Revert "Fix smack labeling for lib rpk"

author Sangyoon Jang <jeremy.jang@samsung.com>

Thu, 22 Feb 2024 05:53:32 +0000 (14:53 +0900)

committer Sangyoon Jang <jeremy.jang@samsung.com>

Thu, 4 Apr 2024 01:10:19 +0000 (01:10 +0000)
author Sangyoon Jang <jeremy.jang@samsung.com>
Thu, 22 Feb 2024 05:53:32 +0000 (14:53 +0900)
committer Sangyoon Jang <jeremy.jang@samsung.com>
Thu, 4 Apr 2024 01:10:19 +0000 (01:10 +0000)
diff --git a/src/common/security_registration.cc b/src/common/security_registration.cc

index 1204e3d..3a526e7 100644 (file)
--- a/src/common/security_registration.cc
+++ b/src/common/security_registration.cc
@@ -379,19 +379,6 @@ class SecurityContextPathRequest {
          SetErrorMessage(&error_message_, error);
          return false;
        }
-
-      // this is for lib rpk installation. set public RO for contents only.
-      if (pkg_type == "rpk" && std::string(policy.first) == "lib") {
-        for (fs::directory_iterator iter(subpath);
-            iter != fs::directory_iterator(); ++iter) {
-          error = security_manager_path_req_add_path(req_,
-              iter->path().string().c_str(), SECURITY_MANAGER_PATH_PUBLIC_RO);
-          if (error!= SECURITY_MANAGER_SUCCESS) {
-            SetErrorMessage(&error_message_, error);
-            return false;
-          }
-        }
-      }
      }
      return true;
    }
@@ -559,8 +546,8 @@ bool UnregisterSecurityContextForPkgId(const std::string &pkg_id,
  }
  
  bool RegisterSecurityContextForPath(const std::string &pkg_id,
-    const std::string& pkg_type, const std::filesystem::path& path,
-    uid_t uid, bool is_readonly_pkg, std::string* error_message) {
+    const std::filesystem::path& path, uid_t uid, bool is_readonly_pkg,
+    std::string* error_message) {
    SecurityContextPathRequest req;
    if (!req.IsValid()) {
      *error_message = req.ErrorMessage();
@@ -570,7 +557,7 @@ bool RegisterSecurityContextForPath(const std::string &pkg_id,
      *error_message = req.ErrorMessage();
      return false;
    }
-  if (!req.PreparePath(pkg_type, path, is_readonly_pkg, false)) {
+  if (!req.PreparePath({}, path, is_readonly_pkg, false)) {
      *error_message = req.ErrorMessage();
      return false;
    }
diff --git a/src/common/security_registration.h b/src/common/security_registration.h

index d4274b9..c0af684 100644 (file)
--- a/src/common/security_registration.h
+++ b/src/common/security_registration.h
@@ -75,7 +75,6 @@ bool UnregisterSecurityContextForPkgId(const std::string& pkg_id,
   * package path to security context
   *
   * \param pkg_id pkgid of given package
- * \param pkg_type pkg type of given package
   * \param path path for registering
   * \param uid uid
   * \param is_readonly_pkg RO package flag
@@ -84,8 +83,8 @@ bool UnregisterSecurityContextForPkgId(const std::string& pkg_id,
   * \return true if success
   */
  bool RegisterSecurityContextForPath(const std::string &pkg_id,
-    const std::string& pkg_type, const std::filesystem::path& path,
-    uid_t uid, bool is_readonly_pkg, std::string* error_message);
+    const std::filesystem::path& path, uid_t uid,
+    bool is_readonly_pkg, std::string* error_message);
  
  /**
   * Adapter interface for external Security module.
diff --git a/src/common/shared_dirs.cc b/src/common/shared_dirs.cc

index c0f0641..5b1cfa6 100644 (file)
--- a/src/common/shared_dirs.cc
+++ b/src/common/shared_dirs.cc
@@ -542,8 +542,8 @@ bool CreatePerUserStorageDirectories(const std::string& pkgid, bool trusted,
    }
  
    std::string error_message;
-  if (!RegisterSecurityContextForPath(pkgid, {}, skel_apps_rw / pkgid,
-      kGlobalUserUid, is_readonly, &error_message)) {
+  if (!RegisterSecurityContextForPath(pkgid, skel_apps_rw / pkgid,
+          kGlobalUserUid, is_readonly, &error_message)) {
      LOG(ERROR) << "Failed to register security context for path: "
                 << skel_apps_rw / pkgid << ", error_message: " << error_message;
      return false;
@@ -587,8 +587,8 @@ bool CreatePerUserStorageDirectories(const std::string& pkgid, bool trusted,
          }
        }
  
-      if (!RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid,
-          false, &error_message)) {
+      if (!RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid, false,
+                                          &error_message)) {
          LOG(ERROR) << "Failed to register security context for path: "
                     << apps_rw / pkgid << ", error_message: " << error_message;
          return false;
@@ -663,8 +663,8 @@ bool CreateStorageDirectories(const fs::path& path,
    }
  
    std::string error_message;
-  if (!RegisterSecurityContextForPath(pkgid, {}, path / pkgid, uid, false,
-      &error_message)) {
+  if (!RegisterSecurityContextForPath(pkgid, path / pkgid, uid, false,
+                                      &error_message)) {
      LOG(ERROR) << "Failed to register security context for path: " << path
                 << ", error_message: " << error_message;
      return false;
@@ -854,8 +854,8 @@ bool CreateSharedDataDir(const std::string& pkgid, uid_t uid) {
  
    fs::path path = apps_rw / pkgid;
    std::string error_message;
-  if (!ci::RegisterSecurityContextForPath(pkgid, {}, path, uid, false,
-      &error_message)) {
+  if (!ci::RegisterSecurityContextForPath(pkgid, path, uid, false,
+          &error_message)) {
      LOG(ERROR) << "Failed to register security context for path: " << path
                 << ", error_message: " << error_message;
      return false;
@@ -873,8 +873,8 @@ bool CreatePerUserSharedDataDir(const std::string& pkgid) {
      return false;
  
    std::string error_message;
-  if (!ci::RegisterSecurityContextForPath(pkgid, {}, skel_apps_rw / pkgid,
-      kGlobalUserUid, false, &error_message)) {
+  if (!ci::RegisterSecurityContextForPath(pkgid, skel_apps_rw / pkgid,
+          kGlobalUserUid, false, &error_message)) {
      LOG(ERROR) << "Failed to register security context for path: "
                 << skel_apps_rw / pkgid << ", error_message: " << error_message;
      return false;
@@ -904,7 +904,7 @@ bool CreatePerUserSharedDataDir(const std::string& pkgid) {
            return false;
        }
  
-      if (!ci::RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid,
+      if (!ci::RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid,
                                                false, &error_message)) {
          LOG(ERROR) << "Failed to register security context for path: "
                     << apps_rw / pkgid << ", error_message: " << error_message;
@@ -992,7 +992,7 @@ bool RestoreSharedDataDir(const std::string& pkgid, uid_t uid) {
    }
  
    std::string error_message;
-  if (!RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid, false,
+  if (!RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid, false,
                                        &error_message)) {
      LOG(ERROR) << "Failed to register security context for path: " << apps_rw
                 << ", error_message: " << error_message;
@@ -1033,8 +1033,8 @@ bool RestorePerUserSharedDataDir(const std::string& pkgid) {
            return false;
        }
  
-      if (!RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid,
-          false, &error_message)) {
+      if (!RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid,
+              false, &error_message)) {
          LOG(ERROR) << "Failed to register security context for path: "
                     << apps_rw / pkgid << ", error_message: " << error_message;
          return false;
diff --git a/src/common/step/security/step_recover_security.cc b/src/common/step/security/step_recover_security.cc

index 950bc3b..bde7fae 100644 (file)
--- a/src/common/step/security/step_recover_security.cc
+++ b/src/common/step/security/step_recover_security.cc
@@ -79,8 +79,8 @@ Step::Status StepRecoverSecurity::RecoveryUpdate() {
    if (!HasOwnerRwOtherRoPaths(context_->GetPkgPath()))
      return Status::OK;
  
-  if (!RegisterSecurityContextForPath(context_->pkgid.get(),
-      context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
+  if (!RegisterSecurityContextForPath(
+      context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
        context_->is_readonly_package.get(), &error_message)) {
      if (!error_message.empty()) {
        LOG(ERROR) << "error_message: " << error_message;
diff --git a/src/common/step/security/step_register_security.cc b/src/common/step/security/step_register_security.cc

index fc6d108..c9bb9a0 100644 (file)
--- a/src/common/step/security/step_register_security.cc
+++ b/src/common/step/security/step_register_security.cc
@@ -51,8 +51,8 @@ Step::Status StepRegisterSecurity::process() {
    }
    if (context_->partial_rw.get())
      return Status::OK;
-  if (!RegisterSecurityContextForPath(context_->pkgid.get(),
-      context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
+  if (!RegisterSecurityContextForPath(
+      context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
        context_->is_readonly_package.get(), &error_message)) {
      if (!error_message.empty()) {
        LOG(ERROR) << "error_message: " << error_message;
diff --git a/src/common/step/security/step_rollback_deinstallation_security.cc b/src/common/step/security/step_rollback_deinstallation_security.cc

index 2e6f9d3..b06f758 100644 (file)
--- a/src/common/step/security/step_rollback_deinstallation_security.cc
+++ b/src/common/step/security/step_rollback_deinstallation_security.cc
@@ -34,8 +34,8 @@ Step::Status StepRollbackDeinstallationSecurity::undo() {
      }
      return Status::SECURITY_ERROR;
    }
-  if (!RegisterSecurityContextForPath(context_->pkgid.get(),
-      context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
+  if (!RegisterSecurityContextForPath(
+      context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
        context_->is_readonly_package.get(), &error_message)) {
      if (!error_message.empty()) {
        LOG(ERROR) << "error_message: " << error_message;
diff --git a/src/common/step/security/step_update_security.cc b/src/common/step/security/step_update_security.cc

index 4e2d871..6ccf109 100644 (file)
--- a/src/common/step/security/step_update_security.cc
+++ b/src/common/step/security/step_update_security.cc
@@ -23,8 +23,8 @@ Step::Status StepUpdateSecurity::process() {
      return Status::SECURITY_ERROR;
    }
    if (context_->request_type.get() != RequestType::ReadonlyUpdateUninstall) {
-    if (!RegisterSecurityContextForPath(context_->pkgid.get(),
-        context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
+    if (!RegisterSecurityContextForPath(
+        context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
          context_->is_readonly_package.get(), &error_message)) {
        if (!error_message.empty()) {
          LOG(ERROR) << "error_message: " << error_message;
@@ -45,8 +45,8 @@ Step::Status StepUpdateSecurity::undo() {
      }
      return Status::SECURITY_ERROR;
    }
-  if (!RegisterSecurityContextForPath(context_->pkgid.get(),
-      context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
+  if (!RegisterSecurityContextForPath(
+      context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
        context_->is_readonly_package.get(), &error_message)) {
      if (!error_message.empty()) {
        LOG(ERROR) << "error_message: " << error_message;
author	Sangyoon Jang <jeremy.jang@samsung.com>
	Thu, 22 Feb 2024 05:53:32 +0000 (14:53 +0900)
committer	Sangyoon Jang <jeremy.jang@samsung.com>
	Thu, 4 Apr 2024 01:10:19 +0000 (01:10 +0000)
src/common/security_registration.cc		patch \| blob \| history
src/common/security_registration.h		patch \| blob \| history
src/common/shared_dirs.cc		patch \| blob \| history
src/common/step/security/step_recover_security.cc		patch \| blob \| history
src/common/step/security/step_register_security.cc		patch \| blob \| history
src/common/step/security/step_rollback_deinstallation_security.cc		patch \| blob \| history
src/common/step/security/step_update_security.cc		patch \| blob \| history