Set public RO for files under lib dir when installing "rpk" type package.
Change-Id: If72fb2b816fa577b464c1f66e307a8d3277f4960
Signed-off-by: Sangyoon Jang <jeremy.jang@samsung.com>
SetErrorMessage(&error_message_, error);
return false;
}
+
+ // this is for lib rpk installation. set public RO for contents only.
+ if (pkg_type == "rpk" && std::string(policy.first) == "lib") {
+ for (bf::directory_iterator iter(subpath);
+ iter != bf::directory_iterator(); ++iter) {
+ error = security_manager_path_req_add_path(req_,
+ iter->path().string().c_str(), SECURITY_MANAGER_PATH_PUBLIC_RO);
+ if (error!= SECURITY_MANAGER_SUCCESS) {
+ SetErrorMessage(&error_message_, error);
+ return false;
+ }
+ }
+ }
}
return true;
}
}
bool RegisterSecurityContextForPath(const std::string &pkg_id,
- const boost::filesystem::path& path, uid_t uid, bool is_readonly_pkg,
- std::string* error_message) {
+ const std::string& pkg_type, const boost::filesystem::path& path,
+ uid_t uid, bool is_readonly_pkg, std::string* error_message) {
SecurityContextPathRequest req;
if (!req.IsValid()) {
*error_message = req.ErrorMessage();
*error_message = req.ErrorMessage();
return false;
}
- if (!req.PreparePath({}, path, is_readonly_pkg, false)) {
+ if (!req.PreparePath(pkg_type, path, is_readonly_pkg, false)) {
*error_message = req.ErrorMessage();
return false;
}
* package path to security context
*
* \param pkg_id pkgid of given package
+ * \param pkg_type pkg type of given package
* \param path path for registering
* \param uid uid
* \param is_readonly_pkg RO package flag
* \return true if success
*/
bool RegisterSecurityContextForPath(const std::string &pkg_id,
- const boost::filesystem::path& path, uid_t uid,
- bool is_readonly_pkg, std::string* error_message);
+ const std::string& pkg_type, const boost::filesystem::path& path,
+ uid_t uid, bool is_readonly_pkg, std::string* error_message);
/**
* Adapter interface for external Security module.
}
std::string error_message;
- if (!RegisterSecurityContextForPath(pkgid, skel_apps_rw / pkgid,
- kGlobalUserUid, is_readonly, &error_message)) {
+ if (!RegisterSecurityContextForPath(pkgid, {}, skel_apps_rw / pkgid,
+ kGlobalUserUid, is_readonly, &error_message)) {
LOG(ERROR) << "Failed to register security context for path: "
<< skel_apps_rw / pkgid << ", error_message: " << error_message;
return false;
}
}
- if (!RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid, false,
- &error_message)) {
+ if (!RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid,
+ false, &error_message)) {
LOG(ERROR) << "Failed to register security context for path: "
<< apps_rw / pkgid << ", error_message: " << error_message;
return false;
}
std::string error_message;
- if (!RegisterSecurityContextForPath(pkgid, path / pkgid, uid, false,
- &error_message)) {
+ if (!RegisterSecurityContextForPath(pkgid, {}, path / pkgid, uid, false,
+ &error_message)) {
LOG(ERROR) << "Failed to register security context for path: " << path
<< ", error_message: " << error_message;
return false;
bf::path path = apps_rw / pkgid;
std::string error_message;
- if (!ci::RegisterSecurityContextForPath(pkgid, path, uid, false,
- &error_message)) {
+ if (!ci::RegisterSecurityContextForPath(pkgid, {}, path, uid, false,
+ &error_message)) {
LOG(ERROR) << "Failed to register security context for path: " << path
<< ", error_message: " << error_message;
return false;
return false;
std::string error_message;
- if (!ci::RegisterSecurityContextForPath(pkgid, skel_apps_rw / pkgid,
- kGlobalUserUid, false, &error_message)) {
+ if (!ci::RegisterSecurityContextForPath(pkgid, {}, skel_apps_rw / pkgid,
+ kGlobalUserUid, false, &error_message)) {
LOG(ERROR) << "Failed to register security context for path: "
<< skel_apps_rw / pkgid << ", error_message: " << error_message;
return false;
return false;
}
- if (!ci::RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid,
+ if (!ci::RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid,
false, &error_message)) {
LOG(ERROR) << "Failed to register security context for path: "
<< apps_rw / pkgid << ", error_message: " << error_message;
}
std::string error_message;
- if (!RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid, false,
+ if (!RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid, false,
&error_message)) {
LOG(ERROR) << "Failed to register security context for path: " << apps_rw
<< ", error_message: " << error_message;
return false;
}
- if (!RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid,
- false, &error_message)) {
+ if (!RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid,
+ false, &error_message)) {
LOG(ERROR) << "Failed to register security context for path: "
<< apps_rw / pkgid << ", error_message: " << error_message;
return false;
if (!HasOwnerRwOtherRoPaths(context_->GetPkgPath()))
return Status::OK;
- if (!RegisterSecurityContextForPath(
- context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
+ if (!RegisterSecurityContextForPath(context_->pkgid.get(),
+ context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
context_->is_readonly_package.get(), &error_message)) {
if (!error_message.empty()) {
LOG(ERROR) << "error_message: " << error_message;
}
if (context_->partial_rw.get())
return Status::OK;
- if (!RegisterSecurityContextForPath(
- context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
+ if (!RegisterSecurityContextForPath(context_->pkgid.get(),
+ context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
context_->is_readonly_package.get(), &error_message)) {
if (!error_message.empty()) {
LOG(ERROR) << "error_message: " << error_message;
}
return Status::SECURITY_ERROR;
}
- if (!RegisterSecurityContextForPath(
- context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
+ if (!RegisterSecurityContextForPath(context_->pkgid.get(),
+ context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
context_->is_readonly_package.get(), &error_message)) {
if (!error_message.empty()) {
LOG(ERROR) << "error_message: " << error_message;
return Status::SECURITY_ERROR;
}
if (context_->request_type.get() != RequestType::ReadonlyUpdateUninstall) {
- if (!RegisterSecurityContextForPath(
- context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
+ if (!RegisterSecurityContextForPath(context_->pkgid.get(),
+ context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
context_->is_readonly_package.get(), &error_message)) {
if (!error_message.empty()) {
LOG(ERROR) << "error_message: " << error_message;
}
return Status::SECURITY_ERROR;
}
- if (!RegisterSecurityContextForPath(
- context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
+ if (!RegisterSecurityContextForPath(context_->pkgid.get(),
+ context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
context_->is_readonly_package.get(), &error_message)) {
if (!error_message.empty()) {
LOG(ERROR) << "error_message: " << error_message;