BEGIN TRANSACTION;
-INSERT INTO all_smack_binary_rules
-SELECT subject, object, access, is_volatile
-FROM all_smack_binary_rules_view
-WHERE NOT EXISTS (SELECT * FROM all_smack_binary_rules);
-- Delete volatile rules
-DELETE FROM app_permission WHERE is_volatile=1;
+DELETE FROM app_permission WHERE is_volatile = 1;
.output "/opt/etc/smack/boot-rules.smack"
("org.tizen.privilege.antivirus","OSP", "ANY_LABEL", "rwx", 0),
("org.tizen.privilege.antivirus","EFL", "ANY_LABEL", "rwx", 0);
-
--- Initial fill of all_smack_binary_rules table
-DELETE FROM all_smack_binary_rules;
-INSERT INTO all_smack_binary_rules
-SELECT subject, object, access, is_volatile
-FROM all_smack_binary_rules_view;
-
COMMIT TRANSACTION;
VACUUM;
\ No newline at end of file
*/
int perm_end(void);
+int base_name_from_perm(const char *perm, char **name);
+
+
#ifdef __cplusplus
}
/**
+ * Prepare tables with smack rules.
+ *
+ * @ingroup RDB internal functions
+ *
+ * @param p_db pointer to a SQLite3 database object
+ * @return PC_OPERATION_SUCCESS on success, error code otherwise
+ */
+int update_rules_in_db(sqlite3 *p_db);
+
+
+/**
* Updates smack rules. Only rules that change are refreshed.
*
* @ingroup RDB internal functions
mkdir -p /opt/etc/smack-app-early/accesses.d
fi
-if [ ! -e "/opt/dbspace/.rules-db.db3" ]
-then
- # First installation
- rm -f /opt/dbspace/.rules-db.db3-journal
- sqlite3 /opt/dbspace/.rules-db.db3 < /opt/dbspace/rules-db.sql
- sqlite3 /opt/dbspace/.rules-db.db3 < /opt/dbspace/rules-db-data.sql
-
- api_feature_loader --verbose
-else
- # There is the rules-db database.
- sqlite3 /opt/dbspace/.rules-db.db3 < /opt/dbspace/rules-db.sql
- sqlite3 /opt/dbspace/.rules-db.db3 < /opt/dbspace/rules-db-data.sql
-fi
-
+sqlite3 /opt/dbspace/.rules-db.db3 < /opt/dbspace/rules-db.sql
rm -f /opt/dbspace/rules-db.sql
+
+sqlite3 /opt/dbspace/.rules-db.db3 < /opt/dbspace/rules-db-data.sql
rm -f /opt/dbspace/rules-db-data.sql
+api_feature_loader --verbose
+
%files
%{_libdir}/*.so.*
%{_libdir}/librules-db-sql-udf.so
* created basename : org.tizen.privilege.contact.read
*/
-static int base_name_from_perm(const char *perm, char **name)
+int base_name_from_perm(const char *perm, char **name)
{
SECURE_C_LOGD("Entering function: %s. Params: perm=%s",
__func__, perm);
WHERE s2.subject IS NULL AND \
s2.object IS NULL \
) \
- ORDER BY subject, object ASC; \
- ANALYZE;",
+ ORDER BY subject, object ASC;",
0, 0, 0) != SQLITE_OK) {
C_LOGE("RDB: Error during preparing script: %s", sqlite3_errmsg(*p_db));
return PC_ERR_DB_OPERATION;
int i_is_volatile_new,
int i_is_enabled_new)
{
- RDB_LOG_ENTRY_PARAM("%d %d %d %d %d", i_app_id,
+ RDB_LOG_ENTRY_PARAM("%d %s %s %d %d", i_app_id,
s_permission_name, s_permission_type_name,
i_is_volatile_new, i_is_enabled_new);
}
-static int update_rules_in_db(sqlite3 *p_db)
+int update_rules_in_db(sqlite3 *p_db)
{
RDB_LOG_ENTRY;
const unsigned char *s_access_del = NULL;
struct smack_accesses *smack = NULL;
- ret = update_rules_in_db(p_db);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
if(smack_accesses_new(&smack)) {
C_LOGE("RDB: Error during updating smack rules: smack_accesses_new failed.");
ret = PC_ERR_MEM_OPERATION;
* @brief This file contains declaration of the API to rules database.
*/
+#include <stdlib.h>
+
+#include "privilege-control.h"
#include "rules-db-internals.h"
static sqlite3 *p_db__ = NULL;
return PC_ERR_DB_CONNECTION;
}
- if(have_smack()) {
- ret = save_smack_rules(*pp_db);
- if(ret != PC_OPERATION_SUCCESS) return ret;
- }
+ ret = save_smack_rules(*pp_db);
+ if(ret != PC_OPERATION_SUCCESS) return ret;
return PC_OPERATION_SUCCESS;
}
{
RDB_LOG_ENTRY;
+ if(ret == PC_OPERATION_SUCCESS &&
+ (ret = update_rules_in_db(p_db))
+ != PC_OPERATION_SUCCESS) {
+ C_LOGE("RDB: Error during updating rules in the database: %d", ret);;
+ }
+
if(have_smack()) {
if(ret == PC_OPERATION_SUCCESS &&
(ret = update_smack_rules(p_db))
!= PC_OPERATION_SUCCESS) {
- C_LOGE("RDB: Error updating smack rules");
+ C_LOGE("RDB: Error updating smack rules: %d", ret);
}
}
int ret = PC_ERR_DB_OPERATION;
sqlite3 *p_db = NULL;
+ char *s_permission_name = NULL;
int i;
int i_app_id = 0;
C_LOGD("RDB: Enabling permissions START");
== strlen(pp_permissions_list[i]))
continue;
+ ret = base_name_from_perm(pp_permissions_list[i], &s_permission_name);
+ if(ret != PC_OPERATION_SUCCESS) goto finish;
+
ret = change_app_permission_internal(p_db,
i_app_id,
- pp_permissions_list[i],
+ s_permission_name,
s_permission_type_name,
b_is_volatile,
RDB_ENABLE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
+ free(s_permission_name);
}
ret = add_modified_label_internal(p_db, s_app_label_name);
int ret = PC_ERR_DB_OPERATION;
sqlite3 *p_db = NULL;
+ char *s_permission_name = NULL;
int i, i_app_id;
ret = rdb_begin(&p_db);
== strlen(pp_permissions_list[i]))
continue;
+ ret = base_name_from_perm(pp_permissions_list[i], &s_permission_name);
+ if(ret != PC_OPERATION_SUCCESS) goto finish;
+
ret = switch_app_permission_internal(p_db,
i_app_id,
- pp_permissions_list[i],
+ s_permission_name,
s_permission_type_name,
RDB_DISABLE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
+
+ free(s_permission_name);
}
ret = add_modified_label_internal(p_db, s_app_label_name);