1 // Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
2 // Use of this source code is governed by an apache 2.0 license that can be
3 // found in the LICENSE file.
5 #include "common/step/security/step_recover_signature.h"
7 #include <boost/filesystem/path.hpp>
11 #include "common/certificate_validation.h"
12 #include "common/utils/file_util.h"
14 namespace bf = boost::filesystem;
18 bf::path GetSignatureFilePath(bool is_readonly) {
19 return bf::path((is_readonly) ?
20 tzplatform_getenv(TZ_SYS_RO_SHARE) : tzplatform_getenv(TZ_SYS_SHARE)) /
24 bool RecoverSignatureFile(const std::string& pkgid, bool is_readonly) {
25 bf::path path = GetSignatureFilePath(is_readonly);
26 bf::path target_path = bf::path(path) / std::string(pkgid + ".txt");
27 bf::path backup_path = bf::path(path) / std::string(pkgid + "_backup.txt");
29 if (bf::exists(backup_path) &&
30 !common_installer::MoveFile(backup_path, target_path, true))
38 namespace common_installer {
41 Step::Status StepRecoverSignature::RecoveryNew() {
42 bf::path path = GetSignatureFilePath(context_->is_readonly_package.get());
43 path /= std::string(context_->pkgid.get() + ".txt");
44 if (!common_installer::Remove(path))
45 return Status::CERT_ERROR;
50 Step::Status StepRecoverSignature::RecoveryUpdate() {
51 std::string error_message;
52 PrivilegeLevel level = PrivilegeLevel::UNTRUSTED;
53 if (!ValidateSignatures(GetSignatureRoot(), &level,
54 &context_->certificate_info.get(), false,
56 LOG(ERROR) << "Failed to verify signature: " << error_message;
57 return Status::CERT_ERROR;
60 if (level == PrivilegeLevel::UNTRUSTED) {
61 // if priv level is untrusted, get priv level from backed up signature file
62 if (!GetSignatureFromFile(context_->pkgid.get(),
63 context_->is_readonly_package.get(), &level,
64 &context_->certificate_info.get())) {
65 LOG(INFO) << "Unable to get privilege level from file";
66 return Status::CERT_ERROR;
70 if (!RecoverSignatureFile(context_->pkgid.get(),
71 context_->is_readonly_package.get()))
72 return Status::CERT_ERROR;
74 context_->privilege_level.set(level);
78 Step::Status StepRecoverSignature::RecoveryReadonlyUpdateInstall() {
79 std::string error_message;
80 PrivilegeLevel level = PrivilegeLevel::PLATFORM;
81 bf::path signature_root =
82 bf::path(GetRootAppPath(context_->is_readonly_package.get(),
83 context_->uid.get())) / context_->pkgid.get();
84 if (!ValidateSignatures(signature_root, &level,
85 &context_->certificate_info.get(), false,
87 LOG(ERROR) << "Failed to verify signature: " << error_message;
88 return Status::CERT_ERROR;
91 if (level == PrivilegeLevel::UNTRUSTED) {
92 if (!GetSignatureFromFile(context_->pkgid.get(),
93 context_->is_readonly_package.get(), &level,
94 &context_->certificate_info.get())) {
95 LOG(INFO) << "Unable to get privilege level from file";
96 return Status::CERT_ERROR;
100 if (!RecoverSignatureFile(context_->pkgid.get(), false))
101 return Status::CERT_ERROR;
103 context_->privilege_level.set(level);
107 } // namespace security
108 } // namespace common_installer