Fix only partial rollback of Smack rules

[platform/core/test/security-tests.git] / src / ckm / privileged / access_provider2.cpp

diff --git a/src/ckm/privileged/access_provider2.cpp b/src/ckm/privileged/access_provider2.cpp
index 2d98ace..bc7af22 100644 (file)
--- a/src/ckm/privileged/access_provider2.cpp
+++ b/src/ckm/privileged/access_provider2.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2013 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
@@ -81,8 +81,7 @@ void AccessProvider::applyAndSwithToUser(int uid, int gid)
 {
     RUNNER_ASSERT_MSG(m_inSwitchContext == false, "already switched context");
 
-    RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
-        "Error in smack_revoke_subject(" << m_mySubject << ")");
+    clear();
     apply();
 
     m_processLabel.reset(new ScopedProcessLabel(m_mySubject));
@@ -96,6 +95,10 @@ void AccessProvider::applyAndSwithToUser(int uid, int gid)
     m_inSwitchContext = true;
 }
 
+void AccessProvider::clear() {
+    m_smackAccess.clear();
+}
+
 void AccessProvider::allowJournaldLogs() {
     allowAPI("System::Run","wx"); // necessary for logging with journald
 }
@@ -106,8 +109,7 @@ ScopedAccessProvider::~ScopedAccessProvider()
     {
         RUNNER_ASSERT_MSG(0 == setegid(m_origGid), "Error in setgid.");
         RUNNER_ASSERT_MSG(0 == seteuid(m_origUid), "Error in setuid.");
-        RUNNER_ASSERT_MSG(0 == smack_revoke_subject(m_mySubject.c_str()),
-            "Error in smack_revoke_subject(" << m_mySubject << ")");
+        clear();
         m_processLabel.reset();
         m_inSwitchContext = false;
     }