[Verification] Try to run 2 instances of key-manager. It should fail.
key-manager-listener should not start key-manager.
Change-Id: Ifa0d6244738b4a48b153e066d5b49fbd967a316a
#define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
#endif
+namespace {
+const char* const CKM_LOCK = "/var/run/key-manager.pid";
+};
+
void daemonize()
{
// Let's operate in background
SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "%s", str);
}
+bool isCkmRunning()
+{
+ int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR));
+ if (lock == -1)
+ return false;
+
+ int ret = lockf(lock, F_TEST, 0);
+ close(lock);
+
+ // if lock test fails because of an error assume ckm is running
+ return (0 != ret);
+}
+
void callUpdateCCMode()
{
- // TODO make it call ckm only if it's already running (lock file)
+ if(!isCkmRunning())
+ return;
+
auto control = CKM::Control::create();
int ret = control->updateCCMode();
${COMMON_PATH}/common/key-impl.cpp
${COMMON_PATH}/common/pkcs12-impl.cpp
${COMMON_PATH}/common/descriptor-set.cpp
+ ${COMMON_PATH}/common/file-lock.cpp
${COMMON_PATH}/dpl/log/src/abstract_log_provider.cpp
${COMMON_PATH}/dpl/log/src/dlog_log_provider.cpp
${COMMON_PATH}/dpl/log/src/log.cpp
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file file-lock.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#include "file-lock.h"
+
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <string.h>
+
+#include <stdexcept>
+#include <string>
+#include <sstream>
+
+#include <stringify.h>
+
+namespace CKM {
+
+namespace {
+
+// TODO replace it with custom exception when they are implemented
+template <typename... Args>
+std::runtime_error io_exception(const Args&... args)
+{
+ return std::runtime_error(stringify(args...));
+};
+
+} // namespace anonymous
+
+FileLock::FileLock(const char* const file)
+{
+ // Open lock file
+ m_lockFd = TEMP_FAILURE_RETRY(creat(file, 0644));
+ if (m_lockFd == -1) {
+ throw io_exception("Cannot open lock file. Errno: ", strerror(errno));
+ }
+
+ if (-1 == lockf(m_lockFd, F_TLOCK, 0)) {
+ if (errno == EACCES || errno == EAGAIN)
+ throw io_exception("Can't acquire lock. Another instance must be running.");
+ else
+ throw io_exception("Can't acquire lock. Errno: ", strerror(errno));
+ }
+
+ std::string pid = std::to_string(getpid());
+
+ ssize_t written = TEMP_FAILURE_RETRY(write(m_lockFd, pid.c_str(), pid.size()));
+ if (-1 == written || static_cast<ssize_t>(pid.size()) > written)
+ throw io_exception("Can't write file lock. Errno: ", strerror(errno));
+
+ int ret = fsync(m_lockFd);
+ if (-1 == ret)
+ throw io_exception("Fsync failed. Errno: ",strerror(errno));
+}
+
+FileLock::~FileLock()
+{
+ // this will also release the lock
+ close(m_lockFd);
+}
+
+} /* namespace CKM */
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file file-lock.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ */
+
+#pragma once
+
+#include <noncopyable.h>
+
+namespace CKM {
+
+class FileLock
+{
+public:
+ explicit FileLock(const char* const file);
+ ~FileLock();
+
+ NONCOPYABLE(FileLock);
+
+ FileLock(FileLock&&) = default;
+ FileLock& operator=(FileLock&&) = default;
+
+private:
+ int m_lockFd;
+};
+
+} /* namespace CKM */
#include <key-provider.h>
#include <CryptoService.h>
+#include <file-system.h>
IMPLEMENT_SAFE_SINGLETON(CKM::Log::LogSystem);
{
CKM::Singleton<CKM::Log::LogSystem>::Instance().SetTag("CKM");
+ int retCode = CKM::FileSystem::init();
+ if (retCode) {
+ LogError("Fatal error in FileSystem::init()");
+ return 1;
+ }
+
+ CKM::FileLock fl = CKM::FileSystem::lock();
+
sigset_t mask;
sigemptyset(&mask);
sigaddset(&mask, SIGTERM);
LogError("Error in pthread_sigmask");
return 1;
}
- LogInfo("Init external liblaries SKMM and openssl");
+ LogInfo("Init external libraries SKMM and openssl");
SSL_load_error_strings();
SSL_library_init();
EVP_cleanup();
ERR_free_strings();
}
+ catch (const std::runtime_error& e)
+ {
+ LogError(e.what());
+ }
UNHANDLED_EXCEPTION_HANDLER_END
return 0;
}
CKMLogic::CKMLogic() : m_ccMode(false)
{
- int retCode = FileSystem::init();
- // TODO what can I do when init went wrong? exit(-1) ??
- if (retCode) {
- LogError("Fatal error in FileSystem::init()");
- }
-
if (CKM_API_SUCCESS != m_certStore.setSystemCertificateDir(CERT_SYSTEM_DIR)) {
LogError("Fatal error in CertificateStore::setSystemCertificateDir. Chain creation will not work");
}
#include <key-provider.h>
#include <crypto-logic.h>
#include <certificate-store.h>
+#include <file-lock.h>
namespace CKM {
std::map<uid_t, UserData> m_userDataMap;
CertificateStore m_certStore;
bool m_ccMode;
+ //FileLock m_lock;
};
} // namespace CKM
namespace {
-static const std::string CKM_DATA_PATH = "/opt/data/ckm/";
-static const std::string CKM_KEY_PREFIX = "key-";
-static const std::string CKM_DB_KEY_PREFIX = "db-key-";
-static const std::string CKM_DB_PREFIX = "db-";
-static const std::string CKM_REMOVED_APP_PREFIX = "removed-app-";
+const std::string CKM_DATA_PATH = "/opt/data/ckm/";
+const std::string CKM_KEY_PREFIX = "key-";
+const std::string CKM_DB_KEY_PREFIX = "db-key-";
+const std::string CKM_DB_PREFIX = "db-";
+const std::string CKM_REMOVED_APP_PREFIX = "removed-app-";
+const std::string CKM_LOCK_FILE = "/var/run/key-manager.pid";
} // namespace anonymous
return retCode;
}
+FileLock FileSystem::lock()
+{
+ FileLock fl(CKM_LOCK_FILE.c_str());
+ return fl;
+}
+
} // namespace CKM
#include <ckm/ckm-type.h>
#include <string>
+#include <file-lock.h>
namespace CKM {
static int init();
static UidVector getUIDsFromDBFile();
+ static FileLock lock();
virtual ~FileSystem(){}
protected: