From: Janusz Kozerski Date: Mon, 13 May 2013 15:27:53 +0000 (+0200) Subject: Implement special handling for http://tizen.org/privilege/antivirus X-Git-Tag: submit/tizen_2.2/20130714.151203~7^2~20 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e3b43b4b7e2621d0c75a8fc988f817d01e1d05a6;p=framework%2Fsecurity%2Flibprivilege-control.git Implement special handling for tizen.org/privilege/antivirus [Issue#] SSDWSSP-239 [Bug/Feature] Implement special handling for http://tizen.org/privilege/antivirus [Cause] app_register_av() is deprecated. [Solution] N/A [Verification] Build, install. Install apps.installer.rpm from task (in CAM), and try to install McAfee anti virus (in CAM). Change-Id: Icd2ba4f8385dedc53fe1e380bef1463e228bcc2e --- diff --git a/include/privilege-control.h b/include/privilege-control.h index 0838fe8..311c546 100644 --- a/include/privilege-control.h +++ b/include/privilege-control.h @@ -142,7 +142,7 @@ int app_uninstall(const char* app_id); * @param app_id application identifier * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error. */ -int app_register_av(const char* app_av_id); +int app_register_av(const char* app_av_id) __attribute__((deprecated)); /** * Grant SMACK permissions based on permissions list. diff --git a/permissions/WRT_antivirus.smack b/permissions/WRT_antivirus.smack new file mode 100644 index 0000000..4681314 --- /dev/null +++ b/permissions/WRT_antivirus.smack @@ -0,0 +1,10 @@ +~APP~ msg-service rwx +msg-service ~APP~ rx +~APP~ com.samsung.message rwx +com.samsung.message ~APP~ rx +~APP~ com.samsung.email rwx +com.samsung.email ~APP~ rx +~APP~ com.samsung.browser rwx +com.samsung.browser ~APP~ rx +~APP~ com.samsung.setting rwx +com.samsung.setting ~APP~ rx diff --git a/src/privilege-control.c b/src/privilege-control.c index 8f676a4..3c50b70 100644 --- a/src/privilege-control.c +++ b/src/privilege-control.c @@ -68,7 +68,7 @@ #define WRT_BASE_DEVCAP "WRT" #define WRT_CLIENT_PATH "/usr/bin/wrt-client" #define ACC_LEN 5 -#define SMACK_ANTIVIRUS_PERM "antivirus" +#define TIZEN_PRIVILEGE_ANTIVIRUS "http://tizen.org/privilege/antivirus" typedef struct { char user_name[10]; @@ -921,6 +921,47 @@ static int load_smack_from_file(const char* app_id, struct smack_accesses** smac return PC_OPERATION_SUCCESS; } +static int app_register_av_internal(const char *app_av_id, struct smack_accesses* smack) +{ + C_LOGD("Enter function: %s", __func__); + int ret; + int i; + + char** smack_label_app_list AUTO_FREE; + int smack_label_app_list_len = 0; + + if (!smack_label_is_valid(app_av_id) || NULL == smack) + return PC_ERR_INVALID_PARAM; + + // writing anti_virus_id (app_av_id) to "database" + ret = add_av_id_to_databse(app_av_id); + if (ret != PC_OPERATION_SUCCESS ) + goto out; + + // Reading labels of all installed apps from "database" + ret = get_all_apps_ids(&smack_label_app_list, &smack_label_app_list_len); + if (ret != PC_OPERATION_SUCCESS ) { + C_LOGE("Error while geting data from database"); + goto out; + } + for (i = 0; i < smack_label_app_list_len; ++i) { + C_LOGD("Applying rwx rule for %s", smack_label_app_list[i]); + if (smack_accesses_add(smack, app_av_id, smack_label_app_list[i], "wrx") == -1) { + C_LOGE("smack_accesses_add failed"); + ret = PC_ERR_INVALID_OPERATION; + goto out; + // Should we abort adding rules if once smack_accesses_add will fail? + } + } + +out: + for (i = 0; i < smack_label_app_list_len; ++i) { + free(smack_label_app_list[i]); + } + + return ret; +} + /** * This function will check in database labels of all anti viruses * and for all anti viruses will add a rule "anti_virus_label app_id rwx". @@ -1021,6 +1062,13 @@ static int app_add_permissions_internal(const char* app_id, app_type_t app_type, } for (i = 0; perm_list[i] != NULL; ++i) { C_LOGD("perm_to_smack params: app_id: %s, perm_list[%d]: %s", app_id, i, perm_list[i]); + if (strcmp(perm_list[i], TIZEN_PRIVILEGE_ANTIVIRUS) == 0) { + ret = app_register_av_internal(app_id, smack); + if (ret != PC_OPERATION_SUCCESS) { + C_LOGE("app_register_av_internal failed"); + return ret; + } + } ret = perm_to_smack(smack, app_id, app_type, perm_list[i]); if (ret != PC_OPERATION_SUCCESS){ C_LOGE("perm_to_smack failed"); @@ -1619,77 +1667,53 @@ API int add_api_feature(app_type_t app_type, return ret; } +/** + * This function is marked as deprecated and will be removed + */ API int app_register_av(const char* app_av_id) { - C_LOGD("Enter function: %s", __func__); int ret; - int i; int fd AUTO_CLOSE; - FILE* file AUTO_FCLOSE; - - char** smack_label_app_list AUTO_FREE; - int smack_label_app_list_len = 0; char* smack_path AUTO_FREE; struct smack_accesses* smack AUTO_SMACK_FREE; - if (!smack_label_is_valid(app_av_id)) - return PC_ERR_INVALID_PARAM; - - ret = smack_accesses_new(&smack); - if (ret != PC_OPERATION_SUCCESS) { - C_LOGE("smack_accesses_new failed"); - return PC_ERR_MEM_OPERATION; - } - - // writing anti_virus_id (app_av_id) to "database" - ret = add_av_id_to_databse(app_av_id); - if (ret != PC_OPERATION_SUCCESS) - goto out; - ret = load_smack_from_file(app_av_id, &smack, &fd, &smack_path); - if (ret != PC_OPERATION_SUCCESS) { + if (ret != PC_OPERATION_SUCCESS ) { C_LOGE("load_smack_from_file failed"); - goto out; + return ret; } - // Reading labels of all installed apps from "database" - ret = get_all_apps_ids(&smack_label_app_list, &smack_label_app_list_len); - if (ret != PC_OPERATION_SUCCESS) { - C_LOGE("Error while geting data from database"); - goto out; - } - for (i=0; i