WIP: revert old logic

robertwoj-microsoft · robertwoj-microsoft · commit 681c6fabf315 · 2025-03-17T16:27:38.000+01:00
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -12,6 +12,71 @@
     // Use JSON with comments
     "files.associations": {
         "*.json": "jsonc",
-        "string": "cpp"
+        "string": "cpp",
+        "any": "cpp",
+        "array": "cpp",
+        "atomic": "cpp",
+        "bit": "cpp",
+        "*.tcc": "cpp",
+        "bitset": "cpp",
+        "cctype": "cpp",
+        "chrono": "cpp",
+        "cinttypes": "cpp",
+        "clocale": "cpp",
+        "cmath": "cpp",
+        "compare": "cpp",
+        "concepts": "cpp",
+        "condition_variable": "cpp",
+        "csetjmp": "cpp",
+        "csignal": "cpp",
+        "cstdarg": "cpp",
+        "cstddef": "cpp",
+        "cstdint": "cpp",
+        "cstdio": "cpp",
+        "cstdlib": "cpp",
+        "cstring": "cpp",
+        "ctime": "cpp",
+        "cwchar": "cpp",
+        "cwctype": "cpp",
+        "deque": "cpp",
+        "list": "cpp",
+        "map": "cpp",
+        "set": "cpp",
+        "unordered_map": "cpp",
+        "vector": "cpp",
+        "exception": "cpp",
+        "algorithm": "cpp",
+        "functional": "cpp",
+        "iterator": "cpp",
+        "memory": "cpp",
+        "memory_resource": "cpp",
+        "numeric": "cpp",
+        "optional": "cpp",
+        "random": "cpp",
+        "ratio": "cpp",
+        "regex": "cpp",
+        "string_view": "cpp",
+        "system_error": "cpp",
+        "tuple": "cpp",
+        "type_traits": "cpp",
+        "utility": "cpp",
+        "fstream": "cpp",
+        "initializer_list": "cpp",
+        "iomanip": "cpp",
+        "iosfwd": "cpp",
+        "iostream": "cpp",
+        "istream": "cpp",
+        "limits": "cpp",
+        "mutex": "cpp",
+        "new": "cpp",
+        "ostream": "cpp",
+        "ranges": "cpp",
+        "sstream": "cpp",
+        "stdexcept": "cpp",
+        "stop_token": "cpp",
+        "streambuf": "cpp",
+        "thread": "cpp",
+        "typeinfo": "cpp",
+        "variant": "cpp"
     }
 }
diff --git a/src/modules/compliance/src/lib/ComplianceInterface.cpp b/src/modules/compliance/src/lib/ComplianceInterface.cpp
@@ -158,9 +158,9 @@ int ComplianceMmiSet(MMI_HANDLE clientSession, const char* componentName, const
         {
             char* tmp = json_serialize_to_string(object.get());
             realPayload = tmp;
-            // json_free_serialized_string(tmp);
+            json_free_serialized_string(tmp);
         }
-        auto result = engine.mmiSet(objectName, realPayload);
+        auto result = engine.mmiSet(objectName, std::move(realPayload));
         if (!result.has_value())
         {
             OsConfigLogError(engine.log(), "ComplianceMmiSet failed: %s", result.error().message.c_str());
diff --git a/src/modules/compliance/src/lib/procedures/ensureFilePermissions.cpp b/src/modules/compliance/src/lib/procedures/ensureFilePermissions.cpp
@@ -77,35 +77,36 @@ AUDIT_FN(ensureFilePermissions)
         }
     }
 
-    const mode_t supportedMask = 0x1FF;
+    mode_t perms = 0x0;
+    mode_t mask = 0x1FF;
+    bool has_perms_or_mask = false;
     if (args.find("permissions") != args.end())
     {
         char* endptr;
-        mode_t perms = strtol(args["permissions"].c_str(), &endptr, 8);
+        perms = strtol(args["permissions"].c_str(), &endptr, 8);
         if (('\0' != *endptr) || ((perms & supportedMask) != perms))
         {
             return Error("Invalid permissions parameter");
         }
-        if (perms != (statbuf.st_mode & supportedMask))
-        {
-            logstream << "Invalid permissions - are " << std::oct << (statbuf.st_mode & supportedMask) << " should be " << std::oct << perms << std::dec;
-            return false;
-        }
+        has_perms_or_mask = true;
     }
+
     if (args.find("mask") != args.end())
     {
         char* endptr;
-        mode_t mask = strtol(args["mask"].c_str(), &endptr, 8);
+        mask = strtol(args["mask"].c_str(), &endptr, 8);
         if (('\0' != *endptr) || ((mask & supportedMask) != mask))
         {
             return Error("Invalid mask parameter");
         }
-        if (((statbuf.st_mode & supportedMask) & mask) != 0)
-        {
-            logstream << "Invalid permissions - are " << std::oct << (statbuf.st_mode & supportedMask) << " should be " << std::oct
-                      << ((statbuf.st_mode & supportedMask) & (~mask)) << " with mask " << std::oct << mask << std::dec;
-            return false;
-        }
+        mask &= supportedMask;
+        has_perms_or_mask = true;
+    }
+    if (has_perms_or_mask && ((perms & mask) != (statbuf.st_mode & mask)))
+    {
+        logstream << "Invalid permissions - are " << std::oct << (statbuf.st_mode & supportedMask) << " should be " << std::oct << perms
+                  << " with mask " << std::oct << mask << std::dec;
+        return false;
     }
 
     return true;
@@ -189,43 +190,42 @@ REMEDIATE_FN(ensureFilePermissions)
         }
     }
 
+    mode_t perms = 0x1FF;
+    mode_t mask = 0x1FF;
+    bool has_perms_or_mask = false;
     if (args.find("permissions") != args.end())
     {
         char* endptr;
-        const mode_t perms = strtol(args["permissions"].c_str(), &endptr, 8);
+        perms = strtol(args["permissions"].c_str(), &endptr, 8);
         if (('\0' != *endptr) || ((perms & supportedMask) != perms))
         {
             logstream << "ERROR: Invalid permissions: " << args["permissions"];
             return Error("Invalid permissions: " + args["permissions"]);
         }
-        if (perms != (statbuf.st_mode & supportedMask))
-        {
-            if (chmod(args["filename"].c_str(), perms) < 0)
-            {
-                logstream << "ERROR: Chmod error " << strerror(errno);
-                return false;
-            }
-        }
+        has_perms_or_mask = true;
     }
     if (args.find("mask") != args.end())
     {
         char* endptr;
-        const mode_t mask = strtol(args["mask"].c_str(), &endptr, 8);
+        mask = strtol(args["mask"].c_str(), &endptr, 8);
         if (('\0' != *endptr) || ((mask & supportedMask) != mask))
         {
             logstream << "ERROR: Invalid permissions mask: " << args["mask"];
             return Error("Invalid permissions mask: " + args["mask"]);
         }
-        if (((statbuf.st_mode & supportedMask) & mask) != 0)
+        has_perms_or_mask = true;
+    }
+
+    unsigned short new_perms = (statbuf.st_mode & ~mask) | (perms & mask);
+    OsConfigLogInfo(NULL, "Setting permissions to %o, current: %o, perms: %o, mask: %o", new_perms, statbuf.st_mode, perms, mask);
+    if (has_perms_or_mask && (new_perms != statbuf.st_mode))
+    {
+        if (chmod(args["filename"].c_str(), new_perms) < 0)
         {
-            if (chmod(args["filename"].c_str(), statbuf.st_mode & (~mask)) < 0)
-            {
-                logstream << "ERROR: Chmod error " << strerror(errno);
-                return false;
-            }
+            logstream << "ERROR: Chmod error";
+            return Error("Chmod error");
         }
     }
-
     return true;
 }
 } // namespace compliance
diff --git a/src/modules/test/recipes/compliance/EnsureFilePermissions.json b/src/modules/test/recipes/compliance/EnsureFilePermissions.json
@@ -83,7 +83,7 @@
     "ObjectType": "Reported",
     "ComponentName": "Compliance",
     "ObjectName": "auditTest",
-    "Payload": "{ ensureFilePermissions: ensureFilePermissions for '\/tmp/testfile' Invalid permissions - are 777 should be 644 } == FALSE"
+    "Payload": "{ ensureFilePermissions: ensureFilePermissions for '\/tmp/testfile' Invalid permissions - are 777 should be 644 with mask 777 } == FALSE"
   },
   {
     "ObjectType": "Desired",

Original file line number	Diff line number	Diff line change
`@@ -158,9 +158,9 @@ int ComplianceMmiSet(MMI_HANDLE clientSession, const char* componentName, const`
`158`	`158`	`{`
`159`	`159`	`char* tmp = json_serialize_to_string(object.get());`
`160`	`160`	`realPayload = tmp;`
`161`		`- // json_free_serialized_string(tmp);`
	`161`	`+ json_free_serialized_string(tmp);`
`162`	`162`	`}`
`163`		`- auto result = engine.mmiSet(objectName, realPayload);`
	`163`	`+ auto result = engine.mmiSet(objectName, std::move(realPayload));`
`164`	`164`	`if (!result.has_value())`
`165`	`165`	`{`
`166`	`166`	`OsConfigLogError(engine.log(), "ComplianceMmiSet failed: %s", result.error().message.c_str());`
Original file line number	Diff line number	Diff line change
`@@ -77,35 +77,36 @@ AUDIT_FN(ensureFilePermissions)`
`77`	`77`	`}`
`78`	`78`	`}`
`79`	`79`
`80`		`- const mode_t supportedMask = 0x1FF;`
	`80`	`+ mode_t perms = 0x0;`
	`81`	`+ mode_t mask = 0x1FF;`
	`82`	`+ bool has_perms_or_mask = false;`
`81`	`83`	`if (args.find("permissions") != args.end())`
`82`	`84`	`{`
`83`	`85`	`char* endptr;`
`84`		`- mode_t perms = strtol(args["permissions"].c_str(), &endptr, 8);`
	`86`	`+ perms = strtol(args["permissions"].c_str(), &endptr, 8);`
`85`	`87`	`if (('\0' != *endptr) \|\| ((perms & supportedMask) != perms))`
`86`	`88`	`{`
`87`	`89`	`return Error("Invalid permissions parameter");`
`88`	`90`	`}`
`89`		`- if (perms != (statbuf.st_mode & supportedMask))`
`90`		`- {`
`91`		`- logstream << "Invalid permissions - are " << std::oct << (statbuf.st_mode & supportedMask) << " should be " << std::oct << perms << std::dec;`
`92`		`- return false;`
`93`		`- }`
	`91`	`+ has_perms_or_mask = true;`
`94`	`92`	`}`
	`93`	`+`
`95`	`94`	`if (args.find("mask") != args.end())`
`96`	`95`	`{`
`97`	`96`	`char* endptr;`
`98`		`- mode_t mask = strtol(args["mask"].c_str(), &endptr, 8);`
	`97`	`+ mask = strtol(args["mask"].c_str(), &endptr, 8);`
`99`	`98`	`if (('\0' != *endptr) \|\| ((mask & supportedMask) != mask))`
`100`	`99`	`{`
`101`	`100`	`return Error("Invalid mask parameter");`
`102`	`101`	`}`
`103`		`- if (((statbuf.st_mode & supportedMask) & mask) != 0)`
`104`		`- {`
`105`		`- logstream << "Invalid permissions - are " << std::oct << (statbuf.st_mode & supportedMask) << " should be " << std::oct`
`106`		`- << ((statbuf.st_mode & supportedMask) & (~mask)) << " with mask " << std::oct << mask << std::dec;`
`107`		`- return false;`
`108`		`- }`
	`102`	`+ mask &= supportedMask;`
	`103`	`+ has_perms_or_mask = true;`
	`104`	`+ }`
	`105`	`+ if (has_perms_or_mask && ((perms & mask) != (statbuf.st_mode & mask)))`
	`106`	`+ {`
	`107`	`+ logstream << "Invalid permissions - are " << std::oct << (statbuf.st_mode & supportedMask) << " should be " << std::oct << perms`
	`108`	`+ << " with mask " << std::oct << mask << std::dec;`
	`109`	`+ return false;`
`109`	`110`	`}`
`110`	`111`
`111`	`112`	`return true;`
`@@ -189,43 +190,42 @@ REMEDIATE_FN(ensureFilePermissions)`
`189`	`190`	`}`
`190`	`191`	`}`
`191`	`192`
	`193`	`+ mode_t perms = 0x1FF;`
	`194`	`+ mode_t mask = 0x1FF;`
	`195`	`+ bool has_perms_or_mask = false;`
`192`	`196`	`if (args.find("permissions") != args.end())`
`193`	`197`	`{`
`194`	`198`	`char* endptr;`
`195`		`- const mode_t perms = strtol(args["permissions"].c_str(), &endptr, 8);`
	`199`	`+ perms = strtol(args["permissions"].c_str(), &endptr, 8);`
`196`	`200`	`if (('\0' != *endptr) \|\| ((perms & supportedMask) != perms))`
`197`	`201`	`{`
`198`	`202`	`logstream << "ERROR: Invalid permissions: " << args["permissions"];`
`199`	`203`	`return Error("Invalid permissions: " + args["permissions"]);`
`200`	`204`	`}`
`201`		`- if (perms != (statbuf.st_mode & supportedMask))`
`202`		`- {`
`203`		`- if (chmod(args["filename"].c_str(), perms) < 0)`
`204`		`- {`
`205`		`- logstream << "ERROR: Chmod error " << strerror(errno);`
`206`		`- return false;`
`207`		`- }`
`208`		`- }`
	`205`	`+ has_perms_or_mask = true;`
`209`	`206`	`}`
`210`	`207`	`if (args.find("mask") != args.end())`
`211`	`208`	`{`
`212`	`209`	`char* endptr;`
`213`		`- const mode_t mask = strtol(args["mask"].c_str(), &endptr, 8);`
	`210`	`+ mask = strtol(args["mask"].c_str(), &endptr, 8);`
`214`	`211`	`if (('\0' != *endptr) \|\| ((mask & supportedMask) != mask))`
`215`	`212`	`{`
`216`	`213`	`logstream << "ERROR: Invalid permissions mask: " << args["mask"];`
`217`	`214`	`return Error("Invalid permissions mask: " + args["mask"]);`
`218`	`215`	`}`
`219`		`- if (((statbuf.st_mode & supportedMask) & mask) != 0)`
	`216`	`+ has_perms_or_mask = true;`
	`217`	`+ }`
	`218`	`+`
	`219`	`+ unsigned short new_perms = (statbuf.st_mode & ~mask) \| (perms & mask);`
	`220`	`+ OsConfigLogInfo(NULL, "Setting permissions to %o, current: %o, perms: %o, mask: %o", new_perms, statbuf.st_mode, perms, mask);`
	`221`	`+ if (has_perms_or_mask && (new_perms != statbuf.st_mode))`
	`222`	`+ {`
	`223`	`+ if (chmod(args["filename"].c_str(), new_perms) < 0)`
`220`	`224`	`{`
`221`		`- if (chmod(args["filename"].c_str(), statbuf.st_mode & (~mask)) < 0)`
`222`		`- {`
`223`		`- logstream << "ERROR: Chmod error " << strerror(errno);`
`224`		`- return false;`
`225`		`- }`
	`225`	`+ logstream << "ERROR: Chmod error";`
	`226`	`+ return Error("Chmod error");`
`226`	`227`	`}`
`227`	`228`	`}`
`228`		`-`
`229`	`229`	`return true;`
`230`	`230`	`}`
`231`	`231`	`} // namespace compliance`
Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@`
`83`	`83`	`"ObjectType": "Reported",`
`84`	`84`	`"ComponentName": "Compliance",`
`85`	`85`	`"ObjectName": "auditTest",`
`86`		`- "Payload": "{ ensureFilePermissions: ensureFilePermissions for '\/tmp/testfile' Invalid permissions - are 777 should be 644 } == FALSE"`
	`86`	`+ "Payload": "{ ensureFilePermissions: ensureFilePermissions for '\/tmp/testfile' Invalid permissions - are 777 should be 644 with mask 777 } == FALSE"`
`87`	`87`	`},`
`88`	`88`	`{`
`89`	`89`	`"ObjectType": "Desired",`