diff options
| author | Konrad Lipinski <k.lipinski2@partner.samsung.com> | 2018-09-14 14:14:17 +0200 |
|---|---|---|
| committer | Konrad Lipinski <k.lipinski2@partner.samsung.com> | 2018-10-10 15:53:59 +0200 |
| commit | 75293c9c70f3f04c86721039bedfd6e0bf0786a8 (patch) | |
| tree | 0df3266bd2eb1ee79895deeab61ccb06ecc03c61 /src/server/cleanup/security-manager-cleanup.cpp | |
| parent | 4e5b938c96cf8a76606417c4ae2bfadb0b6e7fbe (diff) | |
| download | security-manager-75293c9c70f3f04c86721039bedfd6e0bf0786a8.tar.gz security-manager-75293c9c70f3f04c86721039bedfd6e0bf0786a8.tar.bz2 security-manager-75293c9c70f3f04c86721039bedfd6e0bf0786a8.zip | |
Replace smack rule storage with straight-from-db rule loader
Details:
* remove %{TZ_SYS_VAR}/security-manager/rules{,-merged} directories
* add security-manager-rules-loader that
** performs database migration/recovery
** writes smack rules from a coherent database directly to load2
* add generate-rule-code generator that translates rule templates
(*.smack files) into c++ code for use in the loader
* remove security-manager-init-db binary and replace its invocation with
sh$ security-manager-rules-loader no-load
* replace dd invocation with security-manager-rules-loader in the rule
loader service
* add explicit dependency to ensure the loader runs before the manager
* refactor manager code
** remove the majority of database migration/recovery code on grounds of
loader having run beforehand
** replace defensive remnants of said code with an emergency invocation
sh$ security-manager-rules-loader fallback-only
to apply fallback on database schmea errors
** remove rule file maintenance (not needed anymore)
TODO:
* *.smack template files are still used by the manager at runtime,
removing them is optional and would require a substantial refactor
best placed in a separate commit
Pros:
* optimize flash usage (rule files were prone to quadratic explosion)
* solve database-rulefiles coherence problem
* make the rule loader performance more scalable and typically better
* simplify and speed up the manager a bit by dropping rule file code
Change-Id: I7d79d5ec7e66c9dfe6563dbb3f76bf6ab6669589
Diffstat (limited to 'src/server/cleanup/security-manager-cleanup.cpp')
| -rw-r--r-- | src/server/cleanup/security-manager-cleanup.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/server/cleanup/security-manager-cleanup.cpp b/src/server/cleanup/security-manager-cleanup.cpp index 20986bd8..b115f666 100644 --- a/src/server/cleanup/security-manager-cleanup.cpp +++ b/src/server/cleanup/security-manager-cleanup.cpp @@ -61,11 +61,12 @@ int main(void) try { std::map<std::string, std::vector<std::string>> appPathMap; - PrivilegeDb::getInstance().GetAllPrivateSharing(appPathMap); + PrivilegeDb db(PrivilegeDb::Offline::no); + db.GetAllPrivateSharing(appPathMap); for (auto &appPaths : appPathMap) { try { std::string pkgName; - PrivilegeDb::getInstance().GetAppPkgName(appPaths.first, pkgName); + db.GetAppPkgName(appPaths.first, pkgName); for (const auto &path : appPaths.second) { //FIXME Make this service run as slave and master SmackLabels::setupPath(pkgName, path, SECURITY_MANAGER_PATH_RW); @@ -78,7 +79,7 @@ int main(void) LogError("Got unknown exception, ignoring"); } } - PrivilegeDb::getInstance().ClearPrivateSharing(); + db.ClearPrivateSharing(); } catch (const SecurityManager::Exception &e) { std::cerr << "Exception throw, msg: " << e.GetMessage() << std::endl; } catch (...) { |