From 074e15e13bd7019cb10ef21f75a4f58c6dc7adf7 Mon Sep 17 00:00:00 2001
From: Ilho Kim <ilho159.kim@samsung.com>
Date: Wed, 14 Sep 2022 15:44:32 +0900
Subject: [PATCH] Fix RecoverStorageDirectories

Because security has been registered again during recovery
security registration should also be performed for the shared data paths

Change-Id: Ic0ed4eca2bd0288fdc533ca4c4092344c918daee
Signed-off-by: Ilho Kim <ilho159.kim@samsung.com>
---
 src/common/installer/app_installer.cc |  2 +-
 src/common/shared_dirs.cc             | 41 ++++++++++++++++++++++++++++++++++-
 2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/src/common/installer/app_installer.cc b/src/common/installer/app_installer.cc
index dd6e3a8..27de74d 100644
--- a/src/common/installer/app_installer.cc
+++ b/src/common/installer/app_installer.cc
@@ -512,7 +512,6 @@ void AppInstaller::RecoverySteps() {
   AddStep<ci::pkgmgr::StepRecoverParserPlugin>();
   AddStep<ci::filesystem::StepRecoverManifest>();
   AddStep<ci::filesystem::StepRecoverExternalStorage>();
-  AddStep<ci::filesystem::StepRecoverStorageDirectories>();
   AddStep<ci::filesystem::StepRecoverGlobalAppSymlinks>();
   AddStep<ci::filesystem::StepRecoverFiles>();
   AddStep<ci::pkgmgr::StepRecoverPrivSharedres>();
@@ -521,6 +520,7 @@ void AppInstaller::RecoverySteps() {
   AddStep<ci::pkgmgr::StepRecoverApplication>();
   AddStep<ci::security::StepRecoverTrustAnchor>();
   AddStep<ci::security::StepRecoverSecurity>();
+  AddStep<ci::filesystem::StepRecoverStorageDirectories>();
 }
 
 void AppInstaller::MountInstallSteps() {
diff --git a/src/common/shared_dirs.cc b/src/common/shared_dirs.cc
index d9379b9..52dd7b5 100644
--- a/src/common/shared_dirs.cc
+++ b/src/common/shared_dirs.cc
@@ -979,7 +979,28 @@ bool BackupPerUserSharedDataDir(const std::string& pkgid) {
 
 bool RestoreSharedDataDir(const std::string& pkgid, uid_t uid) {
   bf::path apps_rw = ci::GetRootAppPath(false, uid);
-  return RestoreSharedDataDirectories(apps_rw, pkgid);
+  if (!RestoreSharedDataDirectories(apps_rw, pkgid))
+    return false;
+
+  if (!::SetPackageDirectoryOwnerAndPermissions(apps_rw / pkgid, uid))
+    return false;
+
+  std::vector<std::string> shared_dirs(kSharedDataEntries);
+  for (auto entry : shared_dirs) {
+    bf::path shared_dst = apps_rw / entry / pkgid;
+    if (!::SetPackageDirectoryOwnerAndPermissions(shared_dst, uid))
+      return false;
+  }
+
+  std::string error_message;
+  if (!RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid, false,
+                                      &error_message)) {
+    LOG(ERROR) << "Failed to register security context for path: " << apps_rw
+               << ", error_message: " << error_message;
+    return false;
+  }
+
+  return true;
 }
 
 bool RestorePerUserSharedDataDir(const std::string& pkgid) {
@@ -988,6 +1009,7 @@ bool RestorePerUserSharedDataDir(const std::string& pkgid) {
   if (!RestoreSharedDataDirectories(skel_apps_rw, pkgid))
     return false;
 
+  std::string error_message;
   ci::UserList list = ci::GetUserList();
   for (auto l : list) {
     uid_t uid = std::get<0>(l);
@@ -1001,6 +1023,23 @@ bool RestorePerUserSharedDataDir(const std::string& pkgid) {
     for (auto& apps_rw : apps_rw_paths) {
       if (!RestoreSharedDataDirectories(apps_rw, pkgid))
         return false;
+
+      if (!::SetPackageDirectoryOwnerAndPermissions(apps_rw / pkgid, uid))
+        return false;
+
+      std::vector<std::string> shared_dirs(kSharedDataEntries);
+      for (auto entry : shared_dirs) {
+        bf::path shared_dst = apps_rw / entry / pkgid;
+        if (!::SetPackageDirectoryOwnerAndPermissions(shared_dst, uid))
+          return false;
+      }
+
+      if (!RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid,
+              false, &error_message)) {
+        LOG(ERROR) << "Failed to register security context for path: "
+                   << apps_rw / pkgid << ", error_message: " << error_message;
+        return false;
+      }
     }
   }
 
-- 
2.7.4