projects / platform / core / security / security-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3150397)
Resolving global application user 15/27615/3
authorJosé Bollo <jose.bollo@open.eurogiciel.org>
Tue, 16 Sep 2014 14:44:19 +0000 (16:44 +0200)
committerJosé Bollo <jose.bollo@open.eurogiciel.org>
Tue, 16 Sep 2014 15:27:35 +0000 (17:27 +0200)
The global applications are set using the system
user 'tizenglobalapp'. In fact this name is set in
the tizen configuration variable TZ_SYS_GLOBALAPPUSER
and its uid should be retrieved using tzplatform_getuid.

Change-Id: I01635d1f65add0159b8d73fef60b76d03798fe52
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
src/server/service/service.cpp patch | blob | history

diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp
index 6539b7f..29541ea 100644 (file)
--- a/src/server/service/service.cpp
+++ b/src/server/service/service.cpp
@@ -25,6 +25,7 @@
 
 #include <dpl/log/log.h>
 #include <dpl/serialization.h>
+#include <tzplatform_config.h>
 
 #include <unordered_set>
 #include <sys/types.h>
@@ -45,6 +46,16 @@ namespace SecurityManager {
 
 const InterfaceID IFACE = 1;
 
+static inline bool isGlobalUser(uid_t uid) {
+    static uid_t uidGlobalApp = 0;
+    if (!uidGlobalApp) {
+        // As long as the recorded global user id is root, recheck.
+        uid_t id = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
+        if (id != (uid_t)-1)
+            uidGlobalApp = id;
+    }
+    return uidGlobalApp == uid || !uid; // FIXME: is root authorized?
+}
 
 Service::Service()
 {
@@ -278,8 +289,8 @@ bool Service::processAppInstall(MessageBuffer &buffer, MessageBuffer &send, uid_
 
     try {
         std::vector<std::string> oldPkgPrivileges, newPkgPrivileges;
-        std::string uidstr = uid ? std::to_string(static_cast<unsigned int>(uid))
-                             : CYNARA_ADMIN_WILDCARD;
+        std::string uidstr = isGlobalUser(uid) ? CYNARA_ADMIN_WILDCARD
+                             : std::to_string(static_cast<unsigned int>(uid));
 
         LogDebug("Install parameters: appId: " << req.appId << ", pkgId: " << req.pkgId
                  << ", uidstr " << uidstr << ", generated smack label: " << smackLabel);
@@ -362,8 +373,8 @@ bool Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, ui
                 goto error_label;
             }
 
-            std::string uidstr = uid ? std::to_string(static_cast<unsigned int>(uid))
-                                 : CYNARA_ADMIN_WILDCARD;
+            std::string uidstr = isGlobalUser(uid) ? CYNARA_ADMIN_WILDCARD
+                                 : std::to_string(static_cast<unsigned int>(uid));
 
             LogDebug("Uninstall parameters: appId: " << appId << ", pkgId: " << pkgId
                      << ", uidstr " << uidstr << ", generated smack label: " << smackLabel);
Domain: Security / Access Control;