#include "common/security_registration.h"
+#include <boost/filesystem/operations.hpp>
#include <security-manager.h>
+#include <utility>
+#include <vector>
+
#include "common/utils/clist_helpers.h"
#include "common/utils/logging.h"
namespace {
+const std::vector<std::pair<const char*,
+ app_install_path_type>> kSecurityPolicies = {
+ {"/", SECURITY_MANAGER_PATH_RO},
+ {"bin/", SECURITY_MANAGER_PATH_RO},
+ {"data/", SECURITY_MANAGER_PATH_RW},
+ {"cache/", SECURITY_MANAGER_PATH_RW},
+ {"lib/", SECURITY_MANAGER_PATH_RO},
+ {"res/", SECURITY_MANAGER_PATH_RO},
+ {"shared/", SECURITY_MANAGER_PATH_PUBLIC_RO},
+ {"tmp/", SECURITY_MANAGER_PATH_RW}
+};
+
bool PrepareRequest(const std::string& app_id, const std::string& pkg_id,
const boost::filesystem::path& path, manifest_x* manifest,
app_inst_req* req) {
}
if (!path.empty()) {
- error = security_manager_app_inst_req_add_path(req, path.string().c_str(),
- SECURITY_MANAGER_PATH_PRIVATE);
- if (error != SECURITY_MANAGER_SUCCESS) {
- return false;
+ for (auto& policy : kSecurityPolicies) {
+ bf::path subpath = path / policy.first;
+ if (bf::exists(subpath)) {
+ error = security_manager_app_inst_req_add_path(req, subpath.c_str(),
+ policy.second);
+ if (error != SECURITY_MANAGER_SUCCESS) {
+ return false;
+ }
+ }
}
}