{".mmc", SECURITY_MANAGER_PATH_RO}
};
+const std::vector<std::pair<const char*,
+ app_install_path_type>> kSecurityRWOnlyPolicies = {
+ {"data", SECURITY_MANAGER_PATH_RW},
+ {"cache", SECURITY_MANAGER_PATH_RW},
+ {"shared", SECURITY_MANAGER_PATH_PUBLIC_RO},
+ {"shared/data", SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO},
+ {"shared/cache", SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO},
+ {"shared/trusted", SECURITY_MANAGER_PATH_TRUSTED_RW}
+};
+
const std::vector<std::pair<const char*, app_install_type>> kPathPolicies = {
{tzplatform_getenv(TZ_SYS_HOME), SM_APP_INSTALL_LOCAL},
{tzplatform_getenv(TZ_SYS_RW_APP), SM_APP_INSTALL_GLOBAL},
bool PreparePathRequest(const std::string& pkg_id,
const boost::filesystem::path& path, uid_t uid, path_req* req,
- bool readonly, std::string* error_message) {
+ bool is_readonly_pkg, bool rwpath_only, std::string* error_message) {
if (pkg_id.empty() || path.empty()) {
LOG(ERROR) << "Pkgid or path is empty. Both values must be set";
return false;
return false;
}
// When registering skel dir on global installation mode
- if (type == SM_APP_INSTALL_PRELOADED && !readonly)
+ if (type == SM_APP_INSTALL_PRELOADED && !is_readonly_pkg)
type = SM_APP_INSTALL_GLOBAL;
error = security_manager_path_req_set_install_type(req, type);
return false;
}
- for (auto& policy : kSecurityPolicies) {
+ for (auto& policy : (rwpath_only? kSecurityRWOnlyPolicies :
+ kSecurityPolicies)) {
bf::path subpath = path / policy.first;
if (bf::exists(subpath)) {
if (bf::is_symlink(symlink_status(subpath))) {
bool RegisterSecurityContextForPath(const std::string &pkg_id,
const boost::filesystem::path& path, uid_t uid,
- bool readonly, std::string* error_message) {
+ bool is_readonly_pkg, std::string* error_message) {
+ path_req* req;
+ int error = security_manager_path_req_new(&req);
+ if (error != SECURITY_MANAGER_SUCCESS) {
+ LOG(ERROR)
+ << "Failed while calling security_manager_path_req_new failed "
+ << "(error code: " << error << ")";
+ std::string errnum = boost::str(boost::format("%d") % error);
+ *error_message = security_manager_strerror(static_cast<lib_retcode>(error));
+ *error_message += ":<" + errnum + ">";
+ return false;
+ }
+
+ if (!PreparePathRequest(pkg_id, path, uid, req, is_readonly_pkg,
+ false, error_message)) {
+ LOG(ERROR) << "Failed while preparing security_manager_app_inst_req";
+ security_manager_path_req_free(req);
+ return false;
+ }
+
+ error = security_manager_paths_register(req);
+ if (error != SECURITY_MANAGER_SUCCESS) {
+ LOG(ERROR) << "Failed while calling security_manager_paths_register failed "
+ << "(error code: " << error << ")";
+ std::string errnum = boost::str(boost::format("%d") % error);
+ *error_message = security_manager_strerror(static_cast<lib_retcode>(error));
+ *error_message += ":<" + errnum + ">";
+ security_manager_path_req_free(req);
+ return false;
+ }
+
+ security_manager_path_req_free(req);
+
+ return true;
+}
+
+bool RegisterSecurityContextForRWOnlyPath(const std::string &pkg_id,
+ const boost::filesystem::path& path, uid_t uid,
+ bool is_readonly_pkg, std::string* error_message) {
path_req* req;
int error = security_manager_path_req_new(&req);
if (error != SECURITY_MANAGER_SUCCESS) {
return false;
}
- if (!PreparePathRequest(pkg_id, path, uid, req, readonly, error_message)) {
+ if (!PreparePathRequest(pkg_id, path, uid, req, is_readonly_pkg,
+ true, error_message)) {
LOG(ERROR) << "Failed while preparing security_manager_app_inst_req";
security_manager_path_req_free(req);
return false;
* Adapter interface for external Security module.
*
* Adapter interface for external Security module used for registering
- * application to security context
- *
- * \param app_id id of given application
- * \param pkg_id id of given package
- * \param author_id unique author id of given package
- * \param api_version api-version of given package
- * \param path path of installed package
- * \param uid uid
- * \param privileges pointer to manifest structure
- * \param cross_app_rules true if n-to-n smack rules should be generated
- * apps (should be set for hybrid applications).
- * \param error_message extra/detailed error message
- *
- * \return true if success
- */
-bool RegisterSecurityContext(const std::string& app_id,
- const std::string& pkg_id, const std::string& author_id,
- const std::string& api_version, const boost::filesystem::path& path,
- uid_t uid, const std::vector<std::string>& privileges,
- bool cross_app_rules, std::string* error_message);
-
-/**
- * Adapter interface for external Security module.
- *
- * Adapter interface for external Security module used for unregistering
- * application from security context
- *
- * \param app_id id of given application
- * \param pkg_id id of given package
- * \param uid uid
- * \param error_message extra/detailed error message
- *
- * \return true if success
- */
-bool UnregisterSecurityContext(const std::string& app_id,
- const std::string& pkg_id, uid_t uid, std::string* error_message);
-
-/**
- * Adapter interface for external Security module.
- *
- * Adapter interface for external Security module used for registering
* package to security context
*
* \param pkg_id pkgid of given package
/**
* Adapter interface for external Security module.
*
- * Adapter interface for external Security module used for unregistering
- * package from security context
+ * Adapter interface for external Security module used for registering
+ * package path to security context
*
* \param pkg_id pkgid of given package
+ * \param path path for registering
* \param uid uid
+ * \param is_readonly_pkg RO package flag
* \param error_message extra/detailed error message
*
* \return true if success
*/
-bool UnregisterSecurityContextForPkgId(const std::string& pkg_id, uid_t uid,
- std::string* error_message);
+bool RegisterSecurityContextForPath(const std::string &pkg_id,
+ const boost::filesystem::path& path, uid_t uid,
+ bool is_readonly_pkg, std::string* error_message);
/**
* Adapter interface for external Security module.
*
* Adapter interface for external Security module used for registering
- * package path to security context
+ * package path (RW only) to security context
*
* \param pkg_id pkgid of given package
* \param path path for registering
* \param uid uid
- * \param readonly RO package flag
+ * \param is_readonly_pkg RO package flag
* \param error_message extra/detailed error message
*
* \return true if success
*/
-bool RegisterSecurityContextForPath(const std::string &pkg_id,
+bool RegisterSecurityContextForRWOnlyPath(const std::string &pkg_id,
const boost::filesystem::path& path, uid_t uid,
- bool readonly, std::string* error_message);
+ bool is_readonly_pkg, std::string* error_message);
} // namespace common_installer
}
return Status::SECURITY_ERROR;
}
- if (!RegisterSecurityContextForPath(
+ bool result;
+ if (!context_->partial_rw.get())
+ result = RegisterSecurityContextForPath(
context_->pkgid.get(), context_->pkg_path.get(), context_->uid.get(),
- context_->is_readonly_package.get(), &error_message)) {
+ context_->is_readonly_package.get(), &error_message);
+ else
+ result = RegisterSecurityContextForRWOnlyPath(
+ context_->pkgid.get(), context_->pkg_path.get(), context_->uid.get(),
+ context_->is_readonly_package.get(), &error_message);
+
+ if (!result) {
if (!error_message.empty()) {
LOG(ERROR) << "error_message: " << error_message;
on_error(Status::SECURITY_ERROR, error_message);