From: Krzysztof Jackiewicz Date: Tue, 21 Jan 2025 08:26:30 +0000 (+0100) Subject: Enable namespace setup & cleanup in no-smack X-Git-Tag: accepted/tizen/unified/20250217.155039~25 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4d2dadd64c1738f046d451872c72309145b28b99;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git Enable namespace setup & cleanup in no-smack Following security-manager-tests should pass: security_manager_101_create_namespace_test_n security_manager_101_create_namespace_test_p Change-Id: I73936afc1f12f26ae94e20bcae2f63ec028163f7 --- diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index 100915f0..fa416c81 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -1191,11 +1191,6 @@ int security_manager_prepare_app_candidate(void) { LogDebug("security_manager_prepare_app_candidate() called"); - if (!smack_simple_check()) { - LogWarning("Running in no-smack mode, exiting earlier without setting up namespaces"); - return SECURITY_MANAGER_SUCCESS; - } - auto dir = opendir("/proc/self/task"); if (!dir) { LogError("Unable to get number of threads"); @@ -1301,13 +1296,11 @@ int security_manager_prepare_app2(const char *app_name, const char *subsession_i return ret; } - if (smack_simple_check()) { - ret = security_manager_setup_namespace_internal(privilegePathMap, pkgName, - prepareAppFlags & PREPARE_APP_SHARED_RO_FLAG, privPathsStatusVector, processId.label, subsession_id); - if (ret != SECURITY_MANAGER_SUCCESS) { - LogError("Unable to setup namespace for application " << app_name); - return ret; - } + ret = security_manager_setup_namespace_internal(privilegePathMap, pkgName, + prepareAppFlags & PREPARE_APP_SHARED_RO_FLAG, privPathsStatusVector, processId.label, subsession_id); + if (ret != SECURITY_MANAGER_SUCCESS) { + LogError("Unable to setup namespace for application " << app_name); + return ret; } ret = security_manager_sync_threads_internal(processId); @@ -1334,11 +1327,6 @@ int security_manager_cleanup_app(const char *app_name, uid_t uid, pid_t pid) return SECURITY_MANAGER_ERROR_INPUT_PARAM; } - if (!smack_simple_check()) { - LogWarning("Running in no-smack mode, not cleaning namespaces"); - return SECURITY_MANAGER_SUCCESS; - } - ClientRequest request(SecurityModuleCall::APP_CLEAN_NAMESPACE); return request.send(std::string(app_name), uid, pid).getStatus(); }); diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index e61e3005..3572d67f 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -2475,11 +2475,6 @@ int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName LogWarning("getForbiddenAndAllowedGroups returned: " << ret); - if (!smack_simple_check()) { - LogWarning("Running in no-smack mode, exiting without setting up namespaces"); - return ret; - } - return ret != SECURITY_MANAGER_SUCCESS ? ret : appSetupNamespace(creds, id.label, privPathsVector, privPathsStatusVector); } catch (const FS::Exception::Base &e) {