2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file task_smack.cpp
18 * @author Piotr Kozbial (p.kozbial@samsung.com)
20 * @brief Implementation file for installer task smack
23 #include <widget_install/task_smack.h>
24 #include <widget_install/widget_install_context.h>
25 #include <widget_install/widget_install_errors.h>
26 #include <widget_install/job_widget_install.h>
27 #include <dpl/wrt-dao-ro/common_dao_types.h>
28 #include <dpl/foreach.h>
29 #include <dpl/wrt-dao-ro/widget_dao_read_only.h>
30 #include <dpl/utils/bash_utils.h>
31 #include <vcore/Certificate.h>
32 #include <vcore/CryptoHash.h>
33 #ifdef WRT_SMACK_ENABLED
34 #include <privilege-control.h>
35 #include <sys/smack.h>
39 using namespace WrtDB;
40 using namespace ValidationCore;
43 const int MAX_BUF_SIZE = 128;
44 void freeList(const char** list) {
45 for (int i = 0; list[i] != NULL; i++)
54 namespace WidgetInstall {
55 TaskSmack::TaskSmack(InstallerContext& context) :
56 DPL::TaskDecl<TaskSmack>(this),
60 AddStep(&TaskSmack::StepSetInstall);
61 AddStep(&TaskSmack::StepSmackFolderLabeling);
62 AddStep(&TaskSmack::StepSmackPrivilege);
63 AddStep(&TaskSmack::StepSetEndofInstallation);
65 AddAbortStep(&TaskSmack::StepAbortSmack);
68 void TaskSmack::StepSetInstall()
70 LogInfo("----------------> SMACK: StepStartSetSmack()");
71 #ifdef WRT_SMACK_ENABLED
72 std::string pkg = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
73 m_pkgId = (char*)calloc(1, pkg.length() + 1);
74 snprintf(m_pkgId, pkg.length() + 1, "%s", pkg.c_str());
76 if (m_context.widgetConfig.packagingType !=
77 WrtDB::PkgType::PKG_TYPE_HYBRID_WEB_APP)
79 if (PC_OPERATION_SUCCESS != app_install(m_pkgId)) {
81 ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
82 "failure in creating smack rules file.");
88 void TaskSmack::StepSmackFolderLabeling()
90 LogInfo("----------------> SMACK:\
91 Jobs::WidgetInstall::TaskSmack::SmackFolderLabelingStep()");
92 #ifdef WRT_SMACK_ENABLED
93 /* /opt/usr/apps/[pkgid] directory's label is "_" */
94 if (PC_OPERATION_SUCCESS != app_label_dir("_",
95 m_context.locations->getPackageInstallationDir().c_str())) {
96 LogWarning("Add label to " <<
97 m_context.locations->getPackageInstallationDir());
101 std::string resDir = m_context.locations->getPackageInstallationDir() +
103 if (PC_OPERATION_SUCCESS != app_label_dir(m_pkgId,
105 LogWarning("Add label to " << resDir);
109 if (m_context.mode.installTime == InstallMode::InstallTime::PRELOAD &&
110 m_context.mode.extension != InstallMode::ExtensionType::DIR)
112 if (PC_OPERATION_SUCCESS != app_label_dir("_",
113 m_context.locations->getUserDataRootDir().c_str())) {
114 LogWarning("Add label to " << m_context.locations->getUserDataRootDir());
119 if (PC_OPERATION_SUCCESS !=
120 app_label_dir(m_pkgId,
121 m_context.locations->getPrivateStorageDir().c_str()))
123 LogWarning("Add label to " << m_context.locations->getPrivateStorageDir());
127 if (PC_OPERATION_SUCCESS !=
128 app_label_dir(m_pkgId,
129 m_context.locations->getPrivateTempStorageDir().c_str()))
131 LogWarning("Add label to " << m_context.locations->getPrivateTempStorageDir());
135 if (PC_OPERATION_SUCCESS != app_label_dir(m_pkgId,
136 m_context.locations->getBinaryDir().c_str())) {
137 LogWarning("Add label to " << m_context.locations->getBinaryDir());
140 if(!setLabelForSharedDir(m_pkgId)) {
141 LogWarning("Add label to shared directory");
146 /* TODO : set label at wrt-client */
150 void TaskSmack::StepSmackPrivilege()
152 LogInfo("----------------> SMACK:\
153 Jobs::WidgetInstall::TaskSmack::SmackPrivilegeStep()");
154 #ifdef WRT_SMACK_ENABLED
156 std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzAppid);
158 std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
160 appId = (char*)calloc(1, id.length() + 1);
161 snprintf(appId, id.length() + 1, "%s", id.c_str());
163 WrtDB::ConfigParserData::PrivilegeList privileges =
164 m_context.widgetConfig.configInfo.privilegeList;
166 char** perm_list = new char*[privileges.size() + 1];
168 FOREACH(it, privileges) {
169 LogInfo("Permission : " << it->name);
170 int length = DPL::ToUTF8String(it->name).length();
171 char *priv = new char[length + 1];
172 snprintf(priv, length + 1, "%s",
173 DPL::ToUTF8String(it->name).c_str());
174 perm_list[index++] = priv;
176 perm_list[index] = NULL;
178 if (PC_OPERATION_SUCCESS != app_enable_permissions(appId, APP_TYPE_WGT,
179 const_cast<const char **>(perm_list), true)) {
180 LogWarning("failure in contructing smack rules based on perm_list");
185 while (NULL != perm_list[index]) {
186 delete [] perm_list[index++];
190 m_context.job->UpdateProgress(
191 InstallerContext::INSTALL_SMACK_ENABLE,
192 "Widget SMACK Enabled");
196 void TaskSmack::StepRevokeForUpdate()
198 LogInfo("----------------> SMACK:\
199 Jobs::WidgetInstall::TaskSmack::StepRevokePrivilegeForUpdate()");
200 #ifdef WRT_SMACK_ENABLED
201 if (PC_OPERATION_SUCCESS != app_revoke_permissions(m_pkgId)) {
202 LogWarning("failure in revoking smack permissions");
207 void TaskSmack::StepAbortSmack()
209 LogInfo("----------------> SMACK:\
210 Jobs::WidgetInstall::TaskSmack::StepAbortSmack()");
211 #ifdef WRT_SMACK_ENABLED
213 std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzAppid);
214 std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
216 appId = (char*)calloc(1, id.length() + 1);
217 snprintf(appId, id.length() + 1, "%s", id.c_str());
220 if (PC_OPERATION_SUCCESS != app_revoke_permissions(m_pkgId)) {
221 LogWarning("failure in revoking smack permissions");
224 if (PC_OPERATION_SUCCESS != app_uninstall(m_pkgId)) {
225 LogWarning("failure in removing smack rules file");
231 void TaskSmack::StepSetEndofInstallation()
233 m_context.job->UpdateProgress(
234 InstallerContext::INSTALL_END,
238 bool TaskSmack::setLabelForSharedDir(const char* pkgId)
240 /* shared directory */
241 if (PC_OPERATION_SUCCESS != app_label_dir("*",
242 m_context.locations->getSharedRootDir().c_str())) {
246 /* shared/res directory */
247 if (PC_OPERATION_SUCCESS != app_label_dir("_",
248 m_context.locations->getSharedResourceDir().c_str())) {
252 /* shared/trusted directory */
253 CertificatePtr rootCert = m_context.wacSecurity.getAuthorCertificatePtr();
254 if (rootCert.Get() != NULL) {
255 ValidationCore::Crypto::Hash::SHA1 sha1;
256 sha1.Append(rootCert->getDER());
258 std::string sha1String = sha1.ToBase64String();
259 size_t iPos = sha1String.find("/");
260 while(iPos < std::string::npos) {
261 sha1String.replace(iPos, 1, "#");
262 iPos = sha1String.find("/");
265 LogDebug("sha1 label string : " << sha1String);
267 if (PC_OPERATION_SUCCESS != app_label_shared_dir(pkgId,
269 m_context.locations->getSharedTrustedDir().c_str())) {
274 /* shared/data directory */
275 std::string dataLabel = std::string(pkgId) + "_shareddata";
276 TizenPkgIdList pkgList = WidgetDAOReadOnly::getTizenPkgidList();
277 const char** pList = new (std::nothrow) const char*[pkgList.size() + 1];
280 FOREACH(app, pkgList) {
281 std::string id = DPL::ToUTF8String(*app);
282 char *pId = new char[id.size() + 1];
283 snprintf(pId, id.length() + 1, "%s", id.c_str());
284 pList[index++] = pId;
288 if (PC_OPERATION_SUCCESS != app_label_shared_dir(pkgId,
290 m_context.locations->getSharedDataDir().c_str())) {
294 if (PC_OPERATION_SUCCESS != app_label_shared_dir(pkgId,
296 m_context.locations->getSharedDataDir().c_str())) {
303 } //namespace WidgetInstall
projects / platform / framework / web / wrt-installer.git / blob