meta-app-framework/recipes-security/security-manager/security-manager/0003-Smack-rules-create-two-new-functions.patch

   1 From a80e33bc0a10fa4bed5d0b7bf29f45dd2565d309 Mon Sep 17 00:00:00 2001
   2 From: Alejandro Joya <alejandro.joya.cruz@intel.com>
   3 Date: Wed, 4 Nov 2015 19:01:35 -0600
   4 Subject: [PATCH 03/14] Smack-rules: create two new functions
   5
   6 It let to smack-rules to create multiple set of rules
   7 related with the privileges.
   8
   9 It runs from the same bases than for a static set of rules on the
  10 template, but let you add 1 or many templates for different cases.
  11
  12 Change-Id: I14f8d4e914ad5a7ba34c96f3cb5589f0b15292de
  13 Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
  14 ---
  15  src/common/include/smack-rules.h | 15 +++++++++++
  16  src/common/smack-rules.cpp       | 44 ++++++++++++++++++++++++++++++++
  17  2 files changed, 59 insertions(+)
  18
  19 diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
  20 index 91446a7..3ad9dd4 100644
  21 --- a/src/common/include/smack-rules.h
  22 +++ b/src/common/include/smack-rules.h
  23 @@ -47,6 +47,8 @@ public:
  24      void addFromTemplate(const std::vector<std::string> &templateRules,
  25          const std::string &appId, const std::string &pkgId);
  26      void addFromTemplateFile(const std::string &appId, const std::string &pkgId);
  27 +    void addFromTemplateFile(const std::string &appId, const std::string &pkgId,
  28 +       const std::string &path);
  29
  30      void apply() const;
  31      void clear() const;
  32 @@ -74,6 +76,19 @@ public:
  33       */
  34      static void installApplicationRules(const std::string &appId, const std::string &pkgId,
  35          const std::vector<std::string> &pkgContents);
  36 +    /**
  37 +     * Install privileges-specific smack rules.
  38 +     *
  39 +     * Function creates smack rules using predefined template. Rules are applied
  40 +     * to the kernel and saved on persistent storage so they are loaded on system boot.
  41 +     *
  42 +     * @param[in] appId - application id that is beeing installed
  43 +     * @param[in] pkgId - package id that the application is in
  44 +     * @param[in] pkgContents - a list of all applications in the package
  45 +     * @param[in] privileges - a list of all prvileges
  46 +     */
  47 +    static void installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
  48 +        const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges);
  49      /**
  50       * Uninstall package-specific smack rules.
  51       *
  52 diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
  53 index 3629e0f..922a56f 100644
  54 --- a/src/common/smack-rules.cpp
  55 +++ b/src/common/smack-rules.cpp
  56 @@ -135,6 +135,29 @@ void SmackRules::saveToFile(const std::string &path) const
  57      }
  58  }
  59
  60 +void SmackRules::addFromTemplateFile(const std::string &appId,
  61 +        const std::string &pkgId, const std::string &path)
  62 +{
  63 +    std::vector<std::string> templateRules;
  64 +    std::string line;
  65 +    std::ifstream templateRulesFile(path);
  66 +
  67 +    if (!templateRulesFile.is_open()) {
  68 +        LogError("Cannot open rules template file: " << path);
  69 +        ThrowMsg(SmackException::FileError, "Cannot open rules template file: " << path);
  70 +    }
  71 +
  72 +    while (std::getline(templateRulesFile, line)) {
  73 +        templateRules.push_back(line);
  74 +    }
  75 +
  76 +    if (templateRulesFile.bad()) {
  77 +        LogError("Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
  78 +        ThrowMsg(SmackException::FileError, "Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
  79 +    }
  80 +
  81 +    addFromTemplate(templateRules, appId, pkgId);
  82 +}
  83
  84  void SmackRules::addFromTemplateFile(const std::string &appId,
  85          const std::string &pkgId)
  86 @@ -223,7 +246,28 @@ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
  87      std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" +  appId).c_str()));
  88      return path;
  89  }
  90 +void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
  91 +        const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
  92 +{
  93 +    SmackRules smackRules;
  94 +    std::string appPath = getApplicationRulesFilePath(appId);
  95 +    smackRules.loadFromFile(appPath);
  96 +    struct stat buffer;
  97 +    for (auto privilege : privileges) {
  98 +        if (privilege.empty())
  99 +            continue;
 100 +        std::string fprivilege ( privilege + "-template.smack");
 101 +        std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
 102 +        if( stat(path.c_str(), &buffer) == 0)
 103 +            smackRules.addFromTemplateFile(appId, pkgId, path);
 104 +    }
 105 +
 106 +    if (smack_smackfs_path() != NULL)
 107 +        smackRules.apply();
 108
 109 +    smackRules.saveToFile(appPath);
 110 +    updatePackageRules(pkgId, pkgContents);
 111 +}
 112  void SmackRules::installApplicationRules(const std::string &appId, const std::string &pkgId,
 113          const std::vector<std::string> &pkgContents)
 114  {
 115 --
 116 2.21.0
 117