1 // Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
2 // Use of this source code is governed by an apache 2.0 license that can be
3 // found in the LICENSE file.
5 #include "common/step/security/step_signature.h"
7 #include <pkgmgr_installer.h>
13 #include "common/certificate_validation.h"
15 namespace bf = boost::filesystem;
16 namespace ci = common_installer;
20 pkgmgr_privilege_level ConvertToPkgmgrPrivilegeLevel(ci::PrivilegeLevel level) {
21 pkgmgr_privilege_level pkgmgr_level;
24 case ci::PrivilegeLevel::UNTRUSTED:
25 pkgmgr_level = PM_PRIVILEGE_UNTRUSTED;
27 case ci::PrivilegeLevel::PUBLIC:
28 pkgmgr_level = PM_PRIVILEGE_PUBLIC;
30 case ci::PrivilegeLevel::PARTNER:
31 pkgmgr_level = PM_PRIVILEGE_PARTNER;
33 case ci::PrivilegeLevel::PLATFORM:
34 pkgmgr_level = PM_PRIVILEGE_PLATFORM;
37 pkgmgr_level = PM_PRIVILEGE_UNKNOWN;
45 namespace common_installer {
48 Step::Status StepSignature::precheck() {
49 if (context_->unpacked_dir_path.get().empty()) {
50 LOG(ERROR) << "unpacked_dir_path attribute is empty";
51 return Step::Status::INVALID_VALUE;
53 if (!boost::filesystem::exists(context_->unpacked_dir_path.get())) {
54 LOG(ERROR) << "unpacked_dir_path ("
55 << context_->unpacked_dir_path.get()
56 << ") path does not exist";
57 return Step::Status::INVALID_VALUE;
60 if (save_signature_ && context_->pkgid.get().empty())
61 return Step::Status::INVALID_VALUE;
63 return Step::Status::OK;
66 boost::filesystem::path StepSignature::GetSignatureRoot() const {
67 return context_->unpacked_dir_path.get();
70 Step::Status StepSignature::CheckPrivilegeLevel(PrivilegeLevel level) {
71 std::string error_message;
72 if (!context_->is_readonly_package.get()) {
73 if (!ValidatePrivilegeLevel(level, context_->uid.get(),
74 context_->manifest_data.get()->api_version,
75 context_->manifest_data.get()->privileges, &error_message)) {
76 if (!error_message.empty()) {
77 LOG(ERROR) << "error_message: " << error_message;
78 on_error(Status::SIGNATURE_ERROR, error_message);
80 return Status::SIGNATURE_ERROR;
86 Step::Status StepSignature::process() {
87 signature_ = std::unique_ptr<Signature>(
88 new Signature(context_->request_type.get(),
89 context_->pkgid.get(),
90 context_->is_readonly_package.get(),
91 context_->skip_check_reference.get(),
92 &context_->certificate_info.get()));
93 PrivilegeLevel level = PrivilegeLevel::UNTRUSTED;
94 std::string error_message;
95 if (!signature_->GetPrivilegeLevel(GetSignatureRoot(),
96 &level, error_message)) {
97 on_error(Status::CERT_ERROR, error_message);
98 return Status::CERT_ERROR;
101 if (level == PrivilegeLevel::UNTRUSTED) {
102 std::string error_message =
103 "Unsigned applications can not be installed";
104 on_error(Status::CERT_ERROR, error_message);
105 return Status::SIGNATURE_ERROR;
108 LOG(INFO) << "Privilege level: " << PrivilegeLevelToString(level);
109 context_->privilege_level.set(level);
111 pkgmgr_installer_set_privilege_level(ConvertToPkgmgrPrivilegeLevel(level));
113 Status status = CheckPrivilegeLevel(level);
114 if (status != Status::OK)
117 if (!signature_->CheckMetadataPrivilege(level, context_->manifest_data.get(),
119 if (!error_message.empty()) {
120 LOG(ERROR) << "error_message: " << error_message;
121 on_error(Status::SIGNATURE_ERROR, error_message);
123 return Status::SIGNATURE_ERROR;
126 if (save_signature_) {
127 if (!signature_->SaveSignature(context_->unpacked_dir_path.get()))
128 return Step::Status::OK;
131 return Step::Status::OK;
134 Step::Status StepSignature::undo() {
135 bf::remove(signature_->GetFilePath());
136 if (bf::exists(signature_->GetBackupPath()))
137 bf::rename(signature_->GetBackupPath(), signature_->GetFilePath());
139 return Step::Status::OK;
142 Step::Status StepSignature::clean() {
143 if (bf::exists(signature_->GetBackupPath()))
144 bf::remove(signature_->GetBackupPath());
146 return Step::Status::OK;
149 } // namespace security
150 } // namespace common_installer