LogWarning("Allowed privileges returned - number: " << allowedPrivileges.size());
- std::string authorHash;
- m_privilegeDb.GetPkgAuthorHash(pkgName, authorHash);
-
- LogWarning("GetPkgAuthorHash returned : " << authorHash);
-
- if (m_smackRules.isPrivilegeMappingEnabled() && smack_simple_check()) {
- // We have to remove all possible privilege related Smack rules, because application
- // policy might have changed from last prepareApp
- // (e.g. application new version was installed)
- m_smackRules.disableAllPrivilegeRules(label, pkgName, authorHash);
-
- // TODO: Optimization is welcomed here
- auto runningApps = MountNS::getMountNSApps();
- if (isMultiUser({label, std::to_string(creds.uid)}, runningApps)) {
- LogWarning("Detected multiuser instance of " << appName
- << ". Privilege related Smack rules are cleared and won't be reapplied.");
- } else {
- m_smackRules.enablePrivilegeRules(label, pkgName, authorHash, allowedPrivileges);
+ if (smack_simple_check()) {
+ std::string authorHash;
+ m_privilegeDb.GetPkgAuthorHash(pkgName, authorHash);
+
+ LogWarning("GetPkgAuthorHash returned : " << authorHash);
+
+ if (m_smackRules.isPrivilegeMappingEnabled()) {
+ // We have to remove all possible privilege related Smack rules, because application
+ // policy might have changed from last prepareApp
+ // (e.g. application new version was installed)
+ m_smackRules.disableAllPrivilegeRules(label, pkgName, authorHash);
+
+ // TODO: Optimization is welcomed here
+ auto runningApps = MountNS::getMountNSApps();
+ if (isMultiUser( { label, std::to_string(creds.uid) }, runningApps)) {
+ LogWarning("Detected multiuser instance of " << appName <<
+ ". Privilege related Smack rules are cleared and won't be reapplied.");
+ } else {
+ m_smackRules.enablePrivilegeRules(label, pkgName, authorHash, allowedPrivileges);
+ }
}
}
projects / platform / core / security / security-manager.git / commitdiff