aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2017-03-17 11:17:36 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2017-03-17 12:59:16 +0100
commit863bf1c6b4e10176edf8b26a9703109ab8db2c43 (patch)
tree3c725135eaf7b284a18ef6e83285692e7fb0d476
parent59c4af98b761d0f11514e9080a46a32bb440ebc0 (diff)
Fix issue in labelling filesx-last-without-systemd
The current version of security manager put this tags - SECURITY_MANAGER_PATH_PRIVATE - SECURITY_MANAGER_PATH_RW User::App::XXXX - SECURITY_MANAGER_PATH_PUBLIC - SECURITY_MANAGER_PATH_RO User::Home - SECURITY_MANAGER_PATH_PUBLIC_RO _ (underscore or floor) Putting floor is bad because it produces files and directories that can't be removed. Using SECURITY_MANAGER_PATH_RO instead of SECURITY_MANAGER_PATH_PUBLIC_RO sets the label "User::Home". It is valid because this label is already read only for applications. But it is writable by the "System" labelled services at the opposite of "_". Change-Id: I685fe366fddb95858c66b827e28acf6d005bcfc0 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--src/secmgr-wrap.c2
-rw-r--r--src/simulation/security-manager.h4
2 files changed, 4 insertions, 2 deletions
diff --git a/src/secmgr-wrap.c b/src/secmgr-wrap.c
index 1b60ac4..ad550ba 100644
--- a/src/secmgr-wrap.c
+++ b/src/secmgr-wrap.c
@@ -117,7 +117,7 @@ static int addpath(const char *pathname, enum app_install_path_type type)
int secmgr_path_public_read_only(const char *pathname)
{
- return addpath(pathname, SECURITY_MANAGER_PATH_PUBLIC_RO);
+ return addpath(pathname, SECURITY_MANAGER_PATH_RO);
}
int secmgr_path_read_only(const char *pathname)
diff --git a/src/simulation/security-manager.h b/src/simulation/security-manager.h
index 36b1b32..d7ea57c 100644
--- a/src/simulation/security-manager.h
+++ b/src/simulation/security-manager.h
@@ -25,9 +25,11 @@ enum lib_retcode {
SECURITY_MANAGER_ERROR_ACCESS_DENIED
};
enum app_install_path_type {
+ SECURITY_MANAGER_PATH_PRIVATE,
+ SECURITY_MANAGER_PATH_PUBLIC,
SECURITY_MANAGER_PATH_PUBLIC_RO,
+ SECURITY_MANAGER_PATH_RW,
SECURITY_MANAGER_PATH_RO,
- SECURITY_MANAGER_PATH_RW
};
typedef void app_inst_req;
static int diese = 0;