#else
#define C_LOGD(...) do { } while(0)
#define SECURE_C_LOGD(...) do { } while(0)
-#endif //DDLOG_DEBUG_ENABLED
+#endif //DLOG_DEBUG_ENABLED
// conditional log macro for dlogutil (warning)
#ifdef DLOG_WARN_ENABLED
#define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/rules"
#define SMACK_LOADED_APP_RULES "/var/run/smack-app/"
+#define SMACK_APP_LABEL_TEMPLATE "~APP~"
+#define SMACK_SHARED_DIR_LABEL_TEMPLATE "~APP_SHARED_DIR~"
+
int smack_label_is_valid(const char* smack_label);
int load_smack_from_file(const char* app_id, struct smack_accesses** smack, int *fd, char** path);
#define APP_GROUP_PATH TOSTRING(SHAREDIR) "/app_group_list"
#define DEV_GROUP_PATH TOSTRING(SHAREDIR) "/dev_group_list"
-#define SMACK_APP_LABEL_TEMPLATE "~APP~"
-#define SMACK_SHARED_DIR_LABEL_TEMPLATE "~APP_SHARED_DIR~"
-
#define SMACK_SRC_FILE_SUFFIX "_src_file"
#define SMACK_SRC_DIR_SUFFIX "_src_dir"
#define SMACK_DATA_SUFFIX "_data"
return PC_OPERATION_SUCCESS ;
}
+static int label_valid(const char *label) {
+ if (label == NULL)
+ return 0;
+
+ // allow ~APP~ template when adding new feature
+ if (strcmp(label, SMACK_APP_LABEL_TEMPLATE) == 0)
+ return 1;
+
+ return smack_label_is_valid(label);
+}
+
static int validate_and_add_rule(char* rule, struct smack_accesses* accesses) {
SECURE_C_LOGD("Entering function: %s. Params: rule=%s",
__func__, rule);
access = strtok_r(NULL, " \t\n", &saveptr);
// check rule validity
- if (subject == NULL ||
- object == NULL ||
- access == NULL ||
+ if (access == NULL ||
strtok_r(NULL, " \t\n", &saveptr) != NULL ||
- !smack_label_is_valid(subject) ||
- !smack_label_is_valid(object))
+ !label_valid(subject) ||
+ !label_valid(object))
{
C_LOGE("Incorrect rule format: %s", rule);
return PC_ERR_INVALID_PARAM;
}
- if (smack_accesses_add_modify(accesses, subject, object, access, "")) {
- C_LOGE("smack_accesses_add_modify failed");
+ if (smack_accesses_add(accesses, subject, object, access)) {
+ C_LOGE("smack_accesses_add failed");
return PC_ERR_INVALID_OPERATION;
}
return PC_OPERATION_SUCCESS ;