class ScopedTransaction {
public:
- ScopedTransaction(PrivilegeDb &priviligeDb) : m_isCommited(false), m_priviligeDb(priviligeDb) {
- m_priviligeDb.BeginTransaction();
+ ScopedTransaction(PrivilegeDb &privilegeDb) : m_isCommited(false), m_privilegeDb(privilegeDb) {
+ m_privilegeDb.BeginTransaction();
}
ScopedTransaction(const ScopedTransaction &other) = delete;
ScopedTransaction& operation(const ScopedTransaction &other) = delete;
void commit() {
- m_priviligeDb.CommitTransaction();
+ m_privilegeDb.CommitTransaction();
m_isCommited = true;
}
~ScopedTransaction() {
if (!m_isCommited) {
try {
- m_priviligeDb.RollbackTransaction();
+ m_privilegeDb.RollbackTransaction();
} catch (const SecurityManager::Exception &e) {
LogError("Transaction rollback failed: " << e.GetMessage());
} catch(...) {
}
private:
bool m_isCommited;
- PrivilegeDb &m_priviligeDb;
+ PrivilegeDb &m_privilegeDb;
};
} // end of anonymous namespace
std::string ServiceImpl::getAppProcessLabel(const std::string &appName, const std::string &pkgName)
{
- bool isPkgHybrid = m_priviligeDb.IsPackageHybrid(pkgName);
+ bool isPkgHybrid = m_privilegeDb.IsPackageHybrid(pkgName);
return SmackLabels::generateProcessLabel(appName, pkgName, isPkgHybrid);
}
std::string ServiceImpl::getAppProcessLabel(const std::string &appName)
{
std::string pkgName;
- m_priviligeDb.GetAppPkgName(appName, pkgName);
+ m_privilegeDb.GetAppPkgName(appName, pkgName);
if (pkgName.empty()) {
LogWarning("Cannot create label for unknown application: " << appName);
return "";
bool ServiceImpl::sharingExists(const std::string &targetAppName, const std::string &path)
{
int targetPathCount;
- m_priviligeDb.GetTargetPathSharingCount(targetAppName, path, targetPathCount);
+ m_privilegeDb.GetTargetPathSharingCount(targetAppName, path, targetPathCount);
return targetPathCount != 0;
}
pkgsLabels.resize(pkgsInfo.size());
for (size_t i = 0; i < pkgsInfo.size(); ++i) {
pkgsLabels[i].first = pkgsInfo[i].name;
- m_priviligeDb.GetPkgApps(pkgsLabels[i].first, pkgsLabels[i].second);
+ m_privilegeDb.GetPkgApps(pkgsLabels[i].first, pkgsLabels[i].second);
for (auto &appName : pkgsLabels[i].second) {
std::string label = SmackLabels::generateProcessLabel(appName, pkgsLabels[i].first,
pkgsInfo[i].hybrid);
std::string pkgBasePath;
int authorId;
- if (!m_priviligeDb.PkgNameExists(pkgName)) {
+ if (!m_privilegeDb.PkgNameExists(pkgName)) {
LogError("No such package: " << pkgName);
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
}
- m_priviligeDb.GetPkgAuthorId(pkgName, authorId);
+ m_privilegeDb.GetPkgAuthorId(pkgName, authorId);
if (!getUserPkgDir(uid, pkgName, installationType, pkgBasePath))
return SECURITY_MANAGER_ERROR_SERVER_ERROR;
void ServiceImpl::getPkgLabels(const std::string &pkgName, SmackRules::Labels &pkgsLabels)
{
- bool isPkgHybrid = m_priviligeDb.IsPackageHybrid(pkgName);
+ bool isPkgHybrid = m_privilegeDb.IsPackageHybrid(pkgName);
if (isPkgHybrid) {
std::vector<std::string> apps;
- m_priviligeDb.GetPkgApps(pkgName, apps);
+ m_privilegeDb.GetPkgApps(pkgName, apps);
for (auto &app : apps) {
auto appLabel = SmackLabels::generateProcessLabel(app, pkgName, isPkgHybrid);
app = appLabel;
void ServiceImpl::updatePermissibleSet(uid_t uid, int type)
{
std::vector<std::string> userPkgs;
- m_priviligeDb.GetUserPkgs(uid, userPkgs);
+ m_privilegeDb.GetUserPkgs(uid, userPkgs);
std::vector<std::string> labelsForUser;
for (const auto &pkg : userPkgs) {
std::vector<std::string> pkgLabels;
LogDebug("Generated install parameters: app label: " << appLabel <<
", pkg label: " << pkgLabel);
- ScopedTransaction trans(m_priviligeDb);
+ ScopedTransaction trans(m_privilegeDb);
- m_priviligeDb.AddApplication(req.appName, req.pkgName, req.uid,
+ m_privilegeDb.AddApplication(req.appName, req.pkgName, req.uid,
req.tizenVersion, req.authorName, req.isHybrid);
/* Get all application ids in the package to generate rules withing the package */
getPkgLabels(req.pkgName, pkgLabels);
- m_priviligeDb.GetPkgAuthorId(req.pkgName, authorId);
+ m_privilegeDb.GetPkgAuthorId(req.pkgName, authorId);
bool global = req.installationType == SM_APP_INSTALL_GLOBAL ||
req.installationType == SM_APP_INSTALL_PRELOADED;
req.appDefinedPrivileges);
if (hasSharedRO)
- m_priviligeDb.SetSharedROPackage(req.pkgName);
+ m_privilegeDb.SetSharedROPackage(req.pkgName);
- m_priviligeDb.GetPackagesInfo(pkgsInfo);
+ m_privilegeDb.GetPackagesInfo(pkgsInfo);
getPkgsProcessLabels(pkgsInfo, pkgsProcessLabels);
// WTF? Why this commit is here? Shouldn't it be at the end of this function?
}
try {
- ScopedTransaction trans(m_priviligeDb);
+ ScopedTransaction trans(m_privilegeDb);
std::string pkgName;
- m_priviligeDb.GetAppPkgName(req.appName, pkgName);
+ m_privilegeDb.GetAppPkgName(req.appName, pkgName);
if (pkgName.empty()) {
LogWarning("Application " << req.appName << " not found in database "
"while uninstalling");
return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT;
}
- isPkgHybrid = m_priviligeDb.IsPackageHybrid(req.pkgName);
+ isPkgHybrid = m_privilegeDb.IsPackageHybrid(req.pkgName);
processLabel = getAppProcessLabel(req.appName, req.pkgName);
LogDebug("Generated uninstall parameters: pkgName=" << req.pkgName
<< " Smack label=" << processLabel);
/* Before we remove the app from the database, let's fetch all apps in the package
that this app belongs to, this will allow us to remove all rules withing the
package that the app appears in */
- m_priviligeDb.GetPkgAuthorId(req.pkgName, authorId);
+ m_privilegeDb.GetPkgAuthorId(req.pkgName, authorId);
getPkgLabels(req.pkgName, pkgLabels);
- m_priviligeDb.GetAppVersion(req.appName, req.tizenVersion);
- m_priviligeDb.GetPrivateSharingForOwner(req.appName, asOwnerSharing);
- m_priviligeDb.GetPrivateSharingForTarget(req.appName, asTargetSharing);
+ m_privilegeDb.GetAppVersion(req.appName, req.tizenVersion);
+ m_privilegeDb.GetPrivateSharingForOwner(req.appName, asOwnerSharing);
+ m_privilegeDb.GetPrivateSharingForTarget(req.appName, asTargetSharing);
for (const auto &targetPathsInfo : asOwnerSharing) {
const auto &targetAppName = targetPathsInfo.first;
const auto &paths = targetPathsInfo.second;
// Squash sharing - change counter to 1, so dropPrivatePathSharing will completely clean it
for (const auto &path : paths) {
- m_priviligeDb.SquashSharing(targetAppName, path);
+ m_privilegeDb.SquashSharing(targetAppName, path);
auto targetAppLabel = getAppProcessLabel(targetAppName);
int ret = dropOnePrivateSharing(req.appName, req.pkgName, pkgLabels,
targetAppName, targetAppLabel, path);
// Squash sharing - change counter to 1, so dropPrivatePathSharing will completely clean it
std::string ownerPkgName;
SmackRules::Labels ownerPkgLabels;
- m_priviligeDb.GetAppPkgName(ownerAppName, ownerPkgName);
+ m_privilegeDb.GetAppPkgName(ownerAppName, ownerPkgName);
getPkgLabels(ownerPkgName, ownerPkgLabels);
for (const auto &path : paths) {
- m_priviligeDb.SquashSharing(req.appName, path);
+ m_privilegeDb.SquashSharing(req.appName, path);
int ret = dropOnePrivateSharing(ownerAppName, ownerPkgName, ownerPkgLabels,
req.appName, processLabel, path);
if (ret != SECURITY_MANAGER_SUCCESS) {
}
}
- m_priviligeDb.RemoveApplication(req.appName, req.uid, removeApp, removePkg, removeAuthor);
+ m_privilegeDb.RemoveApplication(req.appName, req.uid, removeApp, removePkg, removeAuthor);
- m_priviligeDb.GetPackagesInfo(pkgsInfo);
+ m_privilegeDb.GetPackagesInfo(pkgsInfo);
getPkgsProcessLabels(pkgsInfo, pkgsProcessLabels);
bool global = req.installationType == SM_APP_INSTALL_GLOBAL ||
LogDebug("appName: " << appName);
try {
- m_priviligeDb.GetAppPkgName(appName, pkgName);
+ m_privilegeDb.GetAppPkgName(appName, pkgName);
if (pkgName.empty()) {
LogWarning("Application " << appName << " not found in database");
return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT;
std::string pidStr = std::to_string(creds.pid);
for (const auto &privilege : privileges) {
std::vector<std::string> privGroups;
- m_priviligeDb.GetPrivilegeGroups(privilege, privGroups);
+ m_privilegeDb.GetPrivilegeGroups(privilege, privGroups);
if (!privGroups.empty()) {
LogDebug("Considering privilege " << privilege << " with " <<
privGroups.size() << " groups assigned");
/*Uninstall all user apps*/
std::vector<std::string> userApps;
try {
- m_priviligeDb.GetUserApps(uidDeleted, userApps);
+ m_privilegeDb.GetUserApps(uidDeleted, userApps);
PermissibleSet::removeUserPermissibleFile(uidDeleted);
} catch (const PrivilegeDb::Exception::Base &e) {
LogError("Error while getting user apps from database: " << e.DumpToString());
if (filter.appName == SECURITY_MANAGER_ANY) {
// If user requested policy for all apps, we have to demangle pkgName to
// set of appNames in case of non-hybrid apps
- m_priviligeDb.GetPkgApps(pkgName, appNames);
+ m_privilegeDb.GetPkgApps(pkgName, appNames);
} else {
// If user requested policy for specific appName, we have to copy
// appName from filter for non-hybrid apps
LogDebug("Limitting Cynara query to app: " << filter.appName);
listOfApps.push_back(filter.appName);
} else {
- m_priviligeDb.GetUserApps(user, listOfApps);
+ m_privilegeDb.GetUserApps(user, listOfApps);
LogDebug("Found apps: " << listOfApps.size());
};
int ret = SECURITY_MANAGER_SUCCESS;
try {
- m_priviligeDb.GetGroups(groups);
+ m_privilegeDb.GetGroups(groups);
} catch (const PrivilegeDb::Exception::Base &e) {
LogError("Error while getting groups from database: " << e.DumpToString());
return SECURITY_MANAGER_ERROR_SERVER_ERROR;
}
std::vector<std::pair<std::string, std::string>> group2privVector;
- m_priviligeDb.GetGroupsRelatedPrivileges(group2privVector);
+ m_privilegeDb.GetGroupsRelatedPrivileges(group2privVector);
for (const auto &g2p : group2privVector) {
m_cynaraAdmin.Check(CYNARA_ADMIN_ANY, uidStr, g2p.second,
int errorRet;
try {
int targetPathCount, pathCount, ownerTargetCount;
- m_priviligeDb.DropPrivateSharing(ownerAppName, targetAppName, path);
- m_priviligeDb.GetTargetPathSharingCount(targetAppName, path, targetPathCount);
- m_priviligeDb.GetPathSharingCount(path, pathCount);
- m_priviligeDb.GetOwnerTargetSharingCount(ownerAppName, targetAppName, ownerTargetCount);
+ m_privilegeDb.DropPrivateSharing(ownerAppName, targetAppName, path);
+ m_privilegeDb.GetTargetPathSharingCount(targetAppName, path, targetPathCount);
+ m_privilegeDb.GetPathSharingCount(path, pathCount);
+ m_privilegeDb.GetOwnerTargetSharingCount(ownerAppName, targetAppName, ownerTargetCount);
if (targetPathCount > 0) {
return SECURITY_MANAGER_SUCCESS;
}
return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
}
- m_priviligeDb.GetAppPkgName(ownerAppName, ownerPkgName);
+ m_privilegeDb.GetAppPkgName(ownerAppName, ownerPkgName);
if (ownerPkgName.empty()) {
LogError(ownerAppName << " is not an installed application");
return SECURITY_MANAGER_ERROR_APP_UNKNOWN;
}
- m_priviligeDb.GetAppPkgName(targetAppName, targetPkgName);
+ m_privilegeDb.GetAppPkgName(targetAppName, targetPkgName);
if (targetPkgName.empty()) {
LogError(targetAppName << " is not an installed application");
return SECURITY_MANAGER_ERROR_APP_UNKNOWN;
targetAppLabel = getAppProcessLabel(targetAppName);
getPkgLabels(ownerPkgName, pkgsLabels);
- ScopedTransaction trans(m_priviligeDb);
+ ScopedTransaction trans(m_privilegeDb);
for (const auto &path : paths) {
int targetPathCount, pathCount, ownerTargetCount;
- m_priviligeDb.GetTargetPathSharingCount(targetAppName, path, targetPathCount);
- m_priviligeDb.GetPathSharingCount(path, pathCount);
- m_priviligeDb.GetOwnerTargetSharingCount(ownerAppName, targetAppName, ownerTargetCount);
+ m_privilegeDb.GetTargetPathSharingCount(targetAppName, path, targetPathCount);
+ m_privilegeDb.GetPathSharingCount(path, pathCount);
+ m_privilegeDb.GetOwnerTargetSharingCount(ownerAppName, targetAppName, ownerTargetCount);
std::string pathLabel = SmackLabels::generateSharedPrivateLabel(ownerPkgName, path);
- m_priviligeDb.ApplyPrivateSharing(ownerAppName, targetAppName, path, pathLabel);
+ m_privilegeDb.ApplyPrivateSharing(ownerAppName, targetAppName, path, pathLabel);
sharingAdded++;
if (targetPathCount > 0) {
//Nothing to do, only counter needed incrementing
}
std::string ownerPkgName;
- m_priviligeDb.GetAppPkgName(ownerAppName, ownerPkgName);
+ m_privilegeDb.GetAppPkgName(ownerAppName, ownerPkgName);
if (ownerPkgName.empty()) {
LogError(ownerAppName << " is not an installed application");
return SECURITY_MANAGER_ERROR_APP_UNKNOWN;
}
std::string targetPkgName;
- m_priviligeDb.GetAppPkgName(targetAppName, targetPkgName);
+ m_privilegeDb.GetAppPkgName(targetAppName, targetPkgName);
if (targetPkgName.empty()) {
LogError(targetAppName << " is not an installed application");
return SECURITY_MANAGER_ERROR_APP_UNKNOWN;
getPkgLabels(ownerPkgName, pkgLabels);
auto targetAppLabel = getAppProcessLabel(targetAppName, targetPkgName);
- ScopedTransaction trans(m_priviligeDb);
+ ScopedTransaction trans(m_privilegeDb);
for (const auto &path : paths) {
int ret = dropOnePrivateSharing(ownerAppName, ownerPkgName, pkgLabels,
targetAppName, targetAppLabel, path);
try {
if (isSharedRO(req.pkgPaths)) {
- ScopedTransaction trans(m_priviligeDb);
+ ScopedTransaction trans(m_privilegeDb);
- if (!m_priviligeDb.IsPackageSharedRO(req.pkgName)) {
+ if (!m_privilegeDb.IsPackageSharedRO(req.pkgName)) {
- m_priviligeDb.SetSharedROPackage(req.pkgName);
+ m_privilegeDb.SetSharedROPackage(req.pkgName);
SmackRules::PkgsLabels pkgsLabels;
std::vector<PkgInfo> pkgsInfo;
- m_priviligeDb.GetPackagesInfo(pkgsInfo);
+ m_privilegeDb.GetPackagesInfo(pkgsInfo);
getPkgsProcessLabels(pkgsInfo, pkgsLabels);
SmackRules::generateSharedRORules(pkgsLabels, pkgsInfo);
projects / platform / core / security / security-manager.git / commitdiff