From: Rafal Krypa <r.krypa@samsung.com>
Date: Tue, 17 Feb 2015 13:00:04 +0000 (+0100)
Subject: Fix getting application groups
X-Git-Tag: submit/tizen_common/20150310.100233~6
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=49194f57eae8f1a69b46b2969be2afba02299ff6;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git

Fix getting application groups

When fetching application groups, Cynara checks are made to verify whether
application actually has the privilege. Since recently, application identifier
in Cynara policy is appId-based. This function wasn't properly adapted to
that change and still used pkgId-based identifier. This would break after
introduction of proper Smack labels in security-manager.

Change-Id: Ifeed83b6ab9f920a2c0dc769d0d3de60887bdcd6
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
---

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 8828b299..7fd621cc 100644
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -462,7 +462,7 @@ int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, std::unordered_
         }
         LogDebug("pkgId: " << pkgId);
 
-        smackLabel = SmackLabels::generatePkgLabel(pkgId);
+        smackLabel = SmackLabels::generateAppLabel(appId);
         LogDebug("smack label: " << smackLabel);
 
         std::vector<std::string> privileges;
@@ -472,7 +472,7 @@ int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, std::unordered_
         PrivilegeDb::getInstance().GetPkgPrivileges(pkgId, getGlobalUserId(), privileges);
         /*privileges needs to be sorted and with no duplications - for cynara sake*/
         std::inplace_merge(privileges.begin(), privileges.begin() + tmp, privileges.end());
-        privileges.erase( unique( privileges.begin(), privileges.end() ), privileges.end() );
+        privileges.erase(unique(privileges.begin(), privileges.end()), privileges.end());
 
         for (const auto &privilege : privileges) {
             std::vector<std::string> gidsTmp;
@@ -480,9 +480,9 @@ int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, std::unordered_
             if (!gidsTmp.empty()) {
                 LogDebug("Considering privilege " << privilege << " with " <<
                     gidsTmp.size() << " groups assigned");
+                // TODO: create method in Cynara class for fetching all privileges of an application
                 if (Cynara::getInstance().check(smackLabel, privilege, uidStr, pidStr)) {
-                    for_each(gidsTmp.begin(), gidsTmp.end(), [&] (std::string group)
-                    {
+                    for_each(gidsTmp.begin(), gidsTmp.end(), [&] (std::string group) {
                         struct group *grp = getgrnam(group.c_str());
                         if (grp == NULL) {
                                 LogError("No such group: " << group.c_str());