Label package base paths for SHARED_RO bind mounting

Label $APP_HOME/.shared/$PKG_NAME and $APP_HOME/.shared/$PKG_NAME
paths with "User::Home" to allow bind mount in application context.

Change-Id: Ib19de4e87766f5a313f1e5e0542e1da8b30f8a40

3 files changed, 19 insertions, 5 deletions

diff --git a/src/common/include/service_impl_utils.h b/src/common/include/service_impl_utils.h
index b68b3598..f7e288a9 100644
--- a/src/common/include/service_impl_utils.h
+++ b/src/common/include/service_impl_utils.h
@@ -40,6 +40,7 @@ bool containSubDir(const std::string &parent, const pkg_paths &paths);
 int getLegalPkgBaseDirs(const uid_t &uid,
                         const std::string &pkgName,
                         app_install_type installType,
+                        std::string &homePath,
                         std::vector<std::string> &legalPkgBaseDirs,
                         bool isSharedRO);
 
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 8c88ffa6..b03d7ee9 100644
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -332,8 +332,10 @@ int ServiceImpl::labelPaths(const pkg_paths &paths,
         int authorId;
         m_privilegeDb.GetPkgAuthorId(pkgName, authorId);
 
+        std::string homePath;
         std::vector<std::string> pkgLegalBaseDirs;
-        int ret = getLegalPkgBaseDirs(uid, pkgName, installationType, pkgLegalBaseDirs, isSharedRO);
+        int ret = getLegalPkgBaseDirs(uid, pkgName, installationType, homePath,
+                                      pkgLegalBaseDirs, isSharedRO);
         if (ret != SECURITY_MANAGER_SUCCESS) {
             LogError("Failed to generate legal directories for application");
             return ret;
@@ -343,6 +345,15 @@ int ServiceImpl::labelPaths(const pkg_paths &paths,
         if (!pathsCheck(paths, pkgLegalBaseDirs))
             return SECURITY_MANAGER_ERROR_NOT_PATH_OWNER;
 
+        if (isSharedRO) {
+            // Label shared_ro base paths for bind mounting
+            std::string sharedPath = homePath + ".shared/" + pkgName;
+            std::string sharedTmpPath = homePath + ".shared_tmp/" + pkgName;
+            if (FS::directoryStatus(sharedPath) == 1 && FS::directoryStatus(sharedTmpPath) == 1) {
+                SmackLabels::setupPkgBasePath(sharedPath);
+                SmackLabels::setupPkgBasePath(sharedTmpPath);
+            }
+        }
         // register paths
         for (const auto &pkgPath : paths) {
             const std::string &path = pkgPath.first;
diff --git a/src/common/service_impl_utils.cpp b/src/common/service_impl_utils.cpp
index eb1ff7e0..d2bde19b 100644
--- a/src/common/service_impl_utils.cpp
+++ b/src/common/service_impl_utils.cpp
@@ -100,6 +100,7 @@ std::string realPath(const std::string &path)
 int getLegalPkgBaseDirs(const uid_t &uid,
                         const std::string &pkgName,
                         app_install_type installType,
+                        std::string &homePath,
                         std::vector<std::string> &legalPkgDirs,
                         bool isSharedRO)
 {
@@ -108,7 +109,7 @@ int getLegalPkgBaseDirs(const uid_t &uid,
     bool isSdAvailable = false;
     bool isSkelAvailable = false;
     enum tzplatform_variable baseId;
-    enum tzplatform_variable extendedSdId;
+    enum tzplatform_variable extendedSdId = _TZPLATFORM_VARIABLES_INVALID_;
 
     switch (installType) {
     case SM_APP_INSTALL_LOCAL:
@@ -133,12 +134,13 @@ int getLegalPkgBaseDirs(const uid_t &uid,
 
     legalPkgDirs.clear();
 
-    std::string basePath;
-    if (!getPath(tpc, baseId, pkgName, basePath)) {
-        LogError("Couldn't generate base path");
+    if (!getPath(tpc, baseId, "", homePath)) {
+        LogError("Couldn't generate home path");
         return SECURITY_MANAGER_ERROR_UNKNOWN;
     }
 
+    std::string basePath = homePath + pkgName;
+
     LogDebug("Base path is : " << basePath);
     legalPkgDirs.push_back(std::move(basePath));