(i=0 ; i < current->permission_len ; i++)
+ if(privilege == current->permissions[i])
{
- if(privilege == current->permissions[i])
- {
- SEC_SVR_DBG("Found privilege %d", privilege);
- retval = current;
- goto finish;
- }
+ SEC_SVR_DBG("Found privilege %d", privilege);
+ retval = current;
+ goto finish;
}
}
}
SEC_SVR_DBG("%s","Cannot create a cookie");
goto error;
}
+
+ //let others know if this cookie belongs to root process
+ if(client_uid == 0)
+ created_cookie->is_roots_process = 1;
+ else
+ created_cookie->is_roots_process = 0;
+
//}
/* send cookie as response */
retval = send_cookie(sockfd, created_cookie->cookie);
projects / framework / security / security-server.git / commitdiff