Revert "Fix smack labeling for lib rpk"

This reverts commit 5ed4ec8644015b7418c0e86111ffb5d344a5823d. This logic is only for rpk package and moved to rpk's step. Change-Id: I2e1fb4402432fb413795e591cf7961aa8fc1bc16
author: Sangyoon Jang <jeremy.jang@samsung.com> 2024-02-22 14:53:32 +0900
committer: Sangyoon Jang <jeremy.jang@samsung.com> 2024-04-04 01:10:19 +0000
commit: 883ffceaac5072ba1d30dee8b604312dffa5093d (patch)
tree: aa35d86dde31820b424f313dd663532dc1d5d2e1
parent: 99de126aa030582784f61890df9a60488f57dafb (diff)
download: app-installers-883ffceaac5072ba1d30dee8b604312dffa5093d.tar.gz
app-installers-883ffceaac5072ba1d30dee8b604312dffa5093d.tar.bz2
app-installers-883ffceaac5072ba1d30dee8b604312dffa5093d.zip
7 files changed, 29 insertions, 43 deletions
diff --git a/src/common/security_registration.cc b/src/common/security_registration.cc
index 1204e3d9..3a526e7b 100644
--- a/src/common/security_registration.cc
+++ b/src/common/security_registration.cc
@@ -379,19 +379,6 @@ class SecurityContextPathRequest {
         SetErrorMessage(&error_message_, error);
         return false;
       }
-
-      // this is for lib rpk installation. set public RO for contents only.
-      if (pkg_type == "rpk" && std::string(policy.first) == "lib") {
-        for (fs::directory_iterator iter(subpath);
-            iter != fs::directory_iterator(); ++iter) {
-          error = security_manager_path_req_add_path(req_,
-              iter->path().string().c_str(), SECURITY_MANAGER_PATH_PUBLIC_RO);
-          if (error!= SECURITY_MANAGER_SUCCESS) {
-            SetErrorMessage(&error_message_, error);
-            return false;
-          }
-        }
-      }
     }
     return true;
   }
@@ -559,8 +546,8 @@ bool UnregisterSecurityContextForPkgId(const std::string &pkg_id,
 }
 
 bool RegisterSecurityContextForPath(const std::string &pkg_id,
-    const std::string& pkg_type, const std::filesystem::path& path,
-    uid_t uid, bool is_readonly_pkg, std::string* error_message) {
+    const std::filesystem::path& path, uid_t uid, bool is_readonly_pkg,
+    std::string* error_message) {
   SecurityContextPathRequest req;
   if (!req.IsValid()) {
     *error_message = req.ErrorMessage();
@@ -570,7 +557,7 @@ bool RegisterSecurityContextForPath(const std::string &pkg_id,
     *error_message = req.ErrorMessage();
     return false;
   }
-  if (!req.PreparePath(pkg_type, path, is_readonly_pkg, false)) {
+  if (!req.PreparePath({}, path, is_readonly_pkg, false)) {
     *error_message = req.ErrorMessage();
     return false;
   }
diff --git a/src/common/security_registration.h b/src/common/security_registration.h
index d4274b98..c0af6849 100644
--- a/src/common/security_registration.h
+++ b/src/common/security_registration.h
@@ -75,7 +75,6 @@ bool UnregisterSecurityContextForPkgId(const std::string& pkg_id,
  * package path to security context
  *
  * \param pkg_id pkgid of given package
- * \param pkg_type pkg type of given package
  * \param path path for registering
  * \param uid uid
  * \param is_readonly_pkg RO package flag
@@ -84,8 +83,8 @@ bool UnregisterSecurityContextForPkgId(const std::string& pkg_id,
  * \return true if success
  */
 bool RegisterSecurityContextForPath(const std::string &pkg_id,
-    const std::string& pkg_type, const std::filesystem::path& path,
-    uid_t uid, bool is_readonly_pkg, std::string* error_message);
+    const std::filesystem::path& path, uid_t uid,
+    bool is_readonly_pkg, std::string* error_message);
 
 /**
  * Adapter interface for external Security module.
diff --git a/src/common/shared_dirs.cc b/src/common/shared_dirs.cc
index c0f0641c..5b1cfa64 100644
--- a/src/common/shared_dirs.cc
+++ b/src/common/shared_dirs.cc
@@ -542,8 +542,8 @@ bool CreatePerUserStorageDirectories(const std::string& pkgid, bool trusted,
   }
 
   std::string error_message;
-  if (!RegisterSecurityContextForPath(pkgid, {}, skel_apps_rw / pkgid,
-      kGlobalUserUid, is_readonly, &error_message)) {
+  if (!RegisterSecurityContextForPath(pkgid, skel_apps_rw / pkgid,
+          kGlobalUserUid, is_readonly, &error_message)) {
     LOG(ERROR) << "Failed to register security context for path: "
                << skel_apps_rw / pkgid << ", error_message: " << error_message;
     return false;
@@ -587,8 +587,8 @@ bool CreatePerUserStorageDirectories(const std::string& pkgid, bool trusted,
         }
       }
 
-      if (!RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid,
-          false, &error_message)) {
+      if (!RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid, false,
+                                          &error_message)) {
         LOG(ERROR) << "Failed to register security context for path: "
                    << apps_rw / pkgid << ", error_message: " << error_message;
         return false;
@@ -663,8 +663,8 @@ bool CreateStorageDirectories(const fs::path& path,
   }
 
   std::string error_message;
-  if (!RegisterSecurityContextForPath(pkgid, {}, path / pkgid, uid, false,
-      &error_message)) {
+  if (!RegisterSecurityContextForPath(pkgid, path / pkgid, uid, false,
+                                      &error_message)) {
     LOG(ERROR) << "Failed to register security context for path: " << path
                << ", error_message: " << error_message;
     return false;
@@ -854,8 +854,8 @@ bool CreateSharedDataDir(const std::string& pkgid, uid_t uid) {
 
   fs::path path = apps_rw / pkgid;
   std::string error_message;
-  if (!ci::RegisterSecurityContextForPath(pkgid, {}, path, uid, false,
-      &error_message)) {
+  if (!ci::RegisterSecurityContextForPath(pkgid, path, uid, false,
+          &error_message)) {
     LOG(ERROR) << "Failed to register security context for path: " << path
                << ", error_message: " << error_message;
     return false;
@@ -873,8 +873,8 @@ bool CreatePerUserSharedDataDir(const std::string& pkgid) {
     return false;
 
   std::string error_message;
-  if (!ci::RegisterSecurityContextForPath(pkgid, {}, skel_apps_rw / pkgid,
-      kGlobalUserUid, false, &error_message)) {
+  if (!ci::RegisterSecurityContextForPath(pkgid, skel_apps_rw / pkgid,
+          kGlobalUserUid, false, &error_message)) {
     LOG(ERROR) << "Failed to register security context for path: "
                << skel_apps_rw / pkgid << ", error_message: " << error_message;
     return false;
@@ -904,7 +904,7 @@ bool CreatePerUserSharedDataDir(const std::string& pkgid) {
           return false;
       }
 
-      if (!ci::RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid,
+      if (!ci::RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid,
                                               false, &error_message)) {
         LOG(ERROR) << "Failed to register security context for path: "
                    << apps_rw / pkgid << ", error_message: " << error_message;
@@ -992,7 +992,7 @@ bool RestoreSharedDataDir(const std::string& pkgid, uid_t uid) {
   }
 
   std::string error_message;
-  if (!RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid, false,
+  if (!RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid, false,
                                       &error_message)) {
     LOG(ERROR) << "Failed to register security context for path: " << apps_rw
                << ", error_message: " << error_message;
@@ -1033,8 +1033,8 @@ bool RestorePerUserSharedDataDir(const std::string& pkgid) {
           return false;
       }
 
-      if (!RegisterSecurityContextForPath(pkgid, {}, apps_rw / pkgid, uid,
-          false, &error_message)) {
+      if (!RegisterSecurityContextForPath(pkgid, apps_rw / pkgid, uid,
+              false, &error_message)) {
         LOG(ERROR) << "Failed to register security context for path: "
                    << apps_rw / pkgid << ", error_message: " << error_message;
         return false;
diff --git a/src/common/step/security/step_recover_security.cc b/src/common/step/security/step_recover_security.cc
index 950bc3b7..bde7faec 100644
--- a/src/common/step/security/step_recover_security.cc
+++ b/src/common/step/security/step_recover_security.cc
@@ -79,8 +79,8 @@ Step::Status StepRecoverSecurity::RecoveryUpdate() {
   if (!HasOwnerRwOtherRoPaths(context_->GetPkgPath()))
     return Status::OK;
 
-  if (!RegisterSecurityContextForPath(context_->pkgid.get(),
-      context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
+  if (!RegisterSecurityContextForPath(
+      context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
       context_->is_readonly_package.get(), &error_message)) {
     if (!error_message.empty()) {
       LOG(ERROR) << "error_message: " << error_message;
diff --git a/src/common/step/security/step_register_security.cc b/src/common/step/security/step_register_security.cc
index fc6d1081..c9bb9a0d 100644
--- a/src/common/step/security/step_register_security.cc
+++ b/src/common/step/security/step_register_security.cc
@@ -51,8 +51,8 @@ Step::Status StepRegisterSecurity::process() {
   }
   if (context_->partial_rw.get())
     return Status::OK;
-  if (!RegisterSecurityContextForPath(context_->pkgid.get(),
-      context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
+  if (!RegisterSecurityContextForPath(
+      context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
       context_->is_readonly_package.get(), &error_message)) {
     if (!error_message.empty()) {
       LOG(ERROR) << "error_message: " << error_message;
diff --git a/src/common/step/security/step_rollback_deinstallation_security.cc b/src/common/step/security/step_rollback_deinstallation_security.cc
index 2e6f9d38..b06f7584 100644
--- a/src/common/step/security/step_rollback_deinstallation_security.cc
+++ b/src/common/step/security/step_rollback_deinstallation_security.cc
@@ -34,8 +34,8 @@ Step::Status StepRollbackDeinstallationSecurity::undo() {
     }
     return Status::SECURITY_ERROR;
   }
-  if (!RegisterSecurityContextForPath(context_->pkgid.get(),
-      context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
+  if (!RegisterSecurityContextForPath(
+      context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
       context_->is_readonly_package.get(), &error_message)) {
     if (!error_message.empty()) {
       LOG(ERROR) << "error_message: " << error_message;
diff --git a/src/common/step/security/step_update_security.cc b/src/common/step/security/step_update_security.cc
index 4e2d871e..6ccf1093 100644
--- a/src/common/step/security/step_update_security.cc
+++ b/src/common/step/security/step_update_security.cc
@@ -23,8 +23,8 @@ Step::Status StepUpdateSecurity::process() {
     return Status::SECURITY_ERROR;
   }
   if (context_->request_type.get() != RequestType::ReadonlyUpdateUninstall) {
-    if (!RegisterSecurityContextForPath(context_->pkgid.get(),
-        context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
+    if (!RegisterSecurityContextForPath(
+        context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
         context_->is_readonly_package.get(), &error_message)) {
       if (!error_message.empty()) {
         LOG(ERROR) << "error_message: " << error_message;
@@ -45,8 +45,8 @@ Step::Status StepUpdateSecurity::undo() {
     }
     return Status::SECURITY_ERROR;
   }
-  if (!RegisterSecurityContextForPath(context_->pkgid.get(),
-      context_->pkg_type.get(), context_->GetPkgPath(), context_->uid.get(),
+  if (!RegisterSecurityContextForPath(
+      context_->pkgid.get(), context_->GetPkgPath(), context_->uid.get(),
       context_->is_readonly_package.get(), &error_message)) {
     if (!error_message.empty()) {
       LOG(ERROR) << "error_message: " << error_message;
author	Sangyoon Jang <jeremy.jang@samsung.com>	2024-02-22 14:53:32 +0900
committer	Sangyoon Jang <jeremy.jang@samsung.com>	2024-04-04 01:10:19 +0000
commit	883ffceaac5072ba1d30dee8b604312dffa5093d (patch)
tree	aa35d86dde31820b424f313dd663532dc1d5d2e1
parent	99de126aa030582784f61890df9a60488f57dafb (diff)
download	app-installers-883ffceaac5072ba1d30dee8b604312dffa5093d.tar.gz app-installers-883ffceaac5072ba1d30dee8b604312dffa5093d.tar.bz2 app-installers-883ffceaac5072ba1d30dee8b604312dffa5093d.zip