diff options
author | Zofia Grzelewska <z.abramowska@samsung.com> | 2019-11-12 15:27:11 +0100 |
---|---|---|
committer | Tomasz Swierczek <t.swierczek@samsung.com> | 2019-11-20 11:11:50 +0000 |
commit | cd1f08cc130f4b12f3709b450b2a68fbb68e21f3 (patch) | |
tree | 6211aea7ca82783bddfe71fc53baba7c40a793fc | |
parent | 1e7325070f65f38bdab715e236be0857f6026a56 (diff) | |
download | security-manager-cd1f08cc130f4b12f3709b450b2a68fbb68e21f3.tar.gz security-manager-cd1f08cc130f4b12f3709b450b2a68fbb68e21f3.tar.bz2 security-manager-cd1f08cc130f4b12f3709b450b2a68fbb68e21f3.zip |
Label package base paths for SHARED_RO bind mounting
Label $APP_HOME/.shared/$PKG_NAME and $APP_HOME/.shared/$PKG_NAME
paths with "User::Home" to allow bind mount in application context.
Change-Id: Ib19de4e87766f5a313f1e5e0542e1da8b30f8a40
-rw-r--r-- | src/common/include/service_impl_utils.h | 1 | ||||
-rw-r--r-- | src/common/service_impl.cpp | 13 | ||||
-rw-r--r-- | src/common/service_impl_utils.cpp | 10 |
3 files changed, 19 insertions, 5 deletions
diff --git a/src/common/include/service_impl_utils.h b/src/common/include/service_impl_utils.h index b68b3598..f7e288a9 100644 --- a/src/common/include/service_impl_utils.h +++ b/src/common/include/service_impl_utils.h @@ -40,6 +40,7 @@ bool containSubDir(const std::string &parent, const pkg_paths &paths); int getLegalPkgBaseDirs(const uid_t &uid, const std::string &pkgName, app_install_type installType, + std::string &homePath, std::vector<std::string> &legalPkgBaseDirs, bool isSharedRO); diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index 8c88ffa6..b03d7ee9 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -332,8 +332,10 @@ int ServiceImpl::labelPaths(const pkg_paths &paths, int authorId; m_privilegeDb.GetPkgAuthorId(pkgName, authorId); + std::string homePath; std::vector<std::string> pkgLegalBaseDirs; - int ret = getLegalPkgBaseDirs(uid, pkgName, installationType, pkgLegalBaseDirs, isSharedRO); + int ret = getLegalPkgBaseDirs(uid, pkgName, installationType, homePath, + pkgLegalBaseDirs, isSharedRO); if (ret != SECURITY_MANAGER_SUCCESS) { LogError("Failed to generate legal directories for application"); return ret; @@ -343,6 +345,15 @@ int ServiceImpl::labelPaths(const pkg_paths &paths, if (!pathsCheck(paths, pkgLegalBaseDirs)) return SECURITY_MANAGER_ERROR_NOT_PATH_OWNER; + if (isSharedRO) { + // Label shared_ro base paths for bind mounting + std::string sharedPath = homePath + ".shared/" + pkgName; + std::string sharedTmpPath = homePath + ".shared_tmp/" + pkgName; + if (FS::directoryStatus(sharedPath) == 1 && FS::directoryStatus(sharedTmpPath) == 1) { + SmackLabels::setupPkgBasePath(sharedPath); + SmackLabels::setupPkgBasePath(sharedTmpPath); + } + } // register paths for (const auto &pkgPath : paths) { const std::string &path = pkgPath.first; diff --git a/src/common/service_impl_utils.cpp b/src/common/service_impl_utils.cpp index eb1ff7e0..d2bde19b 100644 --- a/src/common/service_impl_utils.cpp +++ b/src/common/service_impl_utils.cpp @@ -100,6 +100,7 @@ std::string realPath(const std::string &path) int getLegalPkgBaseDirs(const uid_t &uid, const std::string &pkgName, app_install_type installType, + std::string &homePath, std::vector<std::string> &legalPkgDirs, bool isSharedRO) { @@ -108,7 +109,7 @@ int getLegalPkgBaseDirs(const uid_t &uid, bool isSdAvailable = false; bool isSkelAvailable = false; enum tzplatform_variable baseId; - enum tzplatform_variable extendedSdId; + enum tzplatform_variable extendedSdId = _TZPLATFORM_VARIABLES_INVALID_; switch (installType) { case SM_APP_INSTALL_LOCAL: @@ -133,12 +134,13 @@ int getLegalPkgBaseDirs(const uid_t &uid, legalPkgDirs.clear(); - std::string basePath; - if (!getPath(tpc, baseId, pkgName, basePath)) { - LogError("Couldn't generate base path"); + if (!getPath(tpc, baseId, "", homePath)) { + LogError("Couldn't generate home path"); return SECURITY_MANAGER_ERROR_UNKNOWN; } + std::string basePath = homePath + pkgName; + LogDebug("Base path is : " << basePath); legalPkgDirs.push_back(std::move(basePath)); |