From: Jan Cybulski Date: Sat, 31 Jan 2015 14:29:34 +0000 (+0100) Subject: Obtain smack label from socket during getting peer id by service X-Git-Tag: accepted/tizen/tv/20150217.004257~1 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git;a=commitdiff_plain;h=057d49ed3dc3f54d1d72229ba2eebd8a8a5dd3e1 Obtain smack label from socket during getting peer id by service This will be needed to validate peer application's privileges in cynara Change-Id: Id5c2dab311d3707a9c4cccf38623496bb5111826 Signed-off-by: Jan Cybulski --- diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index ca0bf52..8a20ca4 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -27,6 +27,7 @@ #include #include +#include #include "protocols.h" #include "service.h" @@ -51,13 +52,20 @@ GenericSocketService::ServiceDescriptionVector Service::GetServiceDescription() }; } -static bool getPeerID(int sock, uid_t &uid, pid_t &pid) { +static bool getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel) +{ struct ucred cr; socklen_t len = sizeof(cr); if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) { + char *smk; + ssize_t ret = smack_new_label_from_socket(sock, &smk); + if (ret < 0) + return false; + smackLabel = smk; uid = cr.uid; pid = cr.pid; + free(smk); return true; } @@ -79,9 +87,10 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, uid_t uid; pid_t pid; + std::string smackLabel; - if (!getPeerID(conn.sock, uid, pid)) { - LogError("Closing socket because of error: unable to get peer's uid and pid"); + if (!getPeerID(conn.sock, uid, pid, smackLabel)) { + LogError("Closing socket because of error: unable to get peer's uid, pid or smack label"); m_serviceManager->Close(conn); return false; }