From 4358ccd901a8ca0ebcf9261d323e49e71ca9f94c Mon Sep 17 00:00:00 2001
From: Tomasz Iwanek <t.iwanek@samsung.com>
Date: Tue, 1 Sep 2015 11:26:27 +0200
Subject: [PATCH] Do not pass app_id in security-manager registration

According to directory policies, files is labeled by
pkgid so the appid is not needed. Additionally, it solves
problem which appid to pass. TODO was left to be removed
when possible.

Change-Id: I8087c41416013f9753075837472581bb0d8d33ac
---
 src/common/security_registration.cc                | 93 ++++++----------------
 src/common/security_registration.h                 |  8 +-
 src/common/step/step_recover_security.cc           |  5 +-
 src/common/step/step_register_security.cc          |  2 +-
 src/common/step/step_revoke_security.cc            |  3 +-
 .../step/step_rollback_deinstallation_security.cc  |  2 +-
 .../step/step_rollback_installation_security.cc    |  3 +-
 src/common/step/step_update_security.cc            |  4 +-
 8 files changed, 35 insertions(+), 85 deletions(-)

diff --git a/src/common/security_registration.cc b/src/common/security_registration.cc
index fe0a1b1..58242e8 100644
--- a/src/common/security_registration.cc
+++ b/src/common/security_registration.cc
@@ -30,22 +30,28 @@ const std::vector<std::pair<const char*,
   {"tmp/", SECURITY_MANAGER_PATH_RW}
 };
 
-bool PrepareRequest(const std::string& app_id, const std::string& pkg_id,
+bool PrepareRequest(const std::string& pkg_id,
     const boost::filesystem::path& path, manifest_x* manifest,
     app_inst_req* req) {
-  if (app_id.empty() || pkg_id.empty()) {
-    LOG(ERROR) << "Appid or pkgid is empty. Both values must be set";
+  if (pkg_id.empty()) {
+    LOG(ERROR) << "Pkgid is empty.";
     return false;
   }
 
-  int error = security_manager_app_inst_req_set_app_id(req,
-      app_id.c_str());
+  int error = security_manager_app_inst_req_set_pkg_id(req,
+      pkg_id.c_str());
   if (error != SECURITY_MANAGER_SUCCESS) {
     return false;
   }
 
-  error = security_manager_app_inst_req_set_pkg_id(req,
-      pkg_id.c_str());
+  // TODO(t.iwanek): due to the fact that we are registering package not an
+  // applications, appid passing was removed from execution path and and we pass
+  // any unique appid to security-manager. Either way, we do not know which
+  // app id to pass. This funcation call should be removed at all when security
+  // manager request will not force to pass app id.
+  std::string fake_app_id = pkg_id + "." + pkg_id;
+  error = security_manager_app_inst_req_set_app_id(req,
+      fake_app_id.c_str());
   if (error != SECURITY_MANAGER_SUCCESS) {
     return false;
   }
@@ -86,8 +92,13 @@ bool PrepareRequest(const std::string& app_id, const std::string& pkg_id,
   return true;
 }
 
-bool RegisterSecurityContext(const std::string& app_id,
-    const std::string& pkg_id, const boost::filesystem::path& path,
+}  // namespace
+
+namespace common_installer {
+
+bool RegisterSecurityContext(
+    const std::string& pkg_id,
+    const boost::filesystem::path& path,
     manifest_x* manifest) {
   app_inst_req* req;
 
@@ -99,7 +110,7 @@ bool RegisterSecurityContext(const std::string& app_id,
     return false;
   }
 
-  if (!PrepareRequest(app_id, pkg_id, path, manifest, req)) {
+  if (!PrepareRequest(pkg_id, path, manifest, req)) {
       LOG(ERROR) << "Failed while preparing security_manager_app_inst_req";
       security_manager_app_inst_req_free(req);
       return false;
@@ -118,8 +129,7 @@ bool RegisterSecurityContext(const std::string& app_id,
 }
 
 
-bool UnregisterSecurityContext(const std::string& app_id,
-    const std::string& pkg_id) {
+bool UnregisterSecurityContext(const std::string& pkg_id) {
   app_inst_req* req;
 
   int error = security_manager_app_inst_req_new(&req);
@@ -129,7 +139,7 @@ bool UnregisterSecurityContext(const std::string& app_id,
     return false;
   }
 
-  if (!PrepareRequest(app_id, pkg_id, bf::path(), nullptr, req)) {
+  if (!PrepareRequest(pkg_id, bf::path(), nullptr, req)) {
     LOG(ERROR) << "Failed while preparing security_manager_app_inst_req";
     security_manager_app_inst_req_free(req);
     return false;
@@ -147,61 +157,4 @@ bool UnregisterSecurityContext(const std::string& app_id,
   return true;
 }
 
-}  // namespace
-
-namespace common_installer {
-
-bool RegisterSecurityContextForApps(
-    const std::string& pkg_id, const boost::filesystem::path& path,
-    manifest_x* manifest) {
-  for (uiapplication_x* ui = manifest->uiapplication;
-      ui != nullptr; ui = ui->next) {
-    if (!ui->appid) {
-      return false;
-    }
-    if (!RegisterSecurityContext(ui->appid, pkg_id,
-        path, manifest)) {
-      return false;
-    }
-  }
-
-  for (serviceapplication_x* svc =
-      manifest->serviceapplication;
-      svc != nullptr; svc = svc->next) {
-    if (!svc->appid) {
-      return false;
-    }
-    if (!RegisterSecurityContext(svc->appid, pkg_id,
-        path, manifest)) {
-      return false;
-    }
-  }
-  return true;
-}
-
-bool UnregisterSecurityContextForApps(
-    const std::string& pkg_id, manifest_x* manifest) {
-  for (uiapplication_x* ui = manifest->uiapplication;
-      ui != nullptr; ui = ui->next) {
-    if (!ui->appid) {
-      return false;
-    }
-    if (!UnregisterSecurityContext(ui->appid, pkg_id)) {
-      return false;
-    }
-  }
-
-  for (serviceapplication_x* svc =
-      manifest->serviceapplication;
-      svc != nullptr; svc = svc->next) {
-    if (!svc->appid) {
-      return false;
-    }
-    if (!UnregisterSecurityContext(svc->appid, pkg_id)) {
-      return false;
-    }
-  }
-  return true;
-}
-
 }  // namespace common_installer
diff --git a/src/common/security_registration.h b/src/common/security_registration.h
index 4d761ef..73feb28 100644
--- a/src/common/security_registration.h
+++ b/src/common/security_registration.h
@@ -15,10 +15,10 @@
 
 namespace common_installer {
 
-bool RegisterSecurityContextForApps(const std::string& pkg_id,
-    const boost::filesystem::path& path, manifest_x* manifest);
-bool UnregisterSecurityContextForApps(const std::string& pkg_id,
-    manifest_x* manifest);
+bool RegisterSecurityContext(const std::string& pkg_id,
+                             const boost::filesystem::path& path,
+                             manifest_x* manifest);
+bool UnregisterSecurityContext(const std::string& pkg_id);
 
 }  // namespace common_installer
 
diff --git a/src/common/step/step_recover_security.cc b/src/common/step/step_recover_security.cc
index 4c53fff..9b11cb4 100644
--- a/src/common/step/step_recover_security.cc
+++ b/src/common/step/step_recover_security.cc
@@ -26,8 +26,7 @@ bool StepRecoverSecurity::Check() {
 Step::Status StepRecoverSecurity::RecoveryNew() {
   if (!Check())
     return Status::OK;
-  UnregisterSecurityContextForApps(
-        context_->pkgid.get(), context_->manifest_data.get());
+  UnregisterSecurityContext(context_->pkgid.get());
   return Status::OK;
 }
 
@@ -36,7 +35,7 @@ Step::Status StepRecoverSecurity::RecoveryUpdate() {
     LOG(ERROR) << "Invalid parameters";
     return Status::ERROR;
   }
-  if (!RegisterSecurityContextForApps(
+  if (!RegisterSecurityContext(
       context_->pkgid.get(), context_->pkg_path.get(),
       context_->manifest_data.get())) {
     LOG(ERROR) << "Unsuccessful update";
diff --git a/src/common/step/step_register_security.cc b/src/common/step/step_register_security.cc
index 6331058..8829a0b 100644
--- a/src/common/step/step_register_security.cc
+++ b/src/common/step/step_register_security.cc
@@ -37,7 +37,7 @@ Step::Status StepRegisterSecurity::precheck() {
 }
 
 Step::Status StepRegisterSecurity::process() {
-  if (!RegisterSecurityContextForApps(
+  if (!RegisterSecurityContext(
       context_->pkgid.get(), context_->pkg_path.get(),
       context_->manifest_data.get())) {
     return Status::ERROR;
diff --git a/src/common/step/step_revoke_security.cc b/src/common/step/step_revoke_security.cc
index f162a55..565ff74 100644
--- a/src/common/step/step_revoke_security.cc
+++ b/src/common/step/step_revoke_security.cc
@@ -25,8 +25,7 @@ Step::Status StepRevokeSecurity::precheck() {
 }
 
 Step::Status StepRevokeSecurity::clean() {
-  if (!UnregisterSecurityContextForApps(
-      context_->pkgid.get(), context_->manifest_data.get())) {
+  if (!UnregisterSecurityContext(context_->pkgid.get())) {
     LOG(ERROR) << "Failure on unregistering security context for app "
                << context_->pkgid.get();
     return Status::ERROR;
diff --git a/src/common/step/step_rollback_deinstallation_security.cc b/src/common/step/step_rollback_deinstallation_security.cc
index f2e2428..f78db22 100644
--- a/src/common/step/step_rollback_deinstallation_security.cc
+++ b/src/common/step/step_rollback_deinstallation_security.cc
@@ -25,7 +25,7 @@ Step::Status StepRollbackDeinstallationSecurity::precheck() {
 }
 
 Step::Status StepRollbackDeinstallationSecurity::undo() {
-  if (!RegisterSecurityContextForApps(
+  if (!RegisterSecurityContext(
       context_->pkgid.get(), context_->pkg_path.get(),
       context_->manifest_data.get())) {
     LOG(ERROR) << "Failure on re-installing security context for app "
diff --git a/src/common/step/step_rollback_installation_security.cc b/src/common/step/step_rollback_installation_security.cc
index 40f15a9..3cfaa04 100644
--- a/src/common/step/step_rollback_installation_security.cc
+++ b/src/common/step/step_rollback_installation_security.cc
@@ -25,8 +25,7 @@ Step::Status StepRollbackInstallationSecurity::precheck() {
 }
 
 Step::Status StepRollbackInstallationSecurity::undo() {
-  if (!UnregisterSecurityContextForApps(
-      context_->pkgid.get(), context_->manifest_data.get())) {
+  if (!UnregisterSecurityContext(context_->pkgid.get())) {
     return Status::ERROR;
   }
   LOG(DEBUG) << "Security context uninstalled";
diff --git a/src/common/step/step_update_security.cc b/src/common/step/step_update_security.cc
index eccf59c..802afa3 100644
--- a/src/common/step/step_update_security.cc
+++ b/src/common/step/step_update_security.cc
@@ -10,7 +10,7 @@ namespace common_installer {
 namespace security {
 
 Step::Status StepUpdateSecurity::process() {
-  if (!RegisterSecurityContextForApps(
+  if (!RegisterSecurityContext(
       context_->pkgid.get(), context_->pkg_path.get(),
       context_->manifest_data.get())) {
     return Status::ERROR;
@@ -20,7 +20,7 @@ Step::Status StepUpdateSecurity::process() {
 }
 
 Step::Status StepUpdateSecurity::undo() {
-  if (!RegisterSecurityContextForApps(
+  if (!RegisterSecurityContext(
       context_->pkgid.get(), context_->pkg_path.get(),
       context_->old_manifest_data.get())) {
     return Status::ERROR;
-- 
2.7.4