projects / platform / core / security / security-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5464c88)
Fix getting application groups 67/36067/5
authorRafal Krypa <r.krypa@samsung.com>
Tue, 17 Feb 2015 13:00:04 +0000 (14:00 +0100)
committerRafal Krypa <r.krypa@samsung.com>
Mon, 2 Mar 2015 15:19:55 +0000 (16:19 +0100)
When fetching application groups, Cynara checks are made to verify whether
application actually has the privilege. Since recently, application identifier
in Cynara policy is appId-based. This function wasn't properly adapted to
that change and still used pkgId-based identifier. This would break after
introduction of proper Smack labels in security-manager.

Change-Id: Ifeed83b6ab9f920a2c0dc769d0d3de60887bdcd6
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
src/common/service_impl.cpp patch | blob | history

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 8828b29..7fd621c 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -462,7 +462,7 @@ int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, std::unordered_
         }
         LogDebug("pkgId: " << pkgId);
 
-        smackLabel = SmackLabels::generatePkgLabel(pkgId);
+        smackLabel = SmackLabels::generateAppLabel(appId);
         LogDebug("smack label: " << smackLabel);
 
         std::vector<std::string> privileges;
@@ -472,7 +472,7 @@ int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, std::unordered_
         PrivilegeDb::getInstance().GetPkgPrivileges(pkgId, getGlobalUserId(), privileges);
         /*privileges needs to be sorted and with no duplications - for cynara sake*/
         std::inplace_merge(privileges.begin(), privileges.begin() + tmp, privileges.end());
-        privileges.erase( unique( privileges.begin(), privileges.end() ), privileges.end() );
+        privileges.erase(unique(privileges.begin(), privileges.end()), privileges.end());
 
         for (const auto &privilege : privileges) {
             std::vector<std::string> gidsTmp;
@@ -480,9 +480,9 @@ int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, std::unordered_
             if (!gidsTmp.empty()) {
                 LogDebug("Considering privilege " << privilege << " with " <<
                     gidsTmp.size() << " groups assigned");
+                // TODO: create method in Cynara class for fetching all privileges of an application
                 if (Cynara::getInstance().check(smackLabel, privilege, uidStr, pidStr)) {
-                    for_each(gidsTmp.begin(), gidsTmp.end(), [&] (std::string group)
-                    {
+                    for_each(gidsTmp.begin(), gidsTmp.end(), [&] (std::string group) {
                         struct group *grp = getgrnam(group.c_str());
                         if (grp == NULL) {
                                 LogError("No such group: " << group.c_str());
Domain: Security / Access Control;