From 863bf1c6b4e10176edf8b26a9703109ab8db2c43 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Fri, 17 Mar 2017 11:17:36 +0100 Subject: Fix issue in labelling files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The current version of security manager put this tags - SECURITY_MANAGER_PATH_PRIVATE - SECURITY_MANAGER_PATH_RW User::App::XXXX - SECURITY_MANAGER_PATH_PUBLIC - SECURITY_MANAGER_PATH_RO User::Home - SECURITY_MANAGER_PATH_PUBLIC_RO _ (underscore or floor) Putting floor is bad because it produces files and directories that can't be removed. Using SECURITY_MANAGER_PATH_RO instead of SECURITY_MANAGER_PATH_PUBLIC_RO sets the label "User::Home". It is valid because this label is already read only for applications. But it is writable by the "System" labelled services at the opposite of "_". Change-Id: I685fe366fddb95858c66b827e28acf6d005bcfc0 Signed-off-by: José Bollo --- src/secmgr-wrap.c | 2 +- src/simulation/security-manager.h | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/secmgr-wrap.c b/src/secmgr-wrap.c index 1b60ac4..ad550ba 100644 --- a/src/secmgr-wrap.c +++ b/src/secmgr-wrap.c @@ -117,7 +117,7 @@ static int addpath(const char *pathname, enum app_install_path_type type) int secmgr_path_public_read_only(const char *pathname) { - return addpath(pathname, SECURITY_MANAGER_PATH_PUBLIC_RO); + return addpath(pathname, SECURITY_MANAGER_PATH_RO); } int secmgr_path_read_only(const char *pathname) diff --git a/src/simulation/security-manager.h b/src/simulation/security-manager.h index 36b1b32..d7ea57c 100644 --- a/src/simulation/security-manager.h +++ b/src/simulation/security-manager.h @@ -25,9 +25,11 @@ enum lib_retcode { SECURITY_MANAGER_ERROR_ACCESS_DENIED }; enum app_install_path_type { + SECURITY_MANAGER_PATH_PRIVATE, + SECURITY_MANAGER_PATH_PUBLIC, SECURITY_MANAGER_PATH_PUBLIC_RO, + SECURITY_MANAGER_PATH_RW, SECURITY_MANAGER_PATH_RO, - SECURITY_MANAGER_PATH_RW }; typedef void app_inst_req; static int diese = 0; -- cgit 1.2.3-korg