static_cast<int>(CynaraAdminPolicy::Operation::Allow),
policies);
- int askUserPolicy = convertToPolicyType(Config::PRIVACY_POLICY_DESC);
-
- std::vector<std::string> privacyPrivileges;
- for (auto &p : privileges)
- if (isPrivacy(p))
- privacyPrivileges.push_back(p);
-
- // 2nd, performing operation on PRIVACY_MANAGER bucket for all affected users
- if (user == CYNARA_ADMIN_WILDCARD) {
- // perform bucket setting for all users in the system, app is installed for everyone
- std::vector<uid_t> users;
- ListUsers(users);
- for (uid_t id : users) {
- calcPolicies(std::to_string(id), privacyPrivileges,
- Buckets.at(Bucket::PRIVACY_MANAGER),
+ if (Config::IS_ASKUSER_ENABLED) {
+ int askUserPolicy = convertToPolicyType(Config::PRIVACY_POLICY_DESC);
+
+ std::vector<std::string> privacyPrivileges;
+ for (auto &p : privileges)
+ if (isPrivacy(p))
+ privacyPrivileges.push_back(p);
+
+ // 2nd, performing operation on PRIVACY_MANAGER bucket for all affected users
+ if (user == CYNARA_ADMIN_WILDCARD) {
+ // perform bucket setting for all users in the system, app is installed for everyone
+ std::vector<uid_t> users;
+ ListUsers(users);
+ for (uid_t id : users) {
+ calcPolicies(std::to_string(id), privacyPrivileges,
+ Buckets.at(Bucket::PRIVACY_MANAGER),
+ askUserPolicy, policies);
+ }
+ } else {
+ // local single user installation, do it only for that particular user
+ calcPolicies(user, privacyPrivileges, Buckets.at(Bucket::PRIVACY_MANAGER),
askUserPolicy, policies);
}
- } else {
- // local single user installation, do it only for that particular user
- calcPolicies(user, privacyPrivileges, Buckets.at(Bucket::PRIVACY_MANAGER),
- askUserPolicy, policies);
}
-
SetPolicies(policies);
}
Buckets.at(bucket),
Buckets.at(Bucket::MAIN)));
- // for each global app: retrieve its privacy-related privileges and set
- // their policy in PRIVACY_MANAGER bucket to "Ask user"
- int askUserPolicy = convertToPolicyType(Config::PRIVACY_POLICY_DESC);
+ if (Config::IS_ASKUSER_ENABLED) {
+ // for each global app: retrieve its privacy-related privileges and set
+ // their policy in PRIVACY_MANAGER bucket to "Ask user"
+ int askUserPolicy = convertToPolicyType(Config::PRIVACY_POLICY_DESC);
- std::vector<CynaraAdminPolicy> appPolicies;
- CynaraAdmin::getInstance().ListPolicies(CynaraAdmin::Buckets.at(Bucket::MANIFESTS),
- CYNARA_ADMIN_ANY, CYNARA_ADMIN_WILDCARD,
- CYNARA_ADMIN_ANY, appPolicies);
+ std::vector<CynaraAdminPolicy> appPolicies;
+ CynaraAdmin::getInstance().ListPolicies(CynaraAdmin::Buckets.at(Bucket::MANIFESTS),
+ CYNARA_ADMIN_ANY, CYNARA_ADMIN_WILDCARD,
+ CYNARA_ADMIN_ANY, appPolicies);
- for (CynaraAdminPolicy &policy : appPolicies)
- if (isPrivacy(policy.privilege))
- policies.push_back(CynaraAdminPolicy(policy.client,
+ for (CynaraAdminPolicy &policy : appPolicies)
+ if (isPrivacy(policy.privilege))
+ policies.push_back(CynaraAdminPolicy(policy.client,
userStr,
policy.privilege,
askUserPolicy,
Buckets.at(Bucket::PRIVACY_MANAGER)));
+ }
CynaraAdmin::getInstance().SetPolicies(policies);
}
bool ServiceImpl::isPrivilegePrivacy(const std::string &privilege)
{
- int ret = privilege_info_is_privacy(privilege.c_str());
- if (ret == 1)
- return true;
- if (ret != 0)
- LogError("privilege_info_is_privacy called with " << privilege << " returned error: " << ret);
- // FIXME: we should probably disallow such installation where privilege is not known
- // However, currently privielge-checker seems to return -1 with so many real privileges
- // that it would make ask-user testing impossible.
+ if (Config::IS_ASKUSER_ENABLED) {
+ int ret = privilege_info_is_privacy(privilege.c_str());
+ if (ret == 1)
+ return true;
+ if (ret != 0)
+ LogError("privilege_info_is_privacy called with " << privilege << " returned error: " << ret);
+ // FIXME: we should probably disallow such installation where privilege is not known
+ // However, currently privielge-checker seems to return -1 with so many real privileges
+ // that it would make ask-user testing impossible.
+ }
return false;
}
projects / platform / core / security / security-manager.git / commitdiff