Fix issue in labelling files

The current version of security manager put this tags

 - SECURITY_MANAGER_PATH_PRIVATE
 - SECURITY_MANAGER_PATH_RW

      User::App::XXXX

 - SECURITY_MANAGER_PATH_PUBLIC
 - SECURITY_MANAGER_PATH_RO

      User::Home

 - SECURITY_MANAGER_PATH_PUBLIC_RO

      _ (underscore or floor)

Putting floor is bad because it produces
files and directories that can't be removed.

Using SECURITY_MANAGER_PATH_RO instead of
SECURITY_MANAGER_PATH_PUBLIC_RO sets the
label "User::Home". It is valid because this
label is already read only for applications.
But it is writable by the "System" labelled
services at the opposite of "_".

Change-Id: I685fe366fddb95858c66b827e28acf6d005bcfc0
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

diff --git a/src/secmgr-wrap.c b/src/secmgr-wrap.c
index 1b60ac4..ad550ba 100644 (file)
--- a/src/secmgr-wrap.c
+++ b/src/secmgr-wrap.c
@@ -117,7 +117,7 @@ static int addpath(const char *pathname, enum app_install_path_type type)
 
 int secmgr_path_public_read_only(const char *pathname)
 {
-       return addpath(pathname, SECURITY_MANAGER_PATH_PUBLIC_RO);
+       return addpath(pathname, SECURITY_MANAGER_PATH_RO);
 }
 
 int secmgr_path_read_only(const char *pathname)

diff --git a/src/simulation/security-manager.h b/src/simulation/security-manager.h
index 36b1b32..d7ea57c 100644 (file)
--- a/src/simulation/security-manager.h
+++ b/src/simulation/security-manager.h
@@ -25,9 +25,11 @@ enum lib_retcode {
        SECURITY_MANAGER_ERROR_ACCESS_DENIED
 };
 enum app_install_path_type {
+       SECURITY_MANAGER_PATH_PRIVATE,
+       SECURITY_MANAGER_PATH_PUBLIC,
        SECURITY_MANAGER_PATH_PUBLIC_RO,
+       SECURITY_MANAGER_PATH_RW,
        SECURITY_MANAGER_PATH_RO,
-       SECURITY_MANAGER_PATH_RW
 };
 typedef void app_inst_req;
 static int diese = 0;