namespace SecurityManager {
-int getSmackLabelFromBinary(char **smackLabel, const char *path)
-{
- int ret;
- struct LabelInfo {
- const char *xattr;
- int followSymlinks;
- };
- const LabelInfo labels[] = {
- { XATTR_NAME_SMACKEXEC, 1 },
- { XATTR_NAME_TIZENEXEC, 1 },
- { XATTR_NAME_TIZENEXEC, 0 }
- };
-
- LogDebug("Entering function: " << __func__ << ". Params: smackLabel=" << smackLabel <<
- " path=" << path);
-
- if (smackLabel == NULL) {
- LogError("getSmackLabelFromBinary: smackLabel is NULL");
- return SECURITY_MANAGER_API_ERROR_INPUT_PARAM;
- }
-
- if (path == NULL) {
- LogError("getSmackLabelFromBinary: path is NULL");
- return SECURITY_MANAGER_API_ERROR_INPUT_PARAM;
- }
-
- for (const auto &l : labels) {
- ret = smack_new_label_from_path(path, l.xattr, l.followSymlinks, smackLabel);
- if (ret > 0) {
- return SECURITY_MANAGER_API_SUCCESS;
- }
- }
-
- LogError("Getting exec label from " << path << " failed");
- return SECURITY_MANAGER_API_ERROR_GETTING_FILE_LABEL_FAILED;
-}
-
-
int sendToServer(char const * const interface, const RawBuffer &send, MessageBuffer &recv) {
int ret;
SockRAII sock;
}
SECURITY_MANAGER_API
-int security_manager_set_process_label_from_binary(const char *path)
-{
- char *smack_label;
- int ret;
-
- LogDebug("security_manager_set_process_label_from_binary() called");
-
- if (smack_smackfs_path() == NULL)
- return SECURITY_MANAGER_SUCCESS;
-
- if (path == NULL) {
- LogError("security_manager_set_process_label_from_binary: path is NULL");
- return SECURITY_MANAGER_ERROR_INPUT_PARAM;
- }
-
- ret = SecurityManager::getSmackLabelFromBinary(&smack_label, path);
- if (ret == SECURITY_MANAGER_SUCCESS && smack_label != NULL) {
- ret = setup_smack(smack_label);
- if (ret != SECURITY_MANAGER_SUCCESS) {
- LogError("Failed to set smack label " << smack_label << " for current process");
- }
- free(smack_label);
- }
-
- return ret;
-}
-
-SECURITY_MANAGER_API
int security_manager_set_process_label_from_appid(const char *app_id)
{
char *pkg_id;
*/
int try_catch(const std::function<int()>& func);
-/**
- * Get SMACK label from EXEC labels of a file.
- *
- * Function attempts to get xattrs from given file in following order
- * 1) XATTR_NAME_SMACKEXEC
- * 2) XATTR_NAME_TIZENEXEC
- * 3) XATTR_NAME_TIZENEXEC (read from symlink, not the file it points to)
- *
- * If neither of above exists, error is returned.
- *
- * SMACK label should be freed by caller using free() function.
- *
- * @param[out] smackLabel pointer that will hold label read from given file
- * @param[in] path file path to take label from
- * @return SECURITY_MANAGER_API_SUCCESS on success, error code otherwise
- */
-int getSmackLabelFromBinary(char **smackLabel, const char *path);
-
} // namespace SecurityManager
#endif // _SECURITY_MANAGER_CLIENT_
#include <linux/xattr.h>
namespace SecurityManager {
- /* Const defined below is used to label links to executables */
- const char *const XATTR_NAME_TIZENEXEC = XATTR_SECURITY_PREFIX "TIZEN_EXEC_LABEL";
-
/**
* Generates label for application with package identifier
* read from @ref pkgId and assigns it to @ref label.
int security_manager_get_app_pkgid(char **pkg_id, const char *app_id);
/**
- * Extract smack label from a given binary and set it for
- * currently running process
- *
- * \param[in] Path to binary
- * \return API return code or error code
- */
-int security_manager_set_process_label_from_binary(const char *path);
-
-/**
* Compute smack label for given application id and set it for
* currently running process
*
return FileDecision::SKIP;
}
-static FileDecision labelLinksToExecs(const FTSENT *ftsent)
-{
- struct stat buf;
-
- // check if it's a link
- if ( !S_ISLNK(ftsent->fts_statp->st_mode))
- return FileDecision::SKIP;
-
- std::unique_ptr<char, std::function<void(void*)>> target(realpath(ftsent->fts_path, NULL), free);
-
- if (!target.get()) {
- LogError("Getting link target for " << ftsent->fts_path << " failed (Error = " << strerror(errno) << ")");
- return FileDecision::ERROR;
- }
-
- if (-1 == stat(target.get(), &buf)) {
- LogError("stat failed for " << target.get() << " (Error = " << strerror(errno) << ")");
- return FileDecision::ERROR;
- }
- // skip if link target is not a regular executable file
- if (buf.st_mode != (buf.st_mode | S_IXUSR | S_IFREG)) {
- // LogDebug(target.get() << "is not a regular executable file. Skipping.");
- return FileDecision::SKIP;
- }
-
- return FileDecision::LABEL;
-}
-
static bool dirSetSmack(const std::string &path, const std::string &label,
const char *xattr_name, LabelDecisionFn fn)
{
LogError("dirSetSmack failed (execs).");
return ret;
}
-
- //setting execute label for everything with permission to execute
- ret = dirSetSmack(path, label, XATTR_NAME_TIZENEXEC, &labelLinksToExecs);
- if (!ret)
- {
- LogError("dirSetSmack failed (link to execs).");
- return ret;
- }
}
return ret;
projects / platform / core / security / security-manager.git / commitdiff