From a6b689d7dfbfaab9138d32e148b08bf51b175703 Mon Sep 17 00:00:00 2001 From: Saulo Moraes Date: Tue, 12 Sep 2017 18:08:31 -0300 Subject: [PATCH] Integration w/ DLP feature from privacy-guard Change-Id: I5ccf039d400dfd5ba0d7bcab7e75bc82aef5b6e8 --- Makefile.am | 3 ++ configure.ac | 13 +++++++ extensions/Makefile.am | 4 +++ extensions/configure.ac | 1 + extensions/tizen_dlp.c | 35 +++++++++++++++++++ lib/Makefile.inc | 9 +++-- lib/easy.c | 10 ++++++ lib/extensions/curl_extensions.c | 75 ++++++++++++++++++++++++++++++++++++++++ lib/extensions/curl_extensions.h | 55 +++++++++++++++++++++++++++++ lib/sendf.c | 11 ++++++ packaging/curl.spec | 17 ++++++++- 11 files changed, 230 insertions(+), 3 deletions(-) create mode 100644 extensions/Makefile.am create mode 100644 extensions/configure.ac create mode 100644 extensions/tizen_dlp.c create mode 100644 lib/extensions/curl_extensions.c create mode 100644 lib/extensions/curl_extensions.h diff --git a/Makefile.am b/Makefile.am index 33f900a..ae70695 100644 --- a/Makefile.am +++ b/Makefile.am @@ -152,6 +152,9 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ bin_SCRIPTS = curl-config SUBDIRS = lib src include +if USE_TIZEN_FEATURE_DLP +SUBDIRS += extensions +endif DIST_SUBDIRS = $(SUBDIRS) tests packages docs scripts pkgconfigdir = $(libdir)/pkgconfig diff --git a/configure.ac b/configure.ac index 417ba20..ab6a629 100644 --- a/configure.ac +++ b/configure.ac @@ -3080,6 +3080,18 @@ dnl Let's hope this split URL remains working: dnl http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/ \ dnl genprogc/thread_quick_ref.htm +dnl ********************************************************************** +dnl Check for DLP +dnl ********************************************************************** + +AC_ARG_ENABLE([dlp], + AS_HELP_STRING([--enable-dlp], [Enable DLP usage])) + +AS_IF([test "x$enable_dlp" = "xyes"], [ + CPPFLAGS+=" -DUSE_TIZEN_FEATURE_DLP" +]) + +AM_CONDITIONAL(USE_TIZEN_FEATURE_DLP, test "x$enable_dlp" = "xyes") dnl ********************************************************************** @@ -3996,6 +4008,7 @@ AC_CONFIG_FILES([Makefile \ include/curl/Makefile \ src/Makefile \ lib/Makefile \ + extensions/Makefile \ scripts/Makefile \ lib/libcurl.vers \ tests/Makefile \ diff --git a/extensions/Makefile.am b/extensions/Makefile.am new file mode 100644 index 0000000..5874678 --- /dev/null +++ b/extensions/Makefile.am @@ -0,0 +1,4 @@ +lib_LTLIBRARIES = libcurl_extension_dlp.la + +libcurl_extension_dlp_la_SOURCES = tizen_dlp.c +libcurl_extension_dlp_la_LDFLAGS = -lprivacy-guard-client diff --git a/extensions/configure.ac b/extensions/configure.ac new file mode 100644 index 0000000..63f03a0 --- /dev/null +++ b/extensions/configure.ac @@ -0,0 +1 @@ +LT_INIT diff --git a/extensions/tizen_dlp.c b/extensions/tizen_dlp.c new file mode 100644 index 0000000..c88c604 --- /dev/null +++ b/extensions/tizen_dlp.c @@ -0,0 +1,35 @@ +/** + * @file tizen_dlp.cpp + * @brief external API functions for DLP + */ + +#include + +/** + * @fn void tizen_dlp_init(void) + * @brief Initialize the DLP creating the Load Rules and Logging threads + * @callgraph + */ +void tizen_dlp_init(void) +{ + privacy_guard_dlp_init(); +} + +/** + * @fn void tizen_dlp_check_leak(const char *hostname, char * const mem, size_t len) + * @brief Checks for information leak on a given request string + * + * @param[in] hostname The hostname of the server to which the request will be sent + * @param[in] mem Text that we are going to validate for info leak + * @param[in] len Size of len in bytes + * + * @return either PRIV_GUARD_DLP_RESULT_ALLOW or PRIV_GUARD_DLP_RESULT_DENY + * @callgraph + */ +void tizen_dlp_check_leak(const char *hostname, char * const mem, size_t len) +{ + /** + * Send data to Tizen DLP verification + */ + privacy_guard_dlp_check_leak(hostname, mem, len); +} diff --git a/lib/Makefile.inc b/lib/Makefile.inc index 19f5800..c5230a1 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -37,6 +37,11 @@ LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \ vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h \ vtls/mbedtls.h +if USE_TIZEN_FEATURE_DLP +LIB_EXTENSIONS_CFILES = extensions/curl_extensions.c +LIB_EXTENSIONS_HFILES = extensions/curl_extensions.h +endif + LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c \ ldap.c version.c getenv.c escape.c mprintf.c telnet.c netrc.c \ @@ -76,5 +81,5 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ LIB_RCFILES = libcurl.rc -CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES) -HHEADERS = $(LIB_HFILES) $(LIB_VAUTH_HFILES) $(LIB_VTLS_HFILES) +CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES) $(LIB_EXTENSIONS_CFILES) +HHEADERS = $(LIB_HFILES) $(LIB_VAUTH_HFILES) $(LIB_VTLS_HFILES) $(LIB_EXTENSIONS_HFILES) diff --git a/lib/easy.c b/lib/easy.c index bed94a4..2895c8d 100644 --- a/lib/easy.c +++ b/lib/easy.c @@ -76,6 +76,9 @@ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" +#ifdef USE_TIZEN_FEATURE_DLP +#include "extensions/curl_extensions.h" +#endif void Curl_version_init(void); @@ -202,6 +205,13 @@ static CURLcode global_init(long flags, bool memoryfuncs) if(initialized++) return CURLE_OK; +#ifdef USE_TIZEN_FEATURE_DLP + /** + * Initialize Tizen DLP + */ + curl_extensions_tizen_dlp_init(); +#endif + if(memoryfuncs) { /* Setup the default memory functions here (again) */ Curl_cmalloc = (curl_malloc_callback)malloc; diff --git a/lib/extensions/curl_extensions.c b/lib/extensions/curl_extensions.c new file mode 100644 index 0000000..7bce27d --- /dev/null +++ b/lib/extensions/curl_extensions.c @@ -0,0 +1,75 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2014 - 2016, Steve Holme, . + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/** + * @file curl_extensions.cpp + * @brief external API functions for DLP + */ + +#ifdef USE_TIZEN_FEATURE_DLP +#include +#include + +#define LIBRARY_PATH "/usr/lib/libcurl_extension_dlp.so.0" + +static int first_run = 1; +static void (*tizen_dlp_init)(void) = NULL; +static void (*tizen_dlp_check_leak)(const char *, char * const, size_t) = NULL; + +/** + * @fn void curl_extensions_init(void) + * @brief Load the extension shared library looking for the function call + * symbols it going to use + * @callgraph + */ +static void curl_extensions_init(void) +{ + if (first_run) { + void *handle = dlopen(LIBRARY_PATH, RTLD_LAZY); + if (handle) { + tizen_dlp_init = dlsym(handle, "tizen_dlp_init"); + tizen_dlp_check_leak = dlsym(handle, "tizen_dlp_check_leak"); + } + first_run = 0; + } +} + +/** + * @callgraph + */ +void curl_extensions_tizen_dlp_init(void) +{ + curl_extensions_init(); + + if (tizen_dlp_init) + tizen_dlp_init(); +} + +/** + * @callgraph + */ +void curl_extensions_tizen_dlp_check_leak(const char *hostname, char * const mem, size_t len) +{ + if(tizen_dlp_check_leak) + tizen_dlp_check_leak(hostname, mem, len); +} +#endif /* USE_TIZEN_FEATURE_DLP */ diff --git a/lib/extensions/curl_extensions.h b/lib/extensions/curl_extensions.h new file mode 100644 index 0000000..9b2aeb1 --- /dev/null +++ b/lib/extensions/curl_extensions.h @@ -0,0 +1,55 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2014 - 2016, Steve Holme, . + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/** + * @file curl_extensions.h + * @brief API for privacy-guard-dlp + */ + +#ifdef USE_TIZEN_FEATURE_DLP +#ifndef HEADER_CURL_EXTENSIONS_H +#define HEADER_CURL_EXTENSIONS_H + +#include + +/** + * @fn void curl_extensions_tizen_dlp_init(void) + * @brief Initialize the DLP creating the Load Rules and Logging threads + * @callgraph + */ +void curl_extensions_tizen_dlp_init(void); + +/** + * @fn void curl_extensions_tizen_dlp_check_leak(const char *hostname, char * const mem, size_t len) + * @brief Checks for information leak on a given request string + * + * @param[in] hostname The hostname of the server to which the request will be sent + * @param[in] mem Text that we are going to validate for info leak + * @param[in] len Size of len in bytes + * + * @return either PRIV_GUARD_DLP_RESULT_ALLOW or PRIV_GUARD_DLP_RESULT_DENY + * @callgraph + */ +void curl_extensions_tizen_dlp_check_leak(const char *hostname, char * const mem, size_t len); + +#endif /* HEADER_CURL_EXTENSIONS_H */ +#endif /* USE_TIZEN_FEATURE_DLP */ diff --git a/lib/sendf.c b/lib/sendf.c index 7601697..2704c7f 100644 --- a/lib/sendf.c +++ b/lib/sendf.c @@ -24,6 +24,9 @@ #include +#ifdef USE_TIZEN_FEATURE_DLP +#include "extensions/curl_extensions.h" +#endif #include "urldata.h" #include "sendf.h" #include "connect.h" @@ -325,6 +328,14 @@ CURLcode Curl_write(struct connectdata *conn, CURLcode result = CURLE_OK; int num = (sockfd == conn->sock[SECONDARYSOCKET]); +#ifdef USE_TIZEN_FEATURE_DLP + /** + * Send data to Tizen DLP verification + */ + curl_extensions_tizen_dlp_check_leak(conn->host.dispname, (char *const)mem, + len); +#endif + bytes_written = conn->send[num](conn, num, mem, len, &result); *written = bytes_written; diff --git a/packaging/curl.spec b/packaging/curl.spec index 8a23d3a..3fa2a1f 100644 --- a/packaging/curl.spec +++ b/packaging/curl.spec @@ -14,6 +14,7 @@ BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(libcares) BuildRequires: pkgconfig(libnghttp2) +BuildRequires: pkgconfig(privacy-guard-client) Provides: webclient @@ -51,6 +52,15 @@ Obsoletes: curl-devel < %{version}-%{release} libcurl is the core engine of curl; this packages contains all the libs, headers, and manual pages to develop applications using libcurl. +%package -n libcurl-extension-dlp +Summary: Extensions for Tizen OS +Provides: libcurl-extension-dlp = %{version}-%{release} +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libcurl-extension-dlp +libcurl extensions for Tinen OS. + %prep %setup -q cp %{SOURCE1001} . @@ -76,6 +86,7 @@ CFLAGS+=" -DTIZEN_TV_EXT" --disable-static \ --with-nghttp2 \ --without-zsh-functions-dir \ +--enable-dlp \ #--with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt @@ -95,7 +106,7 @@ rm -rf $RPM_BUILD_ROOT make DESTDIR=$RPM_BUILD_ROOT INSTALL="%{__install} -p" install -rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la +rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl{,_extension_dlp}.la install -d $RPM_BUILD_ROOT/%{_datadir}/aclocal install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT/%{_datadir}/aclocal @@ -124,3 +135,7 @@ rm -rf ${RPM_BUILD_ROOT}/usr/share/man %{_libdir}/pkgconfig/*.pc %{_datadir}/aclocal/libcurl.m4 +%files -n libcurl-extension-dlp +%manifest %{name}.manifest +%{_libdir}/libcurl_extension_dlp.so.* +%license COPYING -- 2.7.4