diff options
author | Konrad Lipinski <k.lipinski2@samsung.com> | 2022-07-28 09:53:10 +0200 |
---|---|---|
committer | Konrad Lipinski <k.lipinski2@samsung.com> | 2022-08-01 13:55:26 +0200 |
commit | b0bbeaac64629e42e71a1570129cf3e8afd3fb64 (patch) | |
tree | e44f7244975b902b4dc8f6f33e2ad3c658c56bc4 | |
parent | 0c84562f06028a1f624d5f5bc4bc62d9545f5b9c (diff) | |
download | security-manager-b0bbeaac64629e42e71a1570129cf3e8afd3fb64.tar.gz security-manager-b0bbeaac64629e42e71a1570129cf3e8afd3fb64.tar.bz2 security-manager-b0bbeaac64629e42e71a1570129cf3e8afd3fb64.zip |
Refrain from calling sessiond in offline mode
Change-Id: I0e182d45f75cc99cbc11d692c29e6c7c0bcc0719
-rw-r--r-- | src/client/client-security-manager.cpp | 12 | ||||
-rw-r--r-- | src/common/include/privilege_db.h | 6 | ||||
-rw-r--r-- | src/common/include/protocols.h | 2 | ||||
-rw-r--r-- | src/common/include/service_impl.h | 2 | ||||
-rw-r--r-- | src/common/include/service_impl_utils.h | 3 | ||||
-rw-r--r-- | src/common/service_impl.cpp | 7 | ||||
-rw-r--r-- | src/common/service_impl_utils.cpp | 5 | ||||
-rw-r--r-- | src/server/cleanup/security-manager-cleanup.cpp | 4 | ||||
-rw-r--r-- | src/server/main/server-main.cpp | 2 | ||||
-rw-r--r-- | src/server/service/include/service.h | 1 | ||||
-rw-r--r-- | test/privilege_db_fixture.cpp | 2 | ||||
-rw-r--r-- | test/test_privilege_db_transactions.cpp | 4 | ||||
-rw-r--r-- | test/test_service_impl_utils.cpp | 8 | ||||
-rw-r--r-- | test/test_smack-rules.cpp | 4 |
14 files changed, 33 insertions, 29 deletions
diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index b34ce794..2ba22b79 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -321,7 +321,7 @@ int security_manager_app_install(const app_inst_req *p_req) if (offlineMode.isOffline()) { Credentials creds = offlineMode.getCredentials(); app_inst_req req(*p_req); - return ServiceImpl(ServiceImpl::Offline::yes).appInstall(creds, req); + return ServiceImpl(Offline::yes).appInstall(creds, req); } else { return ClientRequest(SecurityModuleCall::APP_INSTALL).send(p_req).getStatus(); } @@ -347,7 +347,7 @@ int security_manager_app_update(const app_inst_req *p_req) if (offlineMode.isOffline()) { Credentials creds = offlineMode.getCredentials(); app_inst_req req(*p_req); - return ServiceImpl(ServiceImpl::Offline::yes).appUpdate(creds, req); + return ServiceImpl(Offline::yes).appUpdate(creds, req); } else { return ClientRequest(SecurityModuleCall::APP_UPDATE).send(p_req).getStatus(); } @@ -371,7 +371,7 @@ int security_manager_app_uninstall(const app_inst_req *p_req) if (offlineMode.isOffline()) { Credentials creds = offlineMode.getCredentials(); app_inst_req req(*p_req); - return ServiceImpl(ServiceImpl::Offline::yes).appUninstall(creds, req); + return ServiceImpl(Offline::yes).appUninstall(creds, req); } else { return ClientRequest(SecurityModuleCall::APP_UNINSTALL).send(p_req).getStatus(); } @@ -1062,7 +1062,7 @@ int security_manager_user_add(const user_req *p_req) ClientOffline offlineMode; if (offlineMode.isOffline()) { Credentials creds = offlineMode.getCredentials(); - retval = ServiceImpl(ServiceImpl::Offline::yes).userAdd(creds, p_req->uid, p_req->utype); + retval = ServiceImpl(Offline::yes).userAdd(creds, p_req->uid, p_req->utype); } else { //server is working retval = ClientRequest(SecurityModuleCall::USER_ADD).send( @@ -1731,7 +1731,7 @@ int security_manager_paths_register(const path_req *p_req) ClientOffline offlineMode; if (offlineMode.isOffline()) { Credentials creds = offlineMode.getCredentials(); - retval = ServiceImpl(ServiceImpl::Offline::yes).pathsRegister(creds, *p_req); + retval = ServiceImpl(Offline::yes).pathsRegister(creds, *p_req); } else { return ClientRequest(SecurityModuleCall::PATHS_REGISTER).send( p_req->pkgName, diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h index 9478b869..8d204464 100644 --- a/src/common/include/privilege_db.h +++ b/src/common/include/privilege_db.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -43,8 +43,9 @@ #include <config.h> #include <db-config.h> #include <dpl/db/sql_connection.h> +#include <protocols.h> +#include <security-manager-types.h> #include <utils.h> -#include "security-manager-types.h" namespace SecurityManager { @@ -154,7 +155,6 @@ public: DECLARE_EXCEPTION_TYPE(Base, ConstraintError) }; - enum class Offline : bool { no, yes }; /** * Constructor * @exception PrivilegeDb::Exception::IOError on problems with database access diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h index 03bcc201..c4218330 100644 --- a/src/common/include/protocols.h +++ b/src/common/include/protocols.h @@ -148,6 +148,8 @@ enum class SecurityModuleCall NOOP = 0x90, }; +enum class Offline : bool { no, yes }; + // The least significant bit on iff shared RO is enabled. // Subsequent bits == bitmask of namespaces to be checked in checkProperDrop(). typedef uint8_t PrepareAppFlags; diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h index 808692df..7a9d6a08 100644 --- a/src/common/include/service_impl.h +++ b/src/common/include/service_impl.h @@ -69,7 +69,6 @@ struct UninstallHelper { class ServiceImpl final { public: - using Offline = PrivilegeDb::Offline; explicit ServiceImpl(Offline offline); /** @@ -470,6 +469,7 @@ private: PrivilegeGids m_privilegeGids; NSMountLogic m_NSMountLogic; PrepareAppFlags m_prepareAppFlags; + Offline m_offline; }; } /* namespace SecurityManager */ diff --git a/src/common/include/service_impl_utils.h b/src/common/include/service_impl_utils.h index 80d37169..3354012e 100644 --- a/src/common/include/service_impl_utils.h +++ b/src/common/include/service_impl_utils.h @@ -49,7 +49,8 @@ int getLegalPkgBaseDirs(const uid_t &uid, std::string &homePath, std::string &skelDir, std::vector<std::string> &legalPkgBaseDirs, - bool isSharedRO); + bool isSharedRO, + Offline offline); bool pathsCheck(const pkg_paths &requestedPaths, const std::vector<std::string> &allowedDirs); diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index 35518847..5a1da89a 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -169,13 +169,14 @@ void labelSharedPaths(const std::string &baseDir, const std::string &pkgName) ServiceImpl::ServiceImpl(Offline offline) : m_privilegeDb(offline), - m_NSMountLogic(m_cynara) + m_NSMountLogic(m_cynara), + m_offline(offline) { PrivilegeGids::GroupPrivileges group_privileges; m_privilegeDb.GetGroupsRelatedPrivileges(group_privileges); m_privilegeGids.init(group_privileges); - if (Offline::no == offline) { + if (!underlying(offline)) { const auto checkProperDropFlags = CheckProperDrop::computeFlags(); if (checkProperDropFlags < 0) ThrowMsg(FS::Exception::FileError, "Error computing CheckProperDrop flags." @@ -359,7 +360,7 @@ int ServiceImpl::labelPaths(const pkg_paths &paths, std::string homePath, skelDir; std::vector<std::string> pkgLegalBaseDirs; int ret = getLegalPkgBaseDirs(uid, pkgName, installationType, homePath, - skelDir, pkgLegalBaseDirs, isSharedRO); + skelDir, pkgLegalBaseDirs, isSharedRO, m_offline); if (ret != SECURITY_MANAGER_SUCCESS) { LogError("Failed to generate legal directories for application"); return ret; diff --git a/src/common/service_impl_utils.cpp b/src/common/service_impl_utils.cpp index 14a7b422..97c16a6f 100644 --- a/src/common/service_impl_utils.cpp +++ b/src/common/service_impl_utils.cpp @@ -117,7 +117,8 @@ int getLegalPkgBaseDirs(const uid_t &uid, std::string &homePath, std::string &skelDir, std::vector<std::string> &legalPkgDirs, - bool isSharedRO) + bool isSharedRO, + Offline offline) { TizenPlatformConfig tpc(uid); @@ -163,7 +164,7 @@ int getLegalPkgBaseDirs(const uid_t &uid, addPkgDirs(legalPkgDirs, pkgName, isSharedRO, skelDir); } - if (SM_APP_INSTALL_LOCAL == installType) { + if (SM_APP_INSTALL_LOCAL == installType && !underlying(offline)) { auto subsession = getDir(tpc, TZ_USER_HOME); if (subsession.empty()) { LogError("Couldn't get user home"); diff --git a/src/server/cleanup/security-manager-cleanup.cpp b/src/server/cleanup/security-manager-cleanup.cpp index 4c831ad8..2812f4d1 100644 --- a/src/server/cleanup/security-manager-cleanup.cpp +++ b/src/server/cleanup/security-manager-cleanup.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -65,7 +65,7 @@ int main(void) try { std::map<std::string, std::vector<std::string>> appPathMap; - PrivilegeDb db(PrivilegeDb::Offline::no); + PrivilegeDb db(Offline::no); db.GetAllPrivateSharing(appPathMap); for (auto &appPaths : appPathMap) { try { diff --git a/src/server/main/server-main.cpp b/src/server/main/server-main.cpp index 2a98a9ab..4bba0672 100644 --- a/src/server/main/server-main.cpp +++ b/src/server/main/server-main.cpp @@ -52,7 +52,7 @@ T* registerSocketService(SecurityManager::SocketManager &manager, { T *service = nullptr; try { - service = new T(T::Offline::no); + service = new T(Offline::no); service->RegisterChannel(std::move(channel)); manager.RegisterSocketService(*service); return service; diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h index 028a837b..e433f291 100644 --- a/src/server/service/include/service.h +++ b/src/server/service/include/service.h @@ -53,7 +53,6 @@ public: "*" /* smackLabel label (not used, we rely on systemd) */ }; - using Offline = ServiceImpl::Offline; explicit Service(Offline offline) : m_serviceImpl(offline) {} void RegisterChannel(Channel channel) { m_serviceImpl.RegisterChannel(std::move(channel)); diff --git a/test/privilege_db_fixture.cpp b/test/privilege_db_fixture.cpp index 16369e40..75be0e13 100644 --- a/test/privilege_db_fixture.cpp +++ b/test/privilege_db_fixture.cpp @@ -110,7 +110,7 @@ PrivilegeDBFixture::PrivilegeDBFixture(const std::string &src, const std::string putFile(fallback, TEST_PRIVILEGE_FALLBACK_DB_PATH); forkExecWaitpid(TEST_RULES_LOADER_CMD, "--no-load"); checkMarker(preMgr); - testPrivDb = new PrivilegeDb(PrivilegeDb::Offline::no, Config::DbTest()); + testPrivDb = new PrivilegeDb(Offline::no, Config::DbTest()); checkMarker(PostMgrMarker::unchanged == postMgr ? preMgr : Marker::fallback); } diff --git a/test/test_privilege_db_transactions.cpp b/test/test_privilege_db_transactions.cpp index e9b96406..4c91d330 100644 --- a/test/test_privilege_db_transactions.cpp +++ b/test/test_privilege_db_transactions.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -53,7 +53,7 @@ NEGATIVE_FIXTURE_TEST_CASE(T100_privilegedb_constructor, Empty) purgeDb(); // db init must fail w/ no loader having run beforehand - BOOST_REQUIRE_THROW(testPrivDb.reset(new PrivilegeDb(PrivilegeDb::Offline::no, Config::DbTest())), + BOOST_REQUIRE_THROW(testPrivDb.reset(new PrivilegeDb(Offline::no, Config::DbTest())), PrivilegeDb::Exception::IOError); requireNoDb(); } diff --git a/test/test_service_impl_utils.cpp b/test/test_service_impl_utils.cpp index 76fd15ef..bacc4b3c 100644 --- a/test/test_service_impl_utils.cpp +++ b/test/test_service_impl_utils.cpp @@ -113,7 +113,7 @@ NEGATIVE_FIXTURE_TEST_CASE(T265_getLegalPkgBaseDirs, ServiceImplUtilFixture) std::string home, skelDir; BOOST_REQUIRE_THROW(getLegalPkgBaseDirs(ServiceImplUtilFixture::nonexistingUid, "pkg_name", SM_APP_INSTALL_LOCAL, home, skelDir, - legalPkgBaseDirs, true), + legalPkgBaseDirs, true, Offline::no), TizenPlatformConfig::Exception::ContextError); } @@ -123,7 +123,7 @@ NEGATIVE_FIXTURE_TEST_CASE(T266_getLegalPkgBaseDirs, ServiceImplUtilFixture) std::string home, skelDir; BOOST_REQUIRE(getLegalPkgBaseDirs(0, "pkg_name", SM_APP_INSTALL_NONE, home, skelDir, - legalPkgBaseDirs, true) == SECURITY_MANAGER_ERROR_INPUT_PARAM); + legalPkgBaseDirs, true, Offline::no) == SECURITY_MANAGER_ERROR_INPUT_PARAM); } NEGATIVE_FIXTURE_TEST_CASE(T267_getLegalPkgBaseDirs, ServiceImplUtilFixture) @@ -132,7 +132,7 @@ NEGATIVE_FIXTURE_TEST_CASE(T267_getLegalPkgBaseDirs, ServiceImplUtilFixture) std::string home, skelDir; BOOST_REQUIRE(getLegalPkgBaseDirs(0, "pkg_name", SM_APP_INSTALL_END, home, skelDir, - legalPkgBaseDirs, true) == SECURITY_MANAGER_ERROR_INPUT_PARAM); + legalPkgBaseDirs, true, Offline::no) == SECURITY_MANAGER_ERROR_INPUT_PARAM); } POSITIVE_FIXTURE_TEST_CASE(T268_getLegalPkgBaseDirs, ServiceImplUtilFixture) @@ -141,7 +141,7 @@ POSITIVE_FIXTURE_TEST_CASE(T268_getLegalPkgBaseDirs, ServiceImplUtilFixture) std::string home, skelDir; BOOST_REQUIRE(getLegalPkgBaseDirs(0, "pkg_name", SM_APP_INSTALL_GLOBAL, home, skelDir, - legalPkgBaseDirs, true) == SECURITY_MANAGER_SUCCESS); + legalPkgBaseDirs, true, Offline::no) == SECURITY_MANAGER_SUCCESS); } POSITIVE_FIXTURE_TEST_CASE(T269_pathsCheck, ServiceImplUtilFixture) diff --git a/test/test_smack-rules.cpp b/test/test_smack-rules.cpp index 32052e64..79d2c631 100644 --- a/test/test_smack-rules.cpp +++ b/test/test_smack-rules.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved. + * Copyright (c) 2016-2022 Samsung Electronics Co., Ltd. All rights reserved. * * This file is licensed under the terms of MIT License or the Apache License * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details. @@ -42,7 +42,7 @@ using namespace SecurityManager::SmackLabels; struct DbFixture { DbFixture() - : db(PrivilegeDb::Offline::no) { + : db(Offline::no) { db.GetAllPackages(packages); } |