return SECURITY_MANAGER_ERROR_SERVER_ERROR;
}
- auto setSytemUid = [&]() -> int {
- return try_catch([&]() -> int {
- auto systemUid = getSystemUid();
+ switch (type) {
+ case (process_type::SM_PROCESS_TYPE_SYSTEM):
+ case (process_type::SM_PROCESS_TYPE_SYSTEM_PRIVILEGED):
+ return try_catch([&] {
+ uid_t systemUid = getSystemUid();
if (setuid(systemUid)) {
- LogError("Failed to set UID " << systemUid << " for current process");
+ LogErrno("Failed to set UID " << systemUid << " for current process");
return SECURITY_MANAGER_ERROR_UNKNOWN;
}
return SECURITY_MANAGER_SUCCESS;
});
- };
-
- switch (type) {
- case (process_type::SM_PROCESS_TYPE_SYSTEM):
- case (process_type::SM_PROCESS_TYPE_SYSTEM_PRIVILEGED):
- return setSytemUid();
case (process_type::SM_PROCESS_TYPE_APP):
if (app_id == nullptr) {
LogError("app_id is NULL");
return ret;
}
- if (setuid(puid)) {
- LogError("Failed to set UID " << puid << "for current process");
- return SECURITY_MANAGER_ERROR_UNKNOWN;
+ // It's important to assign the group first and only then change the PUID
+ if (!agidString.empty())
+ {
+ gid_t groups[] = { agid };
+ if (setgroups(1, groups)) {
+ LogErrno("Failed to set supplementary group " << agid << " for current process");
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
}
- if (agidString.empty())
- return SECURITY_MANAGER_SUCCESS;
-
- gid_t groups[] = { agid };
- if (setgroups(1, groups)) {
- LogError("Failed to set supplementary group " << agid << "for current process");
+ if (setuid(puid)) {
+ LogErrno("Failed to set UID " << puid << " for current process");
return SECURITY_MANAGER_ERROR_UNKNOWN;
}
+
return SECURITY_MANAGER_SUCCESS;
}
- return SECURITY_MANAGER_SUCCESS;
+ return SECURITY_MANAGER_ERROR_SERVER_ERROR;
}
projects / platform / core / security / security-manager.git / commitdiff