Refrain from calling sessiond in offline mode

Change-Id: I0e182d45f75cc99cbc11d692c29e6c7c0bcc0719
author: Konrad Lipinski <k.lipinski2@samsung.com> 2022-07-28 09:53:10 +0200
committer: Konrad Lipinski <k.lipinski2@samsung.com> 2022-08-01 13:55:26 +0200
commit: b0bbeaac64629e42e71a1570129cf3e8afd3fb64 (patch)
tree: e44f7244975b902b4dc8f6f33e2ad3c658c56bc4
parent: 0c84562f06028a1f624d5f5bc4bc62d9545f5b9c (diff)
download: security-manager-b0bbeaac64629e42e71a1570129cf3e8afd3fb64.tar.gz
security-manager-b0bbeaac64629e42e71a1570129cf3e8afd3fb64.tar.bz2
security-manager-b0bbeaac64629e42e71a1570129cf3e8afd3fb64.zip
14 files changed, 33 insertions, 29 deletions
diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index b34ce794..2ba22b79 100644
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved.
  *
  * This file is licensed under the terms of MIT License or the Apache License
  * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
@@ -321,7 +321,7 @@ int security_manager_app_install(const app_inst_req *p_req)
         if (offlineMode.isOffline()) {
             Credentials creds = offlineMode.getCredentials();
             app_inst_req req(*p_req);
-            return ServiceImpl(ServiceImpl::Offline::yes).appInstall(creds, req);
+            return ServiceImpl(Offline::yes).appInstall(creds, req);
         } else {
             return ClientRequest(SecurityModuleCall::APP_INSTALL).send(p_req).getStatus();
         }
@@ -347,7 +347,7 @@ int security_manager_app_update(const app_inst_req *p_req)
         if (offlineMode.isOffline()) {
             Credentials creds = offlineMode.getCredentials();
             app_inst_req req(*p_req);
-            return ServiceImpl(ServiceImpl::Offline::yes).appUpdate(creds, req);
+            return ServiceImpl(Offline::yes).appUpdate(creds, req);
         } else {
             return ClientRequest(SecurityModuleCall::APP_UPDATE).send(p_req).getStatus();
         }
@@ -371,7 +371,7 @@ int security_manager_app_uninstall(const app_inst_req *p_req)
         if (offlineMode.isOffline()) {
             Credentials creds = offlineMode.getCredentials();
             app_inst_req req(*p_req);
-            return ServiceImpl(ServiceImpl::Offline::yes).appUninstall(creds, req);
+            return ServiceImpl(Offline::yes).appUninstall(creds, req);
         } else {
             return ClientRequest(SecurityModuleCall::APP_UNINSTALL).send(p_req).getStatus();
         }
@@ -1062,7 +1062,7 @@ int security_manager_user_add(const user_req *p_req)
         ClientOffline offlineMode;
         if (offlineMode.isOffline()) {
             Credentials creds = offlineMode.getCredentials();
-            retval = ServiceImpl(ServiceImpl::Offline::yes).userAdd(creds, p_req->uid, p_req->utype);
+            retval = ServiceImpl(Offline::yes).userAdd(creds, p_req->uid, p_req->utype);
         } else {
             //server is working
             retval = ClientRequest(SecurityModuleCall::USER_ADD).send(
@@ -1731,7 +1731,7 @@ int security_manager_paths_register(const path_req *p_req)
         ClientOffline offlineMode;
         if (offlineMode.isOffline()) {
             Credentials creds = offlineMode.getCredentials();
-            retval = ServiceImpl(ServiceImpl::Offline::yes).pathsRegister(creds, *p_req);
+            retval = ServiceImpl(Offline::yes).pathsRegister(creds, *p_req);
         } else {
             return ClientRequest(SecurityModuleCall::PATHS_REGISTER).send(
                 p_req->pkgName,
diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h
index 9478b869..8d204464 100644
--- a/src/common/include/privilege_db.h
+++ b/src/common/include/privilege_db.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved.
  *
  * This file is licensed under the terms of MIT License or the Apache License
  * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
@@ -43,8 +43,9 @@
 #include <config.h>
 #include <db-config.h>
 #include <dpl/db/sql_connection.h>
+#include <protocols.h>
+#include <security-manager-types.h>
 #include <utils.h>
-#include "security-manager-types.h"
 
 namespace SecurityManager {
 
@@ -154,7 +155,6 @@ public:
         DECLARE_EXCEPTION_TYPE(Base, ConstraintError)
     };
 
-    enum class Offline : bool { no, yes };
     /**
      * Constructor
      * @exception PrivilegeDb::Exception::IOError on problems with database access
diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h
index 03bcc201..c4218330 100644
--- a/src/common/include/protocols.h
+++ b/src/common/include/protocols.h
@@ -148,6 +148,8 @@ enum class SecurityModuleCall
     NOOP = 0x90,
 };
 
+enum class Offline : bool { no, yes };
+
 // The least significant bit on iff shared RO is enabled.
 // Subsequent bits == bitmask of namespaces to be checked in checkProperDrop().
 typedef uint8_t PrepareAppFlags;
diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index 808692df..7a9d6a08 100644
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -69,7 +69,6 @@ struct UninstallHelper {
 
 class ServiceImpl final {
 public:
-    using Offline = PrivilegeDb::Offline;
     explicit ServiceImpl(Offline offline);
 
     /**
@@ -470,6 +469,7 @@ private:
     PrivilegeGids m_privilegeGids;
     NSMountLogic m_NSMountLogic;
     PrepareAppFlags m_prepareAppFlags;
+    Offline m_offline;
 };
 
 } /* namespace SecurityManager */
diff --git a/src/common/include/service_impl_utils.h b/src/common/include/service_impl_utils.h
index 80d37169..3354012e 100644
--- a/src/common/include/service_impl_utils.h
+++ b/src/common/include/service_impl_utils.h
@@ -49,7 +49,8 @@ int getLegalPkgBaseDirs(const uid_t &uid,
                         std::string &homePath,
                         std::string &skelDir,
                         std::vector<std::string> &legalPkgBaseDirs,
-                        bool isSharedRO);
+                        bool isSharedRO,
+                        Offline offline);
 
 bool pathsCheck(const pkg_paths &requestedPaths,
                        const std::vector<std::string> &allowedDirs);
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 35518847..5a1da89a 100644
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -169,13 +169,14 @@ void labelSharedPaths(const std::string &baseDir, const std::string &pkgName)
 
 ServiceImpl::ServiceImpl(Offline offline) :
     m_privilegeDb(offline),
-    m_NSMountLogic(m_cynara)
+    m_NSMountLogic(m_cynara),
+    m_offline(offline)
 {
     PrivilegeGids::GroupPrivileges group_privileges;
     m_privilegeDb.GetGroupsRelatedPrivileges(group_privileges);
     m_privilegeGids.init(group_privileges);
 
-    if (Offline::no == offline) {
+    if (!underlying(offline)) {
         const auto checkProperDropFlags = CheckProperDrop::computeFlags();
         if (checkProperDropFlags < 0)
             ThrowMsg(FS::Exception::FileError, "Error computing CheckProperDrop flags."
@@ -359,7 +360,7 @@ int ServiceImpl::labelPaths(const pkg_paths &paths,
         std::string homePath, skelDir;
         std::vector<std::string> pkgLegalBaseDirs;
         int ret = getLegalPkgBaseDirs(uid, pkgName, installationType, homePath,
-                                      skelDir, pkgLegalBaseDirs, isSharedRO);
+                                      skelDir, pkgLegalBaseDirs, isSharedRO, m_offline);
         if (ret != SECURITY_MANAGER_SUCCESS) {
             LogError("Failed to generate legal directories for application");
             return ret;
diff --git a/src/common/service_impl_utils.cpp b/src/common/service_impl_utils.cpp
index 14a7b422..97c16a6f 100644
--- a/src/common/service_impl_utils.cpp
+++ b/src/common/service_impl_utils.cpp
@@ -117,7 +117,8 @@ int getLegalPkgBaseDirs(const uid_t &uid,
                         std::string &homePath,
                         std::string &skelDir,
                         std::vector<std::string> &legalPkgDirs,
-                        bool isSharedRO)
+                        bool isSharedRO,
+                        Offline offline)
 {
     TizenPlatformConfig tpc(uid);
 
@@ -163,7 +164,7 @@ int getLegalPkgBaseDirs(const uid_t &uid,
         addPkgDirs(legalPkgDirs, pkgName, isSharedRO, skelDir);
     }
 
-    if (SM_APP_INSTALL_LOCAL == installType) {
+    if (SM_APP_INSTALL_LOCAL == installType && !underlying(offline)) {
         auto subsession = getDir(tpc, TZ_USER_HOME);
         if (subsession.empty()) {
             LogError("Couldn't get user home");
diff --git a/src/server/cleanup/security-manager-cleanup.cpp b/src/server/cleanup/security-manager-cleanup.cpp
index 4c831ad8..2812f4d1 100644
--- a/src/server/cleanup/security-manager-cleanup.cpp
+++ b/src/server/cleanup/security-manager-cleanup.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved.
  *
  * This file is licensed under the terms of MIT License or the Apache License
  * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
@@ -65,7 +65,7 @@ int main(void)
 
     try {
         std::map<std::string, std::vector<std::string>> appPathMap;
-        PrivilegeDb db(PrivilegeDb::Offline::no);
+        PrivilegeDb db(Offline::no);
         db.GetAllPrivateSharing(appPathMap);
         for (auto &appPaths : appPathMap) {
             try {
diff --git a/src/server/main/server-main.cpp b/src/server/main/server-main.cpp
index 2a98a9ab..4bba0672 100644
--- a/src/server/main/server-main.cpp
+++ b/src/server/main/server-main.cpp
@@ -52,7 +52,7 @@ T* registerSocketService(SecurityManager::SocketManager &manager,
 {
     T *service = nullptr;
     try {
-        service = new T(T::Offline::no);
+        service = new T(Offline::no);
         service->RegisterChannel(std::move(channel));
         manager.RegisterSocketService(*service);
         return service;
diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h
index 028a837b..e433f291 100644
--- a/src/server/service/include/service.h
+++ b/src/server/service/include/service.h
@@ -53,7 +53,6 @@ public:
         "*"              /* smackLabel label (not used, we rely on systemd) */
     };
 
-    using Offline = ServiceImpl::Offline;
     explicit Service(Offline offline) : m_serviceImpl(offline) {}
     void RegisterChannel(Channel channel) {
         m_serviceImpl.RegisterChannel(std::move(channel));
diff --git a/test/privilege_db_fixture.cpp b/test/privilege_db_fixture.cpp
index 16369e40..75be0e13 100644
--- a/test/privilege_db_fixture.cpp
+++ b/test/privilege_db_fixture.cpp
@@ -110,7 +110,7 @@ PrivilegeDBFixture::PrivilegeDBFixture(const std::string &src, const std::string
         putFile(fallback, TEST_PRIVILEGE_FALLBACK_DB_PATH);
     forkExecWaitpid(TEST_RULES_LOADER_CMD, "--no-load");
     checkMarker(preMgr);
-    testPrivDb = new PrivilegeDb(PrivilegeDb::Offline::no, Config::DbTest());
+    testPrivDb = new PrivilegeDb(Offline::no, Config::DbTest());
     checkMarker(PostMgrMarker::unchanged == postMgr ? preMgr : Marker::fallback);
 }
 
diff --git a/test/test_privilege_db_transactions.cpp b/test/test_privilege_db_transactions.cpp
index e9b96406..4c91d330 100644
--- a/test/test_privilege_db_transactions.cpp
+++ b/test/test_privilege_db_transactions.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved.
  *
  * This file is licensed under the terms of MIT License or the Apache License
  * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
@@ -53,7 +53,7 @@ NEGATIVE_FIXTURE_TEST_CASE(T100_privilegedb_constructor, Empty)
 
     purgeDb();
     // db init must fail w/ no loader having run beforehand
-    BOOST_REQUIRE_THROW(testPrivDb.reset(new PrivilegeDb(PrivilegeDb::Offline::no, Config::DbTest())),
+    BOOST_REQUIRE_THROW(testPrivDb.reset(new PrivilegeDb(Offline::no, Config::DbTest())),
         PrivilegeDb::Exception::IOError);
     requireNoDb();
 }
diff --git a/test/test_service_impl_utils.cpp b/test/test_service_impl_utils.cpp
index 76fd15ef..bacc4b3c 100644
--- a/test/test_service_impl_utils.cpp
+++ b/test/test_service_impl_utils.cpp
@@ -113,7 +113,7 @@ NEGATIVE_FIXTURE_TEST_CASE(T265_getLegalPkgBaseDirs, ServiceImplUtilFixture)
     std::string home, skelDir;
     BOOST_REQUIRE_THROW(getLegalPkgBaseDirs(ServiceImplUtilFixture::nonexistingUid,
                         "pkg_name", SM_APP_INSTALL_LOCAL, home, skelDir,
-                        legalPkgBaseDirs, true),
+                        legalPkgBaseDirs, true, Offline::no),
                         TizenPlatformConfig::Exception::ContextError);
 }
 
@@ -123,7 +123,7 @@ NEGATIVE_FIXTURE_TEST_CASE(T266_getLegalPkgBaseDirs, ServiceImplUtilFixture)
     std::string home, skelDir;
     BOOST_REQUIRE(getLegalPkgBaseDirs(0,
                   "pkg_name", SM_APP_INSTALL_NONE, home, skelDir,
-                  legalPkgBaseDirs, true) == SECURITY_MANAGER_ERROR_INPUT_PARAM);
+                  legalPkgBaseDirs, true, Offline::no) == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 }
 
 NEGATIVE_FIXTURE_TEST_CASE(T267_getLegalPkgBaseDirs, ServiceImplUtilFixture)
@@ -132,7 +132,7 @@ NEGATIVE_FIXTURE_TEST_CASE(T267_getLegalPkgBaseDirs, ServiceImplUtilFixture)
     std::string home, skelDir;
     BOOST_REQUIRE(getLegalPkgBaseDirs(0,
                   "pkg_name", SM_APP_INSTALL_END, home, skelDir,
-                  legalPkgBaseDirs, true) == SECURITY_MANAGER_ERROR_INPUT_PARAM);
+                  legalPkgBaseDirs, true, Offline::no) == SECURITY_MANAGER_ERROR_INPUT_PARAM);
 }
 
 POSITIVE_FIXTURE_TEST_CASE(T268_getLegalPkgBaseDirs, ServiceImplUtilFixture)
@@ -141,7 +141,7 @@ POSITIVE_FIXTURE_TEST_CASE(T268_getLegalPkgBaseDirs, ServiceImplUtilFixture)
     std::string home, skelDir;
     BOOST_REQUIRE(getLegalPkgBaseDirs(0,
                   "pkg_name", SM_APP_INSTALL_GLOBAL, home, skelDir,
-                  legalPkgBaseDirs, true) == SECURITY_MANAGER_SUCCESS);
+                  legalPkgBaseDirs, true, Offline::no) == SECURITY_MANAGER_SUCCESS);
 }
 
 POSITIVE_FIXTURE_TEST_CASE(T269_pathsCheck, ServiceImplUtilFixture)
diff --git a/test/test_smack-rules.cpp b/test/test_smack-rules.cpp
index 32052e64..79d2c631 100644
--- a/test/test_smack-rules.cpp
+++ b/test/test_smack-rules.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved.
  *
  * This file is licensed under the terms of MIT License or the Apache License
  * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
@@ -42,7 +42,7 @@ using namespace SecurityManager::SmackLabels;
 struct DbFixture
 {
     DbFixture()
-        : db(PrivilegeDb::Offline::no) {
+        : db(Offline::no) {
             db.GetAllPackages(packages);
         }
author	Konrad Lipinski <k.lipinski2@samsung.com>	2022-07-28 09:53:10 +0200
committer	Konrad Lipinski <k.lipinski2@samsung.com>	2022-08-01 13:55:26 +0200
commit	b0bbeaac64629e42e71a1570129cf3e8afd3fb64 (patch)
tree	e44f7244975b902b4dc8f6f33e2ad3c658c56bc4
parent	0c84562f06028a1f624d5f5bc4bc62d9545f5b9c (diff)
download	security-manager-b0bbeaac64629e42e71a1570129cf3e8afd3fb64.tar.gz security-manager-b0bbeaac64629e42e71a1570129cf3e8afd3fb64.tar.bz2 security-manager-b0bbeaac64629e42e71a1570129cf3e8afd3fb64.zip