From: Zofia Abramowska <z.abramowska@samsung.com>
Date: Wed, 27 Jan 2016 18:47:07 +0000 (+0100)
Subject: Support rules for apply/drop sharing in SmackRules
X-Git-Tag: accepted/tizen/mobile/20160217.011427~13
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b027236ba8491f84d3a9d0991d6410098b280316;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git

Support rules for apply/drop sharing in SmackRules

Change-Id: I25c25853dd8af6c77b554505fc9f5d0231fea389
---

diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
index 8a47aae..e472dd2 100644
--- a/src/common/include/smack-rules.h
+++ b/src/common/include/smack-rules.h
@@ -179,6 +179,56 @@ public:
     /* Temporary fix for authors rules */
     static void fixAuthorRules(const std::string &authorId);
 
+    /**
+     * Add rules related to private path sharing rules
+     *
+     * This function generates and applies rules needed to apply private sharing.
+     * If isPathSharedAlready, no rule for owner, User or System to path label will be applied.
+     * If isTargetSharingAlready, no rule for directory traversing is set for target.
+     *
+     * @param[in] ownerAppId - package id of path owner
+     * @param[in] ownerPkgContents - vector of application ids contained in package which owner
+     *                               application belongs to
+     * @param[in] targetAppId - id of the target application
+     * @param[in] pathLabel - a list of all applications in the package
+     * @param[in] isPathSharedAlready - flag indicated, if path has been shared before
+     * @param[in] isTargetSharingAlready - flag indicated, if target is already sharing anything
+     *                                     with owner
+     * @param[in] zoneId - ID of zone which requested applying sharing
+     */
+    static void applyPrivateSharingRules(const std::string &ownerPkgId,
+                                         const std::vector<std::string> &ownerPkgContents,
+                                         const std::string &targetAppId,
+                                         const std::string &pathLabel,
+                                         bool isPathSharedAlready,
+                                         bool isTargetSharingAlready,
+                                         const std::string &zoneId);
+    /**
+     * Remove rules related to private path sharing rules
+     *
+     * This function generates and applies rules needed to apply private sharing.
+     * If isPathSharedNoMore, rules for owner package contents, User or System to path label will
+     * be removed.
+     * If isTargetSharingNoMore, rule for directory traversing is removed for target.
+     *
+     * @param[in] ownerAppId - package id of path owner
+     * @param[in] ownerPkgContents - vector of application ids contained in package which owner
+     *                               application belongs to
+     * @param[in] targetAppId - id of the target application
+     * @param[in] pathLabel - a list of all applications in the package
+     * @param[in] isPathSharedNoMore - flag indicated, if path is not shared anymore
+     * @param[in] isTargetSharingNoMore - flag indicated, if target is not sharing anything
+     *                                    with owner
+     * @param[in] zoneId - ID of zone which requested droping sharing
+     */
+    static void dropPrivateSharingRules(const std::string &ownerPkgId,
+                                        const std::vector<std::string> &ownerPkgContents,
+                                        const std::string &targetAppId,
+                                        const std::string &pathLabel,
+                                        bool isPathSharedNoMore,
+                                        bool isTargetSharingNoMore,
+                                        const std::string &zoneId);
+
 private:
     /**
      * Create a path for package rules
diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
index d6a4e7d..3f4dce5 100644
--- a/src/common/smack-rules.cpp
+++ b/src/common/smack-rules.cpp
@@ -48,6 +48,13 @@ const char *const SMACK_AUTHOR_LABEL_TEMPLATE  = "~AUTHOR~";
 const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack");
 const char *const SMACK_APP_IN_PACKAGE_PERMS   = "rwxat";
 const char *const SMACK_APP_CROSS_PKG_PERMS    = "rx";
+const char *const SMACK_APP_PATH_OWNER_PERMS = "rwxat";
+const char *const SMACK_APP_PATH_TARGET_PERMS = "rxl";
+const char *const SMACK_APP_DIR_TARGET_PERMS = "x";
+const char *const SMACK_USER = "User";
+const char *const SMACK_SYSTEM = "System";
+const char *const SMACK_APP_PATH_SYSTEM_PERMS = "rwxat";
+const char *const SMACK_APP_PATH_USER_PERMS = "rwxat";
 
 SmackRules::SmackRules()
 {
@@ -395,4 +402,59 @@ void SmackRules::fixAuthorRules(const std::string &authorId) {
     rules.apply();
 }
 
+void SmackRules::applyPrivateSharingRules(const std::string &ownerPkgId,
+                                          const std::vector<std::string> &ownerPkgContents,
+                                          const std::string &targetAppId,
+                                          const std::string &pathLabel,
+                                          bool isPathSharedAlready,
+                                          bool isTargetSharingAlready,
+                                          const std::string &zoneId)
+{
+    SmackRules rules;
+    const std::string &targetLabel = zoneSmackLabelGenerate(SmackLabels::generateAppLabel(targetAppId), zoneId);
+    if (!isTargetSharingAlready) {
+
+        rules.add(targetLabel,
+                  zoneSmackLabelGenerate(SmackLabels::generatePkgLabel(ownerPkgId), zoneId),
+                  SMACK_APP_DIR_TARGET_PERMS);
+    }
+    if (!isPathSharedAlready) {
+        for (const auto &app: ownerPkgContents) {
+            const std::string appLabel = zoneSmackLabelGenerate(SmackLabels::generateAppLabel(app), zoneId);
+            rules.add(appLabel, pathLabel, SMACK_APP_PATH_OWNER_PERMS);
+        }
+        rules.add(SMACK_USER, pathLabel, SMACK_APP_PATH_USER_PERMS);
+        rules.add(SMACK_SYSTEM, pathLabel, SMACK_APP_PATH_SYSTEM_PERMS);
+    }
+    rules.add(targetLabel, pathLabel, SMACK_APP_PATH_TARGET_PERMS);
+    rules.apply();
+}
+
+void SmackRules::dropPrivateSharingRules(const std::string &ownerPkgId,
+                                         const std::vector<std::string> &ownerPkgContents,
+                                         const std::string &targetAppId,
+                                         const std::string &pathLabel,
+                                         bool isPathSharedNoMore,
+                                         bool isTargetSharingNoMore,
+                                         const std::string &zoneId)
+{
+    SmackRules rules;
+    const std::string &targetLabel = zoneSmackLabelGenerate(SmackLabels::generateAppLabel(targetAppId), zoneId);
+    if (isTargetSharingNoMore) {
+        rules.addModify(targetLabel,
+                  zoneSmackLabelGenerate(SmackLabels::generatePkgLabel(ownerPkgId), zoneId),
+                  "", SMACK_APP_DIR_TARGET_PERMS);
+    }
+    if (isPathSharedNoMore) {
+        for (const auto &app: ownerPkgContents) {
+            const std::string appLabel = zoneSmackLabelGenerate(SmackLabels::generateAppLabel(app), zoneId);
+            rules.addModify(appLabel, pathLabel, "", SMACK_APP_PATH_OWNER_PERMS);
+        }
+        rules.addModify(SMACK_USER, pathLabel, "", SMACK_APP_PATH_USER_PERMS);
+        rules.addModify(SMACK_SYSTEM, pathLabel, "", SMACK_APP_PATH_SYSTEM_PERMS);
+    }
+    rules.addModify(targetLabel, pathLabel, "", SMACK_APP_PATH_TARGET_PERMS);
+    rules.apply();
+}
+
 } // namespace SecurityManager