projects / platform / core / security / security-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 723c23d)
Use app PUID when checking path privileges 76/319476/15
authorKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Tue, 11 Feb 2025 11:45:03 +0000 (12:45 +0100)
committerKrzysztof Małysa <k.malysa@samsung.com>
Fri, 14 Feb 2025 16:06:26 +0000 (16:06 +0000)
Change-Id: I6015afe994f88362f48bca2c54cbaa6564328681

src/common/include/service_impl.h patch | blob | history
src/common/service_impl.cpp patch | blob | history

diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index 8d39284eb46fe838d2160bbeaf5cfab20fc995ec..1f4bbc55ae62fb887f4f558397fe8ee4e40c4734 100644 (file)
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -458,7 +458,7 @@ private:
 
     int appInstallSmackRules(app_inst_req &req, InstallHelper &ih);
 
-    int appSetupNamespace(const Credentials &creds, const Smack::Label &appProcessLabel,
+    int appSetupNamespace(const Credentials &creds, uid_t appUid, const Smack::Label &appProcessLabel,
             const std::vector<std::string> &privPathsVector, std::vector<bool> &privPathsStatusVector);
 
     int appUninstallInitialChecks(const Credentials &creds,
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 187af7a653d506dcbe6e3a9523b07c338e4d6872..edf12599485fb2749aa3d85870aec7f206380b26 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -2416,7 +2416,7 @@ int ServiceImpl::getClientPrivilegeLicense(
     return SECURITY_MANAGER_SUCCESS;
 }
 
-int ServiceImpl::appSetupNamespace(const Credentials &creds, const std::string &appProcessLabel,
+int ServiceImpl::appSetupNamespace(const Credentials &creds, uid_t appUid, const std::string &appProcessLabel,
         const std::vector<std::string> &privPathsVector, std::vector<bool> &privPathsStatusVector)
 {
     int ret;
@@ -2426,7 +2426,7 @@ int ServiceImpl::appSetupNamespace(const Credentials &creds, const std::string &
     }
 
     try {
-        const std::string uidStr = std::to_string(creds.uid);
+        const std::string uidStr = std::to_string(appUid);
         const std::string appsDir = MountNS::getUserAppsMountPointsPath(creds.uid);
         const std::string appDir =  MountNS::getUserAppMountPointPath(creds.uid, appProcessLabel);
         const std::string appFile = MountNS::getUserAppServiceMountPointPath(creds.uid, appProcessLabel, creds.pid);
@@ -2620,7 +2620,7 @@ int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName
         LogWarning("getForbiddenAndAllowedGroups returned: " << ret);
 
         return ret != SECURITY_MANAGER_SUCCESS ? ret
-            : appSetupNamespace(creds, id.label, privPathsVector, privPathsStatusVector);
+            : appSetupNamespace(creds, id.uid, id.label, privPathsVector, privPathsStatusVector);
     } catch (const FS::Exception::Base &e) {
         LogError("Filesystem error: " << e.DumpToString());
         return SECURITY_MANAGER_ERROR_SERVER_ERROR;
Domain: Security / Access Control;