diff options
author | Rafal Krypa <r.krypa@samsung.com> | 2017-12-19 10:00:15 +0100 |
---|---|---|
committer | Dariusz Michaluk <d.michaluk@samsung.com> | 2017-12-22 14:34:24 +0000 |
commit | 77f347fa83a11da75dcf923873ad05b7fc9a401f (patch) | |
tree | 659b95a991f88c7d3ec66865af3ee0a0db93bd2f | |
parent | 97ef7cec3d572819da97bed3471f52121ab1d0ee (diff) | |
download | security-manager-77f347fa83a11da75dcf923873ad05b7fc9a401f.tar.gz security-manager-77f347fa83a11da75dcf923873ad05b7fc9a401f.tar.bz2 security-manager-77f347fa83a11da75dcf923873ad05b7fc9a401f.zip |
client: do not add application process to hardcoded groups
Initial implementation of privilege enforcement with mount namespaces
included client code that added all application processes to hardcoded
set of groups: priv_externalstorage and priv_mediastorage.
This is wrong. Enforcement of privileges by either groups or mount
namespaces is to be configured in respectively privilege-group.list and
privilege-mount.list. Application process should be added to a group
if and only if it holds a privilege that is configured to be enforced
with a group. Similarly proper mounts and umounts will be done in application
mount namespace based on privilege status.
There is no need to hardcode groups. If a privilege is enforced with mount
namespace, it should not require additional group assignment. If it used
to be enforced with a group, but it has been switched to enforcement with
mount, filesystem permissions need to be adjusted, not security-manager code.
Privileges mediastorage and external storage are now enforced with bind
mounts. They are being removed from privilege-group mapping - combining
these two mechanisms is undesired.
Change-Id: I41204daa24329e8e9648b3ecb4e53d87c763b35b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
-rw-r--r-- | policy/privilege-group.list | 2 | ||||
-rw-r--r-- | src/client/client-security-manager.cpp | 26 |
2 files changed, 0 insertions, 28 deletions
diff --git a/policy/privilege-group.list b/policy/privilege-group.list index 548f7e75..0c94ad97 100644 --- a/policy/privilege-group.list +++ b/policy/privilege-group.list @@ -6,8 +6,6 @@ # - lines starting with '#' are ignored http://tizen.org/privilege/camera priv_camera http://tizen.org/privilege/recorder priv_recorder -http://tizen.org/privilege/mediastorage priv_mediastorage -http://tizen.org/privilege/externalstorage priv_externalstorage http://tizen.org/privilege/message.read priv_message_read http://tizen.org/privilege/mapservice priv_mapservice http://tizen.org/privilege/internet priv_internet diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index 8754740b..a6cc600b 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -782,26 +782,6 @@ static inline int security_manager_bind_namespace_internal(const char *app_name) return request.send(std::string(app_name)).getStatus(); }); } -static inline int security_manager_set_process_groups_internal(void) -{ - int ret; - struct group *grp; - const std::vector<std::string> groupsNames = {"priv_externalstorage", "priv_mediastorage"}; - std::vector<gid_t> groupsGids; - - ret = getProcessGroups(groupsGids); - if (ret != SECURITY_MANAGER_SUCCESS) - return ret; - - for (const auto &groupName : groupsNames) { - grp = getgrnam(groupName.c_str()); - if (grp) - groupsGids.push_back(grp->gr_gid); - } - - std::unordered_set<gid_t> groupsSet(groupsGids.begin(), groupsGids.end()); - return setProcessGroups(std::vector<gid_t>(groupsSet.begin(), groupsSet.end())); -} static inline int security_manager_create_namespace_internal(const char *app_name) { @@ -841,12 +821,6 @@ static inline int security_manager_create_namespace_internal(const char *app_nam } } - ret = security_manager_set_process_groups_internal(); - if (ret != SECURITY_MANAGER_SUCCESS) { - LogError("Failed to set process group: " << security_manager_strerror(static_cast<lib_retcode>(ret))); - return ret; - } - ret = security_manager_bind_namespace_internal(app_name); if (ret != SECURITY_MANAGER_SUCCESS) { LogError("Failed to bind app namespace: " << security_manager_strerror(static_cast<lib_retcode>(ret)) << " App name:" << app_name); |