Add new parameter of isPrivacy function - pkgName

The preloaded application should have all privacy related privileges
except location privilege.
So privilege-checker will manage whitelist of preloaded package names
and package name should be stored in isPrivacy function.
This is work-around patch.

Change-Id: I3ded5561fe003bb4ca95dfa9ef87965ef39d1d04
Signed-off-by: Kidong Kim <kd0228.kim@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7f1d523327e77316ff0a2fb29ceea2aec876dde5..84c7f03d45d6b9a54a4c5d716061e96675b3bad4 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -82,7 +82,7 @@ STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
 ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
 
 ADD_DEFINITIONS("-DSMACK_ENABLED")
-#ADD_DEFINITIONS("-DASKUSER_ENABLED")
+ADD_DEFINITIONS("-DASKUSER_ENABLED")
 
 OPTION(DPL_WITH_DLOG "DPL DLOG backend" ON)
 OPTION(DPL_WITH_SYSTEMD_JOURNAL "DPL systemd-journal backend" OFF)

diff --git a/src/common/cynara.cpp b/src/common/cynara.cpp
index 57afbecd88d58748a1649eba40856590c0e7e211..21dcf57816e0d7c2e09cc26e9afdeb407d414d65 100644 (file)
--- a/src/common/cynara.cpp
+++ b/src/common/cynara.cpp
@@ -299,7 +299,7 @@ void CynaraAdmin::UpdateAppPolicy(
     const std::string &label,
     const std::string &user,
     const std::vector<std::string> &privileges,
-    std::function <bool(const std::string &)> isPrivacy)
+    std::function <bool(const std::string &, const std::string &)> isPrivacy)
 {
     auto calcPolicies = [&](
         const std::string &user,
@@ -350,7 +350,7 @@ void CynaraAdmin::UpdateAppPolicy(
 
         std::vector<std::string> privacyPrivileges;
         for (auto &p : privileges)
-            if (isPrivacy(p))
+            if (isPrivacy(label, p))
                 privacyPrivileges.push_back(p);
 
         // 2nd, performing operation on PRIVACY_MANAGER bucket for all affected users
@@ -388,7 +388,7 @@ void CynaraAdmin::GetAppPolicy(const std::string &label, const std::string &user
 }
 
 void CynaraAdmin::UserInit(uid_t uid, security_manager_user_type userType,
-        std::function <bool(const std::string &)> isPrivacy)
+        std::function <bool(const std::string &, const std::string &)> isPrivacy)
 {
     Bucket bucket;
     std::vector<CynaraAdminPolicy> policies;
@@ -433,7 +433,7 @@ void CynaraAdmin::UserInit(uid_t uid, security_manager_user_type userType,
                                                 CYNARA_ADMIN_ANY, appPolicies);
 
         for (CynaraAdminPolicy &policy : appPolicies)
-            if (isPrivacy(policy.privilege))
+            if (isPrivacy(policy.client, policy.privilege))
                 policies.push_back(CynaraAdminPolicy(policy.client,
                 userStr,
                 policy.privilege,

diff --git a/src/common/include/cynara.h b/src/common/include/cynara.h
index 8d291bfc72e0dce8dad3104985c547d649070ddd..b53d909c08920776fd825e78dc2885570787f247 100644 (file)
--- a/src/common/include/cynara.h
+++ b/src/common/include/cynara.h
@@ -134,7 +134,7 @@ public:
      */
     void UpdateAppPolicy(const std::string &label, const std::string &user,
         const std::vector<std::string> &privileges,
-        std::function <bool(const std::string &)> isPrivacy);
+        std::function <bool(const std::string &, const std::string &)> isPrivacy);
 
     /**
      * Fetch Cynara policies for the application and the user.
@@ -158,7 +158,7 @@ public:
      * @param isPrivacy a function that checks if privilege is privacy-related
      */
     void UserInit(uid_t uid, security_manager_user_type userType,
-        std::function <bool(const std::string &)> isPrivacy);
+        std::function <bool(const std::string &, const std::string &)> isPrivacy);
 
     /**
      * List all users registered in Cynara

diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index 84177fb53f8f1c95f2396b236aa47284deb3b7c9..f997042f5dfca64d361d2d287ecf160c21106c98 100644 (file)
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -284,7 +284,7 @@ private:
 
     static bool isSharedRO(const pkg_paths& paths);
 
-    static bool isPrivilegePrivacy(const std::string &privilege);
+    static bool isPrivilegePrivacy(const std::string &clientLabel, const std::string &privilege);
 
     int squashDropPrivateSharing(const std::string &ownerAppName,
                                  const std::string &targetAppName,

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 54a27fdb08d4750d5d061b6b8d5d73439e1fe7d9..a9fd85465dc3a50ecd0ca013d070b9d9d87941eb 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -445,10 +445,10 @@ int ServiceImpl::labelPaths(const pkg_paths &paths,
     }
 }
 
-bool ServiceImpl::isPrivilegePrivacy(const std::string &privilege)
+bool ServiceImpl::isPrivilegePrivacy(const std::string &clientLabel, const std::string &privilege)
 {
     if (Config::IS_ASKUSER_ENABLED) {
-        int ret = privilege_info_is_privacy(privilege.c_str());
+        int ret = privilege_info_is_privacy2(clientLabel.c_str(), privilege.c_str());
         if (ret == 1)
             return true;
         if (ret != 0)