Added support for offline applications installations mode

author Sebastian Grabowski <s.grabowski@samsung.com>

Wed, 5 Nov 2014 11:27:23 +0000 (12:27 +0100)

committer Sebastian Grabowski <s.grabowski@samsung.com>

Fri, 28 Nov 2014 12:36:58 +0000 (13:36 +0100)
author Sebastian Grabowski <s.grabowski@samsung.com>
Wed, 5 Nov 2014 11:27:23 +0000 (12:27 +0100)
committer Sebastian Grabowski <s.grabowski@samsung.com>
Fri, 28 Nov 2014 12:36:58 +0000 (13:36 +0100)
diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp

index 14fbcbf..a4fa36a 100644 (file)
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -44,6 +44,8 @@
  #include <client-common.h>
  #include <protocols.h>
  #include <smack-common.h>
+#include <service_impl.h>
+#include <file-lock.h>
  
  #include <security-manager.h>
  
@@ -60,7 +62,7 @@ int security_manager_app_inst_req_new(app_inst_req **pp_req)
      } catch (std::bad_alloc& ex) {
          return SECURITY_MANAGER_ERROR_MEMORY;
      }
-    (*pp_req)->uid = 0;
+    (*pp_req)->uid = geteuid();
  
      return SECURITY_MANAGER_SUCCESS;
  }
@@ -131,7 +133,6 @@ SECURITY_MANAGER_API
  int security_manager_app_install(const app_inst_req *p_req)
  {
      using namespace SecurityManager;
-    MessageBuffer send, recv;
  
      return try_catch([&] {
          //checking parameters
@@ -140,23 +141,39 @@ int security_manager_app_install(const app_inst_req *p_req)
          if (p_req->appId.empty() || p_req->pkgId.empty())
              return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
  
-        //put data into buffer
-        Serialization::Serialize(send, (int)SecurityModuleCall::APP_INSTALL);
-        Serialization::Serialize(send, p_req->appId);
-        Serialization::Serialize(send, p_req->pkgId);
-        Serialization::Serialize(send, p_req->privileges);
-        Serialization::Serialize(send, p_req->appPaths);
-        Serialization::Serialize(send, p_req->uid);
+        bool offlineMode;
+        int retval;
  
-        //send buffer to server
-        int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
-        if (retval != SECURITY_MANAGER_API_SUCCESS) {
-            LogError("Error in sendToServer. Error code: " << retval);
-            return SECURITY_MANAGER_ERROR_UNKNOWN;
+        try {
+            SecurityManager::FileLocker serviceLock(SecurityManager::SERVICE_LOCK_FILE);
+            if ((offlineMode = serviceLock.Locked())) {
+                LogInfo("Working in offline mode.");
+                retval = SecurityManager::ServiceImpl::appInstall(*p_req, geteuid());
+            }
+        } catch (const SecurityManager::FileLocker::Exception::Base &e) {
+            offlineMode = false;
          }
+        if (!offlineMode) {
+            MessageBuffer send, recv;
+
+            //put data into buffer
+            Serialization::Serialize(send, (int)SecurityModuleCall::APP_INSTALL);
+            Serialization::Serialize(send, p_req->appId);
+            Serialization::Serialize(send, p_req->pkgId);
+            Serialization::Serialize(send, p_req->privileges);
+            Serialization::Serialize(send, p_req->appPaths);
+            Serialization::Serialize(send, p_req->uid);
+
+            //send buffer to server
+            retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+            if (retval != SECURITY_MANAGER_API_SUCCESS) {
+                LogError("Error in sendToServer. Error code: " << retval);
+                return SECURITY_MANAGER_ERROR_UNKNOWN;
+            }
  
-        //receive response from server
-        Deserialization::Deserialize(recv, retval);
+            //receive response from server
+            Deserialization::Deserialize(recv, retval);
+        }
          switch(retval) {
              case SECURITY_MANAGER_API_SUCCESS:
                  return SECURITY_MANAGER_SUCCESS;
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp

index f2a234c..fe7982d 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -127,8 +127,16 @@ int appInstall(const app_inst_req &req, uid_t uid)
      std::vector<std::string> removedPermissions;
  
      std::string uidstr;
-    if ((!uid) && (req.uid))
-        uid = req.uid;
+    if (uid) {
+        if (uid != req.uid) {
+            LogError("User " << uid <<
+                     " is denied to install application for user " << req.uid);
+            return SECURITY_MANAGER_API_ERROR_ACCESS_DENIED;
+        }
+    } else {
+        if (req.uid)
+            uid = req.uid;
+    }
      checkGlobalUser(uid, uidstr);
  
      if (!installRequestAuthCheck(req, uid)) {
author	Sebastian Grabowski <s.grabowski@samsung.com>
	Wed, 5 Nov 2014 11:27:23 +0000 (12:27 +0100)
committer	Sebastian Grabowski <s.grabowski@samsung.com>
	Fri, 28 Nov 2014 12:36:58 +0000 (13:36 +0100)
src/client/client-security-manager.cpp		patch \| blob \| history
src/common/service_impl.cpp		patch \| blob \| history