diff options
author | jin-gyu.kim <jin-gyu.kim@samsung.com> | 2017-01-19 17:00:11 +0900 |
---|---|---|
committer | Gerrit Code Review <gerrit@review.vlan103.tizen.org> | 2017-03-28 00:40:18 -0700 |
commit | d356e5bd5348d9ce762b42a74dffb99c10f13ed2 (patch) | |
tree | 51838af4b73e6be66e8234fb3ba68ab4a4891691 | |
parent | 843c5318b4c6bc3e87cd12eac79d436e02ef0946 (diff) | |
download | security-manager-d356e5bd5348d9ce762b42a74dffb99c10f13ed2.tar.gz security-manager-d356e5bd5348d9ce762b42a74dffb99c10f13ed2.tar.bz2 security-manager-d356e5bd5348d9ce762b42a74dffb99c10f13ed2.zip |
Remove the redundant SharedRO SMACK rules.
- There was some redundant SharedRO SMACK rules.
- This change will give SharedRO rules only when pkg has shared folders.
Change-Id: Ic738c6bd49972de6a48d5ff18baa8360a92f22c0
-rw-r--r-- | policy/CMakeLists.txt | 1 | ||||
-rw-r--r-- | policy/app-rules-template.smack | 1 | ||||
-rw-r--r-- | policy/pkg-rules-template.smack | 3 | ||||
-rw-r--r-- | policy/sharedro-rules-template.smack | 3 | ||||
-rw-r--r-- | src/common/smack-rules.cpp | 23 |
5 files changed, 21 insertions, 10 deletions
diff --git a/policy/CMakeLists.txt b/policy/CMakeLists.txt index 809ebb83..c0dbb485 100644 --- a/policy/CMakeLists.txt +++ b/policy/CMakeLists.txt @@ -8,6 +8,7 @@ INSTALL(FILES ${USERTYPE_POLICY_FILES} DESTINATION ${POLICY_DIR}) INSTALL(FILES "app-rules-template.smack" DESTINATION ${POLICY_DIR}) INSTALL(FILES "pkg-rules-template.smack" DESTINATION ${POLICY_DIR}) INSTALL(FILES "author-rules-template.smack" DESTINATION ${POLICY_DIR}) +INSTALL(FILES "sharedro-rules-template.smack" DESTINATION ${POLICY_DIR}) INSTALL(FILES "privilege-group.list" DESTINATION ${POLICY_DIR}) INSTALL(PROGRAMS "update.sh" DESTINATION ${POLICY_DIR}) INSTALL(DIRECTORY "updates" USE_SOURCE_PERMISSIONS DESTINATION ${POLICY_DIR}) diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack index 11385832..af530d19 100644 --- a/policy/app-rules-template.smack +++ b/policy/app-rules-template.smack @@ -12,5 +12,4 @@ User ~PROCESS~ rwxat ~PROCESS~ User::App::Shared rwxat ~PROCESS~ ~PATH_RW~ rwxat ~PROCESS~ ~PATH_RO~ rxl -~PROCESS~ ~PATH_SHARED_RO~ rwxat ~PROCESS~ ~PATH_TRUSTED~ rwxat diff --git a/policy/pkg-rules-template.smack b/policy/pkg-rules-template.smack index 53cd4197..bf2e868b 100644 --- a/policy/pkg-rules-template.smack +++ b/policy/pkg-rules-template.smack @@ -1,9 +1,6 @@ System ~PATH_RW~ rwxat System ~PATH_RO~ rwxat -System ~PATH_SHARED_RO~ rwxat System::Privileged ~PATH_RW~ rwxat System::Privileged ~PATH_RO~ rwxat -System::Privileged ~PATH_SHARED_RO~ rwxat User ~PATH_RW~ rwxat User ~PATH_RO~ rwxat -User ~PATH_SHARED_RO~ rwxat diff --git a/policy/sharedro-rules-template.smack b/policy/sharedro-rules-template.smack new file mode 100644 index 00000000..62bdefb4 --- /dev/null +++ b/policy/sharedro-rules-template.smack @@ -0,0 +1,3 @@ +User ~PATH_SHARED_RO~ rwxat +System ~PATH_SHARED_RO~ rwxat +System::Privileged ~PATH_SHARED_RO~ rwxat diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp index 31474b1d..d673ffae 100644 --- a/src/common/smack-rules.cpp +++ b/src/common/smack-rules.cpp @@ -55,6 +55,7 @@ const std::string SMACK_PATH_TRUSTED_LABEL_TEMPLATE = "~PATH_TRUSTED~"; const std::string APP_RULES_TEMPLATE_FILE_PATH = TizenPlatformConfig::makePath(TZ_SYS_RO_SHARE, "security-manager", "policy", "app-rules-template.smack"); const std::string PKG_RULES_TEMPLATE_FILE_PATH = TizenPlatformConfig::makePath(TZ_SYS_RO_SHARE, "security-manager", "policy", "pkg-rules-template.smack"); const std::string AUTHOR_RULES_TEMPLATE_FILE_PATH = TizenPlatformConfig::makePath(TZ_SYS_RO_SHARE, "security-manager", "policy", "author-rules-template.smack"); +const std::string SHAREDRO_RULES_TEMPLATE_FILE_PATH = TizenPlatformConfig::makePath(TZ_SYS_RO_SHARE, "security-manager", "policy", "sharedro-rules-template.smack"); const std::string SMACK_RULES_PATH_MERGED = LOCAL_STATE_DIR "/security-manager/rules-merged/rules.merged"; const std::string SMACK_RULES_PATH_MERGED_T = LOCAL_STATE_DIR "/security-manager/rules-merged/rules.merged.temp"; const std::string SMACK_RULES_PATH = LOCAL_STATE_DIR "/security-manager/rules"; @@ -265,18 +266,28 @@ void SmackRules::generateSharedRORules(PkgsLabels &pkgsLabels, std::vector<PkgIn for (size_t i = 0; i < pkgsLabels.size(); ++i) { for (const std::string &appLabel : pkgsLabels[i].second) { for (size_t j = 0; j < allPkgs.size(); ++j) { - // Rules for SharedRO files from own package are generated elsewhere - if (!allPkgs[j].sharedRO || pkgsLabels[i].first == allPkgs[j].name) + if (!allPkgs[j].sharedRO) continue; - const std::string &pkgName = allPkgs[j].name; - rules.add(appLabel, - SmackLabels::generatePathSharedROLabel(pkgName), - SMACK_APP_CROSS_PKG_PERMS); + if (pkgsLabels[i].first != allPkgs[j].name) + rules.add(appLabel, + SmackLabels::generatePathSharedROLabel(pkgName), + SMACK_APP_CROSS_PKG_PERMS); + else + rules.add(appLabel, + SmackLabels::generatePathSharedROLabel(pkgName), + SMACK_APP_PATH_OWNER_PERMS); } } } + for (size_t j = 0; j < allPkgs.size(); ++j) { + if (!allPkgs[j].sharedRO) + continue; + const std::string &pkgName = allPkgs[j].name; + rules.addFromTemplateFile(SHAREDRO_RULES_TEMPLATE_FILE_PATH, std::string(), pkgName,-1); + } + if (smack_check()) rules.apply(); |