From: tizen Date: Wed, 18 Oct 2017 17:08:53 +0000 (-0200) Subject: Adding integration with DLP feature from privacy-guard X-Git-Tag: submit/tizen/20171019.085438^0 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fupstream%2Fcurl.git;a=commitdiff_plain;h=7288ee9140c99e9bf2af3a9c65df7390ae211a78 Adding integration with DLP feature from privacy-guard Change-Id: I2959feebaecfc6acbd87ab483a4f017d48b65de1 Signed-off-by: tizen --- diff --git a/Makefile.am b/Makefile.am index 33f900a..ae70695 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,9 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ bin_SCRIPTS = curl-config SUBDIRS = lib src include +if USE_TIZEN_FEATURE_DLP +SUBDIRS += extensions +endif DIST_SUBDIRS = $(SUBDIRS) tests packages docs scripts pkgconfigdir = $(libdir)/pkgconfig diff --git a/configure.ac b/configure.ac index 417ba20..ab6a629 100644 --- a/configure.ac +++ b/configure.ac @@ -3080,6 +3080,18 @@ dnl Let's hope this split URL remains working: dnl http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/ \ dnl genprogc/thread_quick_ref.htm +dnl ********************************************************************** +dnl Check for DLP +dnl ********************************************************************** + +AC_ARG_ENABLE([dlp], + AS_HELP_STRING([--enable-dlp], [Enable DLP usage])) + +AS_IF([test "x$enable_dlp" = "xyes"], [ + CPPFLAGS+=" -DUSE_TIZEN_FEATURE_DLP" +]) + +AM_CONDITIONAL(USE_TIZEN_FEATURE_DLP, test "x$enable_dlp" = "xyes") dnl ********************************************************************** @@ -3996,6 +4008,7 @@ AC_CONFIG_FILES([Makefile \ include/curl/Makefile \ src/Makefile \ lib/Makefile \ + extensions/Makefile \ scripts/Makefile \ lib/libcurl.vers \ tests/Makefile \ diff --git a/extensions/Makefile.am b/extensions/Makefile.am new file mode 100644 index 0000000..a7cca15 --- /dev/null +++ b/extensions/Makefile.am @@ -0,0 +1,3 @@ +lib_LTLIBRARIES = libcurl_extension_dlp.la + +libcurl_extension_dlp_la_SOURCES = tizen_dlp.c diff --git a/extensions/configure.ac b/extensions/configure.ac new file mode 100644 index 0000000..abfc8de --- /dev/null +++ b/extensions/configure.ac @@ -0,0 +1,2 @@ +LT_INIT + diff --git a/extensions/tizen_dlp.c b/extensions/tizen_dlp.c new file mode 100644 index 0000000..1c42ebd --- /dev/null +++ b/extensions/tizen_dlp.c @@ -0,0 +1,52 @@ +/** + * @file tizen_dlp.cpp + * @brief external API functions for DLP + */ + +#include + +#define LIBRARY_PATH "/lib/libprivacy-guard-client.so" + +static int first_run = 1; +static void (*privacy_guard_dlp_init)(void) = 0; +static void (*privacy_guard_dlp_check_leak)(const char *, char * const, size_t) = 0; + +/** + * @fn void tizen_dlp_init(void) + * @brief Initialize the DLP creating the Load Rules and Logging threads + * @callgraph + */ +void tizen_dlp_init(void) +{ + if (first_run) { + void *handle = dlopen(LIBRARY_PATH, RTLD_LAZY); + if (handle) { + privacy_guard_dlp_init = dlsym(handle, "privacy_guard_dlp_init"); + privacy_guard_dlp_check_leak = dlsym(handle, "privacy_guard_dlp_check_leak"); + } + first_run = 0; + } + + if (privacy_guard_dlp_init) + privacy_guard_dlp_init(); +} + +/** + * @fn void tizen_dlp_check_leak(const char *hostname, char * const mem, size_t len) + * @brief Checks for information leak on a given request string + * + * @param[in] hostname The hostname of the server to which the request will be sent + * @param[in] mem Text that we are going to validate for info leak + * @param[in] len Size of len in bytes + * + * @return either PRIV_GUARD_DLP_RESULT_ALLOW or PRIV_GUARD_DLP_RESULT_DENY + * @callgraph + */ +void tizen_dlp_check_leak(const char *hostname, char * const mem, size_t len) +{ + /** + * Send data to Tizen DLP verification + */ + if(privacy_guard_dlp_check_leak) + privacy_guard_dlp_check_leak(hostname, mem, len); +} diff --git a/lib/Makefile.inc b/lib/Makefile.inc index 19f5800..b878935 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -37,6 +37,11 @@ LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \ vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h \ vtls/mbedtls.h +if USE_TIZEN_FEATURE_DLP +LIB_EXTENSIONS_CFILES = extensions/curl_extensions.c +LIB_EXTENSIONS_HFILES = extensions/curl_extensions.h +endif + LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c \ ldap.c version.c getenv.c escape.c mprintf.c telnet.c netrc.c \ @@ -76,5 +81,6 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ LIB_RCFILES = libcurl.rc -CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES) -HHEADERS = $(LIB_HFILES) $(LIB_VAUTH_HFILES) $(LIB_VTLS_HFILES) +CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES) $(LIB_EXTENSIONS_CFILES) +HHEADERS = $(LIB_HFILES) $(LIB_VAUTH_HFILES) $(LIB_VTLS_HFILES) $(LIB_EXTENSIONS_HFILES) + diff --git a/lib/easy.c b/lib/easy.c index bed94a4..2895c8d 100644 --- a/lib/easy.c +++ b/lib/easy.c @@ -76,6 +76,9 @@ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" +#ifdef USE_TIZEN_FEATURE_DLP +#include "extensions/curl_extensions.h" +#endif void Curl_version_init(void); @@ -202,6 +205,13 @@ static CURLcode global_init(long flags, bool memoryfuncs) if(initialized++) return CURLE_OK; +#ifdef USE_TIZEN_FEATURE_DLP + /** + * Initialize Tizen DLP + */ + curl_extensions_tizen_dlp_init(); +#endif + if(memoryfuncs) { /* Setup the default memory functions here (again) */ Curl_cmalloc = (curl_malloc_callback)malloc; diff --git a/lib/extensions/curl_extensions.c b/lib/extensions/curl_extensions.c new file mode 100644 index 0000000..7bce27d --- /dev/null +++ b/lib/extensions/curl_extensions.c @@ -0,0 +1,75 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2014 - 2016, Steve Holme, . + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/** + * @file curl_extensions.cpp + * @brief external API functions for DLP + */ + +#ifdef USE_TIZEN_FEATURE_DLP +#include +#include + +#define LIBRARY_PATH "/usr/lib/libcurl_extension_dlp.so.0" + +static int first_run = 1; +static void (*tizen_dlp_init)(void) = NULL; +static void (*tizen_dlp_check_leak)(const char *, char * const, size_t) = NULL; + +/** + * @fn void curl_extensions_init(void) + * @brief Load the extension shared library looking for the function call + * symbols it going to use + * @callgraph + */ +static void curl_extensions_init(void) +{ + if (first_run) { + void *handle = dlopen(LIBRARY_PATH, RTLD_LAZY); + if (handle) { + tizen_dlp_init = dlsym(handle, "tizen_dlp_init"); + tizen_dlp_check_leak = dlsym(handle, "tizen_dlp_check_leak"); + } + first_run = 0; + } +} + +/** + * @callgraph + */ +void curl_extensions_tizen_dlp_init(void) +{ + curl_extensions_init(); + + if (tizen_dlp_init) + tizen_dlp_init(); +} + +/** + * @callgraph + */ +void curl_extensions_tizen_dlp_check_leak(const char *hostname, char * const mem, size_t len) +{ + if(tizen_dlp_check_leak) + tizen_dlp_check_leak(hostname, mem, len); +} +#endif /* USE_TIZEN_FEATURE_DLP */ diff --git a/lib/extensions/curl_extensions.h b/lib/extensions/curl_extensions.h new file mode 100644 index 0000000..9b2aeb1 --- /dev/null +++ b/lib/extensions/curl_extensions.h @@ -0,0 +1,55 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2014 - 2016, Steve Holme, . + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/** + * @file curl_extensions.h + * @brief API for privacy-guard-dlp + */ + +#ifdef USE_TIZEN_FEATURE_DLP +#ifndef HEADER_CURL_EXTENSIONS_H +#define HEADER_CURL_EXTENSIONS_H + +#include + +/** + * @fn void curl_extensions_tizen_dlp_init(void) + * @brief Initialize the DLP creating the Load Rules and Logging threads + * @callgraph + */ +void curl_extensions_tizen_dlp_init(void); + +/** + * @fn void curl_extensions_tizen_dlp_check_leak(const char *hostname, char * const mem, size_t len) + * @brief Checks for information leak on a given request string + * + * @param[in] hostname The hostname of the server to which the request will be sent + * @param[in] mem Text that we are going to validate for info leak + * @param[in] len Size of len in bytes + * + * @return either PRIV_GUARD_DLP_RESULT_ALLOW or PRIV_GUARD_DLP_RESULT_DENY + * @callgraph + */ +void curl_extensions_tizen_dlp_check_leak(const char *hostname, char * const mem, size_t len); + +#endif /* HEADER_CURL_EXTENSIONS_H */ +#endif /* USE_TIZEN_FEATURE_DLP */ diff --git a/lib/sendf.c b/lib/sendf.c index 7601697..2704c7f 100644 --- a/lib/sendf.c +++ b/lib/sendf.c @@ -24,6 +24,9 @@ #include +#ifdef USE_TIZEN_FEATURE_DLP +#include "extensions/curl_extensions.h" +#endif #include "urldata.h" #include "sendf.h" #include "connect.h" @@ -325,6 +328,14 @@ CURLcode Curl_write(struct connectdata *conn, CURLcode result = CURLE_OK; int num = (sockfd == conn->sock[SECONDARYSOCKET]); +#ifdef USE_TIZEN_FEATURE_DLP + /** + * Send data to Tizen DLP verification + */ + curl_extensions_tizen_dlp_check_leak(conn->host.dispname, (char *const)mem, + len); +#endif + bytes_written = conn->send[num](conn, num, mem, len, &result); *written = bytes_written; diff --git a/packaging/curl.spec b/packaging/curl.spec index 8a23d3a..1239127 100644 --- a/packaging/curl.spec +++ b/packaging/curl.spec @@ -51,6 +51,15 @@ Obsoletes: curl-devel < %{version}-%{release} libcurl is the core engine of curl; this packages contains all the libs, headers, and manual pages to develop applications using libcurl. +%package -n libcurl-extension-dlp +Summary: Extensions for Tizen OS +Provides: libcurl-extension-dlp = %{version}-%{release} +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libcurl-extension-dlp +libcurl extensions for Tinen OS. + %prep %setup -q cp %{SOURCE1001} . @@ -76,6 +85,7 @@ CFLAGS+=" -DTIZEN_TV_EXT" --disable-static \ --with-nghttp2 \ --without-zsh-functions-dir \ +--enable-dlp \ #--with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt @@ -95,7 +105,7 @@ rm -rf $RPM_BUILD_ROOT make DESTDIR=$RPM_BUILD_ROOT INSTALL="%{__install} -p" install -rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la +rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl{,_extension_dlp}.la install -d $RPM_BUILD_ROOT/%{_datadir}/aclocal install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT/%{_datadir}/aclocal @@ -124,3 +134,7 @@ rm -rf ${RPM_BUILD_ROOT}/usr/share/man %{_libdir}/pkgconfig/*.pc %{_datadir}/aclocal/libcurl.m4 +%files -n libcurl-extension-dlp +%manifest %{name}.manifest +%{_libdir}/libcurl_extension_dlp.so.* +%license COPYING