From: Rafal Krypa Date: Tue, 23 Sep 2014 18:08:16 +0000 (+0200) Subject: Provide a function for launchers for dropping process capabilities X-Git-Tag: accepted/tizen/common/20141121.095621~9 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git;a=commitdiff_plain;h=67770e78a4668d6f5868be697462ab2a63ae21d5 Provide a function for launchers for dropping process capabilities The functions for launchers, manipulating process Smack label and groups, require elevated privileges. Since they will be called by launcher after fork, in the process for the application, privileges should be dropped before running an actual application. This patch introduces a convenience function for launchers for dropping capabilities from a process: security_manager_drop_process_privileges. Change-Id: Iff06554bdcf2d51d0163e4dcb83ea9b976896740 Signed-off-by: Rafal Krypa --- diff --git a/packaging/security-manager.spec b/packaging/security-manager.spec index a589b8a..a5d904f 100644 --- a/packaging/security-manager.spec +++ b/packaging/security-manager.spec @@ -13,6 +13,7 @@ BuildRequires: zip BuildRequires: libattr-devel BuildRequires: libcap-devel BuildRequires: pkgconfig(libsmack) +BuildRequires: pkgconfig(libcap) BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(libsystemd-journal) BuildRequires: pkgconfig(libtzplatform-config) diff --git a/src/client/CMakeLists.txt b/src/client/CMakeLists.txt index f0dfe20..5721503 100644 --- a/src/client/CMakeLists.txt +++ b/src/client/CMakeLists.txt @@ -1,6 +1,7 @@ PKG_CHECK_MODULES(CLIENT_DEP REQUIRED libsmack + libcap ) SET(CLIENT_VERSION_MAJOR 0) diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index c40097a..4081c29 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -32,6 +32,7 @@ #include #include #include +#include #include #include @@ -379,3 +380,33 @@ int security_manager_set_process_groups_from_appid(const char *app_id) return SECURITY_MANAGER_SUCCESS; }); } + +SECURITY_MANAGER_API +int security_manager_drop_process_privileges(void) +{ + LogDebug("security_manager_drop_process_privileges() called"); + + int ret; + cap_t cap = cap_init(); + if (!cap) { + LogError("Unable to allocate capability object"); + return SECURITY_MANAGER_ERROR_MEMORY; + } + + ret = cap_clear(cap); + if (ret) { + LogError("Unable to initialize capability object"); + cap_free(cap); + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + ret = cap_set_proc(cap); + if (ret) { + LogError("Unable to drop process capabilities"); + cap_free(cap); + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + cap_free(cap); + return SECURITY_MANAGER_SUCCESS; +} diff --git a/src/include/security-manager.h b/src/include/security-manager.h index 7267091..82a3431 100644 --- a/src/include/security-manager.h +++ b/src/include/security-manager.h @@ -182,6 +182,17 @@ int security_manager_set_process_label_from_appid(const char *app_id); */ int security_manager_set_process_groups_from_appid(const char *app_id); +/** + * The above launcher functions, manipulating process Smack label and group, + * require elevated privileges. Since they will be called by launcher after fork, + * in the process for the application, privileges should be dropped before + * running an actual application. This function is a helper for that purpose - + * it drops capabilities from the process. + * + * \return API return code or error code + */ +int security_manager_drop_process_privileges(void); + #ifdef __cplusplus }