projects / platform / core / security / security-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1f0741a)
Refactor labelPaths
authorKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Wed, 22 Jan 2025 08:48:29 +0000 (09:48 +0100)
committerTomasz Swierczek <t.swierczek@samsung.com>
Wed, 5 Feb 2025 07:56:19 +0000 (08:56 +0100)
Change-Id: I4a1280bb857c47435da7a00c7744cf61f41ab0c2

src/common/include/protocols.h patch | blob | history
src/common/include/service_impl.h patch | blob | history
src/common/service_impl.cpp patch | blob | history

diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h
index d02f4cd6362545727e5b440bc05d8b5b9202542d..60787e2b314ca37daefee3fbe1e4680c027a3f55 100644 (file)
--- a/src/common/include/protocols.h
+++ b/src/common/include/protocols.h
@@ -40,7 +40,14 @@ using namespace SecurityManager;
 
 typedef std::vector<std::pair<std::string, int>> pkg_paths;
 
-struct app_inst_req : ISerializable {
+struct path_req {
+    std::string pkgName;
+    uid_t uid = 0;
+    pkg_paths pkgPaths;
+    int installationType = SM_APP_INSTALL_NONE;
+};
+
+struct app_inst_req : public path_req, ISerializable {
     struct app : ISerializable {
         std::string appName;
         std::vector<std::pair<std::string, std::string>> privileges;
@@ -60,12 +67,8 @@ struct app_inst_req : ISerializable {
     };
 
     std::vector<app> apps;
-    std::string pkgName;
-    pkg_paths pkgPaths;
-    uid_t uid = 0;
     std::string tizenVersion;
     std::string authorName;
-    int installationType = SM_APP_INSTALL_NONE;
     int pkgType = SM_PKG_TYPE_NONE;
     int privLevel = SM_PKG_PRIVILEGE_LEVEL_NONE;
     bool isHybrid = false;
@@ -98,13 +101,6 @@ struct private_sharing_req {
     std::vector<std::string> paths;
 };
 
-struct path_req {
-    std::string pkgName;
-    uid_t uid;
-    pkg_paths pkgPaths;
-    int installationType = SM_APP_INSTALL_NONE;
-};
-
 namespace SecurityManager {
 
 #define SOCKET_PATH_PREFIX "/run/"
diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index 1cf61a424bb14bc9ba9edb722c618141f05f0d6f..12977eee90f411c5992c1b60f6376b7c78d87ca6 100644 (file)
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -441,11 +441,7 @@ private:
                                         const uid_t &uid,
                                         int installationType);
 
-    int labelPaths(const pkg_paths &paths,
-                   const std::string &pkgName,
-                   app_install_type installationType,
-                   const uid_t &uid,
-                   bool isSharedRO);
+    int labelPaths(path_req& req, bool isSharedRO);
 
     void getPkgLabels(const std::string &pkgName, Smack::Labels &pkgsLabels);
 
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index e9fd2e99b4bbc4ea2916ee47798f99adc97a93b2..3ff4cabad6da7c98bd04cf8e562ccd49a3c4ccc4 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -346,29 +346,25 @@ bool ServiceImpl::authCheck(const Credentials &creds,
     return true;
 }
 
-int ServiceImpl::labelPaths(const pkg_paths &paths,
-                            const std::string &pkgName,
-                            app_install_type installationType,
-                            const uid_t &uid,
-                            bool isSharedRO)
+int ServiceImpl::labelPaths(path_req& req, bool isSharedRO)
 {
     try {
 
         if (!smack_simple_check()) {
             LogWarning("Running in no-smack mode, not labeling any paths");
-            if (!m_privilegeDb.PkgNameExists(pkgName)) {
-                LogError("No such package: " << pkgName);
+            if (!m_privilegeDb.PkgNameExists(req.pkgName)) {
+                LogError("No such package: " << req.pkgName);
                 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
             }
             return SECURITY_MANAGER_SUCCESS;
         }
 
         std::string authorHash;
-        m_privilegeDb.GetPkgAuthorHash(pkgName, authorHash);
+        m_privilegeDb.GetPkgAuthorHash(req.pkgName, authorHash);
 
         std::string homePath, skelDir;
         std::vector<std::string> pkgLegalBaseDirs;
-        int ret = getLegalPkgBaseDirs(uid, pkgName, installationType, homePath,
+        int ret = getLegalPkgBaseDirs(req.uid, req.pkgName, static_cast<app_install_type>(req.installationType), homePath,
                                       skelDir, pkgLegalBaseDirs, isSharedRO, m_offline);
         if (ret != SECURITY_MANAGER_SUCCESS) {
             LogError("Failed to generate legal directories for application");
@@ -377,28 +373,28 @@ int ServiceImpl::labelPaths(const pkg_paths &paths,
 
         LogWarning("Determinig if paths are legal");
         // check if paths are inside of legal directories
-        if (!pathsCheck(paths, pkgLegalBaseDirs))
+        if (!pathsCheck(req.pkgPaths, pkgLegalBaseDirs))
             return SECURITY_MANAGER_ERROR_NOT_PATH_OWNER;
 
         if (smack_simple_check() && isSharedRO) {
             LogWarning("Labeling shared_ro paths");
             // Label shared_ro base paths for bind mounting
-            labelSharedPaths(homePath, pkgName);
+            labelSharedPaths(homePath, req.pkgName);
             // If there are corresponding paths in skel, label them too
             if (!skelDir.empty())
-                labelSharedPaths(skelDir, pkgName);
+                labelSharedPaths(skelDir, req.pkgName);
         }
         // register paths
         LogWarning("Labeling other paths");
-        for (const auto &pkgPath : paths) {
+        for (const auto &pkgPath : req.pkgPaths) {
             const std::string &path = pkgPath.first;
             app_install_path_type pathType = static_cast<app_install_path_type>(pkgPath.second);
-            SmackLabels::setupPath(pkgName, path, pathType, authorHash);
+            SmackLabels::setupPath(req.pkgName, path, pathType, authorHash);
         }
 
         LogWarning("Labeling base paths");
         for (const auto &basePath : pkgLegalBaseDirs) {
-            if (containSubDir(basePath, paths)) {
+            if (containSubDir(basePath, req.pkgPaths)) {
                 SmackLabels::setupPkgBasePath(basePath);
             }
         }
@@ -658,11 +654,7 @@ int ServiceImpl::appInstall(const Credentials &creds, app_inst_req &req)
 
         // label paths
         LogWarning("Configuring package paths");
-        ret = labelPaths(req.pkgPaths,
-                         req.pkgName,
-                         static_cast<app_install_type>(req.installationType),
-                         req.uid,
-                         isAppSharedRO);
+        ret = labelPaths(req, isAppSharedRO);
         if (ret != SECURITY_MANAGER_SUCCESS)
             return ret;
 
@@ -785,11 +777,7 @@ int ServiceImpl::appUpdate(const Credentials &creds, app_inst_req &req)
 
         // label paths
         LogWarning("Configuring package paths");
-        ret = labelPaths(req.pkgPaths,
-                         req.pkgName,
-                         static_cast<app_install_type>(req.installationType),
-                         req.uid,
-                         isAppSharedRO);
+        ret = labelPaths(req, isAppSharedRO);
         if (ret != SECURITY_MANAGER_SUCCESS)
             return ret;
 
@@ -2110,11 +2098,7 @@ int ServiceImpl::pathsRegister(const Credentials &creds, path_req req)
         return SECURITY_MANAGER_ERROR_SERVER_ERROR;
     }
 
-    return labelPaths(req.pkgPaths,
-                      req.pkgName,
-                      static_cast<app_install_type>(req.installationType),
-                      req.uid,
-                      isRequestSharedRO);
+    return labelPaths(req, isRequestSharedRO);
 }
 
 int ServiceImpl::shmAppName(const Credentials &creds, const std::string &shmName, const std::string &appName)
Domain: Security / Access Control;