1 // Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
2 // Use of this source code is governed by a apache 2.0 license that can be
3 // found in the LICENSE file.
5 #include "common/step/security/step_revoke_trust_anchor.h"
7 #include <trust-anchor.h>
8 #include <boost/filesystem.hpp>
12 #include "common/utils/file_util.h"
14 namespace common_installer {
17 namespace bf = boost::filesystem;
21 const char kTpkTrustAnchorPath[] = "res/.trust-anchor";
22 const char kWgtTrustAnchorPath[] = ".trust-anchor";
23 const char kWgt[] = "wgt";
27 StepRevokeTrustAnchor::StepRevokeTrustAnchor(InstallerContext* context)
31 Step::Status StepRevokeTrustAnchor::undo() {
32 manifest_x* manifest = context_->old_manifest_data.get();
34 LOG(ERROR) << "old_manifest_data attribute is empty";
35 return Step::Status::INVALID_VALUE;
38 if (!manifest->use_system_certs)
39 return Step::Status::OK;
41 bf::path pkg_certs_path = context_->GetPkgPath() / kTpkTrustAnchorPath;
42 if (!context_->pkg_type.get().compare(kWgt)) {
44 // create [pkg_root]/res/.trust-anchor directory and create symbolic link
45 if (bf::exists(pkg_certs_path)) {
46 for (bf::directory_iterator file(pkg_certs_path);
47 file != bf::directory_iterator(); ++file) {
48 bf::path current(file->path());
49 if (bf::is_symlink(symlink_status(current))) {
50 if (!bf::remove(current)) {
51 LOG(ERROR) << "Failed to remove previous symlink : " << current;
52 return Step::Status::APP_DIR_ERROR;
57 if (!common_installer::CreateDir(pkg_certs_path))
58 return Step::Status::APP_DIR_ERROR;
61 bf::path pkg_certs_src_path =
62 context_->GetPkgPath() / "res/wgt" / kWgtTrustAnchorPath;
63 for (bf::directory_iterator file(pkg_certs_src_path);
64 file != bf::directory_iterator(); ++file) {
65 bf::path current(file->path());
67 bf::create_symlink(current, pkg_certs_path / current.filename());
68 } catch (const bf::filesystem_error& error) {
69 LOG(ERROR) << "Failed to make trust anchor symlink : " << error.what();
70 return Step::Status::APP_DIR_ERROR;
75 int ret = trust_anchor_install(context_->pkgid.get().c_str(),
76 context_->uid.get(), pkg_certs_path.string().c_str(),
77 (strcasecmp(manifest->use_system_certs, "true") == 0) ? true : false);
79 if (ret != TRUST_ANCHOR_ERROR_NONE) {
80 LOG(ERROR) << "Failed to register trust anchor. error : " << ret;
81 return Step::Status::SECURITY_ERROR;
84 return Step::Status::OK;
87 } // namespace security
88 } // namespace common_installer