projects / platform / core / security / security-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dc18e9d)
Add transmute rule between non-hybrid app and RW path 10/103210/2
authorZofia Abramowska <z.abramowska@samsung.com>
Wed, 7 Dec 2016 10:23:36 +0000 (11:23 +0100)
committerZofia Abramowska <z.abramowska@samsung.com>
Thu, 8 Dec 2016 13:44:03 +0000 (14:44 +0100)
After app process label refactoring there were no more
rule for transmute between label of app process and
label of path RW for non-hybrid (because labels were
the same). This introduced problem with transmute
inheritance : main app directory had transmute,
but it wasn't inherited by subdirectories.

This commit brings back rule between app process label
and path RW label even when both labels are the same.
Also proper policy migration is created, so already
installed apps have this rule also generated.

Change-Id: I98a34a29b2c2490d1dcafd43a117b509a763d72e

policy/updates/update-policy-to-v4.sh [new file with mode: 0755] patch | blob
src/common/smack-rules.cpp patch | blob | history

diff --git a/policy/updates/update-policy-to-v4.sh b/policy/updates/update-policy-to-v4.sh
new file mode 100755 (executable)
index 0000000..dbd7d84
--- /dev/null
+++ b/policy/updates/update-policy-to-v4.sh
@@ -0,0 +1,38 @@
+#!/bin/sh -e
+
+export PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+. /etc/tizen-platform.conf
+
+systemctl stop security-manager.service security-manager.socket
+
+
+app_label_nonhybrid=`mktemp`
+
+### Fetch application label mapping
+sqlite3 >$app_label_nonhybrid -noheader -separator ' ' $TZ_SYS_DB/.security-manager.db '
+SELECT DISTINCT
+       app_name,
+       "User::Pkg::" || pkg_name
+       FROM user_app_pkg_view
+       WHERE is_hybrid=0'
+
+echo "Migrating policy for `sort -u $app_label_nonhybrid | wc -l` applications"
+
+### Migrate security-manager Smack policy
+echo "Migrating Smack policy"
+
+cd $TZ_SYS_VAR/security-manager
+
+cat $app_label_nonhybrid |
+while read app_name app_label
+do
+    echo "$app_label $app_label rwxat-" >> rules/app_$app_name
+done
+
+cat rules/* | tee rules-merged/rules.merged | smackload
+
+systemctl start security-manager.service security-manager.socket
+
+echo "Migration successful"
+rm -f $app_label_nonhybrid
diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
index 6cf2bbb44a6d232927435aba4547584339b26dd2..3629afbfe88ab1de5709b7de5dc0d37795503db0 100644 (file)
--- a/src/common/smack-rules.cpp
+++ b/src/common/smack-rules.cpp
@@ -235,8 +235,6 @@ void SmackRules::addFromTemplate(
 
         if (subject.empty() || object.empty())
             continue;
-        if (subject == object)
-            continue;
         add(subject, object, permissions);
     }
 }
Domain: Security / Access Control;