Simple corrections in api-feature handling. +Fix

[Issue#]       SSDWSSP-405
[Bug]          Impossible to add Api-Feature with template label "~APP~"
               and enable permissions granted by newly created feature
[Cause]        Mistakes in app label parsing and adding permissions from Api-Feature
[Solution]     Two simple corrections
               Also template label macros are moved to common header
               Also fix for ~APP~ label allowance has been added
[Verification] Build and run all tests
               * sync with the following security-tests commit:
               http://slp-info.sec.samsung.net/gerrit/#/c/267785/

Change-Id: Iebe39035ecb6a423cb19541f130bd25218f7ca1a

diff --git a/include/common.h b/include/common.h
index 5c88e65..0c967d9 100644 (file)
--- a/include/common.h
+++ b/include/common.h
@@ -41,7 +41,7 @@
 #else
 #define C_LOGD(...) do { } while(0)
 #define SECURE_C_LOGD(...) do { } while(0)
-#endif //DDLOG_DEBUG_ENABLED
+#endif //DLOG_DEBUG_ENABLED
 
 // conditional log macro for dlogutil (warning)
 #ifdef DLOG_WARN_ENABLED
@@ -96,6 +96,9 @@ void fts_closep(FTS **f);
 #define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/rules"
 #define SMACK_LOADED_APP_RULES   "/var/run/smack-app/"
 
+#define SMACK_APP_LABEL_TEMPLATE        "~APP~"
+#define SMACK_SHARED_DIR_LABEL_TEMPLATE "~APP_SHARED_DIR~"
+
 int smack_label_is_valid(const char* smack_label);
 
 int load_smack_from_file(const char* app_id, struct smack_accesses** smack, int *fd, char** path);

diff --git a/src/privilege-control.c b/src/privilege-control.c
index 8fe7ede..328d89a 100644 (file)
--- a/src/privilege-control.c
+++ b/src/privilege-control.c
@@ -61,9 +61,6 @@
 #define APP_GROUP_PATH TOSTRING(SHAREDIR) "/app_group_list"
 #define DEV_GROUP_PATH TOSTRING(SHAREDIR) "/dev_group_list"
 
-#define SMACK_APP_LABEL_TEMPLATE        "~APP~"
-#define SMACK_SHARED_DIR_LABEL_TEMPLATE "~APP_SHARED_DIR~"
-
 #define SMACK_SRC_FILE_SUFFIX   "_src_file"
 #define SMACK_SRC_DIR_SUFFIX    "_src_dir"
 #define SMACK_DATA_SUFFIX       "_data"
@@ -2253,6 +2250,17 @@ static int save_rules(int fd, struct smack_accesses* accesses) {
        return PC_OPERATION_SUCCESS ;
 }
 
+static int label_valid(const char *label) {
+       if (label == NULL)
+               return 0;
+
+       // allow ~APP~ template when adding new feature
+       if (strcmp(label, SMACK_APP_LABEL_TEMPLATE) == 0)
+               return 1;
+
+       return smack_label_is_valid(label);
+}
+
 static int validate_and_add_rule(char* rule, struct smack_accesses* accesses) {
        SECURE_C_LOGD("Entering function: %s. Params: rule=%s",
                                __func__, rule);
@@ -2267,19 +2275,17 @@ static int validate_and_add_rule(char* rule, struct smack_accesses* accesses) {
        access = strtok_r(NULL, " \t\n", &saveptr);
 
        // check rule validity
-       if (subject == NULL ||
-               object == NULL ||
-               access == NULL ||
+       if (access == NULL ||
                strtok_r(NULL, " \t\n", &saveptr) != NULL ||
-               !smack_label_is_valid(subject) ||
-               !smack_label_is_valid(object))
+               !label_valid(subject) ||
+               !label_valid(object))
        {
                C_LOGE("Incorrect rule format: %s", rule);
                return PC_ERR_INVALID_PARAM;
        }
 
-       if (smack_accesses_add_modify(accesses, subject, object, access, "")) {
-               C_LOGE("smack_accesses_add_modify failed");
+       if (smack_accesses_add(accesses, subject, object, access)) {
+               C_LOGE("smack_accesses_add failed");
                return PC_ERR_INVALID_OPERATION;
        }
        return PC_OPERATION_SUCCESS ;