From: Filip Skrzeczkowski <f.skrzeczkow@samsung.com>
Date: Fri, 28 Feb 2025 13:48:25 +0000 (+0100)
Subject: Fix security_manager_set_identity with author id
X-Git-Tag: accepted/tizen/unified/20250313.164542~3
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F45%2F320445%2F6;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git

Fix security_manager_set_identity with author id

Change-Id: Ia5e0712817c74704d6943eae6ed79e8d29713cea
---

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index 5b863f5e..d5c3265b 100644
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -2444,21 +2444,17 @@ int security_manager_set_identity(
         return SECURITY_MANAGER_ERROR_SERVER_ERROR;
     }
 
-    auto setSytemUid = [&]() -> int {
-        return try_catch([&]() -> int {
-            auto systemUid = getSystemUid();
+    switch (type) {
+    case (process_type::SM_PROCESS_TYPE_SYSTEM):
+    case (process_type::SM_PROCESS_TYPE_SYSTEM_PRIVILEGED):
+        return try_catch([&] {
+            uid_t systemUid = getSystemUid();
             if (setuid(systemUid)) {
-                LogError("Failed to set UID " << systemUid << " for current process");
+                LogErrno("Failed to set UID " << systemUid << " for current process");
                 return SECURITY_MANAGER_ERROR_UNKNOWN;
             }
             return SECURITY_MANAGER_SUCCESS;
         });
-    };
-
-    switch (type) {
-    case (process_type::SM_PROCESS_TYPE_SYSTEM):
-    case (process_type::SM_PROCESS_TYPE_SYSTEM_PRIVILEGED):
-        return setSytemUid();
     case (process_type::SM_PROCESS_TYPE_APP):
         if (app_id == nullptr) {
             LogError("app_id is NULL");
@@ -2490,20 +2486,22 @@ int security_manager_set_identity(
             return ret;
         }
 
-        if (setuid(puid)) {
-            LogError("Failed to set UID " << puid << "for current process");
-            return SECURITY_MANAGER_ERROR_UNKNOWN;
+        // It's important to assign the group first and only then change the PUID
+        if (!agidString.empty())
+        {
+            gid_t groups[] = { agid };
+            if (setgroups(1, groups)) {
+                LogErrno("Failed to set supplementary group " << agid << " for current process");
+                return SECURITY_MANAGER_ERROR_UNKNOWN;
+            }
         }
 
-        if (agidString.empty())
-            return SECURITY_MANAGER_SUCCESS;
-
-        gid_t groups[] = { agid };
-        if (setgroups(1, groups)) {
-            LogError("Failed to set supplementary group " << agid << "for current process");
+        if (setuid(puid)) {
+            LogErrno("Failed to set UID " << puid << " for current process");
             return SECURITY_MANAGER_ERROR_UNKNOWN;
         }
+
         return SECURITY_MANAGER_SUCCESS;
     }
-    return SECURITY_MANAGER_SUCCESS;
+    return SECURITY_MANAGER_ERROR_SERVER_ERROR;
 }
diff --git a/src/common/utils.cpp b/src/common/utils.cpp
index 3ebca7e5..3e5590b3 100644
--- a/src/common/utils.cpp
+++ b/src/common/utils.cpp
@@ -133,7 +133,7 @@ uid_t getUidByName(const std::string& name) {
 }
 
 uid_t getSystemUid() {
-    const static uid_t uid = getGidByName("system");
+    const static uid_t uid = getUidByName("system");
     return uid;
 }