From: Rafal Krypa <r.krypa@samsung.com>
Date: Tue, 27 Jan 2015 10:58:01 +0000 (+0100)
Subject: Require socket to be passed by systemd, don't create it on our own
X-Git-Tag: accepted/tizen/tv/20150217.004257~16
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git;a=commitdiff_plain;h=35702040818594d6cb14b09d6f8a05a1b6e316b2

Require socket to be passed by systemd, don't create it on our own

Socket configuration, including path, ownership, DAC and Smack configuration
is handled by systemd socket file. There is no point in duplicating that
in the code as the service will always be run by systemd anyway.
Existing socket configuration was also wrong and different from what systemd
had.

Change-Id: I4131ecf4cd0d886aec57a932c6540f10da9785a3
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
---

diff --git a/src/server/main/include/generic-socket-manager.h b/src/server/main/include/generic-socket-manager.h
index 5234871..ef7c0c6 100644
--- a/src/server/main/include/generic-socket-manager.h
+++ b/src/server/main/include/generic-socket-manager.h
@@ -59,17 +59,20 @@ struct GenericSocketService {
         ServiceDescription(const char *path,
             const char *smackLabel,
             InterfaceID interfaceID = 0,
-            bool useSendMsg = false)
+            bool useSendMsg = false,
+            bool systemdOnly = false)
           : smackLabel(smackLabel)
           , interfaceID(interfaceID)
           , serviceHandlerPath(path)
           , useSendMsg(useSendMsg)
+          , systemdOnly(systemdOnly)
         {}
 
         SmackLabel smackLabel;                 // Smack label for socket
         InterfaceID interfaceID;               // All data from serviceHandlerPath will be marked with this interfaceHandler
         ServiceHandlerPath serviceHandlerPath; // Path to file
         bool useSendMsg;
+        bool systemdOnly;
     };
 
     typedef std::vector<ServiceDescription> ServiceDescriptionVector;
diff --git a/src/server/main/socket-manager.cpp b/src/server/main/socket-manager.cpp
index 7341c7f..d917a68 100644
--- a/src/server/main/socket-manager.cpp
+++ b/src/server/main/socket-manager.cpp
@@ -545,8 +545,14 @@ void SocketManager::CreateDomainSocket(
     const GenericSocketService::ServiceDescription &desc)
 {
     int sockfd = GetSocketFromSystemD(desc);
-    if (-1 == sockfd)
+    if (-1 == sockfd) {
+        if (desc.systemdOnly) {
+            LogError("Socket " << desc.serviceHandlerPath << " not provided by systemd.");
+            ThrowMsg(Exception::InitFailed, "Socket " << desc.serviceHandlerPath <<
+                " must be provided by systemd, but it was not.");
+        }
         sockfd = CreateDomainSocketHelp(desc);
+    }
 
     auto &description = CreateDefaultReadSocketDescription(sockfd, false);
 
diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp
index faa337c..7f75bed 100644
--- a/src/server/service/service.cpp
+++ b/src/server/service/service.cpp
@@ -43,7 +43,11 @@ Service::Service()
 GenericSocketService::ServiceDescriptionVector Service::GetServiceDescription()
 {
     return ServiceDescriptionVector {
-        {SERVICE_SOCKET, "security-manager", IFACE},
+        {SERVICE_SOCKET,  /* path */
+         "*",   /* smackLabel label (not used, we rely on systemd) */
+         IFACE, /* InterfaceID */
+         false, /* useSendMsg */
+         true}, /* systemdOnly */
     };
 }