From: Bartlomiej Grzelewski Date: Wed, 26 Aug 2015 11:35:19 +0000 (+0200) Subject: Reimplement security-manager mockup. X-Git-Tag: accepted/tizen/mobile/20150908.231847~4 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fsecurity%2Fkey-manager.git;a=commitdiff_plain;h=33860153791e816020a392c7ca235f1bb3e983f9 Reimplement security-manager mockup. New version of mockup will try to translate smack label into pkgId by removing prefix "User::App::". Change-Id: I54316ec1c8e8061cedf09f19016576d202e1e9f1 --- diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 30d56ab..4abb93d 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -21,9 +21,9 @@ IF (MOCKUP_SM MATCHES "ON") MESSAGE(FATAL_ERROR "You cannot compile release version with mockups!") ENDIF (CMAKE_BUILD_TYPE MATCHES "RELEASE") MESSAGE("USING MOCKUP INSTEAD SECURITY MANAGER") - SET(SECURITY_MANAGER_PATH ${KEY_MANAGER_PATH}/main/socket-2-id-mockup.cpp) + SET(SECURITY_MANAGER_WRAPPER_PATH ${KEY_MANAGER_PATH}/main/socket-2-id-mockup.cpp) ELSE (MOCKUP_SM MATCHES "ON") - SET(SECURITY_MANAGER_PATH ${KEY_MANAGER_PATH}/main/socket-2-id.cpp) + SET(SECURITY_MANAGER_WRAPPER_PATH ${KEY_MANAGER_PATH}/main/socket-2-id-wrapper.cpp) ENDIF (MOCKUP_SM MATCHES "ON") SET(KEY_MANAGER_SOURCES @@ -32,6 +32,7 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/main/key-manager-main.cpp ${KEY_MANAGER_PATH}/main/smack-check.cpp ${KEY_MANAGER_PATH}/main/thread-service.cpp + ${KEY_MANAGER_PATH}/main/socket-2-id.cpp ${KEY_MANAGER_PATH}/service/certificate-store.cpp ${KEY_MANAGER_PATH}/service/certificate-config.cpp ${KEY_MANAGER_PATH}/service/digest.cpp @@ -67,7 +68,7 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/crypto/platform/decider.cpp ${KEY_MANAGER_PATH}/crypto/tz-backend/key.cpp ${KEY_MANAGER_PATH}/crypto/tz-backend/store.cpp - ${SECURITY_MANAGER_PATH} + ${SECURITY_MANAGER_WRAPPER_PATH} ) # -fPIE and -pie flag is added for ASLR diff --git a/src/manager/main/socket-2-id-mockup.cpp b/src/manager/main/socket-2-id-mockup.cpp index d031a02..889e8ea 100644 --- a/src/manager/main/socket-2-id-mockup.cpp +++ b/src/manager/main/socket-2-id-mockup.cpp @@ -18,50 +18,40 @@ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) * @version 1.0 */ -#include -#include -#include - -#include +#include #include #include #include namespace CKM { -namespace { -int getCredentialsFromSocket(int sock, std::string &res) { - std::vector result(1); - socklen_t length = 1; +int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId) { + static const std::string SMACK_PREFIX_APPID = "User::App::"; - if ((0 > getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length)) - && errno != ERANGE) - { - LogError("getsockopt failed"); + if (smack.empty()) { + LogError("Smack is empty. Connection will be rejected"); return -1; } - result.resize(length); + if (smack.compare(0, SMACK_PREFIX_APPID.size(), SMACK_PREFIX_APPID)) { + pkgId = "/" + smack; + LogDebug("Smack: " << smack << " Was translated to owner id: " << pkgId); + return 0; + } + + std::string appId = smack.substr(SMACK_PREFIX_APPID.size(), std::string::npos); - if (0 > getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length)) { - LogError("getsockopt failed"); + if (appId.empty()) { + LogError("After conversion (smack->pkgId) pkgId is empty. Label: " << appId); return -1; } - result.push_back('\0'); - res = result.data(); - return 0; -} - -int getPkgIdFromSmack(const std::string &smack, std::string &pkgId) { - pkgId = smack; + pkgId = std::move(appId); + LogDebug("Smack: " << smack << " Was translated to owner id: " << pkgId); return 0; } -} // namespace anonymous - - int Socket2Id::translate(int sock, std::string &result) { std::string smack; std::string pkgId; @@ -74,13 +64,9 @@ int Socket2Id::translate(int sock, std::string &result) { return -1; } - result = pkgId; + result = std::move(pkgId); return 0; } -void Socket2Id::resetCache() { - m_stringMap.clear(); -} - } // namespace CKM diff --git a/src/manager/main/socket-2-id-wrapper.cpp b/src/manager/main/socket-2-id-wrapper.cpp new file mode 100644 index 0000000..c597953 --- /dev/null +++ b/src/manager/main/socket-2-id-wrapper.cpp @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file socket-2-id-wrapper.cpp + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#include + +#include + +#include +#include +#include + +namespace CKM { + +int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId) { + // TODO + // Conversion from smack label to pkgId should be done + // by security-manager. Current version of security-manager + // does not support this feature yet. + + static const std::string SMACK_PREFIX_APPID = "User::App::"; + + if (smack.empty()) { + LogError("Smack is empty. Connection will be rejected"); + return -1; + } + + if (smack.compare(0, SMACK_PREFIX_APPID.size(), SMACK_PREFIX_APPID)) { + pkgId = "/" + smack; + LogDebug("Smack: " << smack << " Was translated to owner id: " << pkgId); + return 0; + } + + std::string appId = smack.substr(SMACK_PREFIX_APPID.size(), std::string::npos); + + char *pkg = nullptr; + + if (0 > security_manager_get_app_pkgid(&pkg, appId.c_str())) { + LogError("Error in security_manager_get_app_pkgid"); + return -1; + } + + if (!pkg) { + LogError("PkgId could not be NULL"); + return -1; + } + + pkgId = pkg; + free(pkg); + LogDebug("Smack: " << smack << " Was translated to owner id: " << pkgId); + return 0; +} + +int Socket2Id::translate(int sock, std::string &result) { + std::string smack; + + if (0 > getCredentialsFromSocket(sock, smack)) { + return -1; + } + + StringMap::iterator it = m_stringMap.find(smack); + + if (it != m_stringMap.end()) { + result = it->second; + return 0; + } + + std::string pkgId; + if (0 > getPkgIdFromSmack(smack, pkgId)) { + return -1; + } + + result = pkgId; + m_stringMap.emplace(std::move(smack), std::move(pkgId)); + return 0; +} + +} // namespace CKM + diff --git a/src/manager/main/socket-2-id.cpp b/src/manager/main/socket-2-id.cpp index b522b5f..40cd714 100644 --- a/src/manager/main/socket-2-id.cpp +++ b/src/manager/main/socket-2-id.cpp @@ -22,102 +22,50 @@ #include #include -#include - #include #include #include namespace CKM { -namespace { - -int getCredentialsFromSocket(int sock, std::string &res) { - std::vector result(1); - socklen_t length = 1; - - if ((0 > getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length)) - && errno != ERANGE) - { - LogError("getsockopt failed"); - return -1; - } - - result.resize(length); - - if (0 > getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length)) { - LogError("getsockopt failed"); - return -1; - } - - result.push_back('\0'); - res = result.data(); - return 0; -} - -int getPkgIdFromSmack(const std::string &smack, std::string &pkgId) { - // TODO - // Conversion from smack label to pkgId should be done - // by security-manager. Current version of security-manager - // does not support this feature yet. - static const std::string SMACK_PREFIX_APPID = "User::App::"; - - if (smack.empty()) { - LogError("Smack is empty. Connection will be rejected"); - return -1; - } - - if (smack.compare(0, SMACK_PREFIX_APPID.size(), SMACK_PREFIX_APPID)) { - pkgId = "/" + smack; - LogDebug("Smack: " << smack << " Was translated to owner id: " << pkgId); - return 0; - } - - std::string appId = smack.substr(SMACK_PREFIX_APPID.size(), std::string::npos); - - char *pkg = nullptr; +namespace { - if (0 > security_manager_get_app_pkgid(&pkg, appId.c_str())) { - LogError("Error in security_manager_get_app_pkgid"); +int assignToString(std::vector &vec, socklen_t len, std::string &res) { + if (vec.size() <= len) return -1; - } - if (!pkg) { - LogError("PkgId could not be NULL"); - return -1; + vec[len] = 0; // old implementation getsockopt returns cstring without 0 + if (vec[len-1] == 0) { + --len; // new implementation of getsockopt returns cstring size+1 } - pkgId = pkg; - free(pkg); - LogDebug("Smack: " << smack << " Was translated to owner id: " << pkgId); + res.assign(vec.data(), len); return 0; } } // namespace anonymous +int Socket2Id::getCredentialsFromSocket(int sock, std::string &res) { + std::vector result(SMACK_LABEL_LEN+1); + socklen_t length = SMACK_LABEL_LEN; -int Socket2Id::translate(int sock, std::string &result) { - std::string smack; + if (0 == getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length)) { + return assignToString(result, length, res); + } - if (0 > getCredentialsFromSocket(sock, smack)) { + if (errno != ERANGE) { + LogError("getsockopt failed"); return -1; } - StringMap::iterator it = m_stringMap.find(smack); + result.resize(length+1); - if (it != m_stringMap.end()) { - result = it->second; - return 0; - } - - std::string pkgId; - if (0 > getPkgIdFromSmack(smack, pkgId)) { + if (0 > getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length)) { + LogError("getsockopt failed with errno: " << errno); return -1; } - result = pkgId; - m_stringMap.emplace(std::move(smack), std::move(pkgId)); - return 0; + return assignToString(result, length, res); } void Socket2Id::resetCache() { diff --git a/src/manager/main/socket-2-id.h b/src/manager/main/socket-2-id.h index 1e83662..046f998 100644 --- a/src/manager/main/socket-2-id.h +++ b/src/manager/main/socket-2-id.h @@ -34,6 +34,9 @@ public: virtual ~Socket2Id() {} private: + int getCredentialsFromSocket(int sock, std::string &res); + int getPkgIdFromSmack(const std::string &smack, std::string &pkgId); + typedef std::map StringMap; StringMap m_stringMap; };