From: Zofia Abramowska <z.abramowska@samsung.com>
Date: Fri, 7 Oct 2016 15:41:53 +0000 (+0200)
Subject: PermissibleSet: Remove PrivilegeDb usage
X-Git-Tag: tizen/20161010.00541476060871~3
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ad682841a748dbbe34338bd99bee2e54c51a824f;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git

PermissibleSet: Remove PrivilegeDb usage

Change-Id: I34a33ef2f80c9c02e9bdc41e9535632b9ab76f99
---

diff --git a/src/common/include/permissible-set.h b/src/common/include/permissible-set.h
index f3810d4c..1ba4aeb2 100644
--- a/src/common/include/permissible-set.h
+++ b/src/common/include/permissible-set.h
@@ -65,9 +65,11 @@ std::string getPerrmissibleFileLocation(uid_t uid, int installationType);
  *
  * @param[in] uid user id
  * @param[in] installationType type of installation (global or local)
+ * @param[in] labelsForUser set of labels permitted for given user
  * @return resulting true on success
  */
-void updatePermissibleFile(uid_t uid, int installationType);
+void updatePermissibleFile(uid_t uid, int installationType,
+                           const std::vector<std::string> &labelsForUser);
 
 /**
  * Read labels from a file into a vector
diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index 6b985385..8ff4cffc 100644
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -284,6 +284,8 @@ private:
                               const std::string &targetAppLabel,
                               const std::string &path);
 
+    void updatePermissibleSet(uid_t uid, int type);
+
     Cynara m_cynara;
 
 };
diff --git a/src/common/permissible-set.cpp b/src/common/permissible-set.cpp
index 7e2e5a7a..96ef8832 100644
--- a/src/common/permissible-set.cpp
+++ b/src/common/permissible-set.cpp
@@ -104,21 +104,16 @@ static void markPermissibleFileValid(int fd, const std::string &nameFile, bool v
     }
 }
 
-void updatePermissibleFile(uid_t uid, int installationType)
+void updatePermissibleFile(uid_t uid, int installationType,
+                           const std::vector<std::string> &labelsForUser)
 {
     std::string nameFile = getPerrmissibleFileLocation(uid, installationType);
     std::ofstream fstream;
     openAndLockNameFile(nameFile, fstream);
     markPermissibleFileValid(getFd(fstream), nameFile, false);
 
-    std::vector<std::string> appNames;
-    PrivilegeDb::getInstance().GetUserApps(uid, appNames);
-    for (auto &appName : appNames) {
-        std::string pkgName;
-        PrivilegeDb::getInstance().GetAppPkgName(appName, pkgName);
-        bool isPkgHybrid = PrivilegeDb::getInstance().IsPackageHybrid(pkgName);
-
-        fstream << SmackLabels::generateProcessLabel(appName, pkgName, isPkgHybrid) << '\n';
+    for (auto &label : labelsForUser) {
+        fstream << label << '\n';
         if (fstream.bad()) {
             LogError("Unable to write to file " << nameFile << ": " << GetErrnoString(errno));
             ThrowMsg(PermissibleSetException::PermissibleSetException::FileWriteError,
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 7d6a4bcb..eea74bf8 100644
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -484,6 +484,19 @@ void ServiceImpl::getPkgLabels(const std::string &pkgName, SmackRules::Labels &p
     }
 }
 
+void ServiceImpl::updatePermissibleSet(uid_t uid, int type)
+{
+    std::vector<std::string> userPkgs;
+    PrivilegeDb::getInstance().GetUserPkgs(uid, userPkgs);
+    std::vector<std::string> labelsForUser;
+    for (const auto &pkg : userPkgs) {
+        std::vector<std::string> pkgLabels;
+        getPkgLabels(pkg, pkgLabels);
+        labelsForUser.insert(labelsForUser.end(), pkgLabels.begin(), pkgLabels.end());
+    }
+    PermissibleSet::updatePermissibleFile(uid, type, labelsForUser);
+}
+
 int ServiceImpl::appInstall(const Credentials &creds, app_inst_req &&req)
 {
     std::vector<std::string> addedPermissions;
@@ -534,7 +547,7 @@ int ServiceImpl::appInstall(const Credentials &creds, app_inst_req &&req)
         // WTF? Why this commit is here? Shouldn't it be at the end of this function?
         PrivilegeDb::getInstance().CommitTransaction();
         LogDebug("Application installation commited to database");
-        PermissibleSet::updatePermissibleFile(req.uid, req.installationType);
+        updatePermissibleSet(req.uid, req.installationType);
     } catch (const PrivilegeDb::Exception::IOError &e) {
         LogError("Cannot access application database: " << e.DumpToString());
         return SECURITY_MANAGER_ERROR_SERVER_ERROR;
@@ -691,7 +704,7 @@ int ServiceImpl::appUninstall(const Credentials &creds, app_inst_req &&req)
                                                    std::vector<std::string>(), isPrivilegePrivacy);
         PrivilegeDb::getInstance().CommitTransaction();
         LogDebug("Application uninstallation commited to database");
-        PermissibleSet::updatePermissibleFile(req.uid, req.installationType);
+        updatePermissibleSet(req.uid, req.installationType);
     } catch (const PrivilegeDb::Exception::IOError &e) {
         LogError("Cannot access application database: " << e.DumpToString());
         return SECURITY_MANAGER_ERROR_SERVER_ERROR;