projects / platform / core / security / libprivilege-control.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7822e00)
Add AV custom rule set support
authorJanusz Kozerski <j.kozerski@samsung.com>
Mon, 29 Apr 2013 12:49:04 +0000 (14:49 +0200)
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Mon, 29 Apr 2013 16:00:15 +0000 (18:00 +0200)
[Issue#]       SSDWSSP-205
[Bug]          N/A
[Cause]        N/A
[Solution]     Add predefined rules for antivirus (antiviurs some_app rwx, some_app antivirus rx).
[Verification] Build, install, reboot target, run tests - the 10th test (app_register_av) should fail now.

Change-Id: I1019173b8c31cf6e984c3b12be00bd61dfe84e7e

permissions/OSP_antivirus.smack [new file with mode: 0644] patch | blob
src/privilege-control.c patch | blob | history

diff --git a/permissions/OSP_antivirus.smack b/permissions/OSP_antivirus.smack
new file mode 100644 (file)
index 0000000..4681314
--- /dev/null
+++ b/permissions/OSP_antivirus.smack
@@ -0,0 +1,10 @@
+~APP~ msg-service rwx
+msg-service ~APP~ rx
+~APP~ com.samsung.message rwx
+com.samsung.message ~APP~ rx
+~APP~ com.samsung.email rwx
+com.samsung.email ~APP~ rx
+~APP~ com.samsung.browser rwx
+com.samsung.browser ~APP~ rx
+~APP~ com.samsung.setting rwx
+com.samsung.setting ~APP~ rx
diff --git a/src/privilege-control.c b/src/privilege-control.c
index d6461e2..02acb61 100644 (file)
--- a/src/privilege-control.c
+++ b/src/privilege-control.c
@@ -59,8 +59,6 @@
 #define DEV_GROUP_PATH TOSTRING(SHAREDIR) "/dev_group_list"
 
 #define SMACK_RULES_DIR  "/etc/smack/accesses.d/"
-//#define SMACK_APPS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_apps_id.db"
-//#define SMACK_AVS_LABELS_DATABASE "/opt/dbspace/.privilege_control_all_avs_id.db"
 
 #define SMACK_APP_LABEL_TEMPLATE "~APP~"
 #define SMACK_SRC_FILE_SUFFIX   "_src_file"
@@ -69,6 +67,7 @@
 #define WRT_BASE_DEVCAP         "WRT"
 #define WRT_CLIENT_PATH         "/usr/bin/wrt-client"
 #define ACC_LEN                 5
+#define SMACK_ANTIVIRUS_PERM    "antivirus"
 
 static int set_smack_for_wrt(char **smack_label, const char* widget_id);
 
@@ -1550,6 +1549,13 @@ API int app_register_av(const char* app_av_id)
                }
        }
 
+       // Add permisions from OSP_antivirus.samck file - only the OSP app can be an Anti Virus
+       ret = perm_to_smack(smack, app_av_id, APP_TYPE_OSP, SMACK_ANTIVIRUS_PERM);
+       if (PC_OPERATION_SUCCESS != ret) {
+               C_LOGE("perm_to_smack failed");
+               goto out;
+       }
+
        if (have_smack() && smack_accesses_apply(smack)) {
                C_LOGE("smack_accesses_apply failed");
                ret = PC_ERR_INVALID_OPERATION;
Domain: Security / Access Control;