From 90e7d64867b5d4227a7b14b0992b25a0970164b5 Mon Sep 17 00:00:00 2001 From: Youngsoo Choi Date: Tue, 23 Feb 2021 22:37:38 -0800 Subject: [PATCH] Check thread smack label for thread-based app model Web app has been launched on a process but web service app is launched on a thread and has thread-based app sandboxing by smack rule. So, the thread smack label needs to be checked from the path |/proc//attr/current|. Also, checking thread smack label is compatible with process-based web app because main thread inherits its process smack label from the path |/proc/self/attr/current|. Change-Id: I7098ff0672ab4fbb41d1df4e05e435a6cff6e5fc Signed-off-by: Youngsoo Choi --- src/package_manager_internal.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/package_manager_internal.c b/src/package_manager_internal.c index 74fe41b..512821c 100644 --- a/src/package_manager_internal.c +++ b/src/package_manager_internal.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include @@ -29,6 +30,7 @@ #include "package_manager_internal.h" #define MAX_SMACK_LABEL_LEN 255 +#define gettid() syscall(SYS_gettid) typedef struct _foreach_pkg_context_ { package_manager_package_info_cb callback; @@ -44,8 +46,18 @@ int check_privilege(privilege_type type) char uid[10]; char *session; const char *privilege; + unsigned long pid = getpid(); + unsigned long tid = gettid(); - fd = open("/proc/self/attr/current", O_RDONLY); + if (pid == tid) { + fd = open("/proc/self/attr/current", O_RDONLY); + } else { + // Check current thread smack label. + char path[256] = { 0 }; + pid = tid; + snprintf(path, sizeof(path), "/proc/%lu/attr/current", tid); + fd = open(path, O_RDONLY); + } if (fd < 0) { LOGE("open failed: %d", errno); return PACKAGE_MANAGER_ERROR_IO_ERROR; @@ -66,7 +78,7 @@ int check_privilege(privilege_type type) } snprintf(uid, 10, "%d", getuid()); - session = cynara_session_from_pid(getpid()); + session = cynara_session_from_pid(pid); switch (type) { case PRIVILEGE_PACKAGE_MANAGER_INFO: -- 2.7.4