Before that change any application could browse
content of other application.
This change fixes that unintended behaviour by setting
the installed files as private to the application.
This affects the Smack labels of the files that after
the change become the label of the application.
Bug-AGL: SPEC-3489
Change-Id: I933446a8c155a03d9b66767f1dda63aeaeb21eb1
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
int secmgr_path_public_read_only(const char *pathname)
{
- return addpath(pathname, SECURITY_MANAGER_PATH_RO);
+ return addpath(pathname, SECURITY_MANAGER_PATH_PUBLIC_RO);
}
int secmgr_path_read_only(const char *pathname)
return addpath(pathname, SECURITY_MANAGER_PATH_RW);
}
+int secmgr_path_private(const char *pathname)
+{
+ return addpath(pathname, SECURITY_MANAGER_PATH_PRIVATE);
+}
+
int secmgr_prepare_exec(const char *appid)
{
return retcode(security_manager_prepare_app(appid));
extern int secmgr_path_public_read_only(const char *pathname);
extern int secmgr_path_read_only(const char *pathname);
extern int secmgr_path_read_write(const char *pathname);
+extern int secmgr_path_private(const char *pathname);
extern int secmgr_prepare_exec(const char *appid);
if (lf <= lic && icon && !memcmp(f->name, icon, lf) && (!f->name[lf] || f->name[lf] == '/'))
rc = secmgr_path_public_read_only(path);
else
- rc = secmgr_path_read_only(path);
+ rc = secmgr_path_private(path);
if (rc)
goto error2;
}