From c741cc3560ee6addd43eeb174440dd69d24f3567 Mon Sep 17 00:00:00 2001 From: Sangyoon Jang Date: Mon, 7 Sep 2015 14:34:04 +0900 Subject: [PATCH] Fix labeling rule on preloaded pkgs the rules which are same with private pkgs: / -> User::Home /shared -> User::Home /data -> User::Pkg:: /cache -> User::Pkg:: /(others) -> User::Pkg::::RO Change-Id: I26bb1b27df408cc089ec50608d156e54a2bcb310 Signed-off-by: Sangyoon Jang --- tool/pkg_privilege.c | 53 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 16 deletions(-) diff --git a/tool/pkg_privilege.c b/tool/pkg_privilege.c index 194083b..03098d3 100644 --- a/tool/pkg_privilege.c +++ b/tool/pkg_privilege.c @@ -2,36 +2,51 @@ #include #include #include +#include #include #include #include -#define BUFSIZE 4096 #define OWNER_ROOT 0 #define GLOBAL_USER tzplatform_getuid(TZ_SYS_GLOBALAPP_USER) -static const char *_get_path(const char *pkgid, uid_t uid) +static const char *_get_pkg_root_path(const char *pkgid, uid_t uid) { - char buf[BUFSIZE]; const char *path; - snprintf(buf, sizeof(buf), "%s", pkgid); - tzplatform_set_user(uid); path = tzplatform_mkpath((uid == OWNER_ROOT || uid == GLOBAL_USER) ? - TZ_SYS_RO_APP : TZ_USER_APP, buf); + TZ_SYS_RO_APP : TZ_USER_APP, pkgid); tzplatform_reset_user(); return path; } +struct path_type { + const char *path; + enum app_install_path_type type; +}; + +struct path_type path_type_map[] = { + {"/", SECURITY_MANAGER_PATH_PUBLIC_RO}, + {"/bin", SECURITY_MANAGER_PATH_RO}, + {"/data", SECURITY_MANAGER_PATH_RW}, + {"/cache", SECURITY_MANAGER_PATH_RW}, + {"/lib", SECURITY_MANAGER_PATH_RO}, + {"/res", SECURITY_MANAGER_PATH_RO}, + {"/shared", SECURITY_MANAGER_PATH_PUBLIC_RO}, + {NULL, SECURITY_MANAGER_ENUM_END} +}; + static app_inst_req *_prepare_request(const char *pkgid, const char *appid, uid_t uid) { int ret; app_inst_req *req; - const char *path; + const char *root_path; + char buf[PATH_MAX]; + int i; if (security_manager_app_inst_req_new(&req)) { printf("security_manager_app_inst_req_new failed\n"); @@ -52,20 +67,26 @@ static app_inst_req *_prepare_request(const char *pkgid, const char *appid, return NULL; } - path = _get_path(pkgid, uid); + root_path = _get_pkg_root_path(pkgid, uid); /* TODO: should be fixed */ - if (access(path, F_OK) == -1) { + if (access(root_path, F_OK) == -1) { printf("cannot find %s, but the smack rule for %s " - "will be installed\n", path, appid); + "will be installed\n", root_path, appid); return req; } - ret = security_manager_app_inst_req_add_path(req, path, - SECURITY_MANAGER_PATH_RO); - if (ret != SECURITY_MANAGER_SUCCESS) { - printf("set path failed: %d\n", ret); - security_manager_app_inst_req_free(req); - return NULL; + for (i = 0; path_type_map[i].path; i++) { + snprintf(buf, sizeof(buf), "%s%s", root_path, + path_type_map[i].path); + if (access(buf, F_OK) == -1) + continue; + ret = security_manager_app_inst_req_add_path(req, buf, + path_type_map[i].type); + if (ret != SECURITY_MANAGER_SUCCESS) { + printf("set path failed: %d\n", ret); + security_manager_app_inst_req_free(req); + return NULL; + } } return req; -- 2.7.4