Remove permissible file logic in no-smack

Change-Id: Iceb1d9556c93f04a6f659a3c48603fa2a4f8e870

diff --git a/src/client/client-label-monitor.cpp b/src/client/client-label-monitor.cpp
index 3b3ec5ba69eaab02071667516e9944c91735af14..ab2b200299a449c425c2b5a421e6ff24e4dc8811 100644 (file)
--- a/src/client/client-label-monitor.cpp
+++ b/src/client/client-label-monitor.cpp
@@ -194,6 +194,11 @@ int security_manager_app_labels_monitor_init(app_labels_monitor **monitor)
 {
     return try_catch([&] {
         LogDebug("security_manager_app_labels_monitor_init() called");
+        if (!smack_simple_check()) {
+            LogWarning("App label monitor disabled in no-smack mode");
+            return SECURITY_MANAGER_SUCCESS;
+        }
+
         if (monitor == nullptr) {
             LogWarning("Error input param \"monitor\"");
             return SECURITY_MANAGER_ERROR_INPUT_PARAM;
@@ -232,6 +237,11 @@ void security_manager_app_labels_monitor_finish(app_labels_monitor *monitor)
 {
     (void)try_catch([&] {
         LogDebug("security_manager_app_labels_monitor_finish() called");
+        if (!smack_simple_check()) {
+            LogWarning("App label monitor disabled in no-smack mode");
+            return SECURITY_MANAGER_SUCCESS;
+        }
+
         if (monitor == nullptr) {
             LogDebug("input param \"monitor\" is nullptr");
         }
@@ -246,6 +256,11 @@ int security_manager_app_labels_monitor_get_fd(app_labels_monitor const *monitor
     return try_catch([&] {
         LogDebug("security_manager_app_labels_monitor_get_fd() called");
 
+        if (!smack_simple_check()) {
+            LogWarning("App label monitor disabled in no-smack mode");
+            return SECURITY_MANAGER_SUCCESS;
+        }
+
         if (monitor == nullptr) {
             LogWarning("Error input param \"monitor\"");
             return SECURITY_MANAGER_ERROR_INPUT_PARAM;
@@ -272,6 +287,11 @@ int security_manager_app_labels_monitor_process(app_labels_monitor *monitor)
 {
     return try_catch([&] {
         LogDebug("security_manager_app_labels_process() called");
+        if (!smack_simple_check()) {
+            LogWarning("App label monitor disabled in no-smack mode");
+            return SECURITY_MANAGER_SUCCESS;
+        }
+
         if (monitor == nullptr) {
             LogWarning("Error input param \"monitor\"");
             return SECURITY_MANAGER_ERROR_INPUT_PARAM;

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 3ff4cabad6da7c98bd04cf8e562ccd49a3c4ccc4..06306e85268488a79c2ad9548c2f99f5dac90886 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -620,7 +620,7 @@ int ServiceImpl::appInstall(const Credentials &creds, app_inst_req &req)
 
         Smack::Labels oldLabels;
 
-        if (ih.isUserPkgInstalled)
+        if (smack_simple_check() && ih.isUserPkgInstalled)
             getPkgLabels(req.pkgName, oldLabels);
 
         // [db] begin
@@ -645,12 +645,14 @@ int ServiceImpl::appInstall(const Credentials &creds, app_inst_req &req)
         trans.commit();
         LogDebug("Application installation commited to database");
 
-        LogWarning("Configuring permissible file");
-        Smack::Labels newLabels;
-        getPkgLabels(req.pkgName, newLabels);
+        if (smack_simple_check()) {
+            LogWarning("Configuring permissible file");
+            Smack::Labels newLabels;
+            getPkgLabels(req.pkgName, newLabels);
 
-        // update permissible set
-        tryUpdatePermissibleFile(req.uid, req.installationType, newLabels, oldLabels);
+            // update permissible set
+            tryUpdatePermissibleFile(req.uid, req.installationType, newLabels, oldLabels);
+        }
 
         // label paths
         LogWarning("Configuring package paths");
@@ -714,7 +716,8 @@ int ServiceImpl::appUpdate(const Credentials &creds, app_inst_req &req)
 
         if (ih.isUserPkgInstalled) {
             LogWarning("Package already installed, need to remove some packages");
-            getPkgLabels(req.pkgName, oldLabels);
+            if (smack_simple_check())
+                getPkgLabels(req.pkgName, oldLabels);
             // search for installed apps in the request
             std::vector<std::string> requestedApps;
             for (auto &app : req.apps) {
@@ -767,13 +770,14 @@ int ServiceImpl::appUpdate(const Credentials &creds, app_inst_req &req)
         trans.commit();
         LogDebug("Application installation commited to database");
 
+        if (smack_simple_check()) {
+            Smack::Labels newLabels;
+            getPkgLabels(req.pkgName, newLabels);
 
-        Smack::Labels newLabels;
-        getPkgLabels(req.pkgName, newLabels);
-
-        // update permissible set
-        LogWarning("Configuring permissible file");
-        tryUpdatePermissibleFile(req.uid, req.installationType, newLabels, oldLabels);
+            // update permissible set
+            LogWarning("Configuring permissible file");
+            tryUpdatePermissibleFile(req.uid, req.installationType, newLabels, oldLabels);
+        }
 
         // label paths
         LogWarning("Configuring package paths");
@@ -1030,14 +1034,16 @@ int ServiceImpl::appUninstall(const Credentials &creds, app_inst_req &req)
         trans.commit();
         LogDebug("Application uninstallation commited to database");
 
-        Smack::Labels newLabels;
-        if(!uh.removePkg)
-            // only if we didn't remove entire pkg, some labels can stay
-            // in the pkg only some apps could have been removed
-            getPkgLabels(req.pkgName, newLabels);
+        if (smack_simple_check()) {
+            Smack::Labels newLabels;
+            if(!uh.removePkg)
+                // only if we didn't remove entire pkg, some labels can stay
+                // in the pkg only some apps could have been removed
+                getPkgLabels(req.pkgName, newLabels);
 
-        // update permissible set
-        tryUpdatePermissibleFile(req.uid, req.installationType, newLabels, oldLabels);
+            // update permissible set
+            tryUpdatePermissibleFile(req.uid, req.installationType, newLabels, oldLabels);
+        }
 
         // remove and merge Smack rules for apps and pkg
         return appUninstallSmackRules(req, uh);
@@ -2475,6 +2481,11 @@ int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName
 int ServiceImpl::repairPermissibleFileForClient(uid_t uid, int installationType)
 {
     try {
+        if (!smack_simple_check()) {
+            LogWarning("Permissible file unsupported in no-smack mode");
+            return SECURITY_MANAGER_ERROR_SERVER_ERROR;
+        }
+
         PermissibleSet::repairPermissibleFile(uid, installationType, m_privilegeDb);
     }
     catch (PermissibleSet::PermissibleSetException::Base &e){

diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 7f31c5748b18104bf8463ba251a1eefba202b9ed..f2f9ae0dfa4b56f21bea79e2e0e7afd1ebdb1ab1 100644 (file)
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -82,7 +82,6 @@ SET(SM_TESTS_SOURCES
     ${SM_TEST_SRC}/test_log.cpp
     ${SM_TEST_SRC}/test_filesystem.cpp
     ${SM_TEST_SRC}/test_file-lock.cpp
-    ${SM_TEST_SRC}/test_permissible-set.cpp
     ${SM_TEST_SRC}/test_privilege_db_transactions.cpp
     ${SM_TEST_SRC}/test_privilege_db_app_pkg_getters.cpp
     ${SM_TEST_SRC}/test_privilege_db_add_app.cpp
@@ -130,6 +129,10 @@ SET(SM_TESTS_SOURCES
     ${GEN_PATH}/db.h
 )
 
+IF(SUPPORT_SMACK)
+    LIST(APPEND SM_TESTS_SOURCES "${SM_TEST_SRC}/test_permissible-set.cpp")
+ENDIF(SUPPORT_SMACK)
+
 SET(SM_PERFORMANCE_TESTS_SOURCES
     ${SM_TEST_SRC}/test_performance_db.cpp
     ${SM_TEST_SRC}/colour_log_formatter.cpp