From a80e33bc0a10fa4bed5d0b7bf29f45dd2565d309 Mon Sep 17 00:00:00 2001
From: Alejandro Joya <alejandro.joya.cruz@intel.com>
Date: Wed, 4 Nov 2015 19:01:35 -0600
Subject: [PATCH 03/14] Smack-rules: create two new functions

It let to smack-rules to create multiple set of rules
related with the privileges.

It runs from the same bases than for a static set of rules on the
template, but let you add 1 or many templates for different cases.

Change-Id: I14f8d4e914ad5a7ba34c96f3cb5589f0b15292de
Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
---
 src/common/include/smack-rules.h | 15 +++++++++++
 src/common/smack-rules.cpp       | 44 ++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)

diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
index 91446a7..3ad9dd4 100644
--- a/src/common/include/smack-rules.h
+++ b/src/common/include/smack-rules.h
@@ -47,6 +47,8 @@ public:
     void addFromTemplate(const std::vector<std::string> &templateRules,
         const std::string &appId, const std::string &pkgId);
     void addFromTemplateFile(const std::string &appId, const std::string &pkgId);
+    void addFromTemplateFile(const std::string &appId, const std::string &pkgId,
+	const std::string &path);
 
     void apply() const;
     void clear() const;
@@ -74,6 +76,19 @@ public:
      */
     static void installApplicationRules(const std::string &appId, const std::string &pkgId,
         const std::vector<std::string> &pkgContents);
+    /**
+     * Install privileges-specific smack rules.
+     *
+     * Function creates smack rules using predefined template. Rules are applied
+     * to the kernel and saved on persistent storage so they are loaded on system boot.
+     *
+     * @param[in] appId - application id that is beeing installed
+     * @param[in] pkgId - package id that the application is in
+     * @param[in] pkgContents - a list of all applications in the package
+     * @param[in] privileges - a list of all prvileges
+     */
+    static void installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
+        const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges);
     /**
      * Uninstall package-specific smack rules.
      *
diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
index 3629e0f..922a56f 100644
--- a/src/common/smack-rules.cpp
+++ b/src/common/smack-rules.cpp
@@ -135,6 +135,29 @@ void SmackRules::saveToFile(const std::string &path) const
     }
 }
 
+void SmackRules::addFromTemplateFile(const std::string &appId,
+        const std::string &pkgId, const std::string &path)
+{
+    std::vector<std::string> templateRules;
+    std::string line;
+    std::ifstream templateRulesFile(path);
+
+    if (!templateRulesFile.is_open()) {
+        LogError("Cannot open rules template file: " << path);
+        ThrowMsg(SmackException::FileError, "Cannot open rules template file: " << path);
+    }
+
+    while (std::getline(templateRulesFile, line)) {
+        templateRules.push_back(line);
+    }
+
+    if (templateRulesFile.bad()) {
+        LogError("Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
+        ThrowMsg(SmackException::FileError, "Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
+    }
+
+    addFromTemplate(templateRules, appId, pkgId);
+}
 
 void SmackRules::addFromTemplateFile(const std::string &appId,
         const std::string &pkgId)
@@ -223,7 +246,28 @@ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
     std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" +  appId).c_str()));
     return path;
 }
+void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
+        const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
+{
+    SmackRules smackRules;
+    std::string appPath = getApplicationRulesFilePath(appId);
+    smackRules.loadFromFile(appPath);
+    struct stat buffer;
+    for (auto privilege : privileges) {
+        if (privilege.empty())
+            continue;
+        std::string fprivilege ( privilege + "-template.smack");
+        std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
+        if( stat(path.c_str(), &buffer) == 0)
+            smackRules.addFromTemplateFile(appId, pkgId, path);
+    }
+
+    if (smack_smackfs_path() != NULL)
+        smackRules.apply();
 
+    smackRules.saveToFile(appPath);
+    updatePackageRules(pkgId, pkgContents);
+}
 void SmackRules::installApplicationRules(const std::string &appId, const std::string &pkgId,
         const std::vector<std::string> &pkgContents)
 {
-- 
2.21.0