diff options
Diffstat (limited to 'meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch')
-rw-r--r-- | meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch | 117 |
1 files changed, 0 insertions, 117 deletions
diff --git a/meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch b/meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch deleted file mode 100644 index d79345e01..000000000 --- a/meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch +++ /dev/null @@ -1,117 +0,0 @@ -From a80e33bc0a10fa4bed5d0b7bf29f45dd2565d309 Mon Sep 17 00:00:00 2001 -From: Alejandro Joya <alejandro.joya.cruz@intel.com> -Date: Wed, 4 Nov 2015 19:01:35 -0600 -Subject: [PATCH 03/14] Smack-rules: create two new functions - -It let to smack-rules to create multiple set of rules -related with the privileges. - -It runs from the same bases than for a static set of rules on the -template, but let you add 1 or many templates for different cases. - -Change-Id: I14f8d4e914ad5a7ba34c96f3cb5589f0b15292de -Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com> ---- - src/common/include/smack-rules.h | 15 +++++++++++ - src/common/smack-rules.cpp | 44 ++++++++++++++++++++++++++++++++ - 2 files changed, 59 insertions(+) - -diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h -index 91446a7..3ad9dd4 100644 ---- a/src/common/include/smack-rules.h -+++ b/src/common/include/smack-rules.h -@@ -47,6 +47,8 @@ public: - void addFromTemplate(const std::vector<std::string> &templateRules, - const std::string &appId, const std::string &pkgId); - void addFromTemplateFile(const std::string &appId, const std::string &pkgId); -+ void addFromTemplateFile(const std::string &appId, const std::string &pkgId, -+ const std::string &path); - - void apply() const; - void clear() const; -@@ -74,6 +76,19 @@ public: - */ - static void installApplicationRules(const std::string &appId, const std::string &pkgId, - const std::vector<std::string> &pkgContents); -+ /** -+ * Install privileges-specific smack rules. -+ * -+ * Function creates smack rules using predefined template. Rules are applied -+ * to the kernel and saved on persistent storage so they are loaded on system boot. -+ * -+ * @param[in] appId - application id that is beeing installed -+ * @param[in] pkgId - package id that the application is in -+ * @param[in] pkgContents - a list of all applications in the package -+ * @param[in] privileges - a list of all prvileges -+ */ -+ static void installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId, -+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges); - /** - * Uninstall package-specific smack rules. - * -diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp -index 3629e0f..922a56f 100644 ---- a/src/common/smack-rules.cpp -+++ b/src/common/smack-rules.cpp -@@ -135,6 +135,29 @@ void SmackRules::saveToFile(const std::string &path) const - } - } - -+void SmackRules::addFromTemplateFile(const std::string &appId, -+ const std::string &pkgId, const std::string &path) -+{ -+ std::vector<std::string> templateRules; -+ std::string line; -+ std::ifstream templateRulesFile(path); -+ -+ if (!templateRulesFile.is_open()) { -+ LogError("Cannot open rules template file: " << path); -+ ThrowMsg(SmackException::FileError, "Cannot open rules template file: " << path); -+ } -+ -+ while (std::getline(templateRulesFile, line)) { -+ templateRules.push_back(line); -+ } -+ -+ if (templateRulesFile.bad()) { -+ LogError("Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH); -+ ThrowMsg(SmackException::FileError, "Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH); -+ } -+ -+ addFromTemplate(templateRules, appId, pkgId); -+} - - void SmackRules::addFromTemplateFile(const std::string &appId, - const std::string &pkgId) -@@ -223,7 +246,28 @@ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId) - std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str())); - return path; - } -+void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId, -+ const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges) -+{ -+ SmackRules smackRules; -+ std::string appPath = getApplicationRulesFilePath(appId); -+ smackRules.loadFromFile(appPath); -+ struct stat buffer; -+ for (auto privilege : privileges) { -+ if (privilege.empty()) -+ continue; -+ std::string fprivilege ( privilege + "-template.smack"); -+ std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str())); -+ if( stat(path.c_str(), &buffer) == 0) -+ smackRules.addFromTemplateFile(appId, pkgId, path); -+ } -+ -+ if (smack_smackfs_path() != NULL) -+ smackRules.apply(); - -+ smackRules.saveToFile(appPath); -+ updatePackageRules(pkgId, pkgContents); -+} - void SmackRules::installApplicationRules(const std::string &appId, const std::string &pkgId, - const std::vector<std::string> &pkgContents) - { --- -2.21.0 - |