RegisterSecurityContextForPath call is applied to the security manager
database if "owner rw, other ro" exist in the path
In other cases, there is no need to call the function because it only
apply a smack label. Because the smack label is already applied to the
file during package recovery
Change-Id: Ice4fcab75ed67dcf3d8ecae7d4a632a36e6bfda5
Signed-off-by: ilho kim <ilho159.kim@samsung.com>
return result;
}
+bool HasOwnerRwOtherRoPaths(const boost::filesystem::path& path) {
+ for (auto& policy : kSecurityPolicies) {
+ if (policy.second != SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO)
+ continue;
+
+ bf::path subpath = path / policy.first;
+ LOG(ERROR) << "subpath : " << subpath;
+ if (bf::exists(subpath))
+ return true;
+ }
+
+ return false;
+}
+
} // namespace common_installer
const std::string &pkg_type, const boost::filesystem::path& path,
uid_t uid, std::string* error_message);
+bool HasOwnerRwOtherRoPaths(const boost::filesystem::path& path);
+
} // namespace common_installer
#endif // COMMON_SECURITY_REGISTRATION_H_
}
return Status::RECOVERY_ERROR;
}
+
+ if (!HasOwnerRwOtherRoPaths(context_->GetPkgPath()))
+ return Status::OK;
+
if (!RegisterSecurityContextForPath(
context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
context_->is_readonly_package.get(), &error_message)) {