diff options
author | Konrad Lipinski <k.lipinski2@samsung.com> | 2021-06-07 18:44:55 +0200 |
---|---|---|
committer | Konrad Lipinski <k.lipinski2@samsung.com> | 2021-06-07 18:45:01 +0200 |
commit | 815ff9ba033bd5119b03b1500dec21044d3b160f (patch) | |
tree | df7cd2358aa1e6dca1043c7c47a7a973557a754e | |
parent | 9e8adb561ff53dace466e5bbc6844c4c2be6cddd (diff) | |
download | security-manager-815ff9ba033bd5119b03b1500dec21044d3b160f.tar.gz security-manager-815ff9ba033bd5119b03b1500dec21044d3b160f.tar.bz2 security-manager-815ff9ba033bd5119b03b1500dec21044d3b160f.zip |
Make prepare_app() safer in non-main threads
Calling prepare_app() from a non-main thread in a multithreaded
process could fail. While labels for other threads were being correctly
set by writing to /proc/<tid>/attr/current, the prepare_app thread used
smack_set_label_for_self() and thus /proc/self/attr/current.
This is easily fixed by reusing label_for_self_internal() so that all
threads are uniformly treated, each using its own tid.
Change-Id: Id5b3071b08057200331d64bf8d6cd172ae729df1
-rw-r--r-- | src/client/client-security-manager.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index 34767d6f..b34ce794 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -673,8 +673,8 @@ static inline int security_manager_sync_threads_internal(const std::string &app_ } } - if (g_p_app_label && smack_set_label_for_self(app_label.c_str()) != 0) { - LogError("smack_set_label_for_self failed"); + if (g_p_app_label && label_for_self_internal() != 0) { + LogError("label_for_self_internal failed"); goto err; } |