2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
20 * @author Michal Witanowski <m.witanowski@samsung.com>
21 * @author Jacek Bukarewicz <j.bukarewicz@samsung.com>
22 * @author Rafal Krypa <r.krypa@samsung.com>
23 * @brief Implementation of security-manager service.
26 #include <sys/socket.h>
28 #include <dpl/log/log.h>
29 #include <dpl/serialization.h>
30 #include <sys/smack.h>
32 #include "protocols.h"
34 #include "service_impl.h"
36 namespace SecurityManager {
38 const InterfaceID IFACE = 1;
44 GenericSocketService::ServiceDescriptionVector Service::GetServiceDescription()
46 return ServiceDescriptionVector {
47 {SERVICE_SOCKET, /* path */
48 "*", /* smackLabel label (not used, we rely on systemd) */
49 IFACE, /* InterfaceID */
50 false, /* useSendMsg */
51 true}, /* systemdOnly */
55 static bool getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel)
58 socklen_t len = sizeof(cr);
60 if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) {
62 ssize_t ret = smack_new_label_from_socket(sock, &smk);
75 bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer,
76 InterfaceID interfaceID)
78 LogDebug("Iteration begin. Interface = " << interfaceID);
80 //waiting for all data
81 if (!buffer.Ready()) {
90 std::string smackLabel;
92 if (!getPeerID(conn.sock, uid, pid, smackLabel)) {
93 LogError("Closing socket because of error: unable to get peer's uid, pid or smack label");
94 m_serviceManager->Close(conn);
98 if (IFACE == interfaceID) {
100 // deserialize API call type
102 Deserialization::Deserialize(buffer, call_type_int);
103 SecurityModuleCall call_type = static_cast<SecurityModuleCall>(call_type_int);
106 case SecurityModuleCall::NOOP:
107 LogDebug("call_type: SecurityModuleCall::NOOP");
108 Serialization::Serialize(send, SECURITY_MANAGER_API_SUCCESS);
110 case SecurityModuleCall::APP_INSTALL:
111 LogDebug("call_type: SecurityModuleCall::APP_INSTALL");
112 processAppInstall(buffer, send, uid);
114 case SecurityModuleCall::APP_UNINSTALL:
115 LogDebug("call_type: SecurityModuleCall::APP_UNINSTALL");
116 processAppUninstall(buffer, send, uid);
118 case SecurityModuleCall::APP_GET_PKGID:
119 processGetPkgId(buffer, send);
121 case SecurityModuleCall::APP_GET_GROUPS:
122 processGetAppGroups(buffer, send, uid, pid);
124 case SecurityModuleCall::USER_ADD:
125 processUserAdd(buffer, send, uid);
127 case SecurityModuleCall::USER_DELETE:
128 processUserDelete(buffer, send, uid);
130 case SecurityModuleCall::POLICY_UPDATE:
131 processPolicyUpdate(buffer, send, uid, pid, smackLabel);
133 case SecurityModuleCall::GET_CONF_POLICY_ADMIN:
134 processGetConfiguredPolicy(buffer, send, uid, pid, smackLabel, true);
136 case SecurityModuleCall::GET_CONF_POLICY_SELF:
137 processGetConfiguredPolicy(buffer, send, uid, pid, smackLabel, false);
139 case SecurityModuleCall::GET_POLICY:
140 processGetPolicy(buffer, send, uid, pid, smackLabel);
142 case SecurityModuleCall::POLICY_GET_DESCRIPTIONS:
143 processPolicyGetDesc(send);
146 LogError("Invalid call: " << call_type_int);
147 Throw(ServiceException::InvalidAction);
149 // if we reach this point, the protocol is OK
151 } Catch (MessageBuffer::Exception::Base) {
152 LogError("Broken protocol.");
153 } Catch (ServiceException::Base) {
154 LogError("Broken protocol.");
155 } catch (const std::exception &e) {
156 LogError("STD exception " << e.what());
158 LogError("Unknown exception");
162 LogError("Wrong interface");
167 m_serviceManager->Write(conn, send.Pop());
169 LogError("Closing socket because of error");
170 m_serviceManager->Close(conn);
176 void Service::processAppInstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
180 Deserialization::Deserialize(buffer, req.appId);
181 Deserialization::Deserialize(buffer, req.pkgId);
182 Deserialization::Deserialize(buffer, req.privileges);
183 Deserialization::Deserialize(buffer, req.appPaths);
184 Deserialization::Deserialize(buffer, req.uid);
185 Serialization::Serialize(send, ServiceImpl::appInstall(req, uid));
188 void Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
192 Deserialization::Deserialize(buffer, appId);
193 Serialization::Serialize(send, ServiceImpl::appUninstall(appId, uid));
196 void Service::processGetPkgId(MessageBuffer &buffer, MessageBuffer &send)
202 Deserialization::Deserialize(buffer, appId);
203 ret = ServiceImpl::getPkgId(appId, pkgId);
204 Serialization::Serialize(send, ret);
205 if (ret == SECURITY_MANAGER_API_SUCCESS)
206 Serialization::Serialize(send, pkgId);
209 void Service::processGetAppGroups(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid)
212 std::unordered_set<gid_t> gids;
215 Deserialization::Deserialize(buffer, appId);
216 ret = ServiceImpl::getAppGroups(appId, uid, pid, gids);
217 Serialization::Serialize(send, ret);
218 if (ret == SECURITY_MANAGER_API_SUCCESS) {
219 Serialization::Serialize(send, static_cast<int>(gids.size()));
220 for (const auto &gid : gids) {
221 Serialization::Serialize(send, gid);
226 void Service::processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
232 Deserialization::Deserialize(buffer, uidAdded);
233 Deserialization::Deserialize(buffer, userType);
235 ret = ServiceImpl::userAdd(uidAdded, userType, uid);
236 Serialization::Serialize(send, ret);
239 void Service::processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
244 Deserialization::Deserialize(buffer, uidRemoved);
246 ret = ServiceImpl::userDelete(uidRemoved, uid);
247 Serialization::Serialize(send, ret);
250 void Service::processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid, const std::string &smackLabel)
253 std::vector<policy_entry> policyEntries;
255 Deserialization::Deserialize(buffer, policyEntries);
257 ret = ServiceImpl::policyUpdate(policyEntries, uid, pid, smackLabel);
258 Serialization::Serialize(send, ret);
261 void Service::processGetConfiguredPolicy(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid, const std::string &smackLabel, bool forAdmin)
265 Deserialization::Deserialize(buffer, filter);
266 std::vector<policy_entry> policyEntries;
267 ret = ServiceImpl::getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries);
268 Serialization::Serialize(send, ret);
269 Serialization::Serialize(send, static_cast<int>(policyEntries.size()));
270 for (const auto &policyEntry : policyEntries) {
271 Serialization::Serialize(send, policyEntry);
275 void Service::processGetPolicy(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid, const std::string &smackLabel)
279 Deserialization::Deserialize(buffer, filter);
280 std::vector<policy_entry> policyEntries;
281 ret = ServiceImpl::getPolicy(filter, uid, pid, smackLabel, policyEntries);
282 Serialization::Serialize(send, ret);
283 Serialization::Serialize(send, static_cast<int>(policyEntries.size()));
284 for (const auto &policyEntry : policyEntries) {
285 Serialization::Serialize(send, policyEntry);
289 void Service::processPolicyGetDesc(MessageBuffer &send)
292 std::vector<std::string> descriptions;
294 ret = ServiceImpl::policyGetDesc(descriptions);
295 Serialization::Serialize(send, ret);
296 if (ret == SECURITY_MANAGER_API_SUCCESS) {
297 Serialization::Serialize(send, static_cast<int>(descriptions.size()));
299 for(std::vector<std::string>::size_type i = 0; i != descriptions.size(); i++) {
300 Serialization::Serialize(send, descriptions[i]);
305 } // namespace SecurityManager