From 24eccb60e6737b06741526fb9ef21743fb887af3 Mon Sep 17 00:00:00 2001 From: Zbigniew Jasinski Date: Fri, 7 Oct 2016 18:36:53 +0200 Subject: [PATCH] Remove CynaraAdmin singleton Change-Id: Ib13d1a8306f2abd8bcf40765185a079840edaf11 Signed-off-by: Zbigniew Jasinski --- src/common/cynara.cpp | 20 ++++++---------- src/common/include/cynara.h | 5 +--- src/common/include/service_impl.h | 1 + src/common/service_impl.cpp | 50 +++++++++++++++++++-------------------- 4 files changed, 34 insertions(+), 42 deletions(-) diff --git a/src/common/cynara.cpp b/src/common/cynara.cpp index f95602e..8031782 100644 --- a/src/common/cynara.cpp +++ b/src/common/cynara.cpp @@ -267,12 +267,6 @@ CynaraAdmin::~CynaraAdmin() cynara_admin_finish(m_CynaraAdmin); } -CynaraAdmin &CynaraAdmin::getInstance() -{ - static CynaraAdmin cynaraAdmin; - return cynaraAdmin; -} - void CynaraAdmin::SetPolicies(const std::vector &policies) { if (policies.empty()) { @@ -307,7 +301,7 @@ void CynaraAdmin::UpdateAppPolicy( const std::vector &privileges, std::function isPrivacy) { - auto calcPolicies = [&label]( + auto calcPolicies = [&]( const std::string &user, const std::vector &privileges, const std::string &bucket, @@ -317,7 +311,7 @@ void CynaraAdmin::UpdateAppPolicy( std::vector oldPolicies; std::unordered_set privilegesSet(privileges.begin(), privileges.end()); - CynaraAdmin::getInstance().ListPolicies(bucket, label, user, + ListPolicies(bucket, label, user, CYNARA_ADMIN_ANY, oldPolicies); // Compare previous policies with set of new requested privileges @@ -382,7 +376,7 @@ void CynaraAdmin::GetAppPolicy(const std::string &label, const std::string &user std::vector &privileges) { std::vector policies; - CynaraAdmin::getInstance().ListPolicies( + ListPolicies( CynaraAdmin::Buckets.at(Bucket::MANIFESTS), label, user, CYNARA_ADMIN_ANY, policies); @@ -434,7 +428,7 @@ void CynaraAdmin::UserInit(uid_t uid, security_manager_user_type userType, int askUserPolicy = convertToPolicyType(Config::PRIVACY_POLICY_DESC); std::vector appPolicies; - CynaraAdmin::getInstance().ListPolicies(CynaraAdmin::Buckets.at(Bucket::MANIFESTS), + ListPolicies(CynaraAdmin::Buckets.at(Bucket::MANIFESTS), CYNARA_ADMIN_ANY, CYNARA_ADMIN_WILDCARD, CYNARA_ADMIN_ANY, appPolicies); @@ -447,13 +441,13 @@ void CynaraAdmin::UserInit(uid_t uid, security_manager_user_type userType, Buckets.at(Bucket::PRIVACY_MANAGER))); } - CynaraAdmin::getInstance().SetPolicies(policies); + SetPolicies(policies); } void CynaraAdmin::ListUsers(std::vector &listOfUsers) { std::vector tmpListOfUsers; - CynaraAdmin::getInstance().ListPolicies( + ListPolicies( CynaraAdmin::Buckets.at(Bucket::MAIN), CYNARA_ADMIN_WILDCARD, CYNARA_ADMIN_ANY, @@ -487,7 +481,7 @@ security_manager_user_type CynaraAdmin::GetUserType(uid_t uid) { std::string uidStr = std::to_string(uid); std::vector tmpListOfUsers; - CynaraAdmin::getInstance().ListPolicies( + ListPolicies( CynaraAdmin::Buckets.at(Bucket::MAIN), CYNARA_ADMIN_WILDCARD, uidStr, diff --git a/src/common/include/cynara.h b/src/common/include/cynara.h index 511813c..48dcc40 100644 --- a/src/common/include/cynara.h +++ b/src/common/include/cynara.h @@ -112,8 +112,7 @@ public: typedef std::map DescriptionToTypeMap; virtual ~CynaraAdmin(); - - static CynaraAdmin &getInstance(); + CynaraAdmin(); /** * Update Cynara policies. @@ -290,8 +289,6 @@ public: const std::string &privilege); private: - CynaraAdmin(); - /** * Empty bucket using filter - matching rules will be removed * diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h index 5d13d66..b30e9f9 100644 --- a/src/common/include/service_impl.h +++ b/src/common/include/service_impl.h @@ -299,6 +299,7 @@ private: Cynara m_cynara; PrivilegeDb m_priviligeDb; + CynaraAdmin m_cynaraAdmin; }; diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index c9ddd57..d89d7d1 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -129,7 +129,7 @@ int ServiceImpl::validatePolicy(policy_entry &policyEntry, std::string uidStr, b level = CYNARA_ADMIN_DELETE; } else { try { - level = CynaraAdmin::getInstance().convertToPolicyType(policyEntry.maxLevel); + level = m_cynaraAdmin.convertToPolicyType(policyEntry.maxLevel); } catch (const std::out_of_range& e) { LogError("policy max level cannot be: " << policyEntry.maxLevel); return SECURITY_MANAGER_ERROR_INPUT_PARAM; @@ -151,7 +151,7 @@ int ServiceImpl::validatePolicy(policy_entry &policyEntry, std::string uidStr, b level = CYNARA_ADMIN_DELETE; } else { try { - level = CynaraAdmin::getInstance().convertToPolicyType(policyEntry.currentLevel); + level = m_cynaraAdmin.convertToPolicyType(policyEntry.currentLevel); } catch (const std::out_of_range& e) { LogError("policy current level cannot be: " << policyEntry.currentLevel); return SECURITY_MANAGER_ERROR_INPUT_PARAM; @@ -537,7 +537,7 @@ int ServiceImpl::appInstall(const Credentials &creds, app_inst_req &&req) /* Get all application ids in the package to generate rules withing the package */ getPkgLabels(req.pkgName, pkgLabels); m_priviligeDb.GetPkgAuthorId(req.pkgName, authorId); - CynaraAdmin::getInstance().UpdateAppPolicy(appLabel, cynaraUserStr, req.privileges, isPrivilegePrivacy); + m_cynaraAdmin.UpdateAppPolicy(appLabel, cynaraUserStr, req.privileges, isPrivilegePrivacy); if (hasSharedRO) m_priviligeDb.SetSharedROPackage(req.pkgName); @@ -701,7 +701,7 @@ int ServiceImpl::appUninstall(const Credentials &creds, app_inst_req &&req) m_priviligeDb.GetPackagesInfo(pkgsInfo); getPkgsProcessLabels(pkgsInfo, pkgsProcessLabels); - CynaraAdmin::getInstance().UpdateAppPolicy(processLabel, cynaraUserStr, + m_cynaraAdmin.UpdateAppPolicy(processLabel, cynaraUserStr, std::vector(), isPrivilegePrivacy); m_priviligeDb.CommitTransaction(); LogDebug("Application uninstallation commited to database"); @@ -809,8 +809,8 @@ int ServiceImpl::getAppGroups(const Credentials &creds, const std::string &appNa std::vector privileges; std::string uidStr = std::to_string(creds.uid); - CynaraAdmin::getInstance().GetAppPolicy(appProcessLabel, uidStr, privileges); - CynaraAdmin::getInstance().GetAppPolicy(appProcessLabel, CYNARA_ADMIN_WILDCARD, privileges); + m_cynaraAdmin.GetAppPolicy(appProcessLabel, uidStr, privileges); + m_cynaraAdmin.GetAppPolicy(appProcessLabel, CYNARA_ADMIN_WILDCARD, privileges); vectorRemoveDuplicates(privileges); @@ -856,7 +856,7 @@ int ServiceImpl::userAdd(const Credentials &creds, uid_t uidAdded, int userType) return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED; } try { - CynaraAdmin::getInstance().UserInit(uidAdded, static_cast(userType), isPrivilegePrivacy); + m_cynaraAdmin.UserInit(uidAdded, static_cast(userType), isPrivilegePrivacy); PermissibleSet::initializeUserPermissibleFile(uidAdded); } catch (CynaraException::InvalidParam &e) { return SECURITY_MANAGER_ERROR_INPUT_PARAM; @@ -909,7 +909,7 @@ int ServiceImpl::userDelete(const Credentials &creds, uid_t uidDeleted) } } - CynaraAdmin::getInstance().UserRemove(uidDeleted); + m_cynaraAdmin.UserRemove(uidDeleted); return ret; } @@ -958,7 +958,7 @@ int ServiceImpl::policyUpdate(const Credentials &creds, const std::vector listOfPrivileges; - CynaraAdmin::getInstance().GetAppPolicy(appProcessLabel, userStr, listOfPrivileges); - CynaraAdmin::getInstance().GetAppPolicy(appProcessLabel, CYNARA_ADMIN_WILDCARD, listOfPrivileges); + m_cynaraAdmin.GetAppPolicy(appProcessLabel, userStr, listOfPrivileges); + m_cynaraAdmin.GetAppPolicy(appProcessLabel, CYNARA_ADMIN_WILDCARD, listOfPrivileges); if (filter.privilege.compare(SECURITY_MANAGER_ANY)) { LogDebug("Limitting Cynara query to privilege: " << filter.privilege); @@ -1190,12 +1190,12 @@ int ServiceImpl::getPolicy(const Credentials &creds, const policy_entry &filter, pe.user = userStr; pe.privilege = privilege; - pe.currentLevel = CynaraAdmin::getInstance().convertToPolicyDescription( - CynaraAdmin::getInstance().GetPrivilegeManagerCurrLevel( + pe.currentLevel = m_cynaraAdmin.convertToPolicyDescription( + m_cynaraAdmin.GetPrivilegeManagerCurrLevel( appProcessLabel, userStr, privilege)); - pe.maxLevel = CynaraAdmin::getInstance().convertToPolicyDescription( - CynaraAdmin::getInstance().GetPrivilegeManagerMaxLevel( + pe.maxLevel = m_cynaraAdmin.convertToPolicyDescription( + m_cynaraAdmin.GetPrivilegeManagerMaxLevel( appProcessLabel, userStr, privilege)); LogDebug( @@ -1233,7 +1233,7 @@ int ServiceImpl::policyGetDesc(std::vector &levels) int ret = SECURITY_MANAGER_SUCCESS; try { - CynaraAdmin::getInstance().ListPoliciesDescriptions(levels); + m_cynaraAdmin.ListPoliciesDescriptions(levels); } catch (const CynaraException::OutOfMemory &e) { LogError("Error - out of memory while querying Cynara for policy descriptions list: " << e.DumpToString()); return SECURITY_MANAGER_ERROR_MEMORY; @@ -1270,7 +1270,7 @@ int ServiceImpl::policyGroupsForUid(uid_t uid, std::vector &groups) int ret = SECURITY_MANAGER_SUCCESS; try { - auto userType = CynaraAdmin::getInstance().GetUserType(uid); + auto userType = m_cynaraAdmin.GetUserType(uid); if (userType == SM_USER_TYPE_NONE) { return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT; @@ -1303,7 +1303,7 @@ int ServiceImpl::policyGroupsForUid(uid_t uid, std::vector &groups) m_priviligeDb.GetGroupsRelatedPrivileges(group2privVector); for (const auto &g2p : group2privVector) { - CynaraAdmin::getInstance().Check(CYNARA_ADMIN_ANY, uidStr, g2p.second, + m_cynaraAdmin.Check(CYNARA_ADMIN_ANY, uidStr, g2p.second, bucket, result, resultExtra, true); if (result == CYNARA_ADMIN_ALLOW) groups.push_back(g2p.first); -- 2.7.4