From 00dfab00f694d87a19ec8e25bea3e9b0b30dd76c Mon Sep 17 00:00:00 2001 From: Damian Pietruchowski Date: Fri, 21 Jul 2017 11:01:38 +0200 Subject: [PATCH] Security registration refactoring SecurityContextRequest class to resources management. Change-Id: I40b4f9120f3b54e6ca47434b9dd009914af33fbd Signed-off-by: Damian Pietruchowski --- src/common/security_registration.cc | 678 ++++++++++++++++++------------------ 1 file changed, 331 insertions(+), 347 deletions(-) diff --git a/src/common/security_registration.cc b/src/common/security_registration.cc index 5c1eace..9439d38 100644 --- a/src/common/security_registration.cc +++ b/src/common/security_registration.cc @@ -16,6 +16,7 @@ #include #include #include +#include #include "common/pkgmgr_query.h" #include "common/privileges.h" @@ -62,220 +63,318 @@ const std::vector> kPathPolicies = { {tzplatform_mkpath(TZ_SYS_ETC, "skel"), SM_APP_INSTALL_PRELOADED}, }; -bool PrepareRequest(const std::string& app_id, const std::string& pkg_id, - const std::string& author_id, const std::string& api_version, - const boost::filesystem::path& path, - uid_t uid, const std::vector& privileges, - const AppDefinedPrivInfo& appdef_privileges, - const AppDefinedPrivInfo& provides_appdef_privileges, - app_inst_req* req, bool cross_app_rules, std::string* error_message) { - if (app_id.empty() || pkg_id.empty()) { - LOG(ERROR) << "Appid or pkgid is empty. Both values must be set"; - return false; - } +void SetErrorMessage(std::string* error_message, int error) { + std::string errnum = std::to_string(error); + *error_message = security_manager_strerror(static_cast(error)); + *error_message += ":<" + errnum + ">"; +} - int error = security_manager_app_inst_req_set_app_id(req, - app_id.c_str()); - if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - return false; +class SecurityContextRequest { + public: + SecurityContextRequest(): req_(nullptr), app_idx_(0) { + int error = security_manager_app_inst_req_new(&req_); + if (error != SECURITY_MANAGER_SUCCESS) { + LOG(ERROR) + << "Failed while calling security_manager_app_inst_req_new " + << "(error code: " << error << ")"; + SetErrorMessage(&error_message_, error); + req_ = NULL; + } } - - error = security_manager_app_inst_req_set_pkg_id(req, - pkg_id.c_str()); - if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - return false; + ~SecurityContextRequest() { + if (IsValid()) + security_manager_app_inst_req_free(req_); } - - error = security_manager_app_inst_req_set_uid(req, uid); - if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - return false; + bool IsValid() const { + return req_ != NULL; } - - if (cross_app_rules) { - error = security_manager_app_inst_req_set_hybrid(req); - if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = - security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; + bool PrepareBasic(const std::string& pkg_id, uid_t uid) { + if (pkg_id.empty()) { + LOG(ERROR) << "Pkgid is empty"; return false; } - } - - if (!api_version.empty()) { - error = security_manager_app_inst_req_set_target_version(req, - api_version.c_str()); + int error = security_manager_app_inst_req_set_pkg_id(req_, pkg_id.c_str()); if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = - security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; + SetErrorMessage(&error_message_, error); return false; } - } - - if (!author_id.empty()) { - error = security_manager_app_inst_req_set_author_id(req, author_id.c_str()); + error = security_manager_app_inst_req_set_uid(req_, uid); if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = - security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; + SetErrorMessage(&error_message_, error); return false; } - } + return true; + } + + bool PrepareAdditional(const std::string& author_id, + const std::string& api_version, + const boost::filesystem::path& path, + bool cross_app_rules) { + if (cross_app_rules) { + int error = security_manager_app_inst_req_set_hybrid(req_); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; + } + } + if(!api_version.empty()) { + int error = security_manager_app_inst_req_set_target_version(req_, + api_version.c_str()); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; + } + } + if(!author_id.empty()) { + int error = security_manager_app_inst_req_set_author_id(req_, + author_id.c_str()); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; + } + } + if(!path.empty()) { + app_install_type type = SM_APP_INSTALL_NONE; + for (auto& policy : kPathPolicies) { + bf::path root = bf::path(policy.first); + if (ci::IsSubDir(path, root)) { + type = policy.second; + break; + } + } + if (type == SM_APP_INSTALL_NONE) { + LOG(ERROR) << "Unexpected path: " << path; + return false; + } - if (!path.empty()) { - app_install_type type = SM_APP_INSTALL_NONE; - for (auto& policy : kPathPolicies) { - bf::path root = bf::path(policy.first); - if (ci::IsSubDir(path, root)) { - type = policy.second; - break; + LOG(INFO) << "install_type(" << type << ")"; + int error = security_manager_app_inst_req_set_install_type(req_, type); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; } } - if (type == SM_APP_INSTALL_NONE) { - LOG(ERROR) << "Unexpected path: " << path; + return true; + } + + bool PrepareAppWithPrivileges(const std::string& app_id, + const std::vector& privileges, + const AppDefinedPrivInfo& appdef_privileges, + const AppDefinedPrivInfo& provides_appdef_privileges) { + if (!PrepareApp(app_id)) return false; + return PrepareAppPrivileges(privileges, appdef_privileges, + provides_appdef_privileges); + } + + bool PrepareAppPrivileges(const std::vector& privileges, + const AppDefinedPrivInfo& appdef_privileges, + const AppDefinedPrivInfo& provides_appdef_privileges) { + for (auto& priv : privileges) { + int error = security_manager_app_inst_req_add_privilege(req_, + priv.c_str()); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; + } + } + for (auto& priv : appdef_privileges) { + int error = security_manager_app_inst_req_add_client_privilege( + req_, priv.first.c_str(), priv.second.c_str()); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; + } } + for (auto& priv : provides_appdef_privileges) { + auto privilege_type = !priv.second.empty() ? + SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED : + SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED; + int error = security_manager_app_inst_req_add_app_defined_privilege(req_, + priv.first.c_str(), privilege_type, priv.second.c_str()); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; + } + } + return true; + } - LOG(INFO) << "install_type(" << type << ")"; - error = security_manager_app_inst_req_set_install_type(req, type); + bool PrepareApp(const std::string& app_id) { + if (app_id.empty()) { + LOG(ERROR) << "Appid is empty."; + return false; + } + // req_->apps.emplace_back(); + if (app_idx_ > 0) { + int error = security_manager_app_inst_req_next(req_); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; + } + } + // req_->apps.back().id = ... + int error = security_manager_app_inst_req_set_app_id(req_, app_id.c_str()); if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = - security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; + SetErrorMessage(&error_message_, error); return false; } + ++app_idx_; + return true; } - for (auto& priv : privileges) { - security_manager_app_inst_req_add_client_privilege( - req, priv.c_str(), nullptr); - } - for (auto& priv : appdef_privileges) { - error = security_manager_app_inst_req_add_client_privilege( - req, priv.first.c_str(), priv.second.c_str()); + bool Install() { + int error = security_manager_app_install(req_); if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = - security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; + LOG(ERROR) << "Failed while calling security_manager_app_install failed " + << "(error code: " << error << ")"; + SetErrorMessage(&error_message_, error); return false; } + return true; } - for (auto& priv : provides_appdef_privileges) { - error = security_manager_app_inst_req_add_app_defined_privilege( - req, priv.first.c_str(), - !priv.second.empty() ? SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED : - SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED, priv.second.c_str()); + + bool Uninstall() { + int error = security_manager_app_uninstall(req_); if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = - security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; + LOG(ERROR) << "Failed while calling security_manager_app_uninstall " + << "failed (error code: " << error << ")"; + SetErrorMessage(&error_message_, error); return false; } + return true; } - return true; -} -bool PreparePathRequest(path_req* req, const std::string& pkg_id, - const std::string& pkg_type, const boost::filesystem::path& path, - uid_t uid, bool is_readonly_pkg, bool is_extonly, - std::string* error_message) { - if (pkg_id.empty() || path.empty()) { - LOG(ERROR) << "Pkgid or path is empty. Both values must be set"; - return false; + const std::string& ErrorMessage() const { + return error_message_; } - int error = security_manager_path_req_set_pkg_id(req, pkg_id.c_str()); - if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - return false; - } + private: + app_inst_req* req_; + uint app_idx_; + std::string error_message_; +}; - error = security_manager_path_req_set_uid(req, uid); - if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - return false; +class SecurityContextPathRequest { + public: + SecurityContextPathRequest() { + int error = security_manager_path_req_new(&req_); + if (error != SECURITY_MANAGER_SUCCESS) { + LOG(ERROR) + << "Failed while calling security_manager_app_inst_req_new failed " + << "(error code: " << error << ")"; + SetErrorMessage(&error_message_, error); + req_ = NULL; + } } - app_install_type type = SM_APP_INSTALL_NONE; - for (auto& policy : kPathPolicies) { - bf::path root = bf::path(policy.first); - if (ci::IsSubDir(path, root)) { - type = policy.second; - break; - } + ~SecurityContextPathRequest() { + if (IsValid()) + security_manager_path_req_free(req_); } - if (type == SM_APP_INSTALL_NONE) { - LOG(ERROR) << "Unexpected path: " << path; - return false; + + bool IsValid() { + return req_ != NULL; } - // When registering skel dir on global installation mode - if (type == SM_APP_INSTALL_PRELOADED && !is_readonly_pkg) - type = SM_APP_INSTALL_GLOBAL; - error = security_manager_path_req_set_install_type(req, type); - if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = - security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - return false; + bool Prepare(const std::string& pkg_id, uid_t uid) { + if (pkg_id.empty()) { + LOG(ERROR) << "Pkgid is empty. This value must be set"; + return false; + } + int error = security_manager_path_req_set_pkg_id(req_, pkg_id.c_str()); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; + } + error = security_manager_path_req_set_uid(req_, uid); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; + } + return true; } - std::vector> policies; - if (is_extonly) - policies = kSecurityPoliciesExternalOnly; - else - policies = kSecurityPolicies; - for (auto& policy : policies) { - bf::path subpath = path / policy.first; - if (is_extonly) { - // Now, this is for legacy migraton. - // do not try to access any file before changing label, - // this wil cause a exception from smack denial. - std::string subdir(policy.first); - if (pkg_type == "wgt" && (subdir == "bin" || subdir == "lib")) - continue; - } else { - if (!bf::exists(subpath)) - continue; - if (bf::is_symlink(symlink_status(subpath))) { - LOG(DEBUG) << "Path " << subpath << " is a symlink." - << "Path will not be registered"; - continue; + bool PreparePath(const std::string& pkg_type, + const boost::filesystem::path& path, bool is_readonly_pkg, + bool is_extonly) { + if (path.empty()) { + LOG(ERROR) << "Path is empty. This value must be set"; + return false; + } + app_install_type type = SM_APP_INSTALL_NONE; + for (auto& policy : kPathPolicies) { + bf::path root = bf::path(policy.first); + if (ci::IsSubDir(path, root)) { + type = policy.second; + break; + } + } + if (type == SM_APP_INSTALL_NONE) { + LOG(ERROR) << "Unexpected path: " << path; + return false; + } + // When registering skel dir on global installation mode + if (type == SM_APP_INSTALL_PRELOADED && !is_readonly_pkg) + type = SM_APP_INSTALL_GLOBAL; + + int error = security_manager_path_req_set_install_type(req_, type); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; + } + std::vector> policies; + if (is_extonly) + policies = kSecurityPoliciesExternalOnly; + else + policies = kSecurityPolicies; + for (auto& policy : policies) { + bf::path subpath = path / policy.first; + if (is_extonly) { + // Now, this is for legacy migraton. + // do not try to access any file before changing label, + // this wil cause a exception from smack denial. + std::string subdir(policy.first); + if (pkg_type == "wgt" && (subdir == "bin" || subdir == "lib")) + continue; + } else { + if (!bf::exists(subpath)) + continue; + if (bf::is_symlink(symlink_status(subpath))) { + LOG(DEBUG) << "Path " << subpath << " is a symlink." + << "Path will not be registered"; + continue; + } + } + error = security_manager_path_req_add_path(req_, subpath.c_str(), + policy.second); + if (error != SECURITY_MANAGER_SUCCESS) { + SetErrorMessage(&error_message_, error); + return false; } } - error = security_manager_path_req_add_path(req, subpath.c_str(), - policy.second); + return true; + } + + bool Register() { + int error = security_manager_paths_register(req_); if (error != SECURITY_MANAGER_SUCCESS) { - std::string errnum = std::to_string(error); - *error_message = - security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; + LOG(ERROR) << "Failed while calling security_manager_app_install failed " + << "(error code: " << error << ")"; + SetErrorMessage(&error_message_, error); return false; } + return true; } - return true; -} + const std::string& ErrorMessage() const { + return error_message_; + } + + private: + path_req* req_; + std::string error_message_; +}; } // namespace @@ -302,18 +401,6 @@ bool RegisterSecurityContextForManifest( // is situation where we need to filter privileges. This data model doesn't // cover hybrid apps well where native privileges should be granted only to // native app and web privileges should be granted only to web applications. - app_inst_req* req; - int error = security_manager_app_inst_req_new(&req); - if (error != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) - << "Failed while calling security_manager_app_inst_req_new failed " - << "(error code: " << error << ")"; - std::string errnum = boost::str(boost::format("%d") % error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - return false; - } - std::vector tpk_priv_vec; std::vector wgt_priv_vec; for (auto& priv : GListRange(manifest->privileges)) { @@ -330,103 +417,74 @@ bool RegisterSecurityContextForManifest( PrepareAppDefinedPrivilegeData(manifest->provides_appdefined_privileges, &tpk_provides_appdef_vec, &wgt_provides_appdef_vec); - GListRange list(manifest->application); - uint list_index = 0; - for (GListRange::Iterator iter = list.begin(); - iter != list.end(); ++iter) { - application_x* app = *iter; + SecurityContextRequest req; + if (!req.IsValid()) { + *error_message = req.ErrorMessage(); + return false; + } + if (!req.PrepareBasic(pkg_id, uid)) { + *error_message = req.ErrorMessage(); + return false; + } + if (!req.PrepareAdditional(cert_info->author_id.get(), manifest->api_version, + path, cross_app_rules)) { + *error_message = req.ErrorMessage(); + return false; + } + + for (application_x* app : GListRange(manifest->application)) { if (!app->appid) { - security_manager_app_inst_req_free(req); return false; } - list_index++; + bool is_web_priv = strcmp(app->type, "webapp") == 0; - if (!PrepareRequest(app->appid, pkg_id, cert_info->author_id.get(), - app->api_version, path, uid, + if (!req.PrepareAppWithPrivileges(app->appid, is_web_priv ? wgt_priv_vec : tpk_priv_vec, is_web_priv ? wgt_appdef_vec : tpk_appdef_vec, - is_web_priv ? wgt_provides_appdef_vec : tpk_provides_appdef_vec, - req, cross_app_rules, error_message)) { - LOG(ERROR) << "Failed while preparing security_manager_app_inst_req"; - security_manager_app_inst_req_free(req); - return false; - } - - if (list_index != list.Size() && - security_manager_app_inst_req_next(req) != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) << "Failed to call security_manager_app_inst_req_next"; - security_manager_app_inst_req_free(req); + is_web_priv ? wgt_provides_appdef_vec : tpk_provides_appdef_vec)) { + *error_message = req.ErrorMessage(); return false; } } - error = security_manager_app_install(req); - if (error != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) << "Failed while calling security_manager_app_install failed " - << "(error code: " << error << ")"; - std::string errnum = boost::str(boost::format("%d") % error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - security_manager_app_inst_req_free(req); - return false; - } - - security_manager_app_inst_req_free(req); - return true; + bool result = req.Install(); + *error_message = req.ErrorMessage(); + return result; } -bool UnregisterSecurityContextForManifest(const std::string& pkg_id, - uid_t uid, manifest_x* manifest, std::string* error_message) { - app_inst_req* req; - - int error = security_manager_app_inst_req_new(&req); - if (error != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) << "Failed while calling security_manager_app_inst_req_new " - << "(error code: " << error << ")"; - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; +static bool UnregisterSecurityContext(const std::string& pkg_id, uid_t uid, + const std::vector& appids, std::string* error_message) { + SecurityContextRequest req; + if (!req.IsValid()) { + *error_message = req.ErrorMessage(); + return false; + } + if (!req.PrepareBasic(pkg_id, uid)) { + *error_message = req.ErrorMessage(); return false; } - GListRange list(manifest->application); - uint list_index = 0; - for (GListRange::Iterator iter = list.begin(); - iter != list.end(); ++iter) { - application_x* app = *iter; - if (!app->appid) { - security_manager_app_inst_req_free(req); + for (const auto& appid : appids) { + if (!req.PrepareApp(appid)) { return false; } - list_index++; + } - if (!PrepareRequest(app->appid, pkg_id, std::string(), std::string(), bf::path(), - uid, {}, {}, {}, req, false, error_message)) { - LOG(ERROR) << "Failed while preparing security_manager_app_inst_req"; - security_manager_app_inst_req_free(req); - return false; - } + bool result = req.Uninstall(); + *error_message = req.ErrorMessage(); + return result; +} - if (list_index != list.Size() && - security_manager_app_inst_req_next(req) != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) << "Failed to call security_manager_app_inst_req_next"; - security_manager_app_inst_req_free(req); +bool UnregisterSecurityContextForManifest(const std::string& pkg_id, + uid_t uid, manifest_x* manifest, std::string* error_message) { + std::vector appids; + for (application_x* app : GListRange(manifest->application)) { + if (!app->appid) { return false; } + appids.emplace_back(app->appid); } - error = security_manager_app_uninstall(req); - if (error != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) << "Failed while calling security_manager_app_uninstall failed " - << "(error code: " << error << ")"; - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - security_manager_app_inst_req_free(req); - return false; - } - - security_manager_app_inst_req_free(req); - return true; + return UnregisterSecurityContext(pkg_id, uid, appids, error_message); } bool UnregisterSecurityContextForPkgId(const std::string &pkg_id, @@ -435,123 +493,49 @@ bool UnregisterSecurityContextForPkgId(const std::string &pkg_id, ci::PkgQueryInterface pkg_query(pkg_id, uid); if (!pkg_query.AppidsForPkgId(&appids)) return ignore_data_absence; - - app_inst_req* req; - - int error = security_manager_app_inst_req_new(&req); - if (error != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) << "Failed while calling security_manager_app_inst_req_new " - << "(error code: " << error << ")"; - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - return false; - } - - for (auto& appid : appids) { - if (!PrepareRequest(appid, pkg_id, std::string(), std::string(), bf::path(), - uid, {}, {}, {}, req, false, error_message)) { - LOG(ERROR) << "Failed while preparing security_manager_app_inst_req"; - security_manager_app_inst_req_free(req); - return false; - } - - if (appid.compare(appids.at(appids.size())) == 0 && - security_manager_app_inst_req_next(req) != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) << "Failed to call security_manager_app_inst_req_next"; - security_manager_app_inst_req_free(req); - return false; - } - } - error = security_manager_app_uninstall(req); - if (error != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) << "Failed while calling security_manager_app_uninstall failed " - << "(error code: " << error << ")"; - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - security_manager_app_inst_req_free(req); - return false; - } - - security_manager_app_inst_req_free(req); - return true; + return UnregisterSecurityContext(pkg_id, uid, appids, error_message); } bool RegisterSecurityContextForPath(const std::string &pkg_id, const boost::filesystem::path& path, uid_t uid, bool is_readonly_pkg, std::string* error_message) { - path_req* req; - int error = security_manager_path_req_new(&req); - if (error != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) - << "Failed while calling security_manager_path_req_new failed " - << "(error code: " << error << ")"; - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; + SecurityContextPathRequest req; + if (!req.IsValid()) { + *error_message = req.ErrorMessage(); return false; } - - if (!PreparePathRequest(req, pkg_id, {}, path, uid, is_readonly_pkg, false, - error_message)) { - LOG(ERROR) << "Failed while preparing security_manager_path_req"; - security_manager_path_req_free(req); + if (!req.Prepare(pkg_id, uid)) { + *error_message = req.ErrorMessage(); return false; } - - error = security_manager_paths_register(req); - if (error != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) << "Failed while calling security_manager_paths_register failed " - << "(error code: " << error << ")"; - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - security_manager_path_req_free(req); + if (!req.PreparePath({}, path, is_readonly_pkg, false)) { + *error_message = req.ErrorMessage(); return false; } - - security_manager_path_req_free(req); - - return true; + bool result = req.Register(); + *error_message = req.ErrorMessage(); + return result; } bool RegisterSecurityContextForPathExternalOnly(const std::string &pkg_id, const std::string &pkg_type, const boost::filesystem::path& path, uid_t uid, std::string* error_message) { - path_req* req; - int error = security_manager_path_req_new(&req); - if (error != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) - << "Failed while calling security_manager_path_req_new failed " - << "(error code: " << error << ")"; - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; + SecurityContextPathRequest req; + if (!req.IsValid()) { + *error_message = req.ErrorMessage(); return false; } - - if (!PreparePathRequest(req, pkg_id, pkg_type, path, uid, false, true, - error_message)) { - LOG(ERROR) << "Failed while preparing security_manager_path_req"; - security_manager_path_req_free(req); + if (!req.Prepare(pkg_id, uid)) { + *error_message = req.ErrorMessage(); return false; } - - error = security_manager_paths_register(req); - if (error != SECURITY_MANAGER_SUCCESS) { - LOG(ERROR) << "Failed while calling security_manager_paths_register failed " - << "(error code: " << error << ")"; - std::string errnum = std::to_string(error); - *error_message = security_manager_strerror(static_cast(error)); - *error_message += ":<" + errnum + ">"; - security_manager_path_req_free(req); + if (!req.PreparePath(pkg_type, path, false, true)) { + *error_message = req.ErrorMessage(); return false; } - - security_manager_path_req_free(req); - - return true; + bool result = req.Register(); + *error_message = req.ErrorMessage(); + return result; } } // namespace common_installer -- 2.7.4