Adding a new attribute tag to manifestsubmit/trunk/20130318.200853accepted/trunk/20130318.201050

Attribute tag allows to specify the type of the package (currenlty only application or system)
that affects setting SMACK64EXEC label.

For system packages it isn't set by default and for applications it is set to requested domain.

3 files changed, 65 insertions, 5 deletions

diff --git a/plugins/msm.h b/plugins/msm.h
index 3a6e75cba..b91e1a1a1 100644
--- a/plugins/msm.h
+++ b/plugins/msm.h
@@ -282,6 +282,7 @@ typedef struct sw_source_x {
 typedef struct manifest_x { /*package manifest */
     struct sw_source_x *sw_source; /* package sw source */
     const char *name; /* package name */
+    const char *package_type; /* package type: system or application */
     struct provide_x *provides; /* assign section */
     struct request_x *request; /* request section */
     struct sw_source_x *sw_sources; /*defined software sources(non-NULL only for configuration manifests)*/
diff --git a/plugins/msmmanifest.c b/plugins/msmmanifest.c
index ddba7daff..1948c98cc 100644
--- a/plugins/msmmanifest.c
+++ b/plugins/msmmanifest.c
@@ -1069,11 +1069,58 @@ static int msmProcessSWSource(xmlTextReaderPtr reader, sw_source_x *sw_source, c
     return ret;
 }
 
+static int msmProcessAttributes(xmlTextReaderPtr reader, manifest_x *mfx) 
+{
+    const xmlChar *node, *type;
+    int ret, depth, attributePresent = 0;
+
+    rpmlog(RPMLOG_DEBUG, "attributes\n");
+
+    depth = xmlTextReaderDepth(reader);
+
+    while ((ret = msmNextChildElement(reader, depth))) {
+	    node = xmlTextReaderConstName(reader);
+	    if (!node) return -1;
+
+	    if (!strcmp(ASCII(node), "package")) {
+		    if (attributePresent) {
+			rpmlog(RPMLOG_ERR, "Only one attribute is currently allowed per attribute section. Abort installation\n");
+			return -1;
+		    }
+		    attributePresent = 1;
+		    type = xmlTextReaderGetAttribute(reader, XMLCHAR("type"));
+		    rpmlog(RPMLOG_DEBUG, "package type is %s\n", ASCII(type));
+
+		    if (type) {	
+		    
+                	    if ((strcmp(type, "system") != 0) &&
+				(strcmp(type, "application") != 0)){
+				rpmlog(RPMLOG_ERR, "Not allowed attribute name in a package type specification. Abort installation.\n");
+   			    	msmFreePointer((void**)&type);
+			    	return -1; 
+			    }
+
+			    mfx->package_type = ASCII(type);	    
+
+		    } else  {
+			    rpmlog(RPMLOG_ERR, "Type name must be defined. Abort installation\n");
+			    return -1; 
+		    }
+	    } else {
+		rpmlog(RPMLOG_ERR, "Not allowed element in attribute section: %s\n", ASCII(node));
+		return -1;
+	}
+
+	if (ret < 0) return ret;
+    }
+    return ret;
+}
+
 static int msmProcessMsm(xmlTextReaderPtr reader, manifest_x *mfx, sw_source_x *current)
 {
     const xmlChar *node;
     int ret, depth;
-    int assignPresent = 0, requestPresent = 0, definePresent = 0; /* there must be only one section per manifest */
+    int assignPresent = 0, requestPresent = 0, definePresent = 0, attributesPresent = 0; /* there must be only one section per manifest */
     mfx->sw_source = current;
 
     rpmlog(RPMLOG_DEBUG, "manifest\n");
@@ -1094,6 +1141,13 @@ static int msmProcessMsm(xmlTextReaderPtr reader, manifest_x *mfx, sw_source_x *
 			LISTADD(mfx->provides, provide);
 			ret = msmProcessProvide(reader, provide, current, mfx, NULL);
 	    	} else return -1;
+	} else if (!strcmp(ASCII(node), "attributes")) {
+		if (attributesPresent) {
+			rpmlog(RPMLOG_ERR, "A second attribute section in manifest isn't allowed. Abort installation.\n");
+			return -1; 
+		}
+		attributesPresent = 1;
+		ret = msmProcessAttributes(reader, mfx);
 	} else if (!strcmp(ASCII(node), "define")) {
 		if (definePresent) {
 			rpmlog(RPMLOG_ERR, "A second request section in manifest isn't allowed. Abort installation.\n");
diff --git a/plugins/msmxattr.c b/plugins/msmxattr.c
index b8d63f5bc..6e71bb355 100644
--- a/plugins/msmxattr.c
+++ b/plugins/msmxattr.c
@@ -1161,6 +1161,7 @@ int msmSetFileXAttributes(manifest_x *mfx, const char* filepath, magic_t cookie)
     const char *type = NULL;
     const char isolatedLabel[] = SMACK_ISOLATED_LABEL;
     struct stat st;
+    int execLabeldefined = 0;
 
     if (!filepath) return -1;
     if (mfx->name) {
@@ -1202,6 +1203,7 @@ int msmSetFileXAttributes(manifest_x *mfx, const char* filepath, magic_t cookie)
 	return -1;
 
     found:
+    	if (exec_label) execLabeldefined = 1;
 	if ((!label) || (!exec_label)) {
 	    /* no match, use default label of AC domain */
 	    if (mfx->request) { //AC domain is requested in manifest
@@ -1245,10 +1247,13 @@ int msmSetFileXAttributes(manifest_x *mfx, const char* filepath, magic_t cookie)
 			// do not set SMACK64EXEC
 			rpmlog(RPMLOG_DEBUG, "not setting SMACK64EXEC for %s as requested in manifest\n", filepath);
 		} else {
-			rpmlog(RPMLOG_DEBUG, "setting SMACK64EXEC %s for %s\n", exec_label, filepath);
-			if (lsetxattr(filepath, SMACK64EXEC, exec_label, strlen(exec_label), 0) < 0 ) {
-		    		rpmlog(RPMLOG_ERR, "Failed to set SMACK64EXEC %s for %s: %s\n", 
-			   		exec_label, filepath, strerror(errno));
+			if ((mfx->package_type && (strcmp(mfx->package_type, "application") == 0))
+ 			|| (execLabeldefined == 1)) {
+				rpmlog(RPMLOG_INFO, "setting SMACK64EXEC %s for %s\n", exec_label, filepath);
+				if (lsetxattr(filepath, SMACK64EXEC, exec_label, strlen(exec_label), 0) < 0 ) {
+		    			rpmlog(RPMLOG_ERR, "Failed to set SMACK64EXEC %s for %s: %s\n", 
+			   			exec_label, filepath, strerror(errno));
+				}
 			}
 		}
 	}