uid_t uid, std::vector<std::string> &privileges)
{
try {
- if (!authenticate(creds, Config::PRIVILEGE_USER_ADMIN)) {
- LogError("Request from uid=" << creds.uid << ", Smack=" << creds.label << " for checking app manifest policy denied");
- return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
- }
-
std::string pkgName;
m_privilegeDb.GetAppPkgName(appName, pkgName);
return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT;
}
- std::string uidStr = m_privilegeDb.IsUserPkgInstalled(pkgName, uid) ? std::to_string(uid) : CYNARA_ADMIN_WILDCARD;
std::string cynaraClient = getAppProcessLabel(appName);
+ std::string uidStr = m_privilegeDb.IsUserPkgInstalled(pkgName, uid) ? std::to_string(uid) : CYNARA_ADMIN_WILDCARD;
+
+ // Allow application to check its own manifest
+ if (((creds.label != cynaraClient)
+ || (uidStr != CYNARA_ADMIN_WILDCARD && uidStr != std::to_string(creds.uid)))
+ && !authenticate(creds, Config::PRIVILEGE_USER_ADMIN))
+ {
+ LogError("Request from uid=" << creds.uid << ", Smack=" << creds.label << " for checking app manifest policy denied");
+ return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
+ }
m_cynaraAdmin.getAppPolicy(cynaraClient, uidStr, privileges);
} catch (const CynaraException::Base &e) {