From: Karol Lewandowski <k.lewandowsk@samsung.com>
Date: Wed, 10 Jul 2024 18:41:04 +0000 (+0200)
Subject: Do not check SmackProcessLabel for .service units without [Service] section
X-Git-Tag: accepted/tizen/unified/20240716.112358^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=895bade4f8c41e3d9e201bf6f2f863c60da0a5c5;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Do not check SmackProcessLabel for .service units without [Service] section

Such units are provided by new systemd (>= 255).

We retain old logic and service exceptions for package to work with both new
and old systemd versions.

Change-Id: Ia01365e0ba76053932b61bf3f143e0bcdbddf573
---

diff --git a/test/new_service_test/check_systemd_service.sh b/test/new_service_test/check_systemd_service.sh
index 32c18df..a459775 100755
--- a/test/new_service_test/check_systemd_service.sh
+++ b/test/new_service_test/check_systemd_service.sh
@@ -23,7 +23,13 @@ function check_system_service
 	else
 		gid="$3"
 	fi
-	result=$(cat $systemd_service_list | grep ";$service_name;$uid;$gid;$4;")
+	# systemd does provide special .service units with no [Service] section, these have to be treated specially
+	if grep -qE '^\[Service\]$' $1; then
+		check_smack_label="$4;"
+	else
+		check_smack_label=""
+	fi
+	result=$(cat $systemd_service_list | grep ";$service_name;$uid;$gid;$check_smack_label")
 	if [ "$result" == "" ]
 	then
 		echo "Not permitted Systemd Service (system session) : $1"