Check if smack privilege mapping is enabled

Check is Smack privilege mapping contains any configuration -
meaning if it is enabled.

Change-Id: Iac9aaa79ed8e3fdd854826c12d93e11a5ee4cba0

diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
index 0724ad6..22b1c9f 100644 (file)
--- a/src/common/include/smack-rules.h
+++ b/src/common/include/smack-rules.h
@@ -60,6 +60,13 @@ public:
         const Smack::Labels &pkgLabels);
 
     /**
+     * Check if Smack privilege mapping is enabled in configuration.
+     *
+     * Returns true if mapping is enabled, false otherwise.
+     */
+    bool isPrivilegeMappingEnabled() const;
+
+    /**
      * Enable privilege-specific smack rules for given application
      *
      * Function creates privilege-specific smack rules using predefined templates.

diff --git a/src/common/include/template-manager.h b/src/common/include/template-manager.h
index d9f8a3f..3d9ed07 100644 (file)
--- a/src/common/include/template-manager.h
+++ b/src/common/include/template-manager.h
@@ -44,6 +44,7 @@ public:
     void init();
     Smack::TemplateRules getRules(Type type, const std::string &privName = "") const;
     Smack::Label getPrivilegeLabel(const std::string &privName) const;
+    bool isPrivilegeMappingEnabled() const;
 
 private:
     void loadFiles();

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index dad2287..289af07 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -2168,7 +2168,9 @@ int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName
 
     SmackLabels::revokeSubject(label);
     m_smackRules.installApplicationRules(label, pkgName, authorId, pkgLabels);
-    m_smackRules.enablePrivilegeRules(label, pkgName, authorId, allowedPrivileges);
+
+    if (m_smackRules.isPrivilegeMappingEnabled())
+        m_smackRules.enablePrivilegeRules(label, pkgName, authorId, allowedPrivileges);
 
     ret = getForbiddenAndAllowedGroups(label, allowedPrivileges, forbiddenGroups,
                                        allowedGroups);

diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
index 54a41e6..ee76525 100644 (file)
--- a/src/common/smack-rules.cpp
+++ b/src/common/smack-rules.cpp
@@ -194,6 +194,12 @@ void SmackRules::installApplicationRules(
     updatePackageRules(pkgName, pkgLabels);
 }
 
+bool SmackRules::isPrivilegeMappingEnabled() const
+{
+    static bool isEnabled = m_templateMgr.isPrivilegeMappingEnabled();
+    return isEnabled;
+}
+
 void SmackRules::enablePrivilegeRules(
         const Smack::Label &appProcessLabel,
         const std::string &pkgName,

diff --git a/src/common/template-manager.cpp b/src/common/template-manager.cpp
index 49b8c9a..9f64892 100644 (file)
--- a/src/common/template-manager.cpp
+++ b/src/common/template-manager.cpp
@@ -109,6 +109,11 @@ void TemplateManager::loadFiles()
     }
 }
 
+bool TemplateManager::isPrivilegeMappingEnabled() const
+{
+    return !m_privMapping.empty();
+}
+
 TemplateManager::PrivMapping
 TemplateManager::getPrivMapping(const std::string &privName) const
 {