From 0bbd03e144f6f90ebf79b9c05faf1aca708b12d9 Mon Sep 17 00:00:00 2001
From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Wed, 17 Apr 2013 18:16:30 +0200
Subject: [PATCH] Added support for gids in add_new_feature API

[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] add_new_feature API needed
[Solution] Support for guids implemented

[Verification] libprivilege-control-test --output=text --regexp=add_api_feature
should pass

Change-Id: Ib2ee5c2f5f429031c4595bc26d0dabb89942b145
---
 include/privilege-control.h |  4 ++-
 src/privilege-control.c     | 82 +++++++++++++++++++++++++++++++++++++++------
 2 files changed, 74 insertions(+), 12 deletions(-)

diff --git a/include/privilege-control.h b/include/privilege-control.h
index a67a2f4..62dcffd 100644
--- a/include/privilege-control.h
+++ b/include/privilege-control.h
@@ -20,6 +20,7 @@
  */
 
 #include <stdbool.h>
+#include <sys/types.h>
 
 #ifndef _PRIVILEGE_CONTROL_H_
 #define _PRIVILEGE_CONTROL_H_
@@ -292,7 +293,8 @@ int app_revoke_access(const char* subject, const char* object);
 int add_api_feature(app_type_t app_type,
 					const char* api_feature_name,
 					const char** set_smack_rule_set,
-					int** list_of_db_gids);
+					const gid_t* list_of_db_gids,
+					size_t list_size);
 
 #ifdef __cplusplus
 }
diff --git a/src/privilege-control.c b/src/privilege-control.c
index e35639e..eed750e 100644
--- a/src/privilege-control.c
+++ b/src/privilege-control.c
@@ -1597,42 +1597,102 @@ static int parse_and_save_rules(const char** smack_rules,
 	close(fd);
 	return ret;
 }
-#endif
 
-API int add_api_feature(app_type_t app_type, const char* api_feature_name,
-		const char** smack_rules, int** list_of_db_gids) {
+static int save_gids(FILE* file, const gid_t* list_of_db_gids, size_t list_size) {
+	int ret = PC_OPERATION_SUCCESS;
+	int written = 0;
+	size_t i = 0;
+
+	if (file == NULL) {
+		C_LOGE("Unable to create file. Error: %s", strerror(errno));
+		return PC_ERR_FILE_OPERATION;	// TODO remove smack accesses?
+	}
+
+	if(-1 == fchmod(fileno(file), 0644)) {
+		C_LOGE("Unable to chmod file. Error: %s", strerror(errno));
+		return PC_ERR_FILE_OPERATION;
+	}
+
+	for (i = 0; i < list_size ; ++i) {
+		written = fprintf(file, "%u\n", list_of_db_gids[i]);
+		if (written <= 0) {
+			C_LOGE("fprintf failed for file. Error: %s", strerror(errno));
+			ret = PC_ERR_FILE_OPERATION;
+			break;
+		}
+	}
+	return ret;
+}
+#endif // SMACK_ENABLED
+
+API int add_api_feature(app_type_t app_type,
+						const char* api_feature_name,
+						const char** smack_rules,
+						const gid_t* list_of_db_gids,
+						size_t list_size) {
 	C_LOGD("Enter function: %s", __func__);
+
 #ifdef SMACK_ENABLED
 	int ret = PC_OPERATION_SUCCESS;
-	char* feature_file = NULL;
+	char* smack_file = NULL;
+	char* dac_file = NULL;
 	struct smack_accesses* accesses = NULL;
+	FILE* file = NULL;
 
 	// TODO check process capabilities
 
-	// get feature file name
-	ret = perm_file_path(&feature_file, app_type, api_feature_name, ".smack");
+	// get feature SMACK file name
+	ret = perm_file_path(&smack_file, app_type, api_feature_name, ".smack");
 	if (ret != PC_OPERATION_SUCCESS ) {
 		return ret;
 	}
 
 	// check if feature exists
-	if (file_exists(feature_file)) {
-		C_LOGE("Feature file %s already exists", feature_file);
+	if (file_exists(smack_file)) {
+		C_LOGE("Feature file %s already exists", smack_file);
 		return PC_ERR_INVALID_PARAM;
 	}
 
+	// check .dac existence only if gids are supported
+	if (list_of_db_gids && list_size > 0) {
+		// get feature DAC file name
+		ret = perm_file_path(&dac_file, app_type, api_feature_name, ".dac");
+		if (ret != PC_OPERATION_SUCCESS ) {
+			return ret;
+		}
+
+		// check if feature exists
+		if (file_exists(dac_file)) {
+			C_LOGE("Feature file %s already exists", dac_file);
+			return PC_ERR_INVALID_PARAM;
+		}
+	}
+
 	// parse & save rules
-	if (smack_rules != NULL ) {
+	if (smack_rules) {
 		if (smack_accesses_new(&accesses)) {
 			C_LOGE("smack_acceses_new failed");
 			return PC_ERR_MEM_OPERATION;
 		}
 
-		ret = parse_and_save_rules(smack_rules, accesses, feature_file);
+		ret = parse_and_save_rules(smack_rules, accesses, smack_file);
 		smack_accesses_free(accesses);
 	}
 
-	// TODO go through gid list
+	// go through gid list
+	if (ret == PC_OPERATION_SUCCESS && list_of_db_gids && list_size > 0) {
+		// save to file
+		file = fopen(dac_file, "w+");
+		ret = save_gids(file, list_of_db_gids, list_size);
+		fclose(file);
+	}
+
+	// remove both files in case of failure
+	if (ret != PC_OPERATION_SUCCESS) {
+		unlink(smack_file);
+		unlink(dac_file);
+	}
+
 	return ret;
 #else
 	return PC_OPERATION_SUCCESS;
-- 
2.7.4