ln -s ../security-server-get-gid.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-get-gid.socket
ln -s ../security-server-privilege-by-pid.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-privilege-by-pid.socket
ln -s ../security-server-exec-path.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-exec-path.socket
-ln -s ../security-server-get-object-name.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-get-object-name.socket
ln -s ../security-server-app-permissions.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-app-permissions.socket
ln -s ../security-server-cookie-get.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-cookie-get.socket
ln -s ../security-server-cookie-check.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-cookie-check.socket
%attr(-,root,root) /usr/lib/systemd/system/security-server-privilege-by-pid.socket
%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server-exec-path.socket
%attr(-,root,root) /usr/lib/systemd/system/security-server-exec-path.socket
-%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server-get-object-name.socket
-%attr(-,root,root) /usr/lib/systemd/system/security-server-get-object-name.socket
%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server-app-permissions.socket
%attr(-,root,root) /usr/lib/systemd/system/security-server-app-permissions.socket
%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server-cookie-get.socket
${SERVER2_PATH}/service/cookie.cpp
${SERVER2_PATH}/service/cookie-jar.cpp
${SERVER2_PATH}/service/privilege-by-pid.cpp
- ${SERVER2_PATH}/service/get-object-name.cpp
${SERVER2_PATH}/service/open-for.cpp
${SERVER2_PATH}/service/open-for-manager.cpp
${SERVER2_PATH}/service/password.cpp
${SERVER2_PATH}/client/client-cookie.cpp
${SERVER2_PATH}/client/client-privilege-by-pid.cpp
${SERVER2_PATH}/client/client-socket-privilege.cpp
- ${SERVER2_PATH}/client/client-get-object-name.cpp
${SERVER2_PATH}/client/client-open-for.cpp
${SERVER2_PATH}/client/client-password.cpp
)
*/
int security_server_get_gid(const char *object);
-
-
-/**
- * \par Description:
- * Retreives object name as mull terminated string from Linux group ID which is passed by parameter
- *
- * \par Purpose:
- * This API may be used to get object name if the caller process only knows GID of the object.
- *
- * \par Typical use case:
- * In middleware daemon, by some reason, need to know object name from the Linux group ID, then call this API to retrieve object name as string
- *
- * \par Method of function operation:
- * Opens /etc/group file and searches matching gid. If there is matching result, returns name of the group as null terminated string
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * - This API is only allowed to be called by pre-defined middleware daemon
- *
- * \param[in] gid Linux group ID which needed to be retrieved as object name.
- * \param[out] object Place holder for matching object name for gid.
- * \param[in] max_object_size Allocated byte size of parameter "object".
- *
- * \return 0 on success, or negative error code on error.
- *
- * \par Prospective clients:
- * Inhouse middleware.
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre output parameter object must be malloced before calling this API not to make memory curruption
- *
- * \post None
- *
- * \see /etc/group,
- * security_server_get_gid()
- *
- * \remarks None
- *
- * \par Sample code:
- * \code
- * #include <security-server.h>
- * ...
- * int retval;
- * char objectname[20];
- *
- * // Call the API
- * retval = security_server_get_object_name(6005, objectname, sizeof(objectname));
- * if(retval < 0)
- * {
- * printf("%s", "Error has occurred\n");
- * exit(0);
- * }
- * ...
- * \endcode
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-get-object-name w"
-*/
-int security_server_get_object_name(gid_t gid, char *object, size_t max_object_size);
-
-
-
/**
* \par Description:
* Request cookie to the Security Server. Cookie is a random bit stream which is used as ticket for user space object.
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file client-get-object-name.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @version 1.0
- * @brief This file constains implementation of get NAME function.
- */
-
-#include <stdio.h>
-
-#include <dpl/log/log.h>
-#include <dpl/exception.h>
-
-#include <message-buffer.h>
-#include <client-common.h>
-#include <protocols.h>
-
-#include <security-server.h>
-
-SECURITY_SERVER_API
-int security_server_get_object_name(gid_t gid, char *pObjectName, size_t maxObjectSize)
- {
- using namespace SecurityServer;
- return try_catch([&] {
- if (pObjectName == NULL){
- LogDebug("Objects name is NULL or empty");
- return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
- }
-
- MessageBuffer send, recv;
- Serialization::Serialize(send, gid);
-
- int result = sendToServer(
- SERVICE_SOCKET_GET_OBJECT_NAME,
- send.Pop(),
- recv);
-
-
- if (result != SECURITY_SERVER_API_SUCCESS)
- return result;
-
- Deserialization::Deserialize(recv, result);
-
- std::string retObjectName;
- Deserialization::Deserialize(recv, retObjectName);
-
- if(retObjectName.size() > maxObjectSize){
- LogError("Objects name is too big. Need more space in pObjectName buffer.");
- return SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL;
- }
-
- strcpy(pObjectName,retObjectName.c_str());
-
- return result;
-
- });
-}
-
"/tmp/.security-server-api-get-gid.sock";
char const * const SERVICE_SOCKET_PRIVILEGE_BY_PID =
"/tmp/.security-server-api-privilege-by-pid.sock";
-char const * const SERVICE_SOCKET_GET_OBJECT_NAME =
- "/tmp/.security-server-api-get-object-name.sock";
char const * const SERVICE_SOCKET_APP_PERMISSIONS =
"/tmp/.security-server-api-app-permissions.sock";
char const * const SERVICE_SOCKET_APP_PRIVILEGE_BY_NAME =
extern char const * const SERVICE_SOCKET_ECHO;
extern char const * const SERVICE_SOCKET_GET_GID;
extern char const * const SERVICE_SOCKET_PRIVILEGE_BY_PID;
-extern char const * const SERVICE_SOCKET_GET_OBJECT_NAME;
extern char const * const SERVICE_SOCKET_APP_PERMISSIONS;
extern char const * const SERVICE_SOCKET_APP_PRIVILEGE_BY_NAME;
extern char const * const SERVICE_SOCKET_COOKIE_GET;
#include <data-share.h>
#include <get-gid.h>
#include <privilege-by-pid.h>
-#include <get-object-name.h>
#include <app-permissions.h>
#include <cookie.h>
#include <open-for.h>
privByPidService->Create();
manager.RegisterSocketService(privByPidService);
- SecurityServer::GetObjectNameService *getObjectNameService = new SecurityServer::GetObjectNameService;
- getObjectNameService->Create();
- manager.RegisterSocketService(getObjectNameService);
-
SecurityServer::AppPermissionsService *appEnablePermissionsService = new SecurityServer::AppPermissionsService;
appEnablePermissionsService->Create();
manager.RegisterSocketService(appEnablePermissionsService);
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file get-object-name.cpp
- * @author Jan Olszak (j.olszak@samsung.com)
- * @version 1.0
- * @brief Implementation of api-get-object-name service.
- */
-
-#include <sys/smack.h>
-#include <grp.h>
-#include <unistd.h>
-
-#include <dpl/log/log.h>
-#include <dpl/serialization.h>
-
-#include <protocols.h>
-#include <get-object-name.h>
-#include <security-server.h>
-
-#include <vector>
-
-namespace SecurityServer {
-
-GetObjectNameService::ServiceDescriptionVector GetObjectNameService::GetServiceDescription() {
- return ServiceDescriptionVector
- {{SERVICE_SOCKET_GET_OBJECT_NAME, "*"}};
-}
-
-void GetObjectNameService::accept(const AcceptEvent &event) {
- LogDebug("Accept event. ConnectionID.sock: " << event.connectionID.sock
- << " ConnectionID.counter: " << event.connectionID.counter
- << " ServiceID: " << event.interfaceID);
-}
-
-void GetObjectNameService::write(const WriteEvent &event) {
- LogDebug("WriteEvent. ConnectionID: " << event.connectionID.sock <<
- " Size: " << event.size << " Left: " << event.left);
- if (event.left == 0)
- m_serviceManager->Close(event.connectionID);
-}
-
-
-
-/*
- * Searches for group NAME by given group id
- */
-int GetObjectNameService::setName(const gid_t gid)
-{
- int ret = 0;
- struct group *grpbuf = NULL;
- struct group grp;
- std::vector<char> buf;
-
- /*
- * The maximum needed size for buf can be found using sysconf(3)
- * with the argument _SC_GETGR_R_SIZE_MAX. If _SC_GETGR_R_SIZE_MAX is not
- * returned we set max_buf_size to 1024 bytes. Enough to store few groups.
- */
- long int maxBufSize = sysconf(_SC_GETGR_R_SIZE_MAX);
- if (maxBufSize == -1)
- maxBufSize = 1024;
-
-
- /*
- * There can be some corner cases when for example user is assigned to a
- * lot of groups. In that case if buffer is to small getgrnam_r will
- * return ERANGE error. Solution could be calling getgrnam_r with bigger
- * buffer until it's big enough.
- */
- do {
- try{
- buf.resize(maxBufSize);
- }catch(std::bad_alloc&) {
- ret = SECURITY_SERVER_API_ERROR_OUT_OF_MEMORY;
- LogError("Out Of Memory");
- return ret;
- }
- maxBufSize *= 2;
-
- } while ((ret = getgrgid_r(gid, &grp, &(buf[0]), buf.size(), &grpbuf)) == ERANGE);
-
- // Check for errors:
- if (ret != 0){
- ret = SECURITY_SERVER_API_ERROR_SERVER_ERROR;
- LogError("getgrgid_r failed with error: " << strerror(errno));
- return ret;
-
- } else if (grpbuf == NULL) {
- ret = SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT;
- LogError("Cannot find name for group: " << gid);
- return ret;
- }
-
- m_name = grpbuf->gr_name;
-
- return ret;
-}
-
-
-bool GetObjectNameService::processOne(const ConnectionID &conn, MessageBuffer &buffer) {
- LogDebug("Iteration begin");
- gid_t gid;
- int retCode = SECURITY_SERVER_API_ERROR_SERVER_ERROR;
-
- if (!buffer.Ready()) {
- return false;
- }
-
- // Get objects GID:
- Try {
- Deserialization::Deserialize(buffer, gid);
- } Catch (MessageBuffer::Exception::Base) {
- LogDebug("Broken protocol. Closing socket.");
- m_serviceManager->Close(conn);
- return false;
- }
-
- // Get name
- retCode = setName(gid);
-
- // Send the result
- MessageBuffer sendBuffer;
- Serialization::Serialize(sendBuffer, retCode);
- Serialization::Serialize(sendBuffer, m_name);
- m_serviceManager->Write(conn, sendBuffer.Pop());
- return true;
-}
-
-void GetObjectNameService::process(const ReadEvent &event) {
- LogDebug("Read event for counter: " << event.connectionID.counter);
- auto &buffer = m_messageBufferMap[event.connectionID.counter];
- buffer.Push(event.rawBuffer);
-
- // We can get several requests in one package.
- // Extract and process them all
- while(processOne(event.connectionID, buffer));
-}
-
-void GetObjectNameService::close(const CloseEvent &event) {
- LogDebug("CloseEvent. ConnectionID: " << event.connectionID.sock);
- m_messageBufferMap.erase(event.connectionID.counter);
-}
-
-} // namespace SecurityServer
-
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file get-object-name.h
- * @author Jan Olszak (j.olszak@samsung.com)
- * @version 1.0
- * @brief Implementation of api-get-object-name service.
- */
-
-#ifndef _SECURITY_SERVER_SERV_GET_OBJECT_NAME_
-#define _SECURITY_SERVER_SERV_GET_OBJECT_NAME_
-
-#include <service-thread.h>
-#include <generic-socket-manager.h>
-
-#include <dpl/serialization.h>
-#include <message-buffer.h>
-
-namespace SecurityServer {
-
-class GetObjectNameService :
- public SecurityServer::GenericSocketService
- , public SecurityServer::ServiceThread<GetObjectNameService>
-{
-public:
- typedef std::map<int, MessageBuffer> MessageBufferMap;
-
- ServiceDescriptionVector GetServiceDescription();
-
- DECLARE_THREAD_EVENT(AcceptEvent, accept)
- DECLARE_THREAD_EVENT(WriteEvent, write)
- DECLARE_THREAD_EVENT(ReadEvent, process)
- DECLARE_THREAD_EVENT(CloseEvent, close)
-
- void accept(const AcceptEvent &event);
- void write(const WriteEvent &event);
- void process(const ReadEvent &event);
- void close(const CloseEvent &event);
-
-private:
- std::string m_name;
- bool processOne(const ConnectionID &conn, MessageBuffer &buffer);
- int setName(gid_t gid);
- MessageBufferMap m_messageBufferMap;
-};
-
-} // namespace SecurityServer
-
-#endif // _SECURITY_SERVER_SERV_GET_OBJECT_NAME_
${CMAKE_SOURCE_DIR}/systemd/security-server-get-gid.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-privilege-by-pid.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-exec-path.socket
- ${CMAKE_SOURCE_DIR}/systemd/security-server-get-object-name.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-app-permissions.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-cookie-get.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-cookie-check.socket
+++ /dev/null
-[Socket]
-ListenStream=/tmp/.security-server-api-get-object-name.sock
-SocketMode=0777
-#SmackLabelIPIn=security-server::api-get-object-name
-SmackLabelIPIn=*
-SmackLabelIPOut=@
-
-Service=security-server.service
-
-[Install]
-WantedBy=sockets.target
Sockets=security-server-get-gid.socket
Sockets=security-server-privilege-by-pid.socket
Sockets=security-server-exec-path.socket
-Sockets=security-server-get-object-name.socket
Sockets=security-server-app-permissions.socket
Sockets=security-server-app-privilege-by-name.socket
Sockets=security-server-cookie-get.socket