From 16c05979760bd7abc65eab62cb621f0dd2638559 Mon Sep 17 00:00:00 2001 From: Zofia Abramowska Date: Wed, 7 Dec 2016 11:23:36 +0100 Subject: [PATCH] Add transmute rule between non-hybrid app and RW path After app process label refactoring there were no more rule for transmute between label of app process and label of path RW for non-hybrid (because labels were the same). This introduced problem with transmute inheritance : main app directory had transmute, but it wasn't inherited by subdirectories. This commit brings back rule between app process label and path RW label even when both labels are the same. Also proper policy migration is created, so already installed apps have this rule also generated. Change-Id: I98a34a29b2c2490d1dcafd43a117b509a763d72e --- policy/updates/update-policy-to-v4.sh | 38 +++++++++++++++++++++++++++++++++++ src/common/smack-rules.cpp | 2 -- 2 files changed, 38 insertions(+), 2 deletions(-) create mode 100755 policy/updates/update-policy-to-v4.sh diff --git a/policy/updates/update-policy-to-v4.sh b/policy/updates/update-policy-to-v4.sh new file mode 100755 index 0000000..dbd7d84 --- /dev/null +++ b/policy/updates/update-policy-to-v4.sh @@ -0,0 +1,38 @@ +#!/bin/sh -e + +export PATH=/sbin:/usr/sbin:/bin:/usr/bin + +. /etc/tizen-platform.conf + +systemctl stop security-manager.service security-manager.socket + + +app_label_nonhybrid=`mktemp` + +### Fetch application label mapping +sqlite3 >$app_label_nonhybrid -noheader -separator ' ' $TZ_SYS_DB/.security-manager.db ' +SELECT DISTINCT + app_name, + "User::Pkg::" || pkg_name + FROM user_app_pkg_view + WHERE is_hybrid=0' + +echo "Migrating policy for `sort -u $app_label_nonhybrid | wc -l` applications" + +### Migrate security-manager Smack policy +echo "Migrating Smack policy" + +cd $TZ_SYS_VAR/security-manager + +cat $app_label_nonhybrid | +while read app_name app_label +do + echo "$app_label $app_label rwxat-" >> rules/app_$app_name +done + +cat rules/* | tee rules-merged/rules.merged | smackload + +systemctl start security-manager.service security-manager.socket + +echo "Migration successful" +rm -f $app_label_nonhybrid diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp index 6cf2bbb..3629afb 100644 --- a/src/common/smack-rules.cpp +++ b/src/common/smack-rules.cpp @@ -235,8 +235,6 @@ void SmackRules::addFromTemplate( if (subject.empty() || object.empty()) continue; - if (subject == object) - continue; add(subject, object, permissions); } } -- 2.7.4