Don't accept wrong package id on app uninstall

Security-manager service shouldn't accept wrong package id
for application uninstall request.

Change-Id: Ia6836c6e668d39255069b0d0bf1a554457f25c6f

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 7d610ef9d191dbbbb06b79c075115f3caa9d4385..29d5a66c8bdb9d8ade5dac5f46e42870ec28b070 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -642,15 +642,21 @@ int ServiceImpl::appUninstall(const Credentials &creds, app_inst_req &&req)
 
     try {
         m_priviligeDb.BeginTransaction();
-        if (req.pkgName.empty())
-            m_priviligeDb.GetAppPkgName(req.appName, req.pkgName);
-
-        if (req.pkgName.empty()) {
-            LogWarning("Application " << req.appName <<
-                " not found in database while uninstalling");
+        std::string pkgName;
+        m_priviligeDb.GetAppPkgName(req.appName, pkgName);
+        if (pkgName.empty()) {
+            LogWarning("Application " << req.appName << " not found in database "
+                       "while uninstalling");
             m_priviligeDb.RollbackTransaction();
             return SECURITY_MANAGER_SUCCESS;
         }
+        if (req.pkgName.empty()) {
+            req.pkgName = pkgName;
+        } else if (req.pkgName != pkgName){
+            LogWarning("Application " << req.appName << " exists, but wrong package id "
+                        << req.pkgName << " is passed, should be: " << pkgName);
+            return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT;
+        }
 
         isPkgHybrid = m_priviligeDb.IsPackageHybrid(req.pkgName);
         processLabel = getAppProcessLabel(req.appName, req.pkgName);