From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Fri, 14 Feb 2025 16:28:42 +0000 (+0100)
Subject: Add system_access to forbidden groups
X-Git-Tag: accepted/tizen/unified/20250217.155039~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F90%2F319690%2F2;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git

Add system_access to forbidden groups

Change-Id: Ied3b85b25b348529ea74d748719464accb6d7d64
---

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 68e1f1f0..072f395e 100644
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -1858,9 +1858,11 @@ int ServiceImpl::getForbiddenAndAllowedGroups(
         vectorRemoveDuplicates(allowedGroups); // sorted
 
         auto &gids = m_privilegeGids.getGids(); // sorted
-        forbiddenGroups.reserve(gids.size());
+        forbiddenGroups.reserve(gids.size() + 1);
         std::set_difference(gids.begin(), gids.end(), allowedGroups.begin(), allowedGroups.end(),
                 std::back_inserter(forbiddenGroups)); // sorted
+        if (!smack_simple_check())
+            forbiddenGroups.emplace_back(getSystemAccessGid());
     } catch (const std::runtime_error &) {
         return SECURITY_MANAGER_ERROR_UNKNOWN;
     } catch (const std::bad_alloc &e) {