From: Zofia Abramowska Date: Fri, 3 Apr 2020 17:42:41 +0000 (+0200) Subject: Check if smack privilege mapping is enabled X-Git-Tag: submit/tizen/20200421.142342~11 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f8679b4a4fb08c6de1471266c7754d0683cc291a;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git Check if smack privilege mapping is enabled Check is Smack privilege mapping contains any configuration - meaning if it is enabled. Change-Id: Iac9aaa79ed8e3fdd854826c12d93e11a5ee4cba0 --- diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h index 0724ad6..22b1c9f 100644 --- a/src/common/include/smack-rules.h +++ b/src/common/include/smack-rules.h @@ -60,6 +60,13 @@ public: const Smack::Labels &pkgLabels); /** + * Check if Smack privilege mapping is enabled in configuration. + * + * Returns true if mapping is enabled, false otherwise. + */ + bool isPrivilegeMappingEnabled() const; + + /** * Enable privilege-specific smack rules for given application * * Function creates privilege-specific smack rules using predefined templates. diff --git a/src/common/include/template-manager.h b/src/common/include/template-manager.h index d9f8a3f..3d9ed07 100644 --- a/src/common/include/template-manager.h +++ b/src/common/include/template-manager.h @@ -44,6 +44,7 @@ public: void init(); Smack::TemplateRules getRules(Type type, const std::string &privName = "") const; Smack::Label getPrivilegeLabel(const std::string &privName) const; + bool isPrivilegeMappingEnabled() const; private: void loadFiles(); diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index dad2287..289af07 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -2168,7 +2168,9 @@ int ServiceImpl::prepareApp(const Credentials &creds, const std::string &appName SmackLabels::revokeSubject(label); m_smackRules.installApplicationRules(label, pkgName, authorId, pkgLabels); - m_smackRules.enablePrivilegeRules(label, pkgName, authorId, allowedPrivileges); + + if (m_smackRules.isPrivilegeMappingEnabled()) + m_smackRules.enablePrivilegeRules(label, pkgName, authorId, allowedPrivileges); ret = getForbiddenAndAllowedGroups(label, allowedPrivileges, forbiddenGroups, allowedGroups); diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp index 54a41e6..ee76525 100644 --- a/src/common/smack-rules.cpp +++ b/src/common/smack-rules.cpp @@ -194,6 +194,12 @@ void SmackRules::installApplicationRules( updatePackageRules(pkgName, pkgLabels); } +bool SmackRules::isPrivilegeMappingEnabled() const +{ + static bool isEnabled = m_templateMgr.isPrivilegeMappingEnabled(); + return isEnabled; +} + void SmackRules::enablePrivilegeRules( const Smack::Label &appProcessLabel, const std::string &pkgName, diff --git a/src/common/template-manager.cpp b/src/common/template-manager.cpp index 49b8c9a..9f64892 100644 --- a/src/common/template-manager.cpp +++ b/src/common/template-manager.cpp @@ -109,6 +109,11 @@ void TemplateManager::loadFiles() } } +bool TemplateManager::isPrivilegeMappingEnabled() const +{ + return !m_privMapping.empty(); +} + TemplateManager::PrivMapping TemplateManager::getPrivMapping(const std::string &privName) const {