sessiond: Ensure proper permissions are set for subsession user app dirs

as well as the main `apps_rw` directory

Change-Id: Iab41dcace38d1dcc346bf9bfde12ede1503ce359

diff --git a/src/service/src/fs_helpers.cpp b/src/service/src/fs_helpers.cpp
index de2cf58223d413806c9f8602467b83f08d649541..504cb9e4174f92af7cbc54f30919af8aeb1ead75 100644 (file)
--- a/src/service/src/fs_helpers.cpp
+++ b/src/service/src/fs_helpers.cpp
@@ -73,6 +73,15 @@ static void change_owner_and_group(std::string_view path, const int session_uid,
                        + "` file/directory");
 }
 
+static void change_permissions(std::string_view path, mode_t mode)
+{
+       if (chmod(path.data(), mode) == -1)
+               throw std::system_error(errno, std::system_category(),
+                       "Couldn't set owner/group permissions of the `"s
+                       + path.data()
+                       + "` file/directory");
+}
+
 static void copy_ownership(std::string_view src_path, std::string_view dest_path)
 {
        struct stat info;
@@ -85,6 +94,7 @@ static void copy_ownership(std::string_view src_path, std::string_view dest_path
                        + "` file/directory");
 
        change_owner_and_group(dest_path, info.st_uid, info.st_gid);
+       change_permissions(dest_path, info.st_mode);
 }
 
 static std::string get_smack_label(std::string_view src_path, smack_label_type type)
@@ -270,7 +280,7 @@ void add_user_subsession(const int session_uid, const std::string_view subsessio
                }
 
                // Last but not least - the `apps_rw` directory itself
-               change_owner_and_group(apps_rw_dir, session_uid, main_dir_gid);
+               copy_ownership(home_dir + "/apps_rw", apps_rw_dir);
                copy_smack_attributes(source_dir, apps_rw_dir);
 
                // Copy + rename so that the replacement is atomic