PermissibleSet: Remove PrivilegeDb usage

Change-Id: I34a33ef2f80c9c02e9bdc41e9535632b9ab76f99

diff --git a/src/common/include/permissible-set.h b/src/common/include/permissible-set.h
index f3810d4c3f385c9a4533c08ba3218c811ff64fda..1ba4aeb224862ea613335ff4225d18105a478e10 100644 (file)
--- a/src/common/include/permissible-set.h
+++ b/src/common/include/permissible-set.h
@@ -65,9 +65,11 @@ std::string getPerrmissibleFileLocation(uid_t uid, int installationType);
  *
  * @param[in] uid user id
  * @param[in] installationType type of installation (global or local)
+ * @param[in] labelsForUser set of labels permitted for given user
  * @return resulting true on success
  */
-void updatePermissibleFile(uid_t uid, int installationType);
+void updatePermissibleFile(uid_t uid, int installationType,
+                           const std::vector<std::string> &labelsForUser);
 
 /**
  * Read labels from a file into a vector

diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index 6b985385d41b35cda7ca27a0b27c9c980d757585..8ff4cffc29c6fc11bf7b749a53f1424044e96009 100644 (file)
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -284,6 +284,8 @@ private:
                               const std::string &targetAppLabel,
                               const std::string &path);
 
+    void updatePermissibleSet(uid_t uid, int type);
+
     Cynara m_cynara;
 
 };

diff --git a/src/common/permissible-set.cpp b/src/common/permissible-set.cpp
index 7e2e5a7ad55b7843aac9a34ec983d4cb316cdf06..96ef8832189f041cde20c642f5e98ce345e35ad6 100644 (file)
--- a/src/common/permissible-set.cpp
+++ b/src/common/permissible-set.cpp
@@ -104,21 +104,16 @@ static void markPermissibleFileValid(int fd, const std::string &nameFile, bool v
     }
 }
 
-void updatePermissibleFile(uid_t uid, int installationType)
+void updatePermissibleFile(uid_t uid, int installationType,
+                           const std::vector<std::string> &labelsForUser)
 {
     std::string nameFile = getPerrmissibleFileLocation(uid, installationType);
     std::ofstream fstream;
     openAndLockNameFile(nameFile, fstream);
     markPermissibleFileValid(getFd(fstream), nameFile, false);
 
-    std::vector<std::string> appNames;
-    PrivilegeDb::getInstance().GetUserApps(uid, appNames);
-    for (auto &appName : appNames) {
-        std::string pkgName;
-        PrivilegeDb::getInstance().GetAppPkgName(appName, pkgName);
-        bool isPkgHybrid = PrivilegeDb::getInstance().IsPackageHybrid(pkgName);
-
-        fstream << SmackLabels::generateProcessLabel(appName, pkgName, isPkgHybrid) << '\n';
+    for (auto &label : labelsForUser) {
+        fstream << label << '\n';
         if (fstream.bad()) {
             LogError("Unable to write to file " << nameFile << ": " << GetErrnoString(errno));
             ThrowMsg(PermissibleSetException::PermissibleSetException::FileWriteError,

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 7d6a4bcbacec554b77e9d781fd08530126125e82..eea74bf8b588a4cfe524b6cc8f9aa592a461ef9a 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -484,6 +484,19 @@ void ServiceImpl::getPkgLabels(const std::string &pkgName, SmackRules::Labels &p
     }
 }
 
+void ServiceImpl::updatePermissibleSet(uid_t uid, int type)
+{
+    std::vector<std::string> userPkgs;
+    PrivilegeDb::getInstance().GetUserPkgs(uid, userPkgs);
+    std::vector<std::string> labelsForUser;
+    for (const auto &pkg : userPkgs) {
+        std::vector<std::string> pkgLabels;
+        getPkgLabels(pkg, pkgLabels);
+        labelsForUser.insert(labelsForUser.end(), pkgLabels.begin(), pkgLabels.end());
+    }
+    PermissibleSet::updatePermissibleFile(uid, type, labelsForUser);
+}
+
 int ServiceImpl::appInstall(const Credentials &creds, app_inst_req &&req)
 {
     std::vector<std::string> addedPermissions;
@@ -534,7 +547,7 @@ int ServiceImpl::appInstall(const Credentials &creds, app_inst_req &&req)
         // WTF? Why this commit is here? Shouldn't it be at the end of this function?
         PrivilegeDb::getInstance().CommitTransaction();
         LogDebug("Application installation commited to database");
-        PermissibleSet::updatePermissibleFile(req.uid, req.installationType);
+        updatePermissibleSet(req.uid, req.installationType);
     } catch (const PrivilegeDb::Exception::IOError &e) {
         LogError("Cannot access application database: " << e.DumpToString());
         return SECURITY_MANAGER_ERROR_SERVER_ERROR;
@@ -691,7 +704,7 @@ int ServiceImpl::appUninstall(const Credentials &creds, app_inst_req &&req)
                                                    std::vector<std::string>(), isPrivilegePrivacy);
         PrivilegeDb::getInstance().CommitTransaction();
         LogDebug("Application uninstallation commited to database");
-        PermissibleSet::updatePermissibleFile(req.uid, req.installationType);
+        updatePermissibleSet(req.uid, req.installationType);
     } catch (const PrivilegeDb::Exception::IOError &e) {
         LogError("Cannot access application database: " << e.DumpToString());
         return SECURITY_MANAGER_ERROR_SERVER_ERROR;