From 69bd3ddac4b23d827c8e58b96201238f0114497b Mon Sep 17 00:00:00 2001 From: Marius Vlad Date: Tue, 23 May 2023 15:58:31 +0300 Subject: [PATCH] policy-deny: Remove SMACK support Similar to Waltham, SMACK hasn't been really used and it was actually a compile option, showing as a example the deny policy. The RBA and the allow-all policy still available, and we can revisit the policy mechanism if we plan on switching to SELinux. Bug-AGL: SPEC-4806 Signed-off-by: Marius Vlad Change-Id: Iedac63585676ebc47201debcf73870cb0538cc09 --- meson.build | 6 ---- src/policy-default.c | 4 --- src/policy-deny.c | 81 ---------------------------------------------------- 3 files changed, 91 deletions(-) diff --git a/meson.build b/meson.build index 2079fb1..4d846d2 100644 --- a/meson.build +++ b/meson.build @@ -42,7 +42,6 @@ foreach func: optional_libc_funcs endforeach dep_libsystemd = dependency('libsystemd', required: false) -dep_libsmack = dependency('libsmack', required: false) dep_scanner = dependency('wayland-scanner') prog_scanner = find_program(dep_scanner.get_pkgconfig_variable('wayland_scanner')) dep_wp = dependency('wayland-protocols', version: '>= 1.18') @@ -206,11 +205,6 @@ if deps_remoting.length() == depnames.length() message('Found remoting depends, enabling remoting') endif -if dep_libsmack.found() - config_h.set('HAVE_SMACK', 1) - deps_libweston += dep_libsmack -endif - dir_module_agl_compositor = join_paths(join_paths(prefix_path, get_option('libdir')), 'agl-compositor') libexec_compositor = shared_library( diff --git a/src/policy-default.c b/src/policy-default.c index 8d70684..fa22097 100644 --- a/src/policy-default.c +++ b/src/policy-default.c @@ -26,10 +26,6 @@ #include "ivi-compositor.h" #include "policy.h" -#ifdef HAVE_SMACK -#include -#endif - #include /* diff --git a/src/policy-deny.c b/src/policy-deny.c index 823f331..f36f21e 100644 --- a/src/policy-deny.c +++ b/src/policy-deny.c @@ -26,29 +26,9 @@ #include "ivi-compositor.h" #include "policy.h" -#ifdef HAVE_SMACK -#include -#endif - #include #include "shared/helpers.h" -#ifdef HAVE_SMACK -static const char *const bind_agl_shell[] = { - "User::App::homescreen", - "User::App::cluster-gauges" /* cluster-dashboard */ -}; - -static const char *const bind_agl_shell_desktop[] = { - "User::App::launcher", - "User::App::alexa-viewer", - "User::App::tbtnavi", - "User::App::hvac", - "User::App::xdg-cluster-receiver", /* cluster-receiver, native XDG app*/ - "User::App::cluster-receiver" /* cluster-receiver, Qt app */ -}; -#endif - static const char *const applications_permitted[] = { "homescreen", "alexa-viewer", "launcher", "hvac", "navigation", "mediaplayer" @@ -67,31 +47,6 @@ ivi_policy_verify_permitted_app(const char *app_id) return false; } -#ifdef HAVE_SMACK -/* helper to determine which applications are allowed to bind to the - * private extensions - */ -static bool -ivi_policy_check_bind_agl_shell(const char *app_id) -{ - for (size_t i = 0; i < ARRAY_LENGTH(bind_agl_shell); i++) - if (strcmp(app_id, bind_agl_shell[i]) == 0) - return true; - - return false; -} - -static bool -ivi_policy_check_bind_agl_shell_desktop(const char *app_id) -{ - for (size_t i = 0; i < ARRAY_LENGTH(bind_agl_shell_desktop); i++) - if (strcmp(app_id, bind_agl_shell_desktop[i]) == 0) - return true; - - return false; -} -#endif - static bool ivi_policy_verify_ivi_surface(struct ivi_surface *surf) { @@ -145,47 +100,11 @@ ivi_policy_default_surface_advertise_state_change(struct ivi_surface *surf, void return ivi_policy_verify_ivi_surface(surf); } -#ifdef HAVE_SMACK -static bool -ivi_policy_default_shell_bind_interface(void *client, void *interface) -{ - struct wl_interface *shell_interface = interface; - struct wl_client *conn_client = client; - - pid_t pid, uid, gid; - int client_fd; - char *label; - bool ret = false; - - wl_client_get_credentials(conn_client, &pid, &uid, &gid); - - client_fd = wl_client_get_fd(conn_client); - if (smack_new_label_from_socket(client_fd, &label) < 0) { - return ret; - } - - if (strcmp(shell_interface->name, "agl_shell") == 0) - ret = ivi_policy_check_bind_agl_shell(label); - - if (strcmp(shell_interface->name, "agl_shell_desktop") == 0) - ret = ivi_policy_check_bind_agl_shell_desktop(label); - - if (ret) - weston_log("Client with pid %d, uid %d, gid %d, allowed " - "to bind to %s for label %s\n", pid, uid, gid, - shell_interface->name, label); - - /* client responsible for free'ing */ - free(label); - return ret; -} -#else static bool ivi_policy_default_shell_bind_interface(void *client, void *interface) { return false; } -#endif static bool ivi_policy_default_allow_to_add(void *user_data) -- 2.16.6