Add system_access to forbidden groups

author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Fri, 14 Feb 2025 16:28:42 +0000 (17:28 +0100)

committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Fri, 14 Feb 2025 16:38:43 +0000 (17:38 +0100)
author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Fri, 14 Feb 2025 16:28:42 +0000 (17:28 +0100)
committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Fri, 14 Feb 2025 16:38:43 +0000 (17:38 +0100)
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp

index 68e1f1f07580bc158a5fb18cd6440357656f3888..072f395eb3ac8f72a7bd354bea9d2c08f0d9a1cd 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -1858,9 +1858,11 @@ int ServiceImpl::getForbiddenAndAllowedGroups(
          vectorRemoveDuplicates(allowedGroups); // sorted
  
          auto &gids = m_privilegeGids.getGids(); // sorted
-        forbiddenGroups.reserve(gids.size());
+        forbiddenGroups.reserve(gids.size() + 1);
          std::set_difference(gids.begin(), gids.end(), allowedGroups.begin(), allowedGroups.end(),
                  std::back_inserter(forbiddenGroups)); // sorted
+        if (!smack_simple_check())
+            forbiddenGroups.emplace_back(getSystemAccessGid());
      } catch (const std::runtime_error &) {
          return SECURITY_MANAGER_ERROR_UNKNOWN;
      } catch (const std::bad_alloc &e) {
author	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Fri, 14 Feb 2025 16:28:42 +0000 (17:28 +0100)
committer	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Fri, 14 Feb 2025 16:38:43 +0000 (17:38 +0100)