Properly handle missing/invalid smack privilege policy

author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Mon, 27 Apr 2020 08:41:32 +0000 (10:41 +0200)

committer Dariusz Michaluk <d.michaluk@samsung.com>

Wed, 13 May 2020 15:19:25 +0000 (15:19 +0000)
author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Mon, 27 Apr 2020 08:41:32 +0000 (10:41 +0200)
committer Dariusz Michaluk <d.michaluk@samsung.com>
Wed, 13 May 2020 15:19:25 +0000 (15:19 +0000)
diff --git a/src/common/include/template-manager.h b/src/common/include/template-manager.h

index bb6aba9..13440e8 100644 (file)
--- a/src/common/include/template-manager.h
+++ b/src/common/include/template-manager.h
@@ -46,7 +46,6 @@ public:
          APP_RULES_TEMPLATE,
          PKG_RULES_TEMPLATE,
          AUTHOR_RULES_TEMPLATE,
-        PRIV_DEFAULT_RULES_TEMPLATE,
          PRIV_RULES_TEMPLATE
      };
      void init();
diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp

index 68aac2f..1a2928e 100644 (file)
--- a/src/common/smack-rules.cpp
+++ b/src/common/smack-rules.cpp
@@ -141,6 +141,7 @@ void SmackRules::addFromPrivTemplate(
              LogWarning("Unsupported rule <"
                         << rule.subject << " " << rule.object << " " << rule.permissions
                         << "> detected. Ignoring");
+            continue;
          }
  
          strReplace(rule.subject, SMACK_PROCESS_LABEL_TEMPLATE, appProcessLabel);
diff --git a/src/common/template-manager.cpp b/src/common/template-manager.cpp

index c41fa69..9aa0f39 100644 (file)
--- a/src/common/template-manager.cpp
+++ b/src/common/template-manager.cpp
@@ -42,8 +42,7 @@ const std::string PRIV_TEMPLATE_DEFAULT_FILE = PRIV_MAPPING_SUBDIR + "/"
  const std::map<TemplateManager::Type, std::string> TEMPLATE_PATH_MAP = {
      {TemplateManager::Type::APP_RULES_TEMPLATE, "app-rules-template.smack"},
      {TemplateManager::Type::PKG_RULES_TEMPLATE, "pkg-rules-template.smack"},
-    {TemplateManager::Type::AUTHOR_RULES_TEMPLATE, "author-rules-template.smack"},
-    {TemplateManager::Type::PRIV_DEFAULT_RULES_TEMPLATE, PRIV_TEMPLATE_DEFAULT_FILE}
+    {TemplateManager::Type::AUTHOR_RULES_TEMPLATE, "author-rules-template.smack"}
  };
  
  const std::string PRIV_TEMPLATE_DEFAULT = "default";
@@ -76,14 +75,19 @@ std::string TemplateManager::getPolicyFile(enum TemplateManager::Type policyFile
  void TemplateManager::loadFiles()
  {
      std::string path = m_rootDir + "/" + PRIVILEGE_SMACK_LIST_FILE;
-    auto raw = ConfigFile(path).read();
+    std::vector<std::vector<std::string>> raw;
+    try {
+        raw = ConfigFile(path).read();
+    } catch (const FS::Exception::FileError& e) {
+        LogWarning(e.GetMessage());
+    }
      for(auto &privMapping : raw) {
  
          if (privMapping.size() != 3) {
-            std::string errorMsg = "Invalid mapping template: " + std::to_string(privMapping.size())
+            std::string warningMsg = "Invalid mapping template: " + std::to_string(privMapping.size())
                  + " tokens in file " + path + ". Expected 3.";
-            LogError(errorMsg);
-            ThrowMsg(SmackException::FileError, errorMsg);
+            LogWarning(warningMsg);
+            continue;
          }
  
          auto &privName = privMapping[0];
author	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Mon, 27 Apr 2020 08:41:32 +0000 (10:41 +0200)
committer	Dariusz Michaluk <d.michaluk@samsung.com>
	Wed, 13 May 2020 15:19:25 +0000 (15:19 +0000)
src/common/include/template-manager.h		patch \| blob \| history
src/common/smack-rules.cpp		patch \| blob \| history
src/common/template-manager.cpp		patch \| blob \| history