Enable namespace setup & cleanup in no-smack

author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Tue, 21 Jan 2025 08:26:30 +0000 (09:26 +0100)

committer Tomasz Swierczek <t.swierczek@samsung.com>

Wed, 5 Feb 2025 07:56:19 +0000 (08:56 +0100)
author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Tue, 21 Jan 2025 08:26:30 +0000 (09:26 +0100)
committer Tomasz Swierczek <t.swierczek@samsung.com>
Wed, 5 Feb 2025 07:56:19 +0000 (08:56 +0100)
diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp

index 100915f068c01ead66afe0042ef7f8b104dee6d6..fa416c814d55422135f44bd32f13ea4f8e39fdc2 100644 (file)
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -1191,11 +1191,6 @@ int security_manager_prepare_app_candidate(void)
  {
      LogDebug("security_manager_prepare_app_candidate() called");
  
-    if (!smack_simple_check()) {
-        LogWarning("Running in no-smack mode, exiting earlier without setting up namespaces");
-        return SECURITY_MANAGER_SUCCESS;
-    }
-
      auto dir = opendir("/proc/self/task");
      if (!dir) {
          LogError("Unable to get number of threads");
@@ -1301,13 +1296,11 @@ int security_manager_prepare_app2(const char *app_name, const char *subsession_i
              return ret;
          }
  
-        if (smack_simple_check()) {
-            ret = security_manager_setup_namespace_internal(privilegePathMap, pkgName,
-                    prepareAppFlags & PREPARE_APP_SHARED_RO_FLAG, privPathsStatusVector, processId.label, subsession_id);
-            if (ret != SECURITY_MANAGER_SUCCESS) {
-                LogError("Unable to setup namespace for application " << app_name);
-                return ret;
-            }
+        ret = security_manager_setup_namespace_internal(privilegePathMap, pkgName,
+                prepareAppFlags & PREPARE_APP_SHARED_RO_FLAG, privPathsStatusVector, processId.label, subsession_id);
+        if (ret != SECURITY_MANAGER_SUCCESS) {
+            LogError("Unable to setup namespace for application " << app_name);
+            return ret;
          }
  
          ret = security_manager_sync_threads_internal(processId);
@@ -1334,11 +1327,6 @@ int security_manager_cleanup_app(const char *app_name, uid_t uid, pid_t pid)
              return SECURITY_MANAGER_ERROR_INPUT_PARAM;
          }
  
-        if (!smack_simple_check()) {
-            LogWarning("Running in no-smack mode, not cleaning namespaces");
-            return SECURITY_MANAGER_SUCCESS;
-        }
-
          ClientRequest request(SecurityModuleCall::APP_CLEAN_NAMESPACE);
          return request.send(std::string(app_name), uid, pid).getStatus();
      });
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp

index e61e3005f7baaf76e3c08d0abf2076c30d0dbaa7..3572d67f8b0c0a851d6408888d1d1c683de5418b 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -2475,11 +2475,6 @@ int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName
  
          LogWarning("getForbiddenAndAllowedGroups returned: " << ret);
  
-        if (!smack_simple_check()) {
-            LogWarning("Running in no-smack mode, exiting without setting up namespaces");
-            return ret;
-        }
-
          return ret != SECURITY_MANAGER_SUCCESS ? ret
              : appSetupNamespace(creds, id.label, privPathsVector, privPathsStatusVector);
      } catch (const FS::Exception::Base &e) {
author	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Tue, 21 Jan 2025 08:26:30 +0000 (09:26 +0100)
committer	Tomasz Swierczek <t.swierczek@samsung.com>
	Wed, 5 Feb 2025 07:56:19 +0000 (08:56 +0100)
src/client/client-security-manager.cpp		patch \| blob \| history
src/common/service_impl.cpp		patch \| blob \| history