if(memcmp(current->cookie, cookie, SECURITY_SERVER_COOKIE_LEN) == 0)
{
SEC_SVR_DBG("%s", "cookie has been found");
- if (smack_runtime_check())
+ if (smack_check())
{
ret = smack_have_access(current->smack_label, object, access_rights);
SEC_SVR_DBG("SMACK have access returned %d", ret);
if(added == NULL)
goto error;
- ret = generate_random_cookie(added->cookie, SECURITY_SERVER_COOKIE_LEN);
- if(ret != SECURITY_SERVER_SUCCESS)
+ /* Check SMACK label */
+ if (smack_check())
{
- SEC_SVR_DBG("Error on making random cookie: %d", ret);
- free(added);
- added = NULL;
- goto error;
+ ret = smack_new_label_from_socket(sockfd, &smack_label);
+ if (ret != 0)
+ {
+ SEC_SVR_DBG("Error checking peer label: %d", ret);
+ free(added);
+ added = NULL;
+ goto error;
+ }
}
/* Check SMACK label */
char *label = NULL;
int ret = 0;
- if(smack_new_label_from_socket(sockfd, &label))
- return 0;
+ if (smack_check())
+ {
- if (0 >= (ret = smack_have_access(label, object, "rw")))
- ret = 0;
+ if(smack_new_label_from_socket(sockfd, &label))
+ return 0;
+ if (0 >= (ret = smack_have_access(label, object, "rw")))
+ ret = 0;
+ }
free(label);
return ret;
}
memcpy(&client_pid, message_buffer, sizeof(int));
client_label = message_buffer + sizeof(int);
- if (0 != smack_new_label_from_socket(sockfd, &provider_label)) {
- SEC_SVR_DBG("%s", "Error in smack_new_label_from_socket");
- goto error;
- }
+ if (smack_check()) {
+ if (0 != smack_new_label_from_socket(sockfd, &provider_label)) {
+ SEC_SVR_DBG("%s", "Error in smack_new_label_from_socket");
+ goto error;
+ }
- if (PC_OPERATION_SUCCESS != app_give_access(client_label, provider_label, "rwxat")) {
- SEC_SVR_DBG("%s", "Error in app_give_access");
- goto error;
+ if (PC_OPERATION_SUCCESS != app_give_access(client_label, provider_label, "rwxat")) {
+ SEC_SVR_DBG("%s", "Error in app_give_access");
+ goto error;
+ }
}
ret = SECURITY_SERVER_SUCCESS;
goto error;
}
- if (0 != rules_revoker_add(client_pid, client_label, provider_label))
- SEC_SVR_DBG("%s", "Error in rules_revoker_add.");
+ if (smack_check()) {
+ if (0 != rules_revoker_add(client_pid, client_label, provider_label))
+ SEC_SVR_DBG("%s", "Error in rules_revoker_add.");
+ }
error:
retval = send_generic_response(sockfd, send_message_id, send_error_id);
{
int res;
pthread_t main_thread;
- pthread_t system_observer;
(void)argc;
(void)argv;
- system_observer_config so_config;
- so_config.event_callback = rules_revoker_callback;
+ // create observer thread only if smack is enabled
+ if (smack_check()) {
+ pthread_t system_observer;
+ system_observer_config so_config;
+ so_config.event_callback = rules_revoker_callback;
- res = pthread_create(&system_observer, NULL, system_observer_main_thread, (void*)&so_config);
+ res = pthread_create(&system_observer, NULL, system_observer_main_thread, (void*)&so_config);
- if (res != 0)
- return -1;
+ if (res != 0)
+ return -1;
+ }
+ else {
+ SEC_SVR_DBG("SMACK is not available. Observer thread disabled.");
+ }
res = pthread_create(&main_thread, NULL, security_server_main_thread, NULL);
if (res == 0)