Rewrite and fix CynaraAdmin::SetPolicies
Method CynaraAdmin::Setpolicies, updating Cynara policy for an application,
was previously written to accept two vectors of privileges:
previously enabled privileges and privileges that should be enabled.
Vectors were used to calculate privileges to disable and privileges to
enable in Cynara. It required that both vectors are sorted and without
duplicates. Callers of this method fetched privileges from data base, which
provides sorting and unification.
This was broken in commit
626f947e0bb6fd90d4c20fd914981d5b752ab1e6
(Change smack labeling to be appId based). The second vector was taken
directly from application installation request, that wasn't necessarily
sorted or unique.
This method can be simplified now withot the need for sorted vectors. In
fact only one vector is necessarry now, because cynara-admin provides
support for listing policies (it didn't when the method was initially
written). Now it only takes vector of privileges that should be enabled,
in arbitrary order, that may contain duplicates. It lists previously enabled
privileges directly from Cynara, calculates the difference and sends
updated policies back to Cynara.
Change-Id: I15ca331cf5f46ae43c7665977df7eb4d3c7e986c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
projects / platform / core / security / security-manager.git / commit