From 0ffb178ea81ebcde3990dd8269ccc08ebbc83416 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Thu, 8 Feb 2018 09:57:25 +0100 Subject: meta-security: Remove unused content MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This unused content can be devided in two parts: - setting and feature in bitbake classes - tests None are actually used by AGL. Even if this content can be later included in distribution, I prefer to remove it now. Change-Id: I4e6a8ac6326986a5652a7c47614dcaa3db8cabb6 Signed-off-by: José Bollo --- .../recipes-test/app-runas/files/app-runas.cpp | 221 --------------------- 1 file changed, 221 deletions(-) delete mode 100644 meta-security/recipes-test/app-runas/files/app-runas.cpp (limited to 'meta-security/recipes-test/app-runas/files/app-runas.cpp') diff --git a/meta-security/recipes-test/app-runas/files/app-runas.cpp b/meta-security/recipes-test/app-runas/files/app-runas.cpp deleted file mode 100644 index 58fa15504..000000000 --- a/meta-security/recipes-test/app-runas/files/app-runas.cpp +++ /dev/null @@ -1,221 +0,0 @@ -// (C) Copyright 2015 Intel Corporation -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -// THE SOFTWARE. - -#include - -#include -#include -#include -#include -#include - -#include -#include - -#include -#include - -#define CHECK(x) { \ - int _ret = x; \ - if (_ret != SECURITY_MANAGER_SUCCESS) { \ - fprintf(stderr, "Failure in %s:%d: %s: %d = %s\n", __FILE__, __LINE__, #x, _ret, security_manager_strerror((lib_retcode)_ret)); \ - return EXIT_FAILURE; \ - } \ - } - -static int do_install(app_inst_req *preq) -{ - CHECK(security_manager_app_install(preq)); - return 0; -} - -static int do_uninstall(app_inst_req *preq) -{ - CHECK(security_manager_app_uninstall(preq)); - return 0; -} - -static int do_run(const char *appid, const char *uid, const char *file, char *const argv[]) -{ - if (!appid || !uid) { - fprintf(stderr, "Always need appid, uid for app startup.\n"); - return EXIT_FAILURE; - } - - pid_t child = fork(); - if (child == -1) { - perror("fork"); - return EXIT_FAILURE; - } else if (child) { - int status; - child = waitpid(child, &status, 0); - if (child == -1) { - perror("waitpid"); - return EXIT_FAILURE; - } - } else { - // We cannot change the UID before security_manager_prepare_app() - // (because then setup_smack() fails to change Smack labels of - // our fds) and we cannot change the UID after it (because then - // security_manager_drop_process_privileges() has already dropped - // the necessary CAP_SETUID. - // Instead, we need to do the steps from security_manager_prepare_app() - // ourselves. - CHECK(security_manager_set_process_label_from_appid(appid)); - CHECK(security_manager_set_process_groups_from_appid(appid)); - if (setuid(atoi(uid))) { - fprintf(stderr, "setuid(%s): %s\n", uid, strerror(errno)); - exit(EXIT_FAILURE); - } - CHECK(security_manager_drop_process_privileges()); - // CHECK(security_manager_prepare_app(appid)); - - execvp(file, argv); - fprintf(stderr, "execvp(%s): %s", argv[optind], strerror(errno)); - exit(EXIT_FAILURE); - } - return 0; -} - -int main(int argc, char **argv) -{ - int flags, opt; - int nsecs, tfnd; - const char *appid = NULL; - const char *pkgid = NULL; - const char *uid = NULL; - std::vector privileges; - std::vector< std::pair > paths; - int install = 0, uninstall = 0, run = 0; - - while ((opt = getopt(argc, argv, "a:p:u:r:t:ide")) != -1) { - switch (opt) { - case 'a': - appid = optarg; - break; - case 'p': - pkgid = optarg; - break; - case 'u': - uid = optarg; - break; - case 'r': - privileges.push_back(optarg); - break; - case 't': { - const char *colon = strchr(optarg, ':'); - if (!colon) { - fprintf(stderr, "-t parameter must be of the format :"); - return EXIT_FAILURE; - } - std::string typestr(optarg, colon - optarg); - std::string path(colon + 1); - app_install_path_type type; - if (typestr == "private") { - type = SECURITY_MANAGER_PATH_PRIVATE; - } else if (typestr == "public") { - type = SECURITY_MANAGER_PATH_PUBLIC; - } else if (typestr == "public-ro") { - type = SECURITY_MANAGER_PATH_PUBLIC_RO; - } else if (typestr == "rw") { - type = SECURITY_MANAGER_PATH_RW; - } else if (typestr == "ro") { - type = SECURITY_MANAGER_PATH_PRIVATE; - } else { - fprintf(stderr, "Invalid -t type: %s", typestr.c_str()); - return EXIT_FAILURE; - } - paths.push_back(std::make_pair(type, path)); - break; - } - case 'i': - install = 1; - break; - case 'd': - uninstall = 1; - break; - case 'e': - run = 1; - break; - default: /* '?' */ - fprintf(stderr, - "Usage: %s -i|-e|-d -a appid -u uid -p pkgid -r privilege1 ... -t private|public|public-ro|rw: ... -- command args\n" - " -i = install, command ignored\n" - " -e = run command, privileges and pkgid ignored\n" - " -d = uninstall, command and privileges ignored\n" - " Install, run, and uninstall can be combined into a single invocation.\n", - argv[0]); - exit(EXIT_FAILURE); - break; - } - } - - if ((install || uninstall) && - (!appid || !pkgid || !uid)) { - fprintf(stderr, "Always need appid, pkgid, uid for app install or uninstall.\n"); - return EXIT_FAILURE; - } - if (run && optind >= argc) { - fprintf(stderr, "Expected command after options\n"); - return EXIT_FAILURE; - } - - app_inst_req *preq; - CHECK(security_manager_app_inst_req_new(&preq)); - if (appid) { - CHECK(security_manager_app_inst_req_set_app_id(preq, appid)); - } - if (pkgid) { - CHECK(security_manager_app_inst_req_set_pkg_id(preq, pkgid)); - } - if (uid) { - CHECK(security_manager_app_inst_req_set_uid(preq, atoi(uid))); - } - for (size_t i = 0; i < paths.size(); i++) { - security_manager_app_inst_req_add_path(preq, paths[i].second.c_str(), paths[i].first); - } - for (size_t i = 0; i < privileges.size(); i++) { - CHECK(security_manager_app_inst_req_add_privilege(preq, privileges[i])); - } - - int result = 0; - bool install_failed = false; - if (install) { - result = do_install(preq); - if (result) { - install_failed = true; - } - } - if (run && !install_failed) { - int run_result = do_run(appid, uid, argv[optind], argv + optind); - if (run_result) { - result = run_result; - } - } - if (uninstall && !install_failed) { - int uninstall_result = do_uninstall(preq); - if (uninstall_result) { - result = uninstall_result; - } - } - - security_manager_app_inst_req_free(preq); - return result; -} -- cgit 1.2.3-korg