Reintroduce checks for directory existance in sharedRO setup

While directories connected with per-app sharedRO should exist
if an application package has been declared to use the feature,
previous behaviour of security-manager allowed these dirs
to be nonexistent while still silently ignoring the misconfiguration
(pre-1.5.18 versions).

On already released product images, some apps, improperly installed
by installer as using sharedRO and NOT having actual folder structure,
could be already running in the wilderness. Update to new
security-manager, while true to original sharedRO-bind-mount design
(dirs SHOULD exist as designed), may introduce runtime errors.

This patch reintroduces existance checks for directories which are
arguments to bind mounts.

Alternative to this patch would be a migration script that would be much more
complicated and should be accompanied with security-manager commandline tool
used to update DB contents OR appfw script that would re-do the directory
structure. Both ways would be much more time-consuming & error prone
than reintroducing these checks, which I'm doing in this patch.

Change-Id: I9f25a85ae87e4189b81621f1ec3863a2d1cc9d2a

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index d0a3cf77994c6ead810e7a09ece3a292511f488a..64a593aaea39204c13242c11c3641560b21e60a1 100644 (file)
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -790,22 +790,27 @@ static int setupSharedRO(const std::string &pkg_name, bool enabledSharedRO, cons
     if (enabledSharedRO) {
         userPkgAppsRWSharedDir = userAppsRWSharedDir + pkg_name;
         userPkgAppsRWSharedTmpDir = userAppsRWDir + "/.shared_tmp/" + pkg_name;
-        ret = MountNS::bindMountRW(userPkgAppsRWSharedDir, userPkgAppsRWSharedTmpDir);
-        if (ret != SECURITY_MANAGER_SUCCESS)
-            return ret;
+        if (FS::directoryStatus(userPkgAppsRWSharedDir) > 0 && FS::directoryStatus(userPkgAppsRWSharedTmpDir) > 0) {
+            ret = MountNS::bindMountRW(userPkgAppsRWSharedDir, userPkgAppsRWSharedTmpDir);
+            if (ret != SECURITY_MANAGER_SUCCESS)
+                return ret;
+        } else {
+            LogError("Can't bind mount sharedRO, some directories don't exist for pkg " << pkg_name << "; continuing operation");
+            enabledSharedRO = false;
+        }
     }
 
-    ret = MountNS::bindMountRO(userAppsRWSharedDir, userAppsRWSharedDir);
-    if (ret != SECURITY_MANAGER_SUCCESS)
-        return ret;
-
-    if (enabledSharedRO) {
-        ret = MountNS::bindMountRW(userPkgAppsRWSharedTmpDir, userPkgAppsRWSharedDir);
+    if (FS::directoryStatus(userAppsRWSharedDir) > 0) {
+        ret = MountNS::bindMountRO(userAppsRWSharedDir, userAppsRWSharedDir);
         if (ret != SECURITY_MANAGER_SUCCESS)
             return ret;
-    }
+    } else
+        LogError("Can't bind mount sharedRO for pkg " << pkg_name << ", dir " << userAppsRWSharedDir << " doesn't exist; continuing operation");
 
-    return SECURITY_MANAGER_SUCCESS;
+    if (enabledSharedRO)
+        ret = MountNS::bindMountRW(userPkgAppsRWSharedTmpDir, userPkgAppsRWSharedDir);
+
+    return ret;
 }
 
 static int applyPrivileges(const MountNS::PrivilegePathsMap &privilegePathMap,