trust-store

Merge lp:~thomas-voss/trust-store/make-process-start-time-verification-configurable into lp:trust-store

  1. make-process-start-time-verification-configurable
  2. Merge into trunk
Proposed by Thomas Voß
Status: Needs review
Proposed branch: lp:~thomas-voss/trust-store/make-process-start-time-verification-configurable
Merge into: lp:trust-store
Diff against target: 149 lines (+30/-12)
5 files modified
src/core/trust/daemon.cpp (+4/-3)
src/core/trust/mir/prompt_main.cpp (+4/-0)
src/core/trust/remote/posix.cpp (+8/-6)
src/core/trust/remote/posix.h (+8/-0)
tests/remote_agent_test.cpp (+6/-3)
To merge this branch: bzr merge lp:~thomas-voss/trust-store/make-process-start-time-verification-configurable
Reviewer Review Type Date Requested Status
PS Jenkins bot continuous-integration Approve
Ubuntu Phablet Team Pending
Review via email: mp+267923@code.launchpad.net

Commit message

Expose flag for process timestamp verification as command line argument.
Make process-start-time verification configurable.
Adjust test cases to account for new struct member.

Description of the change

Expose flag for process timestamp verification as command line argument.
Make process-start-time verification configurable.
Adjust test cases to account for new struct member.

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:111
http://jenkins.qa.ubuntu.com/job/trust-store-ci/91/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-amd64-ci/12
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-armhf-ci/12
        deb: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-armhf-ci/12/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-i386-ci/12

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/trust-store-ci/91/rebuild

review: Approve (continuous-integration)
Reply
lp:~thomas-voss/trust-store/make-process-start-time-verification-configurable updated
112. By Thomas Voß

Add some terminal output for debugging purposes.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:112
http://jenkins.qa.ubuntu.com/job/trust-store-ci/92/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-amd64-ci/13
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-armhf-ci/13
        deb: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-armhf-ci/13/artifact/work/output/*zip*/output.zip
    FAILURE: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-i386-ci/13/console

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/trust-store-ci/92/rebuild

review: Needs Fixing (continuous-integration)
Reply
lp:~thomas-voss/trust-store/make-process-start-time-verification-configurable updated
113. By Thomas Voß

Temporarily enable debugging of the prompt.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:113
http://jenkins.qa.ubuntu.com/job/trust-store-ci/94/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-amd64-ci/15
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-armhf-ci/15
        deb: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-armhf-ci/15/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-i386-ci/15

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/trust-store-ci/94/rebuild

review: Approve (continuous-integration)
Reply
lp:~thomas-voss/trust-store/make-process-start-time-verification-configurable updated
114. By Thomas Voß

Remove temporary terminal output.
Make whitelisting agent behavior configurable via a command-line flag 'disable-whitelisting'.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:114
http://jenkins.qa.ubuntu.com/job/trust-store-ci/95/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-amd64-ci/16
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-armhf-ci/16
        deb: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-armhf-ci/16/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/trust-store-vivid-i386-ci/16

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/trust-store-ci/95/rebuild

review: Approve (continuous-integration)
Reply

Unmerged revisions

114. By Thomas Voß

Remove temporary terminal output.
Make whitelisting agent behavior configurable via a command-line flag 'disable-whitelisting'.

113. By Thomas Voß

Temporarily enable debugging of the prompt.

112. By Thomas Voß

Add some terminal output for debugging purposes.

111. By Thomas Voß

Expose flag for process timestamp verification as command line argument.
Adjust test cases to account for new struct member.

110. By Thomas Voß

Make process-start-time verification configurable.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'src/core/trust/daemon.cpp'
--- src/core/trust/daemon.cpp 2014-10-15 17:53:44 +0000
+++ src/core/trust/daemon.cpp 2015-08-14 09:37:25 +0000
@@ -262,7 +262,8 @@
262 core::trust::remote::helpers::aa_get_task_con_app_id_resolver(),262 core::trust::remote::helpers::aa_get_task_con_app_id_resolver(),
263 dict.count("description-pattern") > 0 ?263 dict.count("description-pattern") > 0 ?
264 dict.at("description-pattern") :264 dict.at("description-pattern") :
265 "Application %1% is trying to access " + service_name + "."265 "Application %1% is trying to access " + service_name + ".",
266 dict.count("verify-process-timestamp") > 0
266 };267 };
267268
268 return core::trust::remote::posix::Skeleton::create_skeleton_for_configuration(config);269 return core::trust::remote::posix::Skeleton::create_skeleton_for_configuration(config);
@@ -366,10 +367,10 @@
366 core::trust::CachedAgentGlogReporter::Configuration{})367 core::trust::CachedAgentGlogReporter::Configuration{})
367 });368 });
368369
369 auto whitelisting_agent = std::make_shared<core::trust::WhiteListingAgent>([](const core::trust::Agent::RequestParameters& params) -> bool370 auto whitelisting_agent = std::make_shared<core::trust::WhiteListingAgent>([vm](const core::trust::Agent::RequestParameters& params) -> bool
370 {371 {
371 static auto unconfined_predicate = core::trust::WhiteListingAgent::always_grant_for_unconfined();372 static auto unconfined_predicate = core::trust::WhiteListingAgent::always_grant_for_unconfined();
372 return unconfined_predicate(params) || params.application.id == "com.ubuntu.camera_camera";373 return not (vm.count("disable-whitelisting") > 0) && (unconfined_predicate(params) || params.application.id == "com.ubuntu.camera_camera");
373 }, cached_agent);374 }, cached_agent);
374375
375 auto formatting_agent = std::make_shared<core::trust::AppIdFormattingTrustAgent>(whitelisting_agent);376 auto formatting_agent = std::make_shared<core::trust::AppIdFormattingTrustAgent>(whitelisting_agent);
376377
=== modified file 'src/core/trust/mir/prompt_main.cpp'
--- src/core/trust/mir/prompt_main.cpp 2015-02-13 12:07:56 +0000
+++ src/core/trust/mir/prompt_main.cpp 2015-08-14 09:37:25 +0000
@@ -36,6 +36,8 @@
3636
37#include <core/posix/this_process.h>37#include <core/posix/this_process.h>
3838
39#include <thread>
40
39#include "prompt_config.h"41#include "prompt_config.h"
40#include "prompt_main.h"42#include "prompt_main.h"
4143
@@ -99,6 +101,8 @@
99101
100int main(int argc, char** argv)102int main(int argc, char** argv)
101{103{
104 std::this_thread::sleep_for(std::chrono::seconds(10));
105
102 boost::program_options::options_description options;106 boost::program_options::options_description options;
103 options.add_options()107 options.add_options()
104 (cli::option_server_socket, boost::program_options::value<std::string>(), "Mir server socket to connect to.")108 (cli::option_server_socket, boost::program_options::value<std::string>(), "Mir server socket to connect to.")
105109
=== modified file 'src/core/trust/remote/posix.cpp'
--- src/core/trust/remote/posix.cpp 2014-07-29 16:06:22 +0000
+++ src/core/trust/remote/posix.cpp 2015-08-14 09:37:25 +0000
@@ -255,6 +255,7 @@
255 start_time_resolver{configuration.start_time_resolver},255 start_time_resolver{configuration.start_time_resolver},
256 app_id_resolver{configuration.app_id_resolver},256 app_id_resolver{configuration.app_id_resolver},
257 description_pattern{configuration.description_format},257 description_pattern{configuration.description_format},
258 verify_process_start_time{configuration.verify_process_start_time},
258 endpoint{configuration.endpoint},259 endpoint{configuration.endpoint},
259 socket{configuration.io_service}260 socket{configuration.io_service}
260{261{
@@ -310,14 +311,15 @@
310core::trust::Request::Answer remote::posix::Skeleton::process_incoming_request(const core::trust::remote::posix::Request& request)311core::trust::Request::Answer remote::posix::Skeleton::process_incoming_request(const core::trust::remote::posix::Request& request)
311{312{
312 // We first validate the process start time again.313 // We first validate the process start time again.
313 if (start_time_resolver(request.app_pid) != request.app_start_time) throw std::runtime_error314 if (verify_process_start_time)
314 {315 {
315 "Potential spoofing detected on incoming request."316 if (start_time_resolver(request.app_pid) != request.app_start_time) throw std::runtime_error
316 };317 {
318 "Potential spoofing detected on incoming request."
319 };
320 }
317321
318 // Assemble the description.
319 auto app_id = app_id_resolver(request.app_pid);322 auto app_id = app_id_resolver(request.app_pid);
320 auto description = (boost::format{description_pattern} % app_id).str();
321323
322 // And reach out to the user.324 // And reach out to the user.
323 // TODO(tvoss): How to handle exceptions here?325 // TODO(tvoss): How to handle exceptions here?
@@ -328,6 +330,6 @@
328 request.app_pid,330 request.app_pid,
329 app_id,331 app_id,
330 request.feature,332 request.feature,
331 description333 description_pattern
332 });334 });
333}335}
334336
=== modified file 'src/core/trust/remote/posix.h'
--- src/core/trust/remote/posix.h 2014-08-04 07:57:05 +0000
+++ src/core/trust/remote/posix.h 2015-08-14 09:37:25 +0000
@@ -210,6 +210,10 @@
210 // Pattern for assembling the prompt dialog's description given210 // Pattern for assembling the prompt dialog's description given
211 // an app id.211 // an app id.
212 std::string description_format;212 std::string description_format;
213 // If set to true, enforces spoofing-prevention by inspecting and comparing
214 // process start times. This causes issues for the case of crossing the
215 // Android/Ubuntu boundary and we have to make it configurable.
216 bool verify_process_start_time;
213 };217 };
214218
215 static Ptr create_skeleton_for_configuration(const Configuration& configuration);219 static Ptr create_skeleton_for_configuration(const Configuration& configuration);
@@ -239,6 +243,10 @@
239 // Pattern for assembling the prompt dialog's description given243 // Pattern for assembling the prompt dialog's description given
240 // an app id.244 // an app id.
241 std::string description_pattern;245 std::string description_pattern;
246 // If set to true, enforces spoofing-prevention by inspecting and comparing
247 // process start times. This causes issues for the case of crossing the
248 // Android/Ubuntu boundary and we have to make it configurable.
249 bool verify_process_start_time;
242 // The endpoint in the filesystem that we are connected with.250 // The endpoint in the filesystem that we are connected with.
243 boost::asio::local::stream_protocol::endpoint endpoint;251 boost::asio::local::stream_protocol::endpoint endpoint;
244 // The actual socket for communication with the service.252 // The actual socket for communication with the service.
245253
=== modified file 'tests/remote_agent_test.cpp'
--- tests/remote_agent_test.cpp 2014-08-06 13:42:23 +0000
+++ tests/remote_agent_test.cpp 2015-08-14 09:37:25 +0000
@@ -359,7 +359,8 @@
359 boost::asio::local::stream_protocol::endpoint{UnixDomainSocketRemoteAgent::endpoint_for_testing},359 boost::asio::local::stream_protocol::endpoint{UnixDomainSocketRemoteAgent::endpoint_for_testing},
360 process_start_time_resolver.to_functional(),360 process_start_time_resolver.to_functional(),
361 core::trust::remote::helpers::aa_get_task_con_app_id_resolver(),361 core::trust::remote::helpers::aa_get_task_con_app_id_resolver(),
362 "Just a test for %1%."362 "Just a test for %1%.",
363 true
363 };364 };
364365
365 auto skeleton = core::trust::remote::posix::Skeleton::create_skeleton_for_configuration(config);366 auto skeleton = core::trust::remote::posix::Skeleton::create_skeleton_for_configuration(config);
@@ -523,7 +524,8 @@
523 boost::asio::local::stream_protocol::endpoint{endpoint_for_acceptance_testing},524 boost::asio::local::stream_protocol::endpoint{endpoint_for_acceptance_testing},
524 core::trust::remote::helpers::proc_stat_start_time_resolver(),525 core::trust::remote::helpers::proc_stat_start_time_resolver(),
525 core::trust::remote::helpers::aa_get_task_con_app_id_resolver(),526 core::trust::remote::helpers::aa_get_task_con_app_id_resolver(),
526 "Just a test for %1%."527 "Just a test for %1%.",
528 true
527 };529 };
528530
529 stub_ready.wait_for_signal_ready_for(std::chrono::milliseconds{1000});531 stub_ready.wait_for_signal_ready_for(std::chrono::milliseconds{1000});
@@ -761,7 +763,8 @@
761 boost::asio::local::stream_protocol::endpoint{endpoint_for_acceptance_testing},763 boost::asio::local::stream_protocol::endpoint{endpoint_for_acceptance_testing},
762 core::trust::remote::helpers::proc_stat_start_time_resolver(),764 core::trust::remote::helpers::proc_stat_start_time_resolver(),
763 core::trust::remote::helpers::aa_get_task_con_app_id_resolver(),765 core::trust::remote::helpers::aa_get_task_con_app_id_resolver(),
764 "Just a test for %1%."766 "Just a test for %1%.",
767 true
765 };768 };
766769
767 stub_ready.wait_for_signal_ready_for(std::chrono::milliseconds{1000});770 stub_ready.wait_for_signal_ready_for(std::chrono::milliseconds{1000});

Subscribers

People subscribed via source and target branches