From b142edfe2055c1d5967f645f5414e54ee9428788 Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Mon, 11 Mar 2019 13:08:43 +0100 Subject: [PATCH] cmd/snap-confine: add sc_init_invocation() The new helper function handles initialization of sc_invocation, which mostly involves internal consistency checks. Signed-off-by: Zygmunt Krynicki --- cmd/Makefile.am | 2 + cmd/snap-confine/snap-confine-invocation.c | 71 ++++++++++++++++++++++ cmd/snap-confine/snap-confine-invocation.h | 12 ++++ 3 files changed, 85 insertions(+) create mode 100644 cmd/snap-confine/snap-confine-invocation.c diff --git a/cmd/Makefile.am b/cmd/Makefile.am index 6eb37fd87b5..6958f446add 100644 --- a/cmd/Makefile.am +++ b/cmd/Makefile.am @@ -226,6 +226,8 @@ snap_confine_snap_confine_SOURCES = \ snap-confine/ns-support.h \ snap-confine/snap-confine-args.c \ snap-confine/snap-confine-args.h \ + snap-confine/snap-confine-invocation.c \ + snap-confine/snap-confine-invocation.h \ snap-confine/snap-confine-invocation.h \ snap-confine/snap-confine.c \ snap-confine/udev-support.c \ diff --git a/cmd/snap-confine/snap-confine-invocation.c b/cmd/snap-confine/snap-confine-invocation.c new file mode 100644 index 00000000000..d8814a76c2f --- /dev/null +++ b/cmd/snap-confine/snap-confine-invocation.c @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2019 Canonical Ltd + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +#include "snap-confine-invocation.h" + +#include + +#include "../libsnap-confine-private/snap.h" +#include "../libsnap-confine-private/utils.h" + +void sc_init_invocation(sc_invocation * inv, const struct sc_args *args, + const char *snap_instance) +{ + /* Snap instance name is conveyed via untrusted environment. It may be + * unset (typically when experimenting with snap-confine by hand). It + * must also be a valid snap instance name. */ + if (snap_instance == NULL) { + die("SNAP_INSTANCE_NAME is not set"); + } + sc_instance_name_validate(snap_instance, NULL); + + /* The security tag is conveyed via untrusted command line. It must be + * in agreement with snap instance name and must be a valid security + * tag. */ + const char *security_tag = sc_args_security_tag(args); + if (!verify_security_tag(security_tag, snap_instance)) { + die("security tag %s not allowed", security_tag); + } + + /* The base snap name is conveyed via untrusted, optional, command line + * argument. It may be omitted where it implies the "core" snap is the + * base. */ + const char *base_snap_name = sc_args_base_snap(args) ? : "core"; + sc_snap_name_validate(base_snap_name, NULL); + + /* The executable is conveyed via untrusted command lne. It must be set + * but cannot be validated further than that at this time. It might be + * arguable to validate it to be snap-exec in one of the well-known + * locations or one of the special-cases like strace / gdb but this is + * not done at this time. */ + const char *executable = sc_args_executable(args); + /* TODO: validate NULL */ + + /* Invocation helps to pass relevant data to various parts of snap-confine. */ + memset(inv, 0, sizeof *inv); + inv->base_snap_name = base_snap_name; + inv->executable = executable; + inv->security_tag = security_tag; + inv->snap_instance = snap_instance; + inv->classic_confinement = sc_args_is_classic_confinement(args); + + debug("security tag: %s", inv->security_tag); + debug("executable: %s", inv->executable); + debug("confinement: %s", + inv->classic_confinement ? "classic" : "non-classic"); + debug("base snap: %s", inv->base_snap_name); +} diff --git a/cmd/snap-confine/snap-confine-invocation.h b/cmd/snap-confine/snap-confine-invocation.h index b02c9bf79bb..13b63024440 100644 --- a/cmd/snap-confine/snap-confine-invocation.h +++ b/cmd/snap-confine/snap-confine-invocation.h @@ -20,6 +20,8 @@ #include +#include "snap-confine-args.h" + /** * sc_invocation contains information about how snap-confine was invoked. * @@ -36,4 +38,14 @@ typedef struct sc_invocation { bool is_normal_mode; } sc_invocation; +/** + * sc_init_invocation initializes the invocation object. + * + * Invocation is constructed based on command line arguments as well as + * environment value (SNAP_INSTANCE_NAME). All input is untrustee and is + * validated internally. + **/ +void sc_init_invocation(sc_invocation * inv, const struct sc_args *args, + const char *snap_instance); + #endif