diff options
| author | José Bollo <jose.bollo@open.eurogiciel.org> | 2014-09-16 16:44:19 +0200 |
|---|---|---|
| committer | José Bollo <jose.bollo@open.eurogiciel.org> | 2014-09-16 17:27:35 +0200 |
| commit | a67fae75160849032ef4c75a61ba6a5400fd7bd8 (patch) | |
| tree | e113b6271f88db31f120a4e3386c9d34ddb8cd2f | |
| parent | 3150397b8ad69d120f40d361fcbe94de2be31e58 (diff) | |
| download | security-manager-a67fae75160849032ef4c75a61ba6a5400fd7bd8.tar.gz security-manager-a67fae75160849032ef4c75a61ba6a5400fd7bd8.tar.bz2 security-manager-a67fae75160849032ef4c75a61ba6a5400fd7bd8.zip | |
Resolving global application user
The global applications are set using the system
user 'tizenglobalapp'. In fact this name is set in
the tizen configuration variable TZ_SYS_GLOBALAPPUSER
and its uid should be retrieved using tzplatform_getuid.
Change-Id: I01635d1f65add0159b8d73fef60b76d03798fe52
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
| -rw-r--r-- | src/server/service/service.cpp | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index 6539b7ff..29541ea7 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -25,6 +25,7 @@ #include <dpl/log/log.h> #include <dpl/serialization.h> +#include <tzplatform_config.h> #include <unordered_set> #include <sys/types.h> @@ -45,6 +46,16 @@ namespace SecurityManager { const InterfaceID IFACE = 1; +static inline bool isGlobalUser(uid_t uid) { + static uid_t uidGlobalApp = 0; + if (!uidGlobalApp) { + // As long as the recorded global user id is root, recheck. + uid_t id = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER); + if (id != (uid_t)-1) + uidGlobalApp = id; + } + return uidGlobalApp == uid || !uid; // FIXME: is root authorized? +} Service::Service() { @@ -278,8 +289,8 @@ bool Service::processAppInstall(MessageBuffer &buffer, MessageBuffer &send, uid_ try { std::vector<std::string> oldPkgPrivileges, newPkgPrivileges; - std::string uidstr = uid ? std::to_string(static_cast<unsigned int>(uid)) - : CYNARA_ADMIN_WILDCARD; + std::string uidstr = isGlobalUser(uid) ? CYNARA_ADMIN_WILDCARD + : std::to_string(static_cast<unsigned int>(uid)); LogDebug("Install parameters: appId: " << req.appId << ", pkgId: " << req.pkgId << ", uidstr " << uidstr << ", generated smack label: " << smackLabel); @@ -362,8 +373,8 @@ bool Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, ui goto error_label; } - std::string uidstr = uid ? std::to_string(static_cast<unsigned int>(uid)) - : CYNARA_ADMIN_WILDCARD; + std::string uidstr = isGlobalUser(uid) ? CYNARA_ADMIN_WILDCARD + : std::to_string(static_cast<unsigned int>(uid)); LogDebug("Uninstall parameters: appId: " << appId << ", pkgId: " << pkgId << ", uidstr " << uidstr << ", generated smack label: " << smackLabel); |