From: Sabera Djelti (sdi2) Date: Mon, 8 Sep 2014 13:09:00 +0000 (+0200) Subject: Fix permission management X-Git-Tag: accepted/tizen/common/20140917.103347~2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=080157140f094f08b00a41abe80384aec9d45108;hp=89d97ed351a743f2b2efe564c26de3a0ca87d016;p=platform%2Fcore%2Fappfw%2Fpkgmgr-info.git Fix permission management Database should have correct label and permission Change-Id: Ib38f3e0c6e728a71508f250d545cb669dcaf7fd5 Signed-off-by: Sabera Djelti (sdi2) Signed-off-by: Baptiste DURAND --- diff --git a/include/pkgmgr-info.h b/include/pkgmgr-info.h index cd4e67c..9e41a4b 100755 --- a/include/pkgmgr-info.h +++ b/include/pkgmgr-info.h @@ -4485,7 +4485,7 @@ static int delete_cert_info(const char *pkgid) * @endcode */ int pkgmgrinfo_delete_certinfo(const char *pkgid); - + int pkgmgrinfo_delete_usr_certinfo(const char *pkgid, uid_t uid); /** * @fn int pkgmgrinfo_create_pkgdbinfo(const char *pkgid, pkgmgrinfo_pkgdbinfo_h *handle) * @fn int pkgmgrinfo_create_pkgusrdbinfo(const char *pkgid, pkgmgrinfo_pkgdbinfo_h *handle) diff --git a/parser/pkgmgr_parser_db.c b/parser/pkgmgr_parser_db.c index 4ea7477..b58885f 100755 --- a/parser/pkgmgr_parser_db.c +++ b/parser/pkgmgr_parser_db.c @@ -30,6 +30,7 @@ #include #include #include +#include /* For multi-user support */ #include @@ -51,6 +52,10 @@ #define BUFSIZE 4096 #define OWNER_ROOT 0 +#define SET_SMACK_LABEL(x,uid) \ + if(smack_setlabel((x), (((uid) == GLOBAL_USER)?"*":"User"), SMACK_LABEL_ACCESS)) _LOGE("failed chsmack -a \"User/*\" %s", x); \ + else _LOGD("chsmack -a \"User/*\" %s", x); + sqlite3 *pkgmgr_parser_db; sqlite3 *pkgmgr_cert_db; @@ -263,7 +268,7 @@ static void __insert_serviceapplication_locale_info(gpointer data, gpointer user static void __insert_uiapplication_locale_info(gpointer data, gpointer userdata); static void __insert_pkglocale_info(gpointer data, gpointer userdata); static int __insert_manifest_info_in_db(manifest_x *mfx); -static int __delete_manifest_info_from_db(manifest_x *mfx); +static int __delete_manifest_info_from_db(manifest_x *mfx, uid_t uid); static int __delete_subpkg_info_from_db(char *appid); static int __delete_appinfo_from_db(char *db_table, const char *appid); static int __initialize_db(sqlite3 *db_handle, const char *db_query); @@ -1923,14 +1928,17 @@ static int __delete_subpkg_from_db(manifest_x *mfx) return 0; } -static int __delete_manifest_info_from_db(manifest_x *mfx) +static int __delete_manifest_info_from_db(manifest_x *mfx, uid_t uid) { char query[MAX_QUERY_LEN] = { '\0' }; int ret = -1; uiapplication_x *up = mfx->uiapplication; serviceapplication_x *sp = mfx->serviceapplication; /*Delete from cert table*/ - ret = pkgmgrinfo_delete_certinfo(mfx->package); + if (uid != GLOBAL_USER) + ret = pkgmgrinfo_delete_usr_certinfo(mfx->package, uid); + else + ret = pkgmgrinfo_delete_certinfo(mfx->package); if (ret) { _LOGD("Cert Info DB Delete Failed\n"); return -1; @@ -2153,28 +2161,30 @@ static int parserdb_change_perm(const char *db_file, uid_t uid) char journal_file[BUFSIZE]; char *files[3]; int ret, i; - struct group *grpinfo = NULL; + struct passwd *userinfo = NULL; files[0] = (char *)db_file; files[1] = journal_file; files[2] = NULL; - const char *name = "users"; - - if(db_file == NULL) - return -1; if(db_file == NULL) return -1; + if(getuid() != OWNER_ROOT) //At this time we should be root to apply this + return 0; snprintf(journal_file, sizeof(journal_file), "%s%s", db_file, "-journal"); - grpinfo = getgrnam(name); - if(grpinfo == NULL){ - _LOGD("getgrnam(users) returns NULL !"); + userinfo = getpwuid(uid); + if (!userinfo) { + _LOGE("FAIL: user %d doesn't exist", uid); + return -1; } + snprintf(journal_file, sizeof(journal_file), "%s%s", db_file, "-journal"); + for (i = 0; files[i]; i++) { - ret = chown(files[i], uid, (gid_t)grpinfo->gr_gid); + ret = chown(files[i], uid, userinfo->pw_gid); + SET_SMACK_LABEL(files[i],uid) if (ret == -1) { strerror_r(errno, buf, sizeof(buf)); - _LOGD("FAIL : chown %s %d.%d, because %s", db_file, uid, grpinfo->gr_gid, buf); + _LOGD("FAIL : chown %s %d.%d, because %s", db_file, uid, userinfo->pw_gid, buf); return -1; } @@ -2205,14 +2215,11 @@ int pkgmgr_parser_check_and_create_db(uid_t uid) _LOGD("Cert DB creation Failed\n"); return -1; } - - if(uid != GLOBAL_USER) { - if( 0 != parserdb_change_perm(getUserPkgCertDBPathUID(uid), uid)) { - _LOGD("Failed to change cert db permission\n"); - } - if( 0 != parserdb_change_perm(getUserPkgParserDBPathUID(uid), uid)) { - _LOGD("Failed to change parser db permission\n"); - } + if( 0 != parserdb_change_perm(getUserPkgCertDBPathUID(uid), uid)) { + _LOGD("Failed to change cert db permission\n"); + } + if( 0 != parserdb_change_perm(getUserPkgParserDBPathUID(uid), uid)) { + _LOGD("Failed to change parser db permission\n"); } return 0; } @@ -2311,57 +2318,6 @@ err: pkgmgr_parser_close_db(); return ret; } -API int pkgmgr_parser_update_manifest_info_in_db(manifest_x *mfx) -{ - if (mfx == NULL) { - _LOGD("manifest pointer is NULL\n"); - return -1; - } - int ret = 0; - ret = pkgmgr_parser_check_and_create_db(GLOBAL_USER); - if (ret == -1) { - _LOGD("Failed to open DB\n"); - return ret; - } - ret = pkgmgr_parser_initialize_db(); - if (ret == -1) - goto err; - /*Preserve guest mode visibility*/ - __preserve_guestmode_visibility_value( mfx); - /*Begin transaction*/ - ret = sqlite3_exec(pkgmgr_parser_db, "BEGIN EXCLUSIVE", NULL, NULL, NULL); - if (ret != SQLITE_OK) { - _LOGD("Failed to begin transaction\n"); - ret = -1; - goto err; - } - _LOGD("Transaction Begin\n"); - ret = __delete_manifest_info_from_db(mfx); - if (ret == -1) { - _LOGD("Delete from DB failed. Rollback now\n"); - sqlite3_exec(pkgmgr_parser_db, "ROLLBACK", NULL, NULL, NULL); - goto err; - } - ret = __insert_manifest_info_in_db(mfx); - if (ret == -1) { - _LOGD("Insert into DB failed. Rollback now\n"); - sqlite3_exec(pkgmgr_parser_db, "ROLLBACK", NULL, NULL, NULL); - goto err; - } - - /*Commit transaction*/ - ret = sqlite3_exec(pkgmgr_parser_db, "COMMIT", NULL, NULL, NULL); - if (ret != SQLITE_OK) { - _LOGD("Failed to commit transaction. Rollback now\n"); - sqlite3_exec(pkgmgr_parser_db, "ROLLBACK", NULL, NULL, NULL); - ret = -1; - goto err; - } - _LOGD("Transaction Commit and End\n"); -err: - pkgmgr_parser_close_db(); - return ret; -} API int pkgmgr_parser_update_manifest_info_in_usr_db(manifest_x *mfx, uid_t uid) { @@ -2388,7 +2344,7 @@ API int pkgmgr_parser_update_manifest_info_in_usr_db(manifest_x *mfx, uid_t uid) goto err; } _LOGD("Transaction Begin\n"); - ret = __delete_manifest_info_from_db(mfx); + ret = __delete_manifest_info_from_db(mfx, uid); if (ret == -1) { _LOGD("Delete from DB failed. Rollback now\n"); sqlite3_exec(pkgmgr_parser_db, "ROLLBACK", NULL, NULL, NULL); @@ -2415,45 +2371,9 @@ err: return ret; } - -API int pkgmgr_parser_delete_manifest_info_from_db(manifest_x *mfx) +API int pkgmgr_parser_update_manifest_info_in_db(manifest_x *mfx) { - if (mfx == NULL) { - _LOGD("manifest pointer is NULL\n"); - return -1; - } - int ret = 0; - ret = pkgmgr_parser_check_and_create_db(GLOBAL_USER); - if (ret == -1) { - _LOGD("Failed to open DB\n"); - return ret; - } - /*Begin transaction*/ - ret = sqlite3_exec(pkgmgr_parser_db, "BEGIN EXCLUSIVE", NULL, NULL, NULL); - if (ret != SQLITE_OK) { - _LOGD("Failed to begin transaction\n"); - ret = -1; - goto err; - } - _LOGD("Transaction Begin\n"); - ret = __delete_manifest_info_from_db(mfx); - if (ret == -1) { - _LOGD("Delete from DB failed. Rollback now\n"); - sqlite3_exec(pkgmgr_parser_db, "ROLLBACK", NULL, NULL, NULL); - goto err; - } - /*Commit transaction*/ - ret = sqlite3_exec(pkgmgr_parser_db, "COMMIT", NULL, NULL, NULL); - if (ret != SQLITE_OK) { - _LOGD("Failed to commit transaction, Rollback now\n"); - sqlite3_exec(pkgmgr_parser_db, "ROLLBACK", NULL, NULL, NULL); - ret = -1; - goto err; - } - _LOGD("Transaction Commit and End\n"); -err: - pkgmgr_parser_close_db(); - return ret; + return pkgmgr_parser_update_manifest_info_in_usr_db(mfx, GLOBAL_USER); } API int pkgmgr_parser_delete_manifest_info_from_usr_db(manifest_x *mfx, uid_t uid) @@ -2476,7 +2396,7 @@ API int pkgmgr_parser_delete_manifest_info_from_usr_db(manifest_x *mfx, uid_t ui goto err; } _LOGD("Transaction Begin\n"); - ret = __delete_manifest_info_from_db(mfx); + ret = __delete_manifest_info_from_db(mfx, uid); if (ret == -1) { _LOGD("Delete from DB failed. Rollback now\n"); sqlite3_exec(pkgmgr_parser_db, "ROLLBACK", NULL, NULL, NULL); @@ -2496,6 +2416,11 @@ err: return ret; } +API int pkgmgr_parser_delete_manifest_info_from_db(manifest_x *mfx) +{ + return pkgmgr_parser_delete_manifest_info_from_usr_db(mfx, GLOBAL_USER); +} + API int pkgmgr_parser_update_preload_info_in_db() { int ret = 0; diff --git a/src/pkgmgr-info.c b/src/pkgmgr-info.c index 2c17453..665f042 100755 --- a/src/pkgmgr-info.c +++ b/src/pkgmgr-info.c @@ -74,6 +74,7 @@ #define PKG_RO_PATH tzplatform_mkpath(TZ_SYS_RO_APP, "") #define BLOCK_SIZE 4096 /*in bytes*/ #define BUFSIZE 4096 +#define OWNER_ROOT 0 #define MMC_PATH tzplatform_mkpath(TZ_SYS_STORAGE, "sdcard") #define PKG_SD_PATH tzplatform_mkpath3(TZ_SYS_STORAGE, "sdcard", "app2sd/") @@ -529,25 +530,18 @@ API char *getIconPath(uid_t uid) } asprintf(&result, "%s/.applications/icons/", userinfo->pw_dir); } else { - grpinfo = getgrnam("root"); - if (grpinfo == NULL) { - _LOGE("getgrnam(root) returns NULL !"); - return NULL; - } - if (grpinfo->gr_gid != userinfo->pw_gid) { - _LOGE("UID [%d] does not belong to 'root' group!", uid); - return NULL; - } result = tzplatform_mkpath(TZ_SYS_RW_ICONS, "/"); } int ret; mkdir(result, S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH); - ret = chown(result, uid, grpinfo->gr_gid); - if (ret == -1) { - char buf[BUFSIZE]; - strerror_r(errno, buf, sizeof(buf)); - _LOGE("FAIL : chown %s %d.%d, because %s", result, uid, grpinfo->gr_gid, buf); + if (getuid() == OWNER_ROOT) { + ret = chown(result, uid, ((grpinfo)?grpinfo->gr_gid:0)); + if (ret == -1) { + char buf[BUFSIZE]; + strerror_r(errno, buf, sizeof(buf)); + _LOGE("FAIL : chown %s %d.%d, because %s", result, uid, ((grpinfo)?grpinfo->gr_gid:0), buf); + } } return result; } @@ -583,15 +577,6 @@ API char *getUserPkgParserDBPathUID(uid_t uid) asprintf(&result, "%s/.applications/dbspace/.pkgmgr_parser.db", userinfo->pw_dir); asprintf(&journal, "%s/.applications/dbspace/.pkgmgr_parser.db-journal", userinfo->pw_dir); } else { - grpinfo = getgrnam("root"); - if (grpinfo == NULL) { - _LOGE("getgrnam(root) returns NULL !"); - return NULL; - } - if (grpinfo->gr_gid != userinfo->pw_gid) { - _LOGE("UID [%d] does not belong to 'root' group!", uid); - return NULL; - } result = tzplatform_mkpath(TZ_SYS_DB, ".pkgmgr_parser.db"); journal = tzplatform_mkpath(TZ_SYS_DB, ".pkgmgr_parser-journal.db"); } @@ -606,11 +591,13 @@ API char *getUserPkgParserDBPathUID(uid_t uid) int ret; mkdir(temp, S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH); - ret = chown(dir + 1, uid, grpinfo->gr_gid); - if (ret == -1) { - char buf[BUFSIZE]; - strerror_r(errno, buf, sizeof(buf)); - _LOGE("FAIL : chown %s %d.%d, because %s", dir + 1, uid, grpinfo->gr_gid, buf); + if (getuid() == OWNER_ROOT) { + ret = chown(temp, uid, ((grpinfo)?grpinfo->gr_gid:0)); + if (ret == -1) { + char buf[BUFSIZE]; + strerror_r(errno, buf, sizeof(buf)); + _LOGE("FAIL : chown %s %d.%d, because %s", temp, uid, ((grpinfo)?grpinfo->gr_gid:0), buf); + } } free(temp); return result; @@ -650,11 +637,6 @@ API char *getUserPkgCertDBPathUID(uid_t uid) } else { result = tzplatform_mkpath(TZ_SYS_DB, ".pkgmgr_cert.db"); result = tzplatform_mkpath(TZ_SYS_DB, ".pkgmgr_cert-journal.db"); - grpinfo = getgrnam("root"); - if (grpinfo == NULL) { - _LOGE("getgrnam(root) returns NULL !"); - return NULL; - } } char *temp = strdup(result); dir = strrchr(temp, '/'); @@ -667,11 +649,13 @@ API char *getUserPkgCertDBPathUID(uid_t uid) int ret; mkdir(temp, S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH); - ret = chown(dir + 1, uid, grpinfo->gr_gid); - if (ret == -1) { - char buf[BUFSIZE]; - strerror_r(errno, buf, sizeof(buf)); - _LOGE("FAIL : chown %s %d.%d, because %s", dir + 1, uid, grpinfo->gr_gid, buf); + if (getuid() == OWNER_ROOT) { + ret = chown(temp, uid, ((grpinfo)?grpinfo->gr_gid:0)); + if (ret == -1) { + char buf[BUFSIZE]; + strerror_r(errno, buf, sizeof(buf)); + _LOGE("FAIL : chown %s %d.%d, because %s", temp, uid, ((grpinfo)?grpinfo->gr_gid:0), buf); + } } free(temp); return result; @@ -702,25 +686,18 @@ API const char* getUserDesktopPath(uid_t uid) } asprintf(&result, "%s/.applications/desktop/", userinfo->pw_dir); } else { - grpinfo = getgrnam("root"); - if (grpinfo == NULL) { - _LOGE("getgrnam(root) returns NULL !"); - return NULL; - } - if (grpinfo->gr_gid != userinfo->pw_gid) { - _LOGE("UID [%d] does not belong to 'root' group!", uid); - return NULL; - } result = tzplatform_mkpath(TZ_SYS_RW_DESKTOP_APP, "/"); } int ret; mkdir(result, S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH); - ret = chown(result, uid, grpinfo->gr_gid); - if (ret == -1) { - char buf[BUFSIZE]; - strerror_r(errno, buf, sizeof(buf)); - _LOGE("FAIL : chown %s %d.%d, because %s", result, uid, grpinfo->gr_gid, buf); + if (getuid() == OWNER_ROOT) { + ret = chown(result, uid,((grpinfo)?grpinfo->gr_gid:0)); + if (ret == -1) { + char buf[BUFSIZE]; + strerror_r(errno, buf, sizeof(buf)); + _LOGE("FAIL : chown %s %d.%d, because %s", result, uid, ((grpinfo)?grpinfo->gr_gid:0), buf); + } } return result; } @@ -750,25 +727,18 @@ API const char* getUserManifestPath(uid_t uid) } asprintf(&result, "%s/.config/xwalk-service/applications/", userinfo->pw_dir); } else { - grpinfo = getgrnam("root"); - if (grpinfo == NULL) { - _LOGE("getgrnam(root) returns NULL !"); - return NULL; - } - if (grpinfo->gr_gid != userinfo->pw_gid) { - _LOGE("UID [%d] does not belong to 'root' group!", uid); - return NULL; - } result = tzplatform_mkpath(TZ_SYS_RW_PACKAGES, "/"); } int ret; mkdir(result, S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH); - ret = chown(result, uid, grpinfo->gr_gid); - if (ret == -1) { - char buf[BUFSIZE]; - strerror_r(errno, buf, sizeof(buf)); - _LOGE("FAIL : chown %s %d.%d, because %s", result, uid, grpinfo->gr_gid, buf); + if (getuid() == OWNER_ROOT) { + ret = chown(result, uid, ((grpinfo)?grpinfo->gr_gid:0)); + if (ret == -1) { + char buf[BUFSIZE]; + strerror_r(errno, buf, sizeof(buf)); + _LOGE("FAIL : chown %s %d.%d, because %s", result, uid, ((grpinfo)?grpinfo->gr_gid:0), buf); + } } return result; @@ -7429,15 +7399,15 @@ API int pkgmgrinfo_destroy_certinfo_set_handle(pkgmgrinfo_instcertinfo_h handle) return PMINFO_R_OK; } -API int pkgmgrinfo_delete_certinfo(const char *pkgid) +API int pkgmgrinfo_delete_usr_certinfo(const char *pkgid, uid_t uid) { retvm_if(pkgid == NULL, PMINFO_R_EINVAL, "Argument supplied is NULL\n"); int ret = -1; /*Open db.*/ - ret = db_util_open_with_options(getUserPkgCertDBPath(), &cert_db, + ret = db_util_open_with_options(getUserPkgCertDBPathUID(uid), &cert_db, SQLITE_OPEN_READWRITE, NULL); if (ret != SQLITE_OK) { - _LOGE("connect db [%s] failed!\n", getUserPkgCertDBPath()); + _LOGE("connect db [%s] failed!\n", getUserPkgCertDBPathUID(uid)); ret = PMINFO_R_ERROR; goto err; } @@ -7471,6 +7441,12 @@ err: return ret; } + +API int pkgmgrinfo_delete_certinfo(const char *pkgid) +{ + return pkgmgrinfo_delete_usr_certinfo(pkgid, GLOBAL_USER); +} + API int pkgmgrinfo_create_pkgusrdbinfo(const char *pkgid, uid_t uid, pkgmgrinfo_pkgdbinfo_h *handle) { retvm_if(!pkgid, PMINFO_R_EINVAL, "pkgid is NULL");