const Smack::Labels &pkgLabels);
/**
+ * Check if Smack privilege mapping is enabled in configuration.
+ *
+ * Returns true if mapping is enabled, false otherwise.
+ */
+ bool isPrivilegeMappingEnabled() const;
+
+ /**
* Enable privilege-specific smack rules for given application
*
* Function creates privilege-specific smack rules using predefined templates.
void init();
Smack::TemplateRules getRules(Type type, const std::string &privName = "") const;
Smack::Label getPrivilegeLabel(const std::string &privName) const;
+ bool isPrivilegeMappingEnabled() const;
private:
void loadFiles();
SmackLabels::revokeSubject(label);
m_smackRules.installApplicationRules(label, pkgName, authorId, pkgLabels);
- m_smackRules.enablePrivilegeRules(label, pkgName, authorId, allowedPrivileges);
+
+ if (m_smackRules.isPrivilegeMappingEnabled())
+ m_smackRules.enablePrivilegeRules(label, pkgName, authorId, allowedPrivileges);
ret = getForbiddenAndAllowedGroups(label, allowedPrivileges, forbiddenGroups,
allowedGroups);
updatePackageRules(pkgName, pkgLabels);
}
+bool SmackRules::isPrivilegeMappingEnabled() const
+{
+ static bool isEnabled = m_templateMgr.isPrivilegeMappingEnabled();
+ return isEnabled;
+}
+
void SmackRules::enablePrivilegeRules(
const Smack::Label &appProcessLabel,
const std::string &pkgName,
}
}
+bool TemplateManager::isPrivilegeMappingEnabled() const
+{
+ return !m_privMapping.empty();
+}
+
TemplateManager::PrivMapping
TemplateManager::getPrivMapping(const std::string &privName) const
{