#include <unistd.h>
#include <sys/stat.h>
#include <errno.h>
+#include <sys/smack.h>
#include "ail.h"
#include "ail_private.h"
+#include "ail_db.h"
#ifdef _E
#endif
#define _D(fmt, arg...) fprintf(stderr, "[AIL_INITDB][D][%s,%d] "fmt"\n", __FUNCTION__, __LINE__, ##arg);
+#define SET_DEFAULT_LABEL(x) \
+ if(smack_setlabel((x), "*", SMACK_LABEL_ACCESS)) _E("failed chsmack -a \"*\" %s", x) \
+ else _D("chsmack -a \"*\" %s", x)
+
static int initdb_count_app(void)
{
ail_filter_h filter;
snprintf(journal_file, sizeof(journal_file), "%s%s", db_file, "-journal");
for (i = 0; files[i]; i++) {
- ret = chown(files[i], OWNER_ROOT, OWNER_ROOT);
+ ret = chown(files[i], GLOBAL_USER, OWNER_ROOT);
if (ret == -1) {
strerror_r(errno, buf, sizeof(buf));
_E("FAIL : chown %s %d.%d, because %s", db_file, OWNER_ROOT, OWNER_ROOT, buf);
/* ail_init db should be called by as root privilege. */
uid_t uid = getuid();
- if ((uid_t) 0 == uid)
+ uid_t euid = geteuid();
+ //euid need to be root to allow smack label changes during initialization
+ if ((uid_t) OWNER_ROOT == uid)
return 1;
else
return 0;
if (!__is_authorized()) {
fprintf(stderr, "You are not an authorized user!\n");
_D("You are not root user!\n");
- }
- else {
- const char *argv_rm[] = { "/bin/rm", APP_INFO_DB_FILE, NULL };
- xsystem(argv_rm);
- const char *argv_rmjn[] = { "/bin/rm", APP_INFO_DB_FILE_JOURNAL, NULL };
- xsystem(argv_rmjn);
- }
-
+ return -1;
+ }
+ else {
+ if(remove(APP_INFO_DB_FILE))
+ _E(" %s is not removed",APP_INFO_DB_FILE);
+ if(remove(APP_INFO_DB_FILE_JOURNAL))
+ _E(" %s is not removed",APP_INFO_DB_FILE_JOURNAL);
+ }
ret = setenv("AIL_INITDB", "1", 1);
_D("AIL_INITDB : %d", ret);
+ setresuid(GLOBAL_USER, GLOBAL_USER, OWNER_ROOT);
- ret = initdb_count_app();
- if (ret > 0) {
- _D("Some Apps in the App Info DB.");
- }
-
- ret = initdb_load_directory(OPT_DESKTOP_DIRECTORY);
- if (ret == AIL_ERROR_FAIL) {
- _E("cannot load opt desktop directory.");
+ if (db_open(DB_OPEN_RW, GLOBAL_USER) != AIL_ERROR_OK) {
+ _E("Fail to create system databases");
+ return AIL_ERROR_DB_FAILED;
}
-
ret = initdb_load_directory(USR_DESKTOP_DIRECTORY);
if (ret == AIL_ERROR_FAIL) {
_E("cannot load usr desktop directory.");
}
- if (__is_authorized()) {
- ret = initdb_change_perm(APP_INFO_DB_FILE);
- if (ret == AIL_ERROR_FAIL) {
- _E("cannot chown.");
- }
- const char *argv_smack[] = { "/usr/bin/chsmack", "-a", APP_INFO_DB_LABEL, APP_INFO_DB_FILE, NULL };
- xsystem(argv_smack);
- const char *argv_smackjn[] = { "/usr/bin/chsmack", "-a", APP_INFO_DB_LABEL, APP_INFO_DB_FILE_JOURNAL, NULL };
- xsystem(argv_smackjn);
+ setuid(OWNER_ROOT);
+ ret = initdb_change_perm(APP_INFO_DB_FILE);
+ if (ret == AIL_ERROR_FAIL) {
+ _E("cannot chown.");
}
+ SET_DEFAULT_LABEL(APP_INFO_DB_FILE);
+ SET_DEFAULT_LABEL(APP_INFO_DB_FILE_JOURNAL);
+
return AIL_ERROR_OK;
}