From: Krzysztof Malysa Date: Wed, 12 Feb 2025 14:53:36 +0000 (+0100) Subject: Fix ACL helper X-Git-Tag: accepted/tizen/unified/20250217.155039~14 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3c47d89a5ea47a175cdde5bf36093cfe513b2753;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git Fix ACL helper Change-Id: I3273fb0ccd43c61650e714dd9793557ab4fa9e03 --- diff --git a/src/common/acl.cpp b/src/common/acl.cpp index 893dabfb..5b9fa62c 100644 --- a/src/common/acl.cpp +++ b/src/common/acl.cpp @@ -26,7 +26,7 @@ namespace SecurityManager { Acl Acl::Make(acl_perm_t ownerPerms, acl_perm_t groupPerms, acl_perm_t otherPerms, - std::vector _entries) + std::vector&& _entries) { auto entries = std::move(_entries); @@ -41,8 +41,12 @@ Acl Acl::Make(acl_perm_t ownerPerms, Acl::Acl(const std::vector &entries) { + if (entries.empty()) { + return; + } + auto freeAcl = [](acl_t *toFree) {acl_free(*toFree);}; - m_acl = acl_init(entries.size()); + m_acl = acl_init(entries.size() + 1); // + 1 for ACL_MASK entry if (m_acl == nullptr) { LogErrno("acl_init"); Throw(Exception::Base); @@ -93,15 +97,6 @@ Acl::Acl(const std::vector &entries) LogErrno("acl_calc_mask"); Throw(Exception::Base); } - deleter.release(); -} - -void Acl::apply(const std::string &path, acl_type_t type) const -{ - if (m_acl == nullptr) { - LogError("ACL object is not initialized"); - Throw(Exception::Base); - } int last; int ret = acl_check(m_acl, &last); @@ -113,22 +108,34 @@ void Acl::apply(const std::string &path, acl_type_t type) const Throw(Exception::Base); } + (void)deleter.release(); +} + +void Acl::apply(const std::string &path, acl_type_t type) const +{ + if (m_acl == nullptr) { + LogError("ACL object is not initialized"); + Throw(Exception::Base); + } + if (0 != acl_set_file(path.c_str(), type, m_acl)) { LogErrno("acl_set_file"); Throw(Exception::Base); } } -Acl::Acl(Acl&& other) +Acl::Acl(Acl&& other) noexcept { m_acl = other.m_acl; other.m_acl = nullptr; } -Acl& Acl::operator=(Acl&& other) +Acl& Acl::operator=(Acl&& other) noexcept { if (&other != this) { + if (m_acl) + acl_free(m_acl); m_acl = other.m_acl; other.m_acl = nullptr; } @@ -137,7 +144,8 @@ Acl& Acl::operator=(Acl&& other) Acl::~Acl() { - acl_free(m_acl); + if (m_acl) + acl_free(m_acl); } } // namespace SecurityManager diff --git a/src/common/include/acl.h b/src/common/include/acl.h index efe2c2dd..df54f0da 100644 --- a/src/common/include/acl.h +++ b/src/common/include/acl.h @@ -34,14 +34,22 @@ namespace SecurityManager { class Acl { private: - struct Entry + class Entry { - virtual void setQualifier(acl_entry_t&) const + public: + Entry(acl_perm_t permissions_, acl_tag_t tag_) : + permissions(permissions_), tag(tag_) { } - Entry(acl_perm_t _permissions, acl_tag_t _tag) : - permissions(_permissions), tag(_tag) + Entry(const Entry&) = default; + Entry(Entry&&) noexcept = default; + Entry& operator=(const Entry&) = default; + Entry& operator=(Entry&&) noexcept = default; + + virtual ~Entry() = default; + + virtual void setQualifier(acl_entry_t&) const { } @@ -60,7 +68,7 @@ public: using EntryPtr = std::unique_ptr; template - class IdEntry: public Entry + class IdEntry : public Entry { public: IdEntry(acl_perm_t permissions, Id id) : @@ -89,25 +97,28 @@ public: DECLARE_EXCEPTION_TYPE(SecurityManager::Exception, Base) }; - Acl(Acl&& other); - Acl& operator=(Acl&& other); - Acl() : Acl(std::vector()) { } + + Acl(const Acl&) = delete; + Acl(Acl&& other) noexcept; + Acl& operator=(const Acl&) = delete; + Acl& operator=(Acl&& other) noexcept; + ~Acl(); static Acl Make(acl_perm_t ownerPerms, acl_perm_t groupPerms, acl_perm_t otherPerms, - std::vector entries = {}); + std::vector&& entries = {}); void apply(const std::string &path, acl_type_t type) const; private: explicit Acl(const std::vector &entries); - mutable acl_t m_acl = nullptr; + acl_t m_acl = nullptr; }; } // namespace SecurityManager