/*
- * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved.
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
if (offlineMode.isOffline()) {
Credentials creds = offlineMode.getCredentials();
app_inst_req req(*p_req);
- return ServiceImpl(ServiceImpl::Offline::yes).appInstall(creds, req);
+ return ServiceImpl(Offline::yes).appInstall(creds, req);
} else {
return ClientRequest(SecurityModuleCall::APP_INSTALL).send(p_req).getStatus();
}
if (offlineMode.isOffline()) {
Credentials creds = offlineMode.getCredentials();
app_inst_req req(*p_req);
- return ServiceImpl(ServiceImpl::Offline::yes).appUpdate(creds, req);
+ return ServiceImpl(Offline::yes).appUpdate(creds, req);
} else {
return ClientRequest(SecurityModuleCall::APP_UPDATE).send(p_req).getStatus();
}
if (offlineMode.isOffline()) {
Credentials creds = offlineMode.getCredentials();
app_inst_req req(*p_req);
- return ServiceImpl(ServiceImpl::Offline::yes).appUninstall(creds, req);
+ return ServiceImpl(Offline::yes).appUninstall(creds, req);
} else {
return ClientRequest(SecurityModuleCall::APP_UNINSTALL).send(p_req).getStatus();
}
ClientOffline offlineMode;
if (offlineMode.isOffline()) {
Credentials creds = offlineMode.getCredentials();
- retval = ServiceImpl(ServiceImpl::Offline::yes).userAdd(creds, p_req->uid, p_req->utype);
+ retval = ServiceImpl(Offline::yes).userAdd(creds, p_req->uid, p_req->utype);
} else {
//server is working
retval = ClientRequest(SecurityModuleCall::USER_ADD).send(
ClientOffline offlineMode;
if (offlineMode.isOffline()) {
Credentials creds = offlineMode.getCredentials();
- retval = ServiceImpl(ServiceImpl::Offline::yes).pathsRegister(creds, *p_req);
+ retval = ServiceImpl(Offline::yes).pathsRegister(creds, *p_req);
} else {
return ClientRequest(SecurityModuleCall::PATHS_REGISTER).send(
p_req->pkgName,
/*
- * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved.
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
#include <config.h>
#include <db-config.h>
#include <dpl/db/sql_connection.h>
+#include <protocols.h>
+#include <security-manager-types.h>
#include <utils.h>
-#include "security-manager-types.h"
namespace SecurityManager {
DECLARE_EXCEPTION_TYPE(Base, ConstraintError)
};
- enum class Offline : bool { no, yes };
/**
* Constructor
* @exception PrivilegeDb::Exception::IOError on problems with database access
NOOP = 0x90,
};
+enum class Offline : bool { no, yes };
+
// The least significant bit on iff shared RO is enabled.
// Subsequent bits == bitmask of namespaces to be checked in checkProperDrop().
typedef uint8_t PrepareAppFlags;
class ServiceImpl final {
public:
- using Offline = PrivilegeDb::Offline;
explicit ServiceImpl(Offline offline);
/**
PrivilegeGids m_privilegeGids;
NSMountLogic m_NSMountLogic;
PrepareAppFlags m_prepareAppFlags;
+ Offline m_offline;
};
} /* namespace SecurityManager */
std::string &homePath,
std::string &skelDir,
std::vector<std::string> &legalPkgBaseDirs,
- bool isSharedRO);
+ bool isSharedRO,
+ Offline offline);
bool pathsCheck(const pkg_paths &requestedPaths,
const std::vector<std::string> &allowedDirs);
ServiceImpl::ServiceImpl(Offline offline) :
m_privilegeDb(offline),
- m_NSMountLogic(m_cynara)
+ m_NSMountLogic(m_cynara),
+ m_offline(offline)
{
PrivilegeGids::GroupPrivileges group_privileges;
m_privilegeDb.GetGroupsRelatedPrivileges(group_privileges);
m_privilegeGids.init(group_privileges);
- if (Offline::no == offline) {
+ if (!underlying(offline)) {
const auto checkProperDropFlags = CheckProperDrop::computeFlags();
if (checkProperDropFlags < 0)
ThrowMsg(FS::Exception::FileError, "Error computing CheckProperDrop flags."
std::string homePath, skelDir;
std::vector<std::string> pkgLegalBaseDirs;
int ret = getLegalPkgBaseDirs(uid, pkgName, installationType, homePath,
- skelDir, pkgLegalBaseDirs, isSharedRO);
+ skelDir, pkgLegalBaseDirs, isSharedRO, m_offline);
if (ret != SECURITY_MANAGER_SUCCESS) {
LogError("Failed to generate legal directories for application");
return ret;
std::string &homePath,
std::string &skelDir,
std::vector<std::string> &legalPkgDirs,
- bool isSharedRO)
+ bool isSharedRO,
+ Offline offline)
{
TizenPlatformConfig tpc(uid);
addPkgDirs(legalPkgDirs, pkgName, isSharedRO, skelDir);
}
- if (SM_APP_INSTALL_LOCAL == installType) {
+ if (SM_APP_INSTALL_LOCAL == installType && !underlying(offline)) {
auto subsession = getDir(tpc, TZ_USER_HOME);
if (subsession.empty()) {
LogError("Couldn't get user home");
/*
- * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved.
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
try {
std::map<std::string, std::vector<std::string>> appPathMap;
- PrivilegeDb db(PrivilegeDb::Offline::no);
+ PrivilegeDb db(Offline::no);
db.GetAllPrivateSharing(appPathMap);
for (auto &appPaths : appPathMap) {
try {
{
T *service = nullptr;
try {
- service = new T(T::Offline::no);
+ service = new T(Offline::no);
service->RegisterChannel(std::move(channel));
manager.RegisterSocketService(*service);
return service;
"*" /* smackLabel label (not used, we rely on systemd) */
};
- using Offline = ServiceImpl::Offline;
explicit Service(Offline offline) : m_serviceImpl(offline) {}
void RegisterChannel(Channel channel) {
m_serviceImpl.RegisterChannel(std::move(channel));
putFile(fallback, TEST_PRIVILEGE_FALLBACK_DB_PATH);
forkExecWaitpid(TEST_RULES_LOADER_CMD, "--no-load");
checkMarker(preMgr);
- testPrivDb = new PrivilegeDb(PrivilegeDb::Offline::no, Config::DbTest());
+ testPrivDb = new PrivilegeDb(Offline::no, Config::DbTest());
checkMarker(PostMgrMarker::unchanged == postMgr ? preMgr : Marker::fallback);
}
/*
- * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved.
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
purgeDb();
// db init must fail w/ no loader having run beforehand
- BOOST_REQUIRE_THROW(testPrivDb.reset(new PrivilegeDb(PrivilegeDb::Offline::no, Config::DbTest())),
+ BOOST_REQUIRE_THROW(testPrivDb.reset(new PrivilegeDb(Offline::no, Config::DbTest())),
PrivilegeDb::Exception::IOError);
requireNoDb();
}
std::string home, skelDir;
BOOST_REQUIRE_THROW(getLegalPkgBaseDirs(ServiceImplUtilFixture::nonexistingUid,
"pkg_name", SM_APP_INSTALL_LOCAL, home, skelDir,
- legalPkgBaseDirs, true),
+ legalPkgBaseDirs, true, Offline::no),
TizenPlatformConfig::Exception::ContextError);
}
std::string home, skelDir;
BOOST_REQUIRE(getLegalPkgBaseDirs(0,
"pkg_name", SM_APP_INSTALL_NONE, home, skelDir,
- legalPkgBaseDirs, true) == SECURITY_MANAGER_ERROR_INPUT_PARAM);
+ legalPkgBaseDirs, true, Offline::no) == SECURITY_MANAGER_ERROR_INPUT_PARAM);
}
NEGATIVE_FIXTURE_TEST_CASE(T267_getLegalPkgBaseDirs, ServiceImplUtilFixture)
std::string home, skelDir;
BOOST_REQUIRE(getLegalPkgBaseDirs(0,
"pkg_name", SM_APP_INSTALL_END, home, skelDir,
- legalPkgBaseDirs, true) == SECURITY_MANAGER_ERROR_INPUT_PARAM);
+ legalPkgBaseDirs, true, Offline::no) == SECURITY_MANAGER_ERROR_INPUT_PARAM);
}
POSITIVE_FIXTURE_TEST_CASE(T268_getLegalPkgBaseDirs, ServiceImplUtilFixture)
std::string home, skelDir;
BOOST_REQUIRE(getLegalPkgBaseDirs(0,
"pkg_name", SM_APP_INSTALL_GLOBAL, home, skelDir,
- legalPkgBaseDirs, true) == SECURITY_MANAGER_SUCCESS);
+ legalPkgBaseDirs, true, Offline::no) == SECURITY_MANAGER_SUCCESS);
}
POSITIVE_FIXTURE_TEST_CASE(T269_pathsCheck, ServiceImplUtilFixture)
/*
- * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved.
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
struct DbFixture
{
DbFixture()
- : db(PrivilegeDb::Offline::no) {
+ : db(Offline::no) {
db.GetAllPackages(packages);
}