summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorElena Reshetova <elena.reshetova@intel.com>2013-08-07 13:46:17 +0300
committerElena Reshetova <elena.reshetova@intel.com>2013-08-07 13:46:17 +0300
commita08249263295ddd1f2cd07ed41abebc248f9f75c (patch)
tree42eb55b7ed91a2f6c11f20c97ba15d22cc2d2500
parentc4997a4f187e68b62bbecfba10a8a2cd22e21ab8 (diff)
downloadlibrpm-tizen-a08249263295ddd1f2cd07ed41abebc248f9f75c.tar.gz
librpm-tizen-a08249263295ddd1f2cd07ed41abebc248f9f75c.tar.bz2
librpm-tizen-a08249263295ddd1f2cd07ed41abebc248f9f75c.zip
Security plugin: removing disable-dchecks option
-rw-r--r--configure.ac8
-rw-r--r--plugins/msm-plugin.c6
-rw-r--r--plugins/msmxattr.c18
3 files changed, 0 insertions, 32 deletions
diff --git a/configure.ac b/configure.ac
index c64923906..c455e88a1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -719,14 +719,6 @@ AC_SUBST(WITH_MSM_LIB)
AC_SUBST(WITH_MSM_INCLUDE)
AM_CONDITIONAL(MSM,[test "$with_msm" = yes])
-#domain checks enabling/disabling for security plugin
-AC_ARG_ENABLE(dchecks, [AS_HELP_STRING([--disable-dchecks],[build without domain checks])],,[enable_dchecks=yes])
-AS_IF([test "$enable_dchecks" = yes],[
- AC_DEFINE(ENABLE_DCHECKS, 1, [Build with domain checks])
-])
-AM_CONDITIONAL(ENABLE_DCHECKS,[test "$enable_dchecks" = yes])
-
-
# libcap
WITH_CAP_LIB=
AC_ARG_WITH(cap, [AS_HELP_STRING([--with-cap],[build with capability support])],
diff --git a/plugins/msm-plugin.c b/plugins/msm-plugin.c
index 663e11937..b73993f20 100644
--- a/plugins/msm-plugin.c
+++ b/plugins/msm-plugin.c
@@ -124,12 +124,6 @@ rpmRC PLUGINHOOK_INIT_FUNC(rpmts _ts, const char *name, const char *opts)
if (!ts)
return RPMRC_FAIL;
-#ifndef ENABLE_DCHECKS
- rpmlog(RPMLOG_DEBUG, "ENABLE_DCHECKS is undefined!\n");
-#else
- rpmlog(RPMLOG_DEBUG, "ENABLE_DCHECKS is defined!\n");
-#endif
-
fullPath = rpmGenPath(ts->rootDir, DEVICE_SECURITY_POLICY, NULL);
rpmlog(RPMLOG_DEBUG, "fullPath %s\n", fullPath);
if (!fullPath) {
diff --git a/plugins/msmxattr.c b/plugins/msmxattr.c
index 5af6ed046..a5c5c81a3 100644
--- a/plugins/msmxattr.c
+++ b/plugins/msmxattr.c
@@ -724,11 +724,7 @@ int msmSetupRequests(manifest_x *mfx)
HASH_FIND(hh, all_ac_domains, mfx->request->ac_domain, strlen(mfx->request->ac_domain), defined_ac_domain);
if (!defined_ac_domain){ // request for a undefined domain.
rpmlog(RPMLOG_ERR, "Request for a domain name %s that hasn't been yet defined by any package\n", mfx->request->ac_domain);
-#ifdef ENABLE_DCHECKS
return -1;
-#else
- return 0;
-#endif
}
//now check that the package can join the requested AC domain
if (mfx->defines){
@@ -743,11 +739,7 @@ int msmSetupRequests(manifest_x *mfx)
}
//need to check if developer allowed other packages to join this domain
if (msmCheckDomainJoinPossibility(mfx, defined_ac_domain) < 0) {
-#ifdef ENABLE_DCHECKS
return -1;
-#else
- return 0;
-#endif
}
// now checking if security policy allows to join this domain
if (msmIsRequestAllowed(mfx, defined_ac_domain)) {
@@ -755,11 +747,7 @@ int msmSetupRequests(manifest_x *mfx)
return 0;
} else {
rpmlog(RPMLOG_ERR, "Request for a domain name %s isn't allowed based on package sw source\n", mfx->request->ac_domain);
-#ifdef ENABLE_DCHECKS
return -1;
-#else
- return 0;
-#endif
}
}
@@ -911,9 +899,7 @@ int msmSetupDefines(struct smack_accesses *smack_accesses, manifest_x *mfx)
for (d_request = define->d_requests; d_request; d_request = d_request->prev) {
// first check if the current's package sw source can grant access to requested domain
if (msmCheckDomainRequestOrPermit(mfx, d_request->label_name) < 0) {
-#ifdef ENABLE_DCHECKS
return -1;
-#endif
}
if (smack_accesses_add(smack_accesses, define->name, d_request->label_name, d_request->ac_type) < 0) {
rpmlog(RPMLOG_ERR, "Failed to set smack rules for domain requests\n");
@@ -926,17 +912,13 @@ int msmSetupDefines(struct smack_accesses *smack_accesses, manifest_x *mfx)
for (d_permit = define->d_permits; d_permit; d_permit = d_permit->prev) {
// first check if the current's package sw source can grant access to permited domain
if (msmCheckDomainRequestOrPermit(mfx, d_permit->label_name) < 0) {
-#ifdef ENABLE_DCHECKS
return -1;
-#endif
}
if (!d_permit->to_label_name)
ret = smack_accesses_add(smack_accesses, d_permit->label_name, define->name, d_permit->ac_type);
else {
if (msmCheckLabelProvisioning(mfx, d_permit->to_label_name) < 0) {
-#ifdef ENABLE_DCHECKS
return -1;
-#endif
}
ret = smack_accesses_add(smack_accesses, d_permit->label_name, d_permit->to_label_name, d_permit->ac_type);
}