From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Mon, 27 Apr 2020 08:41:32 +0000 (+0200)
Subject: Properly handle missing/invalid smack privilege policy
X-Git-Tag: submit/tizen/20200514.103903~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F01%2F232001%2F6;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git

Properly handle missing/invalid smack privilege policy

Continue to read other config files if smack privilege policy is missing.
Do ignore invalid smack-privilege template rules.
Remove unnecessary code.

Change-Id: I105e541b321523fa98556614509837cbbc5c5b13
---

diff --git a/src/common/include/template-manager.h b/src/common/include/template-manager.h
index bb6aba9c..13440e8e 100644
--- a/src/common/include/template-manager.h
+++ b/src/common/include/template-manager.h
@@ -46,7 +46,6 @@ public:
         APP_RULES_TEMPLATE,
         PKG_RULES_TEMPLATE,
         AUTHOR_RULES_TEMPLATE,
-        PRIV_DEFAULT_RULES_TEMPLATE,
         PRIV_RULES_TEMPLATE
     };
     void init();
diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
index 68aac2ff..1a2928e8 100644
--- a/src/common/smack-rules.cpp
+++ b/src/common/smack-rules.cpp
@@ -141,6 +141,7 @@ void SmackRules::addFromPrivTemplate(
             LogWarning("Unsupported rule <"
                        << rule.subject << " " << rule.object << " " << rule.permissions
                        << "> detected. Ignoring");
+            continue;
         }
 
         strReplace(rule.subject, SMACK_PROCESS_LABEL_TEMPLATE, appProcessLabel);
diff --git a/src/common/template-manager.cpp b/src/common/template-manager.cpp
index c41fa693..9aa0f397 100644
--- a/src/common/template-manager.cpp
+++ b/src/common/template-manager.cpp
@@ -42,8 +42,7 @@ const std::string PRIV_TEMPLATE_DEFAULT_FILE = PRIV_MAPPING_SUBDIR + "/"
 const std::map<TemplateManager::Type, std::string> TEMPLATE_PATH_MAP = {
     {TemplateManager::Type::APP_RULES_TEMPLATE, "app-rules-template.smack"},
     {TemplateManager::Type::PKG_RULES_TEMPLATE, "pkg-rules-template.smack"},
-    {TemplateManager::Type::AUTHOR_RULES_TEMPLATE, "author-rules-template.smack"},
-    {TemplateManager::Type::PRIV_DEFAULT_RULES_TEMPLATE, PRIV_TEMPLATE_DEFAULT_FILE}
+    {TemplateManager::Type::AUTHOR_RULES_TEMPLATE, "author-rules-template.smack"}
 };
 
 const std::string PRIV_TEMPLATE_DEFAULT = "default";
@@ -76,14 +75,19 @@ std::string TemplateManager::getPolicyFile(enum TemplateManager::Type policyFile
 void TemplateManager::loadFiles()
 {
     std::string path = m_rootDir + "/" + PRIVILEGE_SMACK_LIST_FILE;
-    auto raw = ConfigFile(path).read();
+    std::vector<std::vector<std::string>> raw;
+    try {
+        raw = ConfigFile(path).read();
+    } catch (const FS::Exception::FileError& e) {
+        LogWarning(e.GetMessage());
+    }
     for(auto &privMapping : raw) {
 
         if (privMapping.size() != 3) {
-            std::string errorMsg = "Invalid mapping template: " + std::to_string(privMapping.size())
+            std::string warningMsg = "Invalid mapping template: " + std::to_string(privMapping.size())
                 + " tokens in file " + path + ". Expected 3.";
-            LogError(errorMsg);
-            ThrowMsg(SmackException::FileError, errorMsg);
+            LogWarning(warningMsg);
+            continue;
         }
 
         auto &privName = privMapping[0];