From 3edbd0fad8dae864d431f7cd410c41ce3bd0833a Mon Sep 17 00:00:00 2001 From: "Sabera Djelti (sdi2)" Date: Tue, 9 Sep 2014 16:24:03 +0200 Subject: [PATCH] Implement Multi user changes Change-Id: I87318a64e4dbc7da35d0d9a0aa85a9b18cf07773 Signed-off-by: Sabera Djelti (sdi2) Signed-off-by: Baptiste DURAND --- CMakeLists.txt | 8 ++++--- ail.pc.in | 2 +- include/ail.h | 5 ++--- packaging/ail.spec | 41 +++++++++++++----------------------- src/ail_db.c | 60 +++++++++++++++++++++++++++++++++-------------------- src/ail_desktop.c | 58 +++++++++++++++++++++++++-------------------------- src/ail_filter.c | 4 ++-- tool/CMakeLists.txt | 2 +- tool/src/ail_fota.c | 34 +++++++++++++++--------------- tool/src/initdb.c | 40 +++++++++++++++++------------------ 10 files changed, 129 insertions(+), 125 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index bb44991..dd55024 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -33,10 +33,12 @@ INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include) INCLUDE(FindPkgConfig) -pkg_check_modules(LDPC REQUIRED libtzplatform-config) +pkg_check_modules(LDPC REQUIRED libtzplatform-config libsmack) +FOREACH(flag ${LDPC_LIBRARIES}) + SET(PC_LIB "${PC_LIB} -l${flag}") +ENDFOREACH(flag) - -pkg_check_modules(LPKGS REQUIRED glib-2.0 sqlite3 dlog db-util xdgmime vconf libtzplatform-config libsmack) +pkg_check_modules(LPKGS REQUIRED glib-2.0 sqlite3 dlog db-util xdgmime vconf libtzplatform-config) STRING(REPLACE ";" " " EXTRA_CFLAGS "${LPKGS_CFLAGS}") SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden") diff --git a/ail.pc.in b/ail.pc.in index 0ca14cc..a267813 100644 --- a/ail.pc.in +++ b/ail.pc.in @@ -7,5 +7,5 @@ Name: ail Description: Application Information Library Version: @VERSION@ Requires: sqlite3 vconf dlog db-util -Libs: -L@LIBDIR@ -lail -l@LDPC_LIBRARIES@ +Libs: -L@LIBDIR@ -lail @PC_LIB@ Cflags: -I@INCLUDEDIR@ diff --git a/include/ail.h b/include/ail.h index def4027..e745c61 100755 --- a/include/ail.h +++ b/include/ail.h @@ -35,11 +35,10 @@ #define GROUP_MENU 6010 #define GLOBAL_USER tzplatform_getuid(TZ_SYS_GLOBALAPP_USER) #define BUFSZE 1024 -#define OPT_DESKTOP_DIRECTORY tzplatform_getenv(TZ_SYS_RW_DESKTOP_APP) #define USR_DESKTOP_DIRECTORY tzplatform_getenv(TZ_SYS_RO_DESKTOP_APP) #define APP_INFO_DB_FILE tzplatform_mkpath(TZ_SYS_DB,".app_info.db") #define APP_INFO_DB_FILE_JOURNAL tzplatform_mkpath(TZ_SYS_DB,".app_info.db-journal") -#define APP_INFO_DB_LABEL "_" +#define APP_INFO_DB_LABEL "*" #ifdef __cplusplus extern "C" { @@ -440,7 +439,7 @@ typedef enum { * * @see ail_filter_list_appinfo_foreach() */ -typedef ail_cb_ret_e (*ail_list_appinfo_cb) (const ail_appinfo_h appinfo_h, void *user_data); +typedef ail_cb_ret_e (*ail_list_appinfo_cb) (const ail_appinfo_h appinfo_h, void *user_data,uid_t uid); /** * @fn ail_error_e ail_error_e ail_filter_list_appinfo_foreach(ail_filter_h filter, ail_list_appinfo_cb func, void *user_data) diff --git a/packaging/ail.spec b/packaging/ail.spec index e124478..95bc2c3 100755 --- a/packaging/ail.spec +++ b/packaging/ail.spec @@ -16,6 +16,7 @@ BuildRequires: pkgconfig(vconf) BuildRequires: pkgconfig(xdgmime) BuildRequires: pkgconfig(libtzplatform-config) Provides: libail = %{version}-%{release} +Requires: libcap-tools %description Application Information Library package @@ -24,6 +25,7 @@ Application Information Library package Summary: Application Information Library Development files Requires: libail = %{version}-%{release} Requires: pkgconfig(libtzplatform-config) +Requires: pkgconfig(libsmack) %description devel Application Information Library Development files package @@ -50,9 +52,6 @@ export FFLAGS="$FFLAGS -DTIZEN_ENGINEER_MODE" %install %make_install -mkdir -p %{buildroot}%{TZ_SYS_DB}/ -mkdir -p %{buildroot}%{TZ_SYS_RW_DESKTOP_APP}/ - %post /sbin/ldconfig vconftool set -t string db/ail/ail_info "0" -f -s system::vconf_inhouse @@ -65,32 +64,22 @@ chsmack -a User %TZ_SYS_CONFIG/db/menuscreen/desktop chsmack -a User %TZ_SYS_CONFIG/db/menu_widget chsmack -a User %TZ_SYS_CONFIG/db/menu_widget/language -CHDBGID="6010" - -update_DAC_for_db_file() -{ - if [ ! -f $@ ]; then - touch $@ - fi - - chown :$CHDBGID $@ 2>/dev/null - if [ $? -ne 0 ]; then - echo "Failed to change the owner of $@" - fi - chmod 664 $@ 2>/dev/null - if [ $? -ne 0 ]; then - echo "Failed to change the perms of $@" - fi -} -ail_initdb 2>/dev/null mkdir -p %{TZ_SYS_RO_DESKTOP_APP} mkdir -p %{TZ_SYS_RW_DESKTOP_APP} +mkdir -p %{TZ_SYS_RW_APP} mkdir -p %{TZ_SYS_DB} -update_DAC_for_db_file %{TZ_SYS_DB}/.app_info.db -update_DAC_for_db_file %{TZ_SYS_DB}/.app_info.db-journal -chsmack -a 'User' %{TZ_SYS_DB}/.app_info.db* +chsmack -a '*' %{TZ_SYS_DB} +chsmack -a '*' %{TZ_SYS_RW_APP} +chsmack -a '*' %{TZ_SYS_RW_DESKTOP_APP} +chsmack -a '*' %{TZ_SYS_RO_DESKTOP_APP} +chmod g+w %{TZ_SYS_RW_DESKTOP_APP} +chmod g+w %{TZ_SYS_RO_DESKTOP_APP} + +ail_initdb 2>/dev/null +chsmack -a '*' %{TZ_SYS_DB}/.app_info.db* + %postun /sbin/ldconfig if [ $1 == 0 ]; then @@ -100,9 +89,7 @@ fi %files %manifest %{name}.manifest %license LICENSE -%dir %{TZ_SYS_RW_DESKTOP_APP} -%{_bindir}/ail_initdb -%{_bindir}/ail_initdb +%attr(06775,root,root) %{_bindir}/ail_initdb %{_bindir}/ail_fota %{_bindir}/ail_desktop %{_bindir}/ail_filter diff --git a/src/ail_db.c b/src/ail_db.c index 1a3ac89..bfa3ced 100755 --- a/src/ail_db.c +++ b/src/ail_db.c @@ -42,6 +42,11 @@ #define QUERY_CREATE_VIEW_LOCAL "CREATE temp VIEW localname as select distinct * from (select * from main.localname m union select * from Global.localname g)" +#define SET_SMACK_LABEL(x,uid) \ + if(smack_setlabel((x), (((uid) == GLOBAL_USER)?"*":"User"), SMACK_LABEL_ACCESS)) _E("failed chsmack -a \"User/*\" %s", x); \ + else _D("chsmack -a \"User/*\" %s", x); + + #define retv_with_dbmsg_if(expr, val) do { \ if (expr) { \ _E("db_info.dbUserro: %s", sqlite3_errmsg(db_info.dbUserro)); \ @@ -69,35 +74,34 @@ static __thread struct { }; static __thread sqlite3 *dbInit = NULL; -static int ail_db_change_perm(const char *db_file) +static int ail_db_change_perm(const char *db_file, uid_t uid) { char buf[BUFSIZE]; char journal_file[BUFSIZE]; char *files[3]; int ret, i; - struct group *grpinfo = NULL; - const char *name = "users"; - + struct passwd *userinfo = NULL; files[0] = (char *)db_file; files[1] = journal_file; files[2] = NULL; retv_if(!db_file, AIL_ERROR_FAIL); - if(getuid()) //At this time we should be root to apply this + if(getuid() != OWNER_ROOT) //At this time we should be root to apply this return AIL_ERROR_OK; - + userinfo = getpwuid(uid); + if (!userinfo) { + _E("FAIL: user %d doesn't exist", uid); + return AIL_ERROR_FAIL; + } snprintf(journal_file, sizeof(journal_file), "%s%s", db_file, "-journal"); for (i = 0; files[i]; i++) { - grpinfo = getgrnam(name); - if(grpinfo == NULL) - _E("getgrnam(users) returns NULL !"); - // Compare git_t type and not group name - ret = chown(files[i], OWNER_ROOT, grpinfo->gr_gid); + ret = chown(files[i], uid, userinfo->pw_gid); + SET_SMACK_LABEL(files[i],uid) if (ret == -1) { strerror_r(errno, buf, sizeof(buf)); - _E("FAIL : chown %s %d.%d, because %s", db_file, OWNER_ROOT, grpinfo->gr_gid, buf); + _E("FAIL : chown %s %d.%d, because %s", db_file, uid, userinfo->pw_gid, buf); return AIL_ERROR_FAIL; } @@ -119,8 +123,11 @@ char* ail_get_icon_path(uid_t uid) char *dir = NULL; struct passwd *userinfo = getpwuid(uid); + if (uid == 0) { + _E("FAIL : Root is not allowed user! please fix it replacing with DEFAULT_USER"); + return NULL; + } if (uid != GLOBAL_USER) { - if (userinfo == NULL) { _E("getpwuid(%d) returns NULL !", uid); return NULL; @@ -142,11 +149,12 @@ char* ail_get_icon_path(uid_t uid) int ret; mkdir(result, S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH); if (getuid() == OWNER_ROOT) { - ret = chown(result, uid, grpinfo->gr_gid); + ret = chown(result, uid, ((grpinfo)?grpinfo->gr_gid:0)); + SET_SMACK_LABEL(result,uid) if (ret == -1) { char buf[BUFSIZE]; strerror_r(errno, buf, sizeof(buf)); - _E("FAIL : chown %s %d.%d, because %s", result, uid, grpinfo->gr_gid, buf); + _E("FAIL : chown %s %d.%d, because %s", result, uid, ((grpinfo)?grpinfo->gr_gid:0), buf); } } return result; @@ -160,8 +168,11 @@ static char* ail_get_app_DB(uid_t uid) char *dir = NULL; struct passwd *userinfo = getpwuid(uid); + if (uid == 0) { + _E("FAIL : Root is not allowed! switch to DEFAULT_USER"); + return NULL; + } if (uid != GLOBAL_USER) { - if (userinfo == NULL) { _E("getpwuid(%d) returns NULL !", uid); return NULL; @@ -194,11 +205,12 @@ static char* ail_get_app_DB(uid_t uid) int ret; mkdir(temp, S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH); if (getuid() == OWNER_ROOT) { - ret = chown(dir + 1, uid, grpinfo->gr_gid); + ret = chown(temp, uid, ((grpinfo)?grpinfo->gr_gid:0)); + SET_SMACK_LABEL(temp,uid) if (ret == -1) { char buf[BUFSIZE]; strerror_r(errno, buf, sizeof(buf)); - _E("FAIL : chown %s %d.%d, because %s", dir + 1, uid, grpinfo->gr_gid, buf); + _E("FAIL : chown %s %d.%d, because %s", temp, uid, ((grpinfo)?grpinfo->gr_gid:0), buf); } } } @@ -213,8 +225,11 @@ char* al_get_desktop_path(uid_t uid) char *dir = NULL; struct passwd *userinfo = getpwuid(uid); + if (uid == 0) { + _E("FAIL : Root is not allowed user! please fix it replacing with DEFAULT_USER"); + return NULL; + } if (uid != GLOBAL_USER) { - if (userinfo == NULL) { _E("getpwuid(%d) returns NULL !", uid); return NULL; @@ -236,11 +251,12 @@ char* al_get_desktop_path(uid_t uid) if ((uid != GLOBAL_USER)||((uid == GLOBAL_USER)&& (geteuid() == 0 ))) { int ret; mkdir(result, S_IRWXU | S_IRGRP | S_IXGRP | S_IXOTH); - ret = chown(result, uid, grpinfo->gr_gid); + ret = chown(result, uid, ((grpinfo)?grpinfo->gr_gid:0)); + SET_SMACK_LABEL(result,uid) if (ret == -1) { char buf[BUFSIZE]; strerror_r(errno, buf, sizeof(buf)); - _E("FAIL : chown %s %d.%d, because %s", result, uid, grpinfo->gr_gid, buf); + _E("FAIL : chown %s %d.%d, because %s", result, uid, ((grpinfo)?grpinfo->gr_gid:0), buf); } } return result; @@ -315,7 +331,7 @@ ail_error_e db_open(db_open_mode mode, uid_t uid) ret = do_db_exec(tbls[i], dbInit); retv_if(ret != AIL_ERROR_OK, AIL_ERROR_DB_FAILED); } - if(AIL_ERROR_OK != ail_db_change_perm(ail_get_app_DB(uid))) { + if(AIL_ERROR_OK != ail_db_change_perm(ail_get_app_DB(uid), uid)) { _E("Failed to change permission\n"); } } else { diff --git a/src/ail_desktop.c b/src/ail_desktop.c index 82d2067..bcfb253 100755 --- a/src/ail_desktop.c +++ b/src/ail_desktop.c @@ -66,7 +66,7 @@ typedef enum { struct entry_parser { const char *field; - ail_error_e (*value_cb)(void *data, char *tag, char *value); + ail_error_e (*value_cb)(void *data, char *tag, char *value, uid_t uid); }; inline static char *_ltrim(char *str) @@ -131,7 +131,7 @@ typedef struct { -static ail_error_e _read_exec(void *data, char *tag, char *value) +static ail_error_e _read_exec(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; char *token_exe_path; @@ -167,7 +167,7 @@ static ail_error_e _read_exec(void *data, char *tag, char *value) -static ail_error_e _read_name(void *data, char *tag, char *value) +static ail_error_e _read_name(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -208,7 +208,7 @@ static ail_error_e _read_name(void *data, char *tag, char *value) -static ail_error_e _read_type(void *data, char *tag, char *value) +static ail_error_e _read_type(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -324,7 +324,7 @@ static ail_error_e _read_icon(void *data, char *tag, char *value, uid_t uid) -static ail_error_e _read_categories(void *data, char *tag, char *value) +static ail_error_e _read_categories(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -339,7 +339,7 @@ static ail_error_e _read_categories(void *data, char *tag, char *value) -static ail_error_e _read_version(void *data, char *tag, char *value) +static ail_error_e _read_version(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -354,7 +354,7 @@ static ail_error_e _read_version(void *data, char *tag, char *value) -static ail_error_e _read_mimetype(void *data, char *tag, char *value) +static ail_error_e _read_mimetype(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; int size, total_len = 0; @@ -416,7 +416,7 @@ static ail_error_e _read_mimetype(void *data, char *tag, char *value) -static ail_error_e _read_nodisplay(void *data, char *tag, char *value) +static ail_error_e _read_nodisplay(void *data, char *tag, char *value, uid_t uid) { desktop_info_s* info = data; @@ -430,7 +430,7 @@ static ail_error_e _read_nodisplay(void *data, char *tag, char *value) -static ail_error_e _read_x_slp_service(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_service(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -445,7 +445,7 @@ static ail_error_e _read_x_slp_service(void *data, char *tag, char *value) -static ail_error_e _read_x_slp_packagetype(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_packagetype(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -460,7 +460,7 @@ static ail_error_e _read_x_slp_packagetype(void *data, char *tag, char *value) -static ail_error_e _read_x_slp_packagecategories(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_packagecategories(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -475,7 +475,7 @@ static ail_error_e _read_x_slp_packagecategories(void *data, char *tag, char *va -static ail_error_e _read_x_slp_packageid(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_packageid(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -488,7 +488,7 @@ static ail_error_e _read_x_slp_packageid(void *data, char *tag, char *value) return AIL_ERROR_OK; } -static ail_error_e _read_x_slp_submodemainid(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_submodemainid(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -501,7 +501,7 @@ static ail_error_e _read_x_slp_submodemainid(void *data, char *tag, char *value) return AIL_ERROR_OK; } -static ail_error_e _read_x_slp_installedstorage(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_installedstorage(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -514,7 +514,7 @@ static ail_error_e _read_x_slp_installedstorage(void *data, char *tag, char *val return AIL_ERROR_OK; } -static ail_error_e _read_x_slp_uri(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_uri(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -529,7 +529,7 @@ static ail_error_e _read_x_slp_uri(void *data, char *tag, char *value) -static ail_error_e _read_x_slp_svc(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_svc(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -544,7 +544,7 @@ static ail_error_e _read_x_slp_svc(void *data, char *tag, char *value) -static ail_error_e _read_x_slp_taskmanage(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_taskmanage(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -558,7 +558,7 @@ static ail_error_e _read_x_slp_taskmanage(void *data, char *tag, char *value) -static ail_error_e _read_x_slp_multiple(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_multiple(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -572,7 +572,7 @@ static ail_error_e _read_x_slp_multiple(void *data, char *tag, char *value) -static ail_error_e _read_x_slp_removable(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_removable(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -585,7 +585,7 @@ static ail_error_e _read_x_slp_removable(void *data, char *tag, char *value) } -static ail_error_e _read_x_slp_submode(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_submode(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -597,7 +597,7 @@ static ail_error_e _read_x_slp_submode(void *data, char *tag, char *value) return AIL_ERROR_OK; } -static ail_error_e _read_x_slp_appid(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_appid(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -611,7 +611,7 @@ static ail_error_e _read_x_slp_appid(void *data, char *tag, char *value) } -static ail_error_e _read_x_slp_pkgid(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_pkgid(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -625,7 +625,7 @@ static ail_error_e _read_x_slp_pkgid(void *data, char *tag, char *value) } -static ail_error_e _read_x_slp_domain(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_domain(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -639,7 +639,7 @@ static ail_error_e _read_x_slp_domain(void *data, char *tag, char *value) } -static ail_error_e _read_x_slp_enabled(void *data, char *tag, char *value) +static ail_error_e _read_x_slp_enabled(void *data, char *tag, char *value, uid_t uid) { desktop_info_s *info = data; @@ -984,7 +984,7 @@ static ail_error_e _init_desktop_info(desktop_info_s *info, const char *package, -static ail_error_e _read_desktop_info(desktop_info_s* info) +static ail_error_e _read_desktop_info(desktop_info_s* info,uid_t uid) { char *line = NULL; FILE *fp; @@ -1027,7 +1027,7 @@ static ail_error_e _read_desktop_info(desktop_info_s* info) for (idx = 0; entry_parsers[idx].field; idx ++) { if (!g_ascii_strcasecmp(entry_parsers[idx].field, field_name) && entry_parsers[idx].value_cb) { - if (entry_parsers[idx].value_cb(info, tag, tmp) != AIL_ERROR_OK) { + if (entry_parsers[idx].value_cb(info, tag, tmp,uid) != AIL_ERROR_OK) { _E("field - [%s] is wrong.", field_name); } break; @@ -1654,7 +1654,7 @@ EXPORT_API ail_error_e ail_usr_desktop_add(const char *appid, uid_t uid) ret = _init_desktop_info(&info, appid, uid); retv_if(ret != AIL_ERROR_OK, AIL_ERROR_FAIL); - ret = _read_desktop_info(&info); + ret = _read_desktop_info(&info,uid); retv_if(ret != AIL_ERROR_OK, AIL_ERROR_FAIL); ret = _insert_desktop_info(&info, uid); @@ -1683,7 +1683,7 @@ EXPORT_API ail_error_e ail_usr_desktop_update(const char *appid, uid_t uid) ret = _init_desktop_info(&info, appid, uid); retv_if(ret != AIL_ERROR_OK, AIL_ERROR_FAIL); - ret = _read_desktop_info(&info); + ret = _read_desktop_info(&info,uid); retv_if(ret != AIL_ERROR_OK, AIL_ERROR_FAIL); ret = _update_desktop_info(&info, uid); @@ -1753,7 +1753,7 @@ EXPORT_API ail_error_e ail_usr_desktop_fota(const char *appid, uid_t uid) ret = _init_desktop_info(&info, appid, uid); retv_if(ret != AIL_ERROR_OK, AIL_ERROR_FAIL); - ret = _read_desktop_info(&info); + ret = _read_desktop_info(&info,uid); retv_if(ret != AIL_ERROR_OK, AIL_ERROR_FAIL); ret = _insert_desktop_info(&info, uid); diff --git a/src/ail_filter.c b/src/ail_filter.c index 16256e8..ffed705 100755 --- a/src/ail_filter.c +++ b/src/ail_filter.c @@ -431,7 +431,7 @@ EXPORT_API ail_error_e ail_filter_list_appinfo_foreach(ail_filter_h filter, ail_ if(_appinfo_check_installed_storage(ai) != AIL_ERROR_OK) continue; - r = cb(ai, user_data); + r = cb(ai, user_data,GLOBAL_USER); if (AIL_CB_RET_CANCEL == r) break; } @@ -494,7 +494,7 @@ EXPORT_API ail_error_e ail_filter_list_usr_appinfo_foreach(ail_filter_h filter, if(_appinfo_check_installed_storage(ai) != AIL_ERROR_OK) continue; - r = cb(ai, user_data); + r = cb(ai, user_data,uid); if (AIL_CB_RET_CANCEL == r) break; } diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt index afae731..9e49419 100755 --- a/tool/CMakeLists.txt +++ b/tool/CMakeLists.txt @@ -18,7 +18,7 @@ SET(LISTSRCS src/ail_list.c) SET(PKG ail_package) SET(PKGSRCS src/ail_package.c) -pkg_check_modules(INITDB_PKGS REQUIRED vconf dlog db-util sqlite3) +pkg_check_modules(INITDB_PKGS REQUIRED libsmack vconf dlog db-util sqlite3) INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include) INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/src) diff --git a/tool/src/ail_fota.c b/tool/src/ail_fota.c index bd20e5f..20d17c5 100644 --- a/tool/src/ail_fota.c +++ b/tool/src/ail_fota.c @@ -28,6 +28,7 @@ #include #include #include +#include #include "ail.h" #include "ail_private.h" @@ -42,6 +43,10 @@ #endif #define _D(fmt, arg...) fprintf(stderr, "[AIL_INITDB][D][%s,%d] "fmt"\n", __FUNCTION__, __LINE__, ##arg); +#define SET_DEFAULT_LABEL(x) \ + if(smack_setlabel((x), "*", SMACK_LABEL_ACCESS)) _E("failed chsmack -a \"*\" %s", x) \ + else _D("chsmack -a \"*\" %s", x) + static int initdb_count_app(uid_t uid) { ail_filter_h filter; @@ -193,7 +198,9 @@ static int __is_authorized() /* ail_init db should be called by as root privilege. */ uid_t uid = getuid(); - if ((uid_t) GLOBAL_USER == uid) + uid_t euid = geteuid(); + //euid need to be root to allow smack label changes during initialization + if (((uid_t) GLOBAL_USER == uid) && (euid == OWNER_ROOT) ) return 1; else return 0; @@ -239,13 +246,13 @@ int main(int argc, char *argv[]) if (!__is_authorized()) { fprintf(stderr, "You are not an authorized user!\n"); _D("You are not root user!\n"); - } - else { - const char *argv_rm[] = { "/bin/rm", APP_INFO_DB_FILE, NULL }; - xsystem(argv_rm); - const char *argv_rmjn[] = { "/bin/rm", APP_INFO_DB_FILE_JOURNAL, NULL }; - xsystem(argv_rmjn); - } + } + else { + if(remove(APP_INFO_DB_FILE)) + _E(" %s is not removed",APP_INFO_DB_FILE); + if(remove(APP_INFO_DB_FILE_JOURNAL)) + _E(" %s is not removed",APP_INFO_DB_FILE_JOURNAL); + } ret = setenv("AIL_INITDB", "1", 1); _D("AIL_INITDB : %d", ret); @@ -254,11 +261,6 @@ int main(int argc, char *argv[]) _D("Some Apps in the App Info DB."); } - ret = initdb_load_directory(OPT_DESKTOP_DIRECTORY); - if (ret == AIL_ERROR_FAIL) { - _E("cannot load opt desktop directory."); - } - ret = initdb_load_directory(USR_DESKTOP_DIRECTORY); if (ret == AIL_ERROR_FAIL) { _E("cannot load usr desktop directory."); @@ -269,10 +271,8 @@ int main(int argc, char *argv[]) if (ret == AIL_ERROR_FAIL) { _E("cannot chown."); } - const char *argv_smack[] = { "/usr/bin/chsmack", "-a", APP_INFO_DB_LABEL, APP_INFO_DB_FILE, NULL }; - xsystem(argv_smack); - const char *argv_smackjn[] = { "/usr/bin/chsmack", "-a", APP_INFO_DB_LABEL, APP_INFO_DB_FILE_JOURNAL, NULL }; - xsystem(argv_smackjn); + SET_DEFAULT_LABEL(APP_INFO_DB_FILE); + SET_DEFAULT_LABEL(APP_INFO_DB_FILE_JOURNAL); } return AIL_ERROR_OK; } diff --git a/tool/src/initdb.c b/tool/src/initdb.c index 20bf543..043dd4d 100755 --- a/tool/src/initdb.c +++ b/tool/src/initdb.c @@ -28,6 +28,7 @@ #include #include #include +#include #include "ail.h" #include "ail_private.h" @@ -43,6 +44,10 @@ #endif #define _D(fmt, arg...) fprintf(stderr, "[AIL_INITDB][D][%s,%d] "fmt"\n", __FUNCTION__, __LINE__, ##arg); +#define SET_DEFAULT_LABEL(x) \ + if(smack_setlabel((x), "*", SMACK_LABEL_ACCESS)) _E("failed chsmack -a \"*\" %s", x) \ + else _D("chsmack -a \"*\" %s", x) + static int initdb_count_app(void) { ail_filter_h filter; @@ -166,7 +171,7 @@ static int initdb_change_perm(const char *db_file) snprintf(journal_file, sizeof(journal_file), "%s%s", db_file, "-journal"); for (i = 0; files[i]; i++) { - ret = chown(files[i], OWNER_ROOT, OWNER_ROOT); + ret = chown(files[i], GLOBAL_USER, OWNER_ROOT); if (ret == -1) { strerror_r(errno, buf, sizeof(buf)); _E("FAIL : chown %s %d.%d, because %s", db_file, OWNER_ROOT, OWNER_ROOT, buf); @@ -190,7 +195,9 @@ static int __is_authorized() /* ail_init db should be called by as root privilege. */ uid_t uid = getuid(); - if ((uid_t) GLOBAL_USER == uid) + uid_t euid = geteuid(); + //euid need to be root to allow smack label changes during initialization + if ((uid_t) OWNER_ROOT == uid) return 1; else return 0; @@ -236,27 +243,21 @@ int main(int argc, char *argv[]) if (!__is_authorized()) { fprintf(stderr, "You are not an authorized user!\n"); _D("You are not root user!\n"); - } - else { - const char *argv_rm[] = { "/bin/rm", APP_INFO_DB_FILE, NULL }; - xsystem(argv_rm); - const char *argv_rmjn[] = { "/bin/rm", APP_INFO_DB_FILE_JOURNAL, NULL }; - xsystem(argv_rmjn); - } - + } + else { + if(remove(APP_INFO_DB_FILE)) + _E(" %s is not removed",APP_INFO_DB_FILE); + if(remove(APP_INFO_DB_FILE_JOURNAL)) + _E(" %s is not removed",APP_INFO_DB_FILE_JOURNAL); + } ret = setenv("AIL_INITDB", "1", 1); _D("AIL_INITDB : %d", ret); - + setresuid(GLOBAL_USER, GLOBAL_USER, OWNER_ROOT); ret = initdb_count_app(); if (ret > 0) { _D("Some Apps in the App Info DB."); } - ret = initdb_load_directory(OPT_DESKTOP_DIRECTORY); - if (ret == AIL_ERROR_FAIL) { - _E("cannot load opt desktop directory."); - } - ret = initdb_load_directory(USR_DESKTOP_DIRECTORY); if (ret == AIL_ERROR_FAIL) { _E("cannot load usr desktop directory."); @@ -267,10 +268,9 @@ int main(int argc, char *argv[]) if (ret == AIL_ERROR_FAIL) { _E("cannot chown."); } - const char *argv_smack[] = { "/usr/bin/chsmack", "-a", APP_INFO_DB_LABEL, APP_INFO_DB_FILE, NULL }; - xsystem(argv_smack); - const char *argv_smackjn[] = { "/usr/bin/chsmack", "-a", APP_INFO_DB_LABEL, APP_INFO_DB_FILE_JOURNAL, NULL }; - xsystem(argv_smackjn); + setuid(OWNER_ROOT); + SET_DEFAULT_LABEL(APP_INFO_DB_FILE); + SET_DEFAULT_LABEL(APP_INFO_DB_FILE_JOURNAL); } return AIL_ERROR_OK; } -- 2.7.4