projects / platform / core / security / security-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d7d8dcb)
New path types for application installation in security-manager 51/33051/19
authorZbigniew Jasinski <z.jasinski@samsung.com>
Fri, 2 Jan 2015 10:36:40 +0000 (11:36 +0100)
committerRafal Krypa <r.krypa@samsung.com>
Mon, 2 Mar 2015 15:19:54 +0000 (16:19 +0100)
security-manager now provides two path types:
- writable, accessible for writing to the app and all apps within its package
- readable, accessible to all apps for reading

Change-Id: I87a0dfbd4bc7b9e59d1ed97dc8332e7df20b139f

src/cmd/security-manager-cmd.cpp patch | blob | history
src/common/include/smack-labels.h patch | blob | history
src/common/service_impl.cpp patch | blob | history
src/common/smack-labels.cpp patch | blob | history
src/include/security-manager.h patch | blob | history

diff --git a/src/cmd/security-manager-cmd.cpp b/src/cmd/security-manager-cmd.cpp
index 0f4b85f..4b8fb91 100644 (file)
--- a/src/cmd/security-manager-cmd.cpp
+++ b/src/cmd/security-manager-cmd.cpp
@@ -40,9 +40,8 @@ namespace po = boost::program_options;
 IMPLEMENT_SAFE_SINGLETON(SecurityManager::Log::LogSystem);
 
 static std::map <std::string, enum app_install_path_type> app_install_path_type_map = {
-    {"private", SECURITY_MANAGER_PATH_PRIVATE},
-    {"public", SECURITY_MANAGER_PATH_PUBLIC},
-    {"public_ro", SECURITY_MANAGER_PATH_PUBLIC_RO}
+    {"writable", SECURITY_MANAGER_PATH_RW},
+    {"readable", SECURITY_MANAGER_PATH_RO}
 };
 
 static std::map <std::string, enum security_manager_user_type> user_type_map = {
diff --git a/src/common/include/smack-labels.h b/src/common/include/smack-labels.h
index 3089462..1e80305 100644 (file)
--- a/src/common/include/smack-labels.h
+++ b/src/common/include/smack-labels.h
@@ -36,14 +36,14 @@ namespace SecurityManager {
 /**
  * Sets Smack labels on a directory and its contents, recursively.
  *
- * @param pkgId[in] application's package identifier
+ * @param appId[in] application's identifier
  * @param path[in] path to a file or directory to setup
  * @param pathType[in] type of path to setup. See description of
  *         app_install_path_type in security-manager.h for details
  *
  * @return true on success, false on error.
  */
-bool setupPath(const std::string &pkgId, const std::string &path,
+bool setupPath(const std::string &appId, const std::string &path,
     app_install_path_type pathType);
 
 /**
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 074495f..feedde5 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -291,7 +291,7 @@ int appInstall(const app_inst_req &req, uid_t uid)
     for (const auto &appPath : req.appPaths) {
         const std::string &path = appPath.first;
         app_install_path_type pathType = static_cast<app_install_path_type>(appPath.second);
-        int result = setupPath(req.pkgId, path, pathType);
+        int result = setupPath(req.appId, path, pathType);
 
         if (!result) {
             LogError("setupPath() failed");
diff --git a/src/common/smack-labels.cpp b/src/common/smack-labels.cpp
index 616dd43..f60eab3 100644 (file)
--- a/src/common/smack-labels.cpp
+++ b/src/common/smack-labels.cpp
@@ -40,8 +40,8 @@
 
 namespace SecurityManager {
 
-/* Const defined below is used to label links to executables */
-const char *const LABEL_FOR_PUBLIC_APP_PATH = "User";
+/* Const defined below is used to label files accessible to apps only for reading */
+const char *const LABEL_FOR_APP_RO_PATH = "User::Home";
 
 enum class FileDecision {
     SKIP = 0,
@@ -157,7 +157,7 @@ static bool labelDir(const std::string &path, const std::string &label,
     return ret;
 }
 
-bool setupPath(const std::string &pkgId, const std::string &path,
+bool setupPath(const std::string &appId, const std::string &path,
     app_install_path_type pathType)
 {
     std::string label;
@@ -165,13 +165,15 @@ bool setupPath(const std::string &pkgId, const std::string &path,
 
     switch (pathType) {
     case SECURITY_MANAGER_PATH_PRIVATE:
-        if (!generatePkgLabel(pkgId, label))
+    case SECURITY_MANAGER_PATH_RW:
+        if (!generateAppLabel(appId, label))
             return false;
         label_executables = true;
         label_transmute = false;
         break;
     case SECURITY_MANAGER_PATH_PUBLIC:
-        label.assign(LABEL_FOR_PUBLIC_APP_PATH);
+    case SECURITY_MANAGER_PATH_RO:
+        label.assign(LABEL_FOR_APP_RO_PATH);
         label_executables = false;
         label_transmute = true;
         break;
diff --git a/src/include/security-manager.h b/src/include/security-manager.h
index daa06de..9ddcfca 100644 (file)
--- a/src/include/security-manager.h
+++ b/src/include/security-manager.h
@@ -52,6 +52,10 @@ enum app_install_path_type {
     SECURITY_MANAGER_PATH_PUBLIC,
     //read only access for all applications
     SECURITY_MANAGER_PATH_PUBLIC_RO,
+    //accessible for writing to all apps within its package
+    SECURITY_MANAGER_PATH_RW,
+    //accessible to apps for reading
+    SECURITY_MANAGER_PATH_RO,
     //this is only for range limit
     SECURITY_MANAGER_ENUM_END
 };
Domain: Security / Access Control;