1 From d130a7384428a96f31ad5950ffbffadc0aa29a15 Mon Sep 17 00:00:00 2001
2 From: Alejandro Joya <alejandro.joya.cruz@intel.com>
3 Date: Wed, 4 Nov 2015 19:01:35 -0600
4 Subject: [PATCH 1/2] Smack-rules: create two new functions
6 It let to smack-rules to create multiple set of rules
7 related with the privileges.
9 It runs from the same bases than for a static set of rules on the
10 template, but let you add 1 or many templates for different cases.
12 Signed-off-by: Alejandro Joya <alejandro.joya.cruz@intel.com>
14 src/common/include/smack-rules.h | 15 ++++++++++++++
15 src/common/smack-rules.cpp | 44 ++++++++++++++++++++++++++++++++++++++++
16 2 files changed, 59 insertions(+)
18 diff --git a/src/common/include/smack-rules.h b/src/common/include/smack-rules.h
19 index 91446a7..f9fa438 100644
20 --- a/src/common/include/smack-rules.h
21 +++ b/src/common/include/smack-rules.h
22 @@ -47,6 +47,8 @@ public:
23 void addFromTemplate(const std::vector<std::string> &templateRules,
24 const std::string &appId, const std::string &pkgId);
25 void addFromTemplateFile(const std::string &appId, const std::string &pkgId);
26 + void addFromTemplateFile(const std::string &appId, const std::string &pkgId,
27 + const std::string &path);
31 @@ -75,6 +77,19 @@ public:
32 static void installApplicationRules(const std::string &appId, const std::string &pkgId,
33 const std::vector<std::string> &pkgContents);
35 + * Install privileges-specific smack rules.
37 + * Function creates smack rules using predefined template. Rules are applied
38 + * to the kernel and saved on persistent storage so they are loaded on system boot.
40 + * @param[in] appId - application id that is beeing installed
41 + * @param[in] pkgId - package id that the application is in
42 + * @param[in] pkgContents - a list of all applications in the package
43 + * @param[in] privileges - a list of all prvileges
45 + static void installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
46 + const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges);
48 * Uninstall package-specific smack rules.
50 * Function loads package-specific smack rules, revokes them from the kernel
51 diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp
52 index 3629e0f..d834e42 100644
53 --- a/src/common/smack-rules.cpp
54 +++ b/src/common/smack-rules.cpp
55 @@ -135,6 +135,29 @@ void SmackRules::saveToFile(const std::string &path) const
59 +void SmackRules::addFromTemplateFile(const std::string &appId,
60 + const std::string &pkgId, const std::string &path)
62 + std::vector<std::string> templateRules;
64 + std::ifstream templateRulesFile(path);
66 + if (!templateRulesFile.is_open()) {
67 + LogError("Cannot open rules template file: " << path);
68 + ThrowMsg(SmackException::FileError, "Cannot open rules template file: " << path);
71 + while (std::getline(templateRulesFile, line)) {
72 + templateRules.push_back(line);
75 + if (templateRulesFile.bad()) {
76 + LogError("Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
77 + ThrowMsg(SmackException::FileError, "Error reading template file: " << APP_RULES_TEMPLATE_FILE_PATH);
80 + addFromTemplate(templateRules, appId, pkgId);
83 void SmackRules::addFromTemplateFile(const std::string &appId,
84 const std::string &pkgId)
85 @@ -223,7 +246,28 @@ std::string SmackRules::getApplicationRulesFilePath(const std::string &appId)
86 std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str()));
89 +void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId,
90 + const std::vector<std::string> &pkgContents, const std::vector<std::string> &privileges)
92 + SmackRules smackRules;
93 + std::string appPath = getApplicationRulesFilePath(appId);
94 + smackRules.loadFromFile(appPath);
96 + for (auto privilege : privileges) {
97 + if (privilege.empty())
99 + std::string fprivilege ( privilege + "-template.smack");
100 + std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str()));
101 + if( stat(path.c_str(), &buffer) == 0)
102 + smackRules.addFromTemplateFile(appId, pkgId, path);
105 + if (smack_smackfs_path() != NULL)
106 + smackRules.apply();
108 + smackRules.saveToFile(appPath);
109 + updatePackageRules(pkgId, pkgContents);
111 void SmackRules::installApplicationRules(const std::string &appId, const std::string &pkgId,
112 const std::vector<std::string> &pkgContents)