IMPLEMENT_SAFE_SINGLETON(SecurityManager::Log::LogSystem);
static std::map <std::string, enum app_install_path_type> app_install_path_type_map = {
- {"private", SECURITY_MANAGER_PATH_PRIVATE},
- {"public", SECURITY_MANAGER_PATH_PUBLIC},
- {"public_ro", SECURITY_MANAGER_PATH_PUBLIC_RO}
+ {"writable", SECURITY_MANAGER_PATH_RW},
+ {"readable", SECURITY_MANAGER_PATH_RO}
};
static std::map <std::string, enum security_manager_user_type> user_type_map = {
/**
* Sets Smack labels on a directory and its contents, recursively.
*
- * @param pkgId[in] application's package identifier
+ * @param appId[in] application's identifier
* @param path[in] path to a file or directory to setup
* @param pathType[in] type of path to setup. See description of
* app_install_path_type in security-manager.h for details
*
* @return true on success, false on error.
*/
-bool setupPath(const std::string &pkgId, const std::string &path,
+bool setupPath(const std::string &appId, const std::string &path,
app_install_path_type pathType);
/**
for (const auto &appPath : req.appPaths) {
const std::string &path = appPath.first;
app_install_path_type pathType = static_cast<app_install_path_type>(appPath.second);
- int result = setupPath(req.pkgId, path, pathType);
+ int result = setupPath(req.appId, path, pathType);
if (!result) {
LogError("setupPath() failed");
namespace SecurityManager {
-/* Const defined below is used to label links to executables */
-const char *const LABEL_FOR_PUBLIC_APP_PATH = "User";
+/* Const defined below is used to label files accessible to apps only for reading */
+const char *const LABEL_FOR_APP_RO_PATH = "User::Home";
enum class FileDecision {
SKIP = 0,
return ret;
}
-bool setupPath(const std::string &pkgId, const std::string &path,
+bool setupPath(const std::string &appId, const std::string &path,
app_install_path_type pathType)
{
std::string label;
switch (pathType) {
case SECURITY_MANAGER_PATH_PRIVATE:
- if (!generatePkgLabel(pkgId, label))
+ case SECURITY_MANAGER_PATH_RW:
+ if (!generateAppLabel(appId, label))
return false;
label_executables = true;
label_transmute = false;
break;
case SECURITY_MANAGER_PATH_PUBLIC:
- label.assign(LABEL_FOR_PUBLIC_APP_PATH);
+ case SECURITY_MANAGER_PATH_RO:
+ label.assign(LABEL_FOR_APP_RO_PATH);
label_executables = false;
label_transmute = true;
break;
SECURITY_MANAGER_PATH_PUBLIC,
//read only access for all applications
SECURITY_MANAGER_PATH_PUBLIC_RO,
+ //accessible for writing to all apps within its package
+ SECURITY_MANAGER_PATH_RW,
+ //accessible to apps for reading
+ SECURITY_MANAGER_PATH_RO,
//this is only for range limit
SECURITY_MANAGER_ENUM_END
};