Implemet data control solution for OSP apps.

Function security_server_app_give_access may be called only by
priviledge process (process must have "rw" access to
"security-server::api-data-share"). In current implemnetation security
check is made in user space. It should be moved to kernel space by
creating separate socket with "security-server::api-data-share" label.

[Issue#]   SSDWSSP-177
[Bug]      N/A
[Cause]    OPS application need to share memory.
[Solution] Add cross rules between OSP application.

[Verification] Build.

Change-Id: Ie6bad6e924bbcd1b37af58cb7650f65bebd5d57c

diff --git a/src/server/security-server-main.c b/src/server/security-server-main.c
index 8c72744..f15c11d 100644 (file)
--- a/src/server/security-server-main.c
+++ b/src/server/security-server-main.c
@@ -38,7 +38,6 @@
 #include <poll.h>
 
 #include <privilege-control.h>
-
 #include <security-server-system-observer.h>
 #include <security-server-rules-revoker.h>
 
@@ -50,6 +49,8 @@
 
 const char * const LABEL_SECURITY_SERVER_API_DATA_SHARE = "security-server::api-data-share";
 
+const char * const LABEL_SECURITY_SERVER_API_DATA_SHARE = "security-server::api-data-share";
+
 /* Set cookie as a global variable */
 cookie_list *c_list;
 pthread_mutex_t cookie_mutex;
@@ -1111,15 +1112,12 @@ int client_has_access(int sockfd, const char *object) {
     char *label = NULL;
     int ret = 0;
 
-    if (smack_check())
-    {
+    if(smack_new_label_from_socket(sockfd, &label))
+        return 0;
 
-        if(smack_new_label_from_socket(sockfd, &label))
-            return 0;
+    if (0 >= (ret = smack_have_access(label, object, "rw")))
+        ret = 0;
 
-        if (0 >= (ret = smack_have_access(label, object, "rw")))
-            ret = 0;
-    }
     free(label);
     return ret;
 }