From: Sabera Djelti (sdi2) <sabera.djelti@open.eurogiciel.org>
Date: Tue, 9 Sep 2014 14:29:58 +0000 (+0200)
Subject: change label smack from floor to * ; set setuid bit to pkginitdb binary
X-Git-Tag: submit/tizen_common/20140916.181156~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=686f919c33a98b240b48c59677b5e54d76f3239e;p=platform%2Fcore%2Fappfw%2Fslp-pkgmgr.git

change label smack from floor to * ; set setuid bit to pkginitdb binary

Change-Id: Ic2c27593dcc664749c1fb0bd78a85407abb7a8d3
Signed-off-by: Sabera Djelti (sdi2) <sabera.djelti@open.eurogiciel.org>
---

diff --git a/packaging/pkgmgr.spec b/packaging/pkgmgr.spec
index dc205ce..e882b58 100644
--- a/packaging/pkgmgr.spec
+++ b/packaging/pkgmgr.spec
@@ -30,7 +30,9 @@ BuildRequires:  pkgconfig(iniparser)
 BuildRequires:  pkgconfig(libtzplatform-config)
 BuildRequires:  pkgmgr-info-parser-devel
 BuildRequires:  pkgmgr-info-parser
+BuildRequires:  libsmack
 Requires:  pwdutils
+Requires:  		libcap-tools
 
 %description
 Packager Manager client library package for packaging
@@ -122,7 +124,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/package-manager/server
 update-mime-database /usr/share/mime
 
 # Create tizenglobalapp user needed for global installation
-%{_sbindir}/useradd -d %TZ_SYS_RW_APP -m %TZ_SYS_GLOBALAPP_USER -r -c "system user for common applications" -g users
+%{_sbindir}/useradd -d %TZ_SYS_RW_APP -m %TZ_SYS_GLOBALAPP_USER -r -c "system user for common applications" -g root
+
 #mkdir -p %TZ_SYS_RW_APP/.config/xwalk-service/applications
 #cd %TZ_SYS_RW_APP/
 #ln -s .config/xwalk-service/applications/
@@ -146,7 +149,7 @@ update-mime-database /usr/share/mime
 %dir %{_sysconfdir}/opt/upgrade
 %{_sysconfdir}/opt/upgrade/pkgmgr.patch.sh
 %{_bindir}/pkgcmd
-%{_bindir}/pkg_initdb
+%attr(06755,root,root) %{_bindir}/pkg_initdb
 %{_bindir}/pkg_getsize
 %{_bindir}/pkginfo
 %{_bindir}/pkgmgr-install
diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt
index 1ac49d6..0eeb65b 100755
--- a/tool/CMakeLists.txt
+++ b/tool/CMakeLists.txt
@@ -5,6 +5,13 @@ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${TEST_CFLAGS}")
 INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/client/include)
 
 INCLUDE(FindPkgConfig)
+
+pkg_check_modules(pkgs_initdb REQUIRED libsmack ecore dbus-1 ail libxml-2.0 bundle pkgmgr-parser vconf security-server pkgmgr-info libtzplatform-config)
+FOREACH(flag ${pkgs_initdb_CFLAGS})
+	SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
+ENDFOREACH(flag)
+
+
 pkg_check_modules(pkgs_test REQUIRED ecore dbus-1 ail libxml-2.0 bundle pkgmgr-parser vconf security-server pkgmgr-info libtzplatform-config)
 FOREACH(flag ${pkgs_test_CFLAGS})
 	SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
@@ -37,7 +44,7 @@ add_executable(pkg_getsize
 target_link_libraries(pkg_getsize pkgmgr-client pkgmgr_installer ${pkgs_test_LDFLAGS})
 INSTALL(TARGETS pkg_getsize DESTINATION bin)
 add_executable(pkg_initdb pkg_initdb.c)
-target_link_libraries(pkg_initdb ${pkgs_test_LDFLAGS})
+target_link_libraries(pkg_initdb ${pkgs_initdb_LDFLAGS})
 INSTALL(TARGETS pkg_initdb DESTINATION bin)
 
 add_executable(pkgmgr-install pkgmgr-install.c)
diff --git a/tool/pkg_cmd.c b/tool/pkg_cmd.c
index 17f302d..3780317 100755
--- a/tool/pkg_cmd.c
+++ b/tool/pkg_cmd.c
@@ -49,7 +49,6 @@
 
 static int __process_request(uid_t uid);
 static void __print_usage();
-static int __is_authorized();
 static int __is_app_installed(char *pkgid, uid_t uid);
 static void __print_pkg_info(pkgmgr_info * pkg_info);
 static int __return_cb(int req_id, const char *pkg_type, const char *pkgid,
@@ -976,19 +975,6 @@ static int __process_request(uid_t uid)
 	return ret;
 }
 
-static int __is_authorized()
-{
-	/* pkgcmd needs root or developer privileges.
-	   If launched via fork/exec, the launching program 
-	   must be running as root */
-
-	uid_t uid = getuid();
-	if ((uid_t) 0 == uid || (uid_t) 5100 == uid)
-		return 1;
-	else
-		return 0;
-}
-
 int main(int argc, char *argv[])
 {
 	optind = 1;
diff --git a/tool/pkg_initdb.c b/tool/pkg_initdb.c
index 8b529e8..7249e92 100755
--- a/tool/pkg_initdb.c
+++ b/tool/pkg_initdb.c
@@ -33,6 +33,7 @@
 #include <pkgmgr_parser.h>
 #include <pkgmgr-info.h>
 
+#include <sys/smack.h>
 /* For multi-user support */
 #include <tzplatform_config.h>
 
@@ -47,7 +48,9 @@
 #define PKG_PARSER_DB_FILE_JOURNAL tzplatform_mkpath(TZ_SYS_DB, ".pkgmgr_parser.db-journal")
 #define PKG_CERT_DB_FILE tzplatform_mkpath(TZ_SYS_DB, ".pkgmgr_cert.db")
 #define PKG_CERT_DB_FILE_JOURNAL tzplatform_mkpath(TZ_SYS_DB, ".pkgmgr_cert.db-journal")
-#define PKG_INFO_DB_LABEL "_"
+#define PKG_INFO_DB_LABEL "*"
+#define GLOBAL_USER tzplatform_getuid(TZ_SYS_GLOBALAPP_USER)
+
 
 #ifdef _E
 #undef _E
@@ -59,6 +62,10 @@
 #endif
 #define _D(fmt, arg...) fprintf(stderr, "[PKG_INITDB][D][%s,%d] "fmt"\n", __FUNCTION__, __LINE__, ##arg);
 
+#define SET_DEFAULT_LABEL(x) \
+	if(smack_setlabel((x), "*", SMACK_LABEL_ACCESS)) _E("failed chsmack -a \"*\" %s", x) \
+    else  _D("chsmack -a \"*\" %s", x)
+	  
 static int initdb_count_package(void)
 {
 	int total = 0;
@@ -200,10 +207,10 @@ static int initdb_change_perm(const char *db_file)
 	snprintf(journal_file, sizeof(journal_file), "%s%s", db_file, "-journal");
 
 	for (i = 0; files[i]; i++) {
-		ret = chown(files[i], OWNER_ROOT, GROUP_MENU);
+		ret = chown(files[i], GLOBAL_USER, OWNER_ROOT);
 		if (ret == -1) {
 			strerror_r(errno, buf, sizeof(buf));
-			_E("FAIL : chown %s %d.%d, because %s", db_file, OWNER_ROOT, GROUP_MENU, buf);
+			_E("FAIL : chown %s %d.%d, because %s", db_file, GLOBAL_USER, OWNER_ROOT, buf);
 			return -1;
 		}
 
@@ -223,7 +230,9 @@ static int __is_authorized()
 	/* pkg_init db should be called by as root privilege. */
 
 	uid_t uid = getuid();
-	if ((uid_t) 0 == uid)
+	uid_t euid = geteuid();
+	//euid need to be root to allow smack label changes during initialization
+	if ((uid_t) OWNER_ROOT == uid)
 		return 1;
 	else
 		return 0;
@@ -238,12 +247,14 @@ int main(int argc, char *argv[])
 		_E("You are not an authorized user!\n");
 		return -1;
 	} else {
-		const char *argv_rm[] = { "/bin/rm", PACKAGE_INFO_DB_FILE, NULL };
-		initdb_xsystem(argv_rm);
-		const char *argv_rmjn[] = { "/bin/rm", PACKAGE_INFO_DB_FILE_JOURNAL, NULL };
-		initdb_xsystem(argv_rmjn);
+		if(remove(PACKAGE_INFO_DB_FILE))
+			_E(" %s is not removed",PACKAGE_INFO_DB_FILE);
+		if(remove(PACKAGE_INFO_DB_FILE_JOURNAL))
+			_E(" %s is not removed",PACKAGE_INFO_DB_FILE_JOURNAL);
 	}
 
+
+	setresuid(GLOBAL_USER, GLOBAL_USER, OWNER_ROOT);
 	/* This is for AIL initializing */
 	ret = setenv("INITDB", "1", 1);
 	_D("INITDB : %d", ret);
@@ -253,7 +264,6 @@ int main(int argc, char *argv[])
 		_D("Some Packages in the Package Info DB.");
 		return 0;
 	}
-
 	ret = initdb_load_directory(SYS_MANIFEST_DIRECTORY);
 	if (ret == -1) {
 		_E("cannot load opt manifest directory.");
@@ -264,14 +274,13 @@ int main(int argc, char *argv[])
 		_E("cannot chown.");
 		return -1;
 	}
-	const char *argv_parser[] = { "/usr/bin/chsmack", "-a", PKG_INFO_DB_LABEL, PKG_PARSER_DB_FILE, NULL };
-	initdb_xsystem(argv_parser);
-	const char *argv_parserjn[] = { "/usr/bin/chsmack", "-a", PKG_INFO_DB_LABEL, PKG_PARSER_DB_FILE_JOURNAL, NULL };
-	initdb_xsystem(argv_parserjn);
-	const char *argv_cert[] = { "/usr/bin/chsmack", "-a", PKG_INFO_DB_LABEL, PKG_CERT_DB_FILE, NULL };
-	initdb_xsystem(argv_cert);
-	const char *argv_certjn[] = { "/usr/bin/chsmack", "-a", PKG_INFO_DB_LABEL, PKG_CERT_DB_FILE_JOURNAL, NULL };
-	initdb_xsystem(argv_certjn);
+
+	setuid(OWNER_ROOT);
+	
+	SET_DEFAULT_LABEL(PKG_PARSER_DB_FILE);
+	SET_DEFAULT_LABEL(PKG_PARSER_DB_FILE_JOURNAL);
+	SET_DEFAULT_LABEL(PKG_CERT_DB_FILE);
+	SET_DEFAULT_LABEL(PKG_CERT_DB_FILE_JOURNAL);
 
 	return 0;
 }