Check if smack privilege mapping is enabled

Check is Smack privilege mapping contains any configuration -
meaning if it is enabled.

Change-Id: Iac9aaa79ed8e3fdd854826c12d93e11a5ee4cba0

diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
index 0724ad6dd3abd5c608caf6791142a18846bfd926..22b1c9f40e975fe1980a1c8cb7c81efc57a46023 100644 (file)
--- a/src/common/include/smack-rules.h
+++ b/src/common/include/smack-rules.h
@@ -59,6 +59,13 @@ public:
         const int authorId,
         const Smack::Labels &pkgLabels);
 
+    /**
+     * Check if Smack privilege mapping is enabled in configuration.
+     *
+     * Returns true if mapping is enabled, false otherwise.
+     */
+    bool isPrivilegeMappingEnabled() const;
+
     /**
      * Enable privilege-specific smack rules for given application
      *

diff --git a/src/common/include/template-manager.h b/src/common/include/template-manager.h
index d9f8a3f70847cf7e415ed443e8d002ca7a0443a4..3d9ed07c40cd7fa6a916f4b9eda661f4d8692fa8 100644 (file)
--- a/src/common/include/template-manager.h
+++ b/src/common/include/template-manager.h
@@ -44,6 +44,7 @@ public:
     void init();
     Smack::TemplateRules getRules(Type type, const std::string &privName = "") const;
     Smack::Label getPrivilegeLabel(const std::string &privName) const;
+    bool isPrivilegeMappingEnabled() const;
 
 private:
     void loadFiles();

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index dad228729296c51568b30d343715e051ae628ff5..289af0790e4f182d8a5177bab17c60b853f294d0 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -2168,7 +2168,9 @@ int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName
 
     SmackLabels::revokeSubject(label);
     m_smackRules.installApplicationRules(label, pkgName, authorId, pkgLabels);
-    m_smackRules.enablePrivilegeRules(label, pkgName, authorId, allowedPrivileges);
+
+    if (m_smackRules.isPrivilegeMappingEnabled())
+        m_smackRules.enablePrivilegeRules(label, pkgName, authorId, allowedPrivileges);
 
     ret = getForbiddenAndAllowedGroups(label, allowedPrivileges, forbiddenGroups,
                                        allowedGroups);

diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
index 54a41e62a6fc6c9baab47c3fc4360d51ff3e2d38..ee765257400d32da421c221e87672157d0cf7b75 100644 (file)
--- a/src/common/smack-rules.cpp
+++ b/src/common/smack-rules.cpp
@@ -194,6 +194,12 @@ void SmackRules::installApplicationRules(
     updatePackageRules(pkgName, pkgLabels);
 }
 
+bool SmackRules::isPrivilegeMappingEnabled() const
+{
+    static bool isEnabled = m_templateMgr.isPrivilegeMappingEnabled();
+    return isEnabled;
+}
+
 void SmackRules::enablePrivilegeRules(
         const Smack::Label &appProcessLabel,
         const std::string &pkgName,

diff --git a/src/common/template-manager.cpp b/src/common/template-manager.cpp
index 49b8c9a0f4f78c56d3f6db80e29ff207d7f5bf01..9f648920529eaa60dfd2648623eadd7e77c7a17c 100644 (file)
--- a/src/common/template-manager.cpp
+++ b/src/common/template-manager.cpp
@@ -109,6 +109,11 @@ void TemplateManager::loadFiles()
     }
 }
 
+bool TemplateManager::isPrivilegeMappingEnabled() const
+{
+    return !m_privMapping.empty();
+}
+
 TemplateManager::PrivMapping
 TemplateManager::getPrivMapping(const std::string &privName) const
 {