Remove Cynara singleton

Change-Id: Ia7aee968e142639373d1b9bc146b8162673504ba

diff --git a/src/client/CMakeLists.txt b/src/client/CMakeLists.txt
index d1996a2d795ac52d13e6eda326068caf55ef5144..0dd8280203d5c283541ea138f23bd6c08f4aa669 100644 (file)
--- a/src/client/CMakeLists.txt
+++ b/src/client/CMakeLists.txt
@@ -1,5 +1,6 @@
 PKG_CHECK_MODULES(CLIENT_DEP
     REQUIRED
+    cynara-client-async
     libsmack
     libcap
     libprocps

diff --git a/src/common/cynara.cpp b/src/common/cynara.cpp
index 5580e11eed6665c54d615c8e0489988b854182aa..f95602ef4fed228016b0b0aec4b98f103847fcb8 100644 (file)
--- a/src/common/cynara.cpp
+++ b/src/common/cynara.cpp
@@ -687,12 +687,6 @@ Cynara::~Cynara()
     cynara_async_finish(cynara);
 }
 
-Cynara &Cynara::getInstance()
-{
-    static Cynara cynara;
-    return cynara;
-}
-
 void Cynara::threadNotifyPut()
 {
     int ret = eventfd_write(pollFds[0].fd, 1);

diff --git a/src/common/include/cynara.h b/src/common/include/cynara.h
index cf33b194e26278e0336c4b29752463396d67783f..511813c832c1159671a1904a8631f89c0e130b54 100644 (file)
--- a/src/common/include/cynara.h
+++ b/src/common/include/cynara.h
@@ -321,10 +321,9 @@ private:
 class Cynara
 {
 public:
+    Cynara();
     ~Cynara();
 
-    static Cynara &getInstance();
-
     /**
      * Ask Cynara for permission.
      *
@@ -338,8 +337,6 @@ public:
         const std::string &user, const std::string &session);
 
 private:
-    Cynara();
-
     static void statusCallback(int oldFd, int newFd,
         cynara_async_status status, void *ptr);
 

diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index 9ecadb6262d6c7a23d7a3f0ad5463c983054a639..6b985385d41b35cda7ca27a0b27c9c980d757585 100644 (file)
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -30,6 +30,7 @@
 #include <vector>
 
 #include "credentials.h"
+#include "cynara.h"
 #include "security-manager.h"
 #include "smack-rules.h"
 #include "protocols.h"
@@ -37,56 +38,6 @@
 namespace SecurityManager {
 
 class ServiceImpl {
-private:
-    static bool authenticate(const Credentials &creds, const std::string &privilege);
-
-    static uid_t getGlobalUserId(void);
-
-    static std::string realPath(const std::string &path);
-
-    static bool isSubDir(const std::string &parent, const std::string &subdir);
-
-    static bool getUserPkgDir(const uid_t &uid,
-                              const std::string &pkgName,
-                              app_install_type installType,
-                              std::string &userPkgDir);
-
-    static void getSkelPkgDir(const std::string &pkgName,
-                              std::string &skelPkgDir);
-
-    static void setRequestDefaultValues(uid_t& uid, int& installationType);
-
-    static void installRequestMangle(app_inst_req &req, std::string &cynaraUserStr);
-
-    static bool authCheck(const Credentials &creds,
-                                        const uid_t &uid,
-                                        int installationType);
-
-    static bool pathsCheck(const pkg_paths &requestedPaths,
-                           const std::vector<std::string> &allowedDirs);
-
-    static int labelPaths(const pkg_paths &paths,
-                          const std::string &pkgName,
-                          app_install_type installationType,
-                          const uid_t &uid);
-
-    static void getPkgLabels(const std::string &pkgName, SmackRules::Labels &pkgsLabels);
-
-    static bool isSharedRO(const pkg_paths& paths);
-
-    static bool isPrivilegePrivacy(const std::string &privilege);
-
-    int squashDropPrivateSharing(const std::string &ownerAppName,
-                                 const std::string &targetAppName,
-                                 const std::string &path);
-
-    int dropOnePrivateSharing(const std::string &ownerAppName,
-                              const std::string &ownerPkgName,
-                              const SmackRules::Labels &ownerPkgLabels,
-                              const std::string &targetAppName,
-                              const std::string &targetAppLabel,
-                              const std::string &path);
-
 public:
     ServiceImpl();
     virtual ~ServiceImpl();
@@ -283,6 +234,58 @@ public:
      * @return API return code, as defined in protocols.h
      */
     int labelForProcess(const std::string &appName, std::string &label);
+private:
+    bool authenticate(const Credentials &creds, const std::string &privilege);
+
+    static uid_t getGlobalUserId(void);
+
+    static std::string realPath(const std::string &path);
+
+    static bool isSubDir(const std::string &parent, const std::string &subdir);
+
+    static bool getUserPkgDir(const uid_t &uid,
+                              const std::string &pkgName,
+                              app_install_type installType,
+                              std::string &userPkgDir);
+
+    static void getSkelPkgDir(const std::string &pkgName,
+                              std::string &skelPkgDir);
+
+    static void setRequestDefaultValues(uid_t& uid, int& installationType);
+
+    static void installRequestMangle(app_inst_req &req, std::string &cynaraUserStr);
+
+    bool authCheck(const Credentials &creds,
+                                        const uid_t &uid,
+                                        int installationType);
+
+    static bool pathsCheck(const pkg_paths &requestedPaths,
+                           const std::vector<std::string> &allowedDirs);
+
+    static int labelPaths(const pkg_paths &paths,
+                          const std::string &pkgName,
+                          app_install_type installationType,
+                          const uid_t &uid);
+
+    static void getPkgLabels(const std::string &pkgName, SmackRules::Labels &pkgsLabels);
+
+    static bool isSharedRO(const pkg_paths& paths);
+
+    static bool isPrivilegePrivacy(const std::string &privilege);
+
+    int squashDropPrivateSharing(const std::string &ownerAppName,
+                                 const std::string &targetAppName,
+                                 const std::string &path);
+
+    int dropOnePrivateSharing(const std::string &ownerAppName,
+                              const std::string &ownerPkgName,
+                              const SmackRules::Labels &ownerPkgLabels,
+                              const std::string &targetAppName,
+                              const std::string &targetAppLabel,
+                              const std::string &path);
+
+    Cynara m_cynara;
+
 };
 
 } /* namespace SecurityManager */

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 82c3c1c4bdeb9fb0675f97c904b70fd5dcb1f457..7d6a4bcbacec554b77e9d781fd08530126125e82 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -231,7 +231,7 @@ bool ServiceImpl::authenticate(const Credentials &creds, const std::string &priv
 {
     if (creds.authenticated)
         return true;
-    return Cynara::getInstance().check(creds.label, privilege,
+    return m_cynara.check(creds.label, privilege,
         std::to_string(creds.uid), std::to_string(creds.pid));
 }
 
@@ -808,7 +808,7 @@ int ServiceImpl::getAppGroups(const Credentials &creds, const std::string &appNa
                 LogDebug("Considering privilege " << privilege << " with " <<
                     privGroups.size() << " groups assigned");
 
-                if (Cynara::getInstance().check(appProcessLabel, privilege, uidStr, pidStr)) {
+                if (m_cynara.check(appProcessLabel, privilege, uidStr, pidStr)) {
                     groups.insert(groups.end(),
                         std::make_move_iterator(privGroups.begin()),
                         std::make_move_iterator(privGroups.end()));
@@ -1314,7 +1314,7 @@ int ServiceImpl::appHasPrivilege(
     try {
         std::string appProcessLabel = getAppProcessLabel(appName);
         std::string uidStr = std::to_string(uid);
-        result = Cynara::getInstance().check(appProcessLabel, privilege, uidStr, "");
+        result = m_cynara.check(appProcessLabel, privilege, uidStr, "");
         LogDebug("result = " << result);
     } catch (const CynaraException::Base &e) {
         LogError("Error while querying Cynara for permissions: " << e.DumpToString());