Fixing some security-server cookie service functions to work on smack disabled.

[Issue#]        SSDWSSP-603
[Bug/Feature]   Nosmack security-server client tests fail due to incorrect
                security-server implementation for smack disabled.
[Cause]         Security-server cookie service generates incorrect label for
                nosmack and privilegeByCookieRequest does not check for smack.
[Solution]      Changing label to empty string and adding smack_check().
[Verification]  Running nosmack security-server client tests. Test
                tc05_check_privilege_by_cookie_nosmack and
                tc_security_server_get_smacklabel_cookie_nosmack should pass.

Change-Id: Ibf1ea7976d9442c56f718f8e4ca11939391cc8cd

diff --git a/src/server2/service/cookie-jar.cpp b/src/server2/service/cookie-jar.cpp
index 6a0a474..2e0e42b 100644 (file)
--- a/src/server2/service/cookie-jar.cpp
+++ b/src/server2/service/cookie-jar.cpp
@@ -107,7 +107,7 @@ const Cookie * CookieJar::GenerateCookie(int pid)
         }
         newCookie.smackLabel = label;
     } else
-        newCookie.smackLabel = "smack_disabled";
+        newCookie.smackLabel = "";
 
 
     //get GID list

diff --git a/src/server2/service/cookie.cpp b/src/server2/service/cookie.cpp
index 2f12794..29c1b03 100644 (file)
--- a/src/server2/service/cookie.cpp
+++ b/src/server2/service/cookie.cpp
@@ -29,6 +29,7 @@
 #include <security-server.h>
 #include <security-server-common.h>
 #include <cookie.h>
+#include <smack-check.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/smack.h>
@@ -308,12 +309,16 @@ bool CookieService::privilegeByCookieRequest(MessageBuffer &buffer, MessageBuffe
     const Cookie *searchResult = m_cookieJar.SearchCookie(searchPattern, CompareType::COOKIE_ID);
 
     if (searchResult != NULL) {
-        subject = searchResult->smackLabel;
-
-        if (smack_have_access(subject.c_str(), object.c_str(), access.c_str()) == 1)
+        if (!smack_check()) {
             Serialization::Serialize(send, (int)SECURITY_SERVER_API_SUCCESS);
-        else
-            Serialization::Serialize(send, (int)SECURITY_SERVER_API_ERROR_ACCESS_DENIED);
+        } else {
+            subject = searchResult->smackLabel;
+
+            if (smack_have_access(subject.c_str(), object.c_str(), access.c_str()) == 1)
+                Serialization::Serialize(send, (int)SECURITY_SERVER_API_SUCCESS);
+            else
+                Serialization::Serialize(send, (int)SECURITY_SERVER_API_ERROR_ACCESS_DENIED);
+        }
     } else {
         Serialization::Serialize(send, (int)SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
     }