-#!/bin/sh -e
+#!/bin/bash
+set -euo pipefail
#
# Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved.
echo "COMMIT;"
) | sqlite3 "$DB_FILE"
+# Migrate pkg_id, app_id and privileges for all apps already installed as if smack was enabled
+if ! $SMACK_ENABLED; then
+ cynara_buckets="$(cut -d ';' -f 1 /opt/var/cynara/db/buckets)"
+ new_puid=10000 # New PUIDs start from this value
+ function update_new_puid {
+ taken_puids="$(sqlite3 "$DB_FILE" --batch <<< "SELECT pkg_id FROM pkg WHERE pkg_id>=$new_puid UNION SELECT app_id FROM app WHERE app_id>=$new_puid ORDER BY pkg_id")"
+ if [[ "$taken_puids" != "" ]]; then
+ while read -r taken_puid; do
+ if [[ "$new_puid" == "$taken_puid" ]]; then
+ new_puid=$((new_puid + 1))
+ continue
+ fi
+ break;
+ done <<< "$taken_puids"
+ fi
+ }
+
+ # First remap every pkg_id
+ pkg_ids="$(sqlite3 "$DB_FILE" --batch <<< 'SELECT pkg_id FROM pkg ORDER BY pkg_id')"
+ if [[ "$pkg_ids" != "" ]]; then
+ while read -r pkg_id; do
+ if (( pkg_id < 10000 )); then
+ update_new_puid
+ new_pkg_id="$new_puid"
+ echo "remapping pkg_id: $pkg_id -> $new_pkg_id"
+ sqlite3 "$DB_FILE" --batch <<< "
+ BEGIN;
+ UPDATE pkg SET pkg_id=$new_pkg_id WHERE pkg_id=$pkg_id;
+ UPDATE app SET pkg_id=$new_pkg_id WHERE pkg_id=$pkg_id;
+ COMMIT;"
+ fi
+ done <<< "$pkg_ids"
+ fi
+
+ # Then remap every author_id
+ author_ids="$(sqlite3 "$DB_FILE" --batch <<< 'SELECT author_id FROM author ORDER BY author_id')"
+ if [[ "$author_ids" != "" ]]; then
+ new_agid=20000 # New AGIDs start from this value
+ while read -r author_id; do
+ if (( author_id < 20000 )); then
+ taken_agids="$(sqlite3 "$DB_FILE" --batch <<< "SELECT author_id FROM author WHERE author_id>=$new_agid ORDER BY author_id")"
+ if [[ "$taken_agids" != "" ]]; then
+ while read -r taken_agid; do
+ if [[ "$new_agid" == "$taken_agid" ]]; then
+ new_agid=$((new_agid + 1))
+ continue
+ fi
+ break;
+ done <<< "$taken_agids"
+ fi
+ new_author_id="$new_agid"
+ echo "remapping author_id: $author_id -> $new_author_id"
+ sqlite3 "$DB_FILE" --batch <<< "
+ BEGIN;
+ UPDATE author SET author_id=$new_author_id WHERE author_id=$author_id;
+ UPDATE pkg SET author_id=$new_author_id WHERE author_id=$author_id;
+ COMMIT;"
+ fi
+ done <<< "$author_ids"
+ fi
+
+ # Then remap every app_id
+ app_ids="$(sqlite3 "$DB_FILE" --batch <<< 'SELECT app.app_id, app.pkg_id, app.name, pkg.name, pkg.is_hybrid FROM app LEFT JOIN pkg USING (pkg_id) ORDER BY app_id')"
+ if [[ "$app_ids" != "" ]]; then
+ while IFS='|' read -r app_id pkg_id app_name pkg_name is_hybrid; do
+ if (( app_id < 10000 )); then
+ if [[ "$is_hybrid" == 1 ]]; then
+ echo "Found hybrid app $app_name from package $pkg_name"
+ exit 1
+ fi
+ echo ">>> migrating app $app_name from package $pkg_name"
+ update_new_puid
+ new_app_id="$new_puid"
+ # Update app_id
+ sqlite3 "$DB_FILE" --batch <<< "
+ BEGIN;
+ UPDATE app SET app_id=$new_app_id WHERE app_id=$app_id;
+ UPDATE user_app SET app_id=$new_app_id WHERE app_id=$app_id;
+ UPDATE app_defined_privilege SET app_id=$new_app_id WHERE app_id=$app_id;
+ UPDATE client_license SET app_id=$new_app_id WHERE app_id=$app_id;
+ COMMIT;"
+ # Migrate cynara policies
+ for bucket in $cynara_buckets; do
+ cyad --list-policies="$bucket" --client="User::Pkg::$pkg_name" --user='*' --privilege='#' |
+ while IFS=';' read -r bucket client user privilege type metadata; do
+ cyad --set-policy --bucket="$bucket" --client="User::Pkg::default_app_no_Smack_mode" --user="$pkg_id" --privilege="$privilege" --type="$type" --metadata="$metadata"
+ cyad --erase="$bucket" --recursive=no --client="$client" --user="$user" --privilege="$privilege"
+ done
+ done
+ fi
+ done <<< "$app_ids"
+ fi
+fi
+
# Start the service with the modified database
systemctl start security-manager.service security-manager.socket \
|| echo Failed to start security-manager systemd service, continuing regardless
projects / platform / core / security / security-manager.git / commitdiff