}
void CynaraAdmin::UpdatePackagePolicy(
- const std::string &pkg,
+ const std::string &label,
const std::string &user,
const std::vector<std::string> &oldPrivileges,
const std::vector<std::string> &newPrivileges)
while (oldIter != oldPrivileges.end() && newIter != newPrivileges.end()) {
int compare = oldIter->compare(*newIter);
if (compare == 0) {
- LogDebug("(user = " << user << " pkg = " << pkg << ") " <<
+ LogDebug("(user = " << user << " label = " << label << ") " <<
"keeping privilege " << *newIter);
++oldIter;
++newIter;
continue;
} else if (compare < 0) {
- LogDebug("(user = " << user << " pkg = " << pkg << ") " <<
+ LogDebug("(user = " << user << " label = " << label << ") " <<
"removing privilege " << *oldIter);
- policies.push_back(CynaraAdminPolicy(pkg, user, *oldIter,
+ policies.push_back(CynaraAdminPolicy(label, user, *oldIter,
CynaraAdminPolicy::Operation::Delete));
++oldIter;
} else {
- LogDebug("(user = " << user << " pkg = " << pkg << ") " <<
+ LogDebug("(user = " << user << " label = " << label << ") " <<
"adding privilege " << *newIter);
- policies.push_back(CynaraAdminPolicy(pkg, user, *newIter,
+ policies.push_back(CynaraAdminPolicy(label, user, *newIter,
CynaraAdminPolicy::Operation::Allow));
++newIter;
}
}
for (; oldIter != oldPrivileges.end(); ++oldIter) {
- LogDebug("(user = " << user << " pkg = " << pkg << ") " <<
+ LogDebug("(user = " << user << " label = " << label << ") " <<
"removing privilege " << *oldIter);
- policies.push_back(CynaraAdminPolicy(pkg, user, *oldIter,
+ policies.push_back(CynaraAdminPolicy(label, user, *oldIter,
CynaraAdminPolicy::Operation::Delete));
}
for (; newIter != newPrivileges.end(); ++newIter) {
- LogDebug("(user = " << user << " pkg = " << pkg << ") " <<
+ LogDebug("(user = " << user << " label = " << label << ") " <<
"adding privilege " << *newIter);
- policies.push_back(CynaraAdminPolicy(pkg, user, *newIter,
+ policies.push_back(CynaraAdminPolicy(label, user, *newIter,
CynaraAdminPolicy::Operation::Allow));
}
* adding new, previously not enabled privileges.
* Caller must have permission to access Cynara administrative socket.
*
- * @param pkg package identifier
+ * @param label application Smack label
* @param user user identifier
* @param oldPrivileges previously enabled privileges for the package.
* Must be sorted and without duplicates.
* TODO: drop oldPrivileges argument and get them directly from Cynara.
* Appropriate Cynara interface is needed first.
*/
- static void UpdatePackagePolicy(const std::string &pkg, const std::string &user,
+ static void UpdatePackagePolicy(const std::string &label, const std::string &user,
const std::vector<std::string> &oldPrivileges,
const std::vector<std::string> &newPrivileges);
m_privilegeDb.AddApplication(req.appId, req.pkgId, uid, pkgIdIsNew);
m_privilegeDb.UpdateAppPrivileges(req.appId, uid, req.privileges);
m_privilegeDb.GetPkgPrivileges(req.pkgId, uid, newPkgPrivileges);
- CynaraAdmin::UpdatePackagePolicy(req.pkgId, uidstr, oldPkgPrivileges,
+ CynaraAdmin::UpdatePackagePolicy(smackLabel, uidstr, oldPkgPrivileges,
newPkgPrivileges);
m_privilegeDb.CommitTransaction();
LogDebug("Application installation commited to database");
if (!generateAppLabel(pkgId, smackLabel)) {
LogError("Cannot generate Smack label for package: " << pkgId);
goto error_label;
-
}
std::string uidstr = uid ? std::to_string(static_cast<unsigned int>(uid))
m_privilegeDb.UpdateAppPrivileges(appId, uid, std::vector<std::string>());
m_privilegeDb.RemoveApplication(appId, uid, removePkg);
m_privilegeDb.GetPkgPrivileges(pkgId, uid, newPkgPrivileges);
- CynaraAdmin::UpdatePackagePolicy(pkgId, uidstr, oldPkgPrivileges,
+ CynaraAdmin::UpdatePackagePolicy(smackLabel, uidstr, oldPkgPrivileges,
newPkgPrivileges);
m_privilegeDb.CommitTransaction();
LogDebug("Application uninstallation commited to database");