#include <dpl/log/log.h>
#include <dpl/serialization.h>
+#include <tzplatform_config.h>
#include <unordered_set>
#include <sys/types.h>
const InterfaceID IFACE = 1;
+static inline bool isGlobalUser(uid_t uid) {
+ static uid_t uidGlobalApp = 0;
+ if (!uidGlobalApp) {
+ // As long as the recorded global user id is root, recheck.
+ uid_t id = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER);
+ if (id != (uid_t)-1)
+ uidGlobalApp = id;
+ }
+ return uidGlobalApp == uid || !uid; // FIXME: is root authorized?
+}
Service::Service()
{
try {
std::vector<std::string> oldPkgPrivileges, newPkgPrivileges;
- std::string uidstr = uid ? std::to_string(static_cast<unsigned int>(uid))
- : CYNARA_ADMIN_WILDCARD;
+ std::string uidstr = isGlobalUser(uid) ? CYNARA_ADMIN_WILDCARD
+ : std::to_string(static_cast<unsigned int>(uid));
LogDebug("Install parameters: appId: " << req.appId << ", pkgId: " << req.pkgId
<< ", uidstr " << uidstr << ", generated smack label: " << smackLabel);
goto error_label;
}
- std::string uidstr = uid ? std::to_string(static_cast<unsigned int>(uid))
- : CYNARA_ADMIN_WILDCARD;
+ std::string uidstr = isGlobalUser(uid) ? CYNARA_ADMIN_WILDCARD
+ : std::to_string(static_cast<unsigned int>(uid));
LogDebug("Uninstall parameters: appId: " << appId << ", pkgId: " << pkgId
<< ", uidstr " << uidstr << ", generated smack label: " << smackLabel);