From: Zofia Abramowska <z.abramowska@samsung.com>
Date: Thu, 26 Mar 2020 12:47:59 +0000 (+0100)
Subject: Change privilege and privilege status vector names for clarity
X-Git-Tag: submit/tizen/20200421.142342~15
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=388432915d33959ce1237b1fe0840e8c3896df46;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git

Change privilege and privilege status vector names for clarity

PrivilegeVector and privilegeStatusVector passed to prepareApp are not
general privileges, but privileges related to paths. This commit
changes variables names to make it more clear.

Change-Id: I66a05ea0db305ded53ed1d47f60496cd5fda8636
---

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index 33665dc1..576bcf98 100644
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -466,7 +466,7 @@ static int fetchForbiddenAndAllowedGroups(const std::string &appName, std::vecto
 
 static int prepareAppInitialSetupAndFetch(const std::string &appName, const MountNS::PrivilegePathsMap &privilegePathsMap, std::string &label,
         std::string &pkgName, bool &enabledSharedRO, std::vector<gid_t> &forbiddenGroups, std::vector<gid_t> &allowedGroups,
-        std::vector<bool> &privilegeStatusVector)
+        std::vector<bool> &privPathsStatusVector)
 {
     ClientRequest request(SecurityModuleCall::PREPARE_APP);
     if (request.send(appName, serializeKeysAsVector(privilegePathsMap)).failed()) {
@@ -474,7 +474,7 @@ static int prepareAppInitialSetupAndFetch(const std::string &appName, const Moun
         return request.getStatus();
     }
 
-    request.recv(forbiddenGroups, allowedGroups, privilegeStatusVector, label, pkgName, enabledSharedRO);
+    request.recv(forbiddenGroups, allowedGroups, privPathsStatusVector, label, pkgName, enabledSharedRO);
     return SECURITY_MANAGER_SUCCESS;
 }
 
@@ -831,13 +831,13 @@ static int setupSharedRO(const std::string &pkg_name, bool enabledSharedRO, cons
 }
 
 static int applyPrivileges(const MountNS::PrivilegePathsMap &privilegePathMap,
-        const std::vector<bool> &privilegeStatusVector, const std::string &appLabel)
+        const std::vector<bool> &privPathsStatusVector, const std::string &appLabel)
 {
-    if (privilegeStatusVector.empty())
+    if (privPathsStatusVector.empty())
         return SECURITY_MANAGER_SUCCESS;
 
     auto it = privilegePathMap.begin();
-    for (const auto &privilegeStatus : privilegeStatusVector) {
+    for (const auto &privilegeStatus : privPathsStatusVector) {
 
         for (auto &privilegePath : it->second) {
             if (FS::directoryStatus(privilegePath.dstPath) == 0) {
@@ -882,7 +882,7 @@ int security_manager_prepare_app_candidate(void)
 }
 
 static inline int security_manager_setup_namespace_internal(const MountNS::PrivilegePathsMap &privilegePathMap,
-        const std::string &pkg_name, bool enabledSharedRO, const std::vector<bool> &privilegeStatusVector,
+        const std::string &pkg_name, bool enabledSharedRO, const std::vector<bool> &privPathsStatusVector,
         const std::string &app_label)
 {
     // mount namespace setup was made by other process when userAppsRWSharedDir is read only, we can skip it
@@ -900,7 +900,7 @@ static inline int security_manager_setup_namespace_internal(const MountNS::Privi
         return ret;
     }
 
-    ret = applyPrivileges(privilegePathMap, privilegeStatusVector, app_label);
+    ret = applyPrivileges(privilegePathMap, privPathsStatusVector, app_label);
     if (ret != SECURITY_MANAGER_SUCCESS) {
         LogError("Failed to setup app namespace: " << security_manager_strerror(static_cast<lib_retcode>(ret)));
         return ret;
@@ -926,10 +926,10 @@ int security_manager_prepare_app(const char *app_name)
         std::string appLabel, pkgName;
         bool enabledSharedRO;
         std::vector<gid_t> forbiddenGroups, allowedGroups;
-        std::vector<bool> privilegeStatusVector;
+        std::vector<bool> privPathsStatusVector;
         auto privilegePathMap = MountNS::getPrivilegePathMap(getuid());
         int ret = prepareAppInitialSetupAndFetch(app_name, privilegePathMap, appLabel, pkgName, enabledSharedRO,
-                forbiddenGroups, allowedGroups, privilegeStatusVector);
+                forbiddenGroups, allowedGroups, privPathsStatusVector);
         if (ret != SECURITY_MANAGER_SUCCESS) {
             LogError("Failed to get app info for appName: " << app_name);
             return ret;
@@ -941,7 +941,7 @@ int security_manager_prepare_app(const char *app_name)
             return ret;
         }
 
-        ret = security_manager_setup_namespace_internal(privilegePathMap, pkgName, enabledSharedRO, privilegeStatusVector, appLabel);
+        ret = security_manager_setup_namespace_internal(privilegePathMap, pkgName, enabledSharedRO, privPathsStatusVector, appLabel);
         if (ret != SECURITY_MANAGER_SUCCESS) {
             LogError("Unable to setup namespace for application " << app_name);
             return ret;
diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index 76239b2c..fd8e7a1d 100644
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -367,21 +367,21 @@ public:
     /**
      * Get app info (process label, package name, shared_ro flag)
      *
-     * @param[in] creds            credentials of the requesting process
-     * @param[in] appName          application identifier
-     * @param[in] privilegeVector  privileges to query
+     * @param[in] creds                  credentials of the requesting process
+     * @param[in] appName                application identifier
+     * @param[in] pathPrivVector         paths related privileges to query
      * @param[out] label                 generated label
      * @param[out] pkgName               application package name
      * @param[out] enabledSharedRO       placeholder for check shared_ro result
      * @param[out] forbiddenGroups       sorted vector of forbidden groups
      * @param[out] allowedGroups         sorted vector of allowed groups
-     * @param[out] privilegeStatusVector results of respective privilege queries
+     * @param[out] pathPrivStatusVector  results of respective paths related privilege queries
      *
      * @return API return code, as defined in protocols.h
      */
-    int prepareApp(const Credentials &creds, const std::string &appName, const std::vector<std::string> &privilegeVector,
+    int prepareApp(const Credentials &creds, const std::string &appName, const std::vector<std::string> &privPathsVector,
             std::string &label, std::string &pkgName, bool &enabledSharedRO,
-            std::vector<gid_t> &forbiddenGroups, std::vector<gid_t> &allowedGroups, std::vector<bool> &privilegeStatusVector);
+            std::vector<gid_t> &forbiddenGroups, std::vector<gid_t> &allowedGroups, std::vector<bool> &privPathsStatusVector);
 
 private:
     int appInstallInitialChecks(const Credentials &creds,
@@ -398,7 +398,7 @@ private:
     int appInstallSmackRules(app_inst_req &req, InstallHelper &ih);
 
     int appSetupNamespace(const Credentials &creds, const std::string &appProcessLabel,
-            const std::vector<std::string> &privilegeVector, std::vector<bool> &privilegeStatusVector);
+            const std::vector<std::string> &privPathsVector, std::vector<bool> &privPathsStatusVector);
 
     int appUninstallInitialChecks(const Credentials &creds,
                                   app_inst_req &req,
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 8be980fe..2dd7bf8f 100644
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -2010,7 +2010,7 @@ int ServiceImpl::getClientPrivilegeLicense(
 }
 
 int ServiceImpl::appSetupNamespace(const Credentials &creds, const std::string &appProcessLabel,
-        const std::vector<std::string> &privilegeVector, std::vector<bool> &privilegeStatusVector)
+        const std::vector<std::string> &privPathsVector, std::vector<bool> &privPathsStatusVector)
 {
     int ret;
     if (!authenticate(creds, PRIVILEGE_APP_NAMESPACE)) {
@@ -2049,9 +2049,9 @@ int ServiceImpl::appSetupNamespace(const Credentials &creds, const std::string &
             return ret;
         }
 
-        privilegeStatusVector.reserve(privilegeVector.size());
-        for (auto &privilege : privilegeVector)
-            privilegeStatusVector.push_back(m_cynara.check(appProcessLabel, privilege, uidStr, {}));
+        privPathsStatusVector.reserve(privPathsVector.size());
+        for (auto &privilege : privPathsVector)
+            privPathsStatusVector.push_back(m_cynara.check(appProcessLabel, privilege, uidStr, {}));
 
     } catch (const PrivilegeDb::Exception::Base &e) {
         LogError("Error while getting shared_ro flag from database: " << e.DumpToString());
@@ -2141,9 +2141,9 @@ std::string ServiceImpl::getProcessLabel(const std::string &appName)
     return getAppProcessLabel(appName);
 }
 
-int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName, const std::vector<std::string> &privilegeVector,
+int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName, const std::vector<std::string> &privPathsVector,
         std::string &label, std::string &pkgName, bool &enabledSharedRO,
-        std::vector<gid_t> &forbiddenGroups, std::vector<gid_t> &allowedGroups, std::vector<bool> &privilegeStatusVector)
+        std::vector<gid_t> &forbiddenGroups, std::vector<gid_t> &allowedGroups, std::vector<bool> &privPathsStatusVector)
 {
     LogDebug("Requested prepareApp for application " << appName);
     bool isHybrid;
@@ -2171,7 +2171,7 @@ int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName
     ret = getForbiddenAndAllowedGroups(label, allowedPrivileges, forbiddenGroups,
                                        allowedGroups);
     return ret != SECURITY_MANAGER_SUCCESS ? ret
-        : appSetupNamespace(creds, label, privilegeVector, privilegeStatusVector);
+        : appSetupNamespace(creds, label, privPathsVector, privPathsStatusVector);
 }
 
 } /* namespace SecurityManager */
diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp
index e367b12e..478c2e34 100644
--- a/src/server/service/service.cpp
+++ b/src/server/service/service.cpp
@@ -503,15 +503,15 @@ void Service::prepareApp(MessageBuffer &buffer, MessageBuffer &send, const Crede
 {
     std::string appName, pkgName, label;
     bool enabledSharedRO;
-    std::vector<std::string> privilegeVector;
+    std::vector<std::string> privPathsVector;
     std::vector<gid_t> forbiddenGroups, allowedGroups;
-    std::vector<bool> privilegeStatusVector;
-    Deserialization::Deserialize(buffer, appName, privilegeVector);
-    int ret = serviceImpl.prepareApp(creds, appName, privilegeVector,
-            label, pkgName, enabledSharedRO, forbiddenGroups, allowedGroups, privilegeStatusVector);
+    std::vector<bool> privPathsStatusVector;
+    Deserialization::Deserialize(buffer, appName, privPathsVector);
+    int ret = serviceImpl.prepareApp(creds, appName, privPathsVector,
+            label, pkgName, enabledSharedRO, forbiddenGroups, allowedGroups, privPathsStatusVector);
     Serialization::Serialize(send, ret);
     if (ret == SECURITY_MANAGER_SUCCESS)
-        Serialization::Serialize(send, forbiddenGroups, allowedGroups, privilegeStatusVector, label, pkgName, enabledSharedRO);
+        Serialization::Serialize(send, forbiddenGroups, allowedGroups, privPathsStatusVector, label, pkgName, enabledSharedRO);
 }
 
 } // namespace SecurityManager