Ubuntu 18.04: dcap_quoteprov fails to load because of lack of permissions.

[jazzybluesea]

OS: Ubuntu 18.04
Repro steps:

1. Compile OE SDK from github.
2. Run tests/tools/oecert application. This will try to generate a OE report.

./host/oecert ./enc/oecert_enc --report --out test

You will see the issue when trying to create the OE report:

2020-04-16T23:21:07.000000Z [(H)INFO] tid(0x7fbf3127a740) | dcap_quoteprov: [INFO]: Using default collateral version 'v1'.
 [../host/sgx/sgxquoteprovider.c:oe_quote_provider_log:38]
2020-04-16T23:21:07.000000Z [(H)INFO] tid(0x7fbf3127a740) | dcap_quoteprov: [INFO]: Using default base cert URL 'https://global.acccache.azure.net/sgx/certificates'.
 [../host/sgx/sgxquoteprovider.c:oe_quote_provider_log:38]
2020-04-16T23:21:07.000000Z [(H)INFO] tid(0x7fbf3127a740) | dcap_quoteprov: [INFO]: Using default client id 'production_client'.
 [../host/sgx/sgxquoteprovider.c:oe_quote_provider_log:38]
2020-04-16T23:21:07.000000Z [(H)INFO] tid(0x7fbf3127a740) | dcap_quoteprov: [INFO]: Fetching quote config from remote server: 'https://global.acccache.azure.net/sgx/certificates/v1/f345032dbd1468b03a4f457216593b86/0f0f0305ff8006000000000000000000/0a00/0000?clientid=production_client&api-version=2018-10-01-preview'.
 [../host/sgx/sgxquoteprovider.c:oe_quote_provider_log:38]
2020-04-16T23:21:07.000000Z [(H)INFO] tid(0x7fbf3127a740) | dcap_quoteprov: [INFO]: raw_header SGX-TCBm:[0e0e02040180060000000000000000000A00]

 [../host/sgx/sgxquoteprovider.c:oe_quote_provider_log:38]
2020-04-16T23:21:07.000000Z [(H)INFO] tid(0x7fbf3127a740) | dcap_quoteprov: [INFO]: CPU SVN: '0e0e0204018006000000000000000000'.
 [../host/sgx/sgxquoteprovider.c:oe_quote_provider_log:38]
2020-04-16T23:21:07.000000Z [(H)INFO] tid(0x7fbf3127a740) | dcap_quoteprov: [INFO]: PCE ISV SVN: '0A00'.
 [../host/sgx/sgxquoteprovider.c:oe_quote_provider_log:38]
2020-04-16T23:21:07.000000Z [(H)INFO] tid(0x7fbf3127a740) | dcap_quoteprov: [INFO]: PCE SVN parsed as '0x000a'
 [../host/sgx/sgxquoteprovider.c:oe_quote_provider_log:38]
2020-04-16T23:21:07.000000Z [(H)INFO] tid(0x7fbf3127a740) | dcap_quoteprov: [INFO]: libquote_provider.so: [-----BEGIN CERTIFICATE-----
MIIClzCCAj6gAwIBAgIVANDoqtp11/kuSReYPHsUZdDV8llNMAoGCCqGSM49BAMC
MGgxGjAYBgNVBAMMEUludGVsIFNHWCBSb290IENBMRowGAYDVQQKDBFJbnRlbCBD
b3Jwb3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcmExCzAJBgNVBAgMAkNBMQsw
CQYDVQQGEwJVUzAeFw0xODA1MjExMDQ1MDhaFw0zMzA1MjExMDQ1MDhaMHExIzAh
BgNVBAMMGkludGVsIFNHWCBQQ0sgUHJvY2Vzc29yIENBMRowGAYDVQQKDBFJbnRl
bCBDb3Jwb3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcmExCzAJBgNVBAgMAkNB
MQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL9q+NMp2IOg
tdl1b
 [../host/sgx/sgxquoteprovider.c:oe_quote_provider_log:38]
2020-04-16T23:21:07.000000Z [(H)INFO] tid(0x7fbf3127a740) | dcap_quoteprov: [ERROR]: Unknown exception thrown, error: Error calling open on file: Permission denied
 [../host/sgx/sgxquoteprovider.c:oe_quote_provider_log:38]
2020-04-16T23:21:07.000000Z [(H)ERROR] tid(0x7fbf3127a740) | quote3_error_t=0xe001
 (oe_result_t=OE_PLATFORM_ERROR) [../host/sgx/sgxquote.c:oe_sgx_qe_get_target_info:21]
2020-04-16T23:21:07.000000Z [(H)ERROR] tid(0x7fbf3127a740) | :OE_PLATFORM_ERROR [../host/sgx/quote.c:sgx_get_qetarget_info:31]
2020-04-16T23:21:07.000000Z [(H)ERROR] tid(0x7fbf3127a740) | :OE_PLATFORM_ERROR [../host/sgx/report.c:_get_remote_report:93]
2020-04-16T23:21:07.000000Z [(H)ERROR] tid(0x7fbf3127a740) | :OE_PLATFORM_ERROR [../host/sgx/report.c:_oe_get_report_internal:174]
Failed to create report. Error: OE_PLATFORM_ERROR
2020-04-16T23:21:07.000000Z [(H)VERBOSE] tid(0x7fbf3127a740) | /home/sewong/jazzybluesea/openenclave/build/tests/tools/oecert/enc/oecert_enc 0x2e800000 OE_ECALL: DESTRUCTOR
2020-04-16T23:21:07.000000Z [(H)VERBOSE] tid(0x7fbf3127a740) | _do_eenter(tcs=0x7fbf2ec76000 aep=0x4bc16c codeIn=1, funcIn=0 argIn=0)
 [../host/sgx/calls.c:_do_eenter:178]
2020-04-16T23:21:07.000000Z [(H)INFO] tid(0x7fbf3127a740) | _unload_quote_provider libdcap_quoteprov.so
 [../host/sgx/linux/sgxquoteproviderloader.c:_unload_quote_provider:13]

If you use sudo to run oecert, the problem does not reproduce.

Drivers:

ii  libsgx-ae-pce                      2.9.101.2-bionic1                           amd64        Intel(R) Software Guard Extensions PCE
ii  libsgx-ae-qe3                      1.6.100.2-bionic1                           amd64        Intel(R) Software Guard Extensions QE3
ii  libsgx-ae-qve                      1.6.100.2-bionic1                           amd64        Intel(R) Software Guard Extensions QVE
ii  libsgx-dcap-ql                     1.6.100.2-bionic1                           amd64        Intel(R) Software Guard Extensions Data Center Attestation Primitives
ii  libsgx-dcap-ql-dev                 1.6.100.2-bionic1                           amd64        Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers
ii  libsgx-enclave-common              2.9.101.2-bionic1                           amd64        Intel(R) Software Guard Extensions Enclave Common Loader
ii  libsgx-enclave-common-dev          2.9.101.2-bionic1                           amd64        Intel(R) Software Guard Extensions Enclave Common Loader for Developers
ii  libsgx-pce-logic                   1.6.100.2-bionic1                           amd64        Intel(R) Software Guard Extensions Data Center Attestation Primitives
ii  libsgx-qe3-logic                   1.6.100.2-bionic1                           amd64        Intel(R) Software Guard Extensions Data Center Attestation Primitives
ii  libsgx-urts                        2.9.101.2-bionic1                           amd64        Intel(R) Software Guard Extensions uRTS
ii  linux-base-sgx                     4.5ubuntu1.1                                all          Linux image base package for DCAP SGX

[jazzybluesea]

Never mind, this is the same issue as #98