2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file task_smack.cpp
18 * @author Piotr Kozbial (p.kozbial@samsung.com)
20 * @brief Implementation file for installer task smack
23 #include <widget_install/task_smack.h>
24 #include <widget_install/widget_install_context.h>
25 #include <widget_install/widget_install_errors.h>
26 #include <widget_install/job_widget_install.h>
27 #include <dpl/wrt-dao-ro/common_dao_types.h>
28 #include <dpl/foreach.h>
29 #include <dpl/wrt-dao-ro/widget_dao_read_only.h>
30 #include <dpl/utils/bash_utils.h>
31 #include <vcore/Certificate.h>
32 #include <vcore/CryptoHash.h>
34 #include <installer_log.h>
36 using namespace WrtDB;
37 using namespace ValidationCore;
40 namespace WidgetInstall {
41 TaskSmack::TaskSmack(InstallerContext& context) :
42 DPL::TaskDecl<TaskSmack>(this),
45 #ifdef WRT_SMACK_ENABLED
49 AddStep(&TaskSmack::StartStep);
50 AddStep(&TaskSmack::StepSetInstall);
51 AddStep(&TaskSmack::StepSmackAddUsers);
52 AddStep(&TaskSmack::StepSmackFolderLabeling);
53 AddStep(&TaskSmack::StepSmackPrivilege);
54 AddStep(&TaskSmack::StepInstall);
55 AddStep(&TaskSmack::EndStep);
57 AddAbortStep(&TaskSmack::StepAbortSmack);
60 void TaskSmack::StepSetInstall()
62 _D("----------------> SMACK: StepSetInstall()");
63 #ifdef WRT_SMACK_ENABLED
66 if (m_context.widgetConfig.packagingType !=
67 WrtDB::PkgType::PKG_TYPE_HYBRID_WEB_APP)
69 std::string appId = DPL::ToUTF8String(m_context.widgetConfig.tzAppid);
70 std::string pkgId = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
72 ret = security_manager_app_inst_req_new(&m_p_req);
73 if(SECURITY_MANAGER_SUCCESS != ret) {
74 _E("failure in creating security-manager request: security_manager_app_inst_req_new returned %d", ret);
78 ret = security_manager_app_inst_req_set_app_id(m_p_req, appId.c_str());
79 if(SECURITY_MANAGER_SUCCESS != ret) {
80 _E("failure in setting appId: security_manager_app_inst_req_set_app_id returned %d", ret);
81 goto freeAndThrowMessage;
84 ret = security_manager_app_inst_req_set_pkg_id(m_p_req, pkgId.c_str());
85 if(SECURITY_MANAGER_SUCCESS != ret) {
86 _E("failure in setting pkgId: security_manager_app_inst_req_set_pkg_id returned %d", ret);
87 goto freeAndThrowMessage;
93 security_manager_app_inst_req_free(m_p_req);
95 ThrowMsg(Exceptions::Base, "Installation failure. "
96 "failure in creating/initiating security-manager request.");
98 ThrowMsg(Exceptions::NotAllowed, "Installation not allowed. "
99 "hybrid web application is not to be processed here.");
104 void TaskSmack::StepSmackAddUsers()
106 _D("----------------> SMACK:\
107 Jobs::WidgetInstall::TaskSmack::StepSmackAddUsers()");
108 #ifdef WRT_SMACK_ENABLED
109 /* TODO : Add allowed users in near future. wrt-installer is not ready for this step yet. */
113 void TaskSmack::StepSmackFolderLabeling()
115 _D("----------------> SMACK:\
116 Jobs::WidgetInstall::TaskSmack::StepSmackFolderLabeling()");
117 #ifdef WRT_SMACK_ENABLED
118 /* /opt/usr/apps/[pkgid] directory's label is "_" */
119 if(SECURITY_MANAGER_SUCCESS != security_manager_app_inst_req_add_path(m_p_req,
120 m_context.locations->getPackageInstallationDir().c_str(), SECURITY_MANAGER_PATH_PUBLIC_RO)) {
121 _W("Add label to %s", m_context.locations->getPackageInstallationDir().c_str());
125 if (m_context.mode.installTime == InstallMode::InstallTime::PRELOAD &&
126 m_context.mode.extension != InstallMode::ExtensionType::DIR)
128 if(SECURITY_MANAGER_SUCCESS != security_manager_app_inst_req_add_path(m_p_req,
129 m_context.locations->getUserDataRootDir().c_str(), SECURITY_MANAGER_PATH_PUBLIC_RO)) {
130 _W("Add label to %s", m_context.locations->getUserDataRootDir().c_str());
135 std::string resDir = m_context.locations->getPackageInstallationDir() +
137 if(SECURITY_MANAGER_SUCCESS != security_manager_app_inst_req_add_path(m_p_req, resDir.c_str(), SECURITY_MANAGER_PATH_PRIVATE)) {
138 _W("Add label to %s", resDir.c_str());
142 if(SECURITY_MANAGER_SUCCESS != security_manager_app_inst_req_add_path(m_p_req,
143 m_context.locations->getPrivateStorageDir().c_str(), SECURITY_MANAGER_PATH_PRIVATE)) {
144 _W("Add label to %s", m_context.locations->getPrivateStorageDir().c_str());
148 if(SECURITY_MANAGER_SUCCESS != security_manager_app_inst_req_add_path(m_p_req,
149 m_context.locations->getPrivateTempStorageDir().c_str(), SECURITY_MANAGER_PATH_PRIVATE)) {
150 _W("Add label to %s", m_context.locations->getPrivateTempStorageDir().c_str());
154 if(SECURITY_MANAGER_SUCCESS != security_manager_app_inst_req_add_path(m_p_req,
155 m_context.locations->getBinaryDir().c_str(), SECURITY_MANAGER_PATH_PRIVATE)) {
156 _W("Add label to %s", m_context.locations->getBinaryDir().c_str());
159 if(!setLabelForSharedDir()) {
160 _W("Add label to shared directory");
163 /* TODO : set label at wrt-client */
167 void TaskSmack::StepSmackPrivilege()
169 _D("----------------> SMACK:\
170 Jobs::WidgetInstall::TaskSmack::StepSmackPrivilege()");
171 #ifdef WRT_SMACK_ENABLED
172 WrtDB::ConfigParserData::PrivilegeList privileges =
173 m_context.widgetConfig.configInfo.privilegeList;
175 FOREACH(it, privileges) {
176 _D("Permission : %ls", it->name.c_str());
177 if(SECURITY_MANAGER_SUCCESS != security_manager_app_inst_req_add_privilege(m_p_req,
178 DPL::ToUTF8String(it->name).c_str())) {
179 _W("failure in adding privilege: %s", it->name.c_str());
183 m_context.job->UpdateProgress(
184 InstallerContext::INSTALL_SMACK_ENABLE,
185 "Widget SMACK Enabled");
189 void TaskSmack::StepAbortSmack()
191 _D("----------------> SMACK:\
192 Jobs::WidgetInstall::TaskSmack::StepAbortSmack()");
195 bool TaskSmack::setLabelForSharedDir()
197 #ifdef WRT_SMACK_ENABLED
198 /* /shared directory */
199 if(SECURITY_MANAGER_SUCCESS != security_manager_app_inst_req_add_path(m_p_req,
200 m_context.locations->getSharedRootDir().c_str(), SECURITY_MANAGER_PATH_PUBLIC_RO)) {
201 _W("Add label to %s", m_context.locations->getSharedRootDir().c_str());
204 /* /shared/res directory */
205 if(SECURITY_MANAGER_SUCCESS != security_manager_app_inst_req_add_path(m_p_req,
206 m_context.locations->getSharedResourceDir().c_str(), SECURITY_MANAGER_PATH_PUBLIC_RO)) {
207 _W("Add label to %s", m_context.locations->getSharedResourceDir().c_str());
210 /* /shared/trusted directory */
211 if(SECURITY_MANAGER_SUCCESS != security_manager_app_inst_req_add_path(m_p_req,
212 m_context.locations->getSharedTrustedDir().c_str(), SECURITY_MANAGER_PATH_PUBLIC)) {
213 _W("Add label to %s", m_context.locations->getSharedTrustedDir().c_str());
216 /* /shared/data directory */
217 if(SECURITY_MANAGER_SUCCESS != security_manager_app_inst_req_add_path(m_p_req,
218 m_context.locations->getSharedDataDir().c_str(), SECURITY_MANAGER_PATH_PUBLIC_RO)) {
219 _W("Add label to %s", m_context.locations->getSharedDataDir().c_str());
226 void TaskSmack::StepInstall()
228 _D("----------------> SMACK: StepInstall()");
229 #ifdef WRT_SMACK_ENABLED
231 if (m_context.widgetConfig.packagingType !=
232 WrtDB::PkgType::PKG_TYPE_HYBRID_WEB_APP)
234 ret = security_manager_app_install(m_p_req);
235 security_manager_app_inst_req_free(m_p_req);
236 if (SECURITY_MANAGER_SUCCESS != ret) {
237 _E("failure in installing privileges: security_manager_app_install returned %d", ret);
238 ThrowMsg(Exceptions::NotAllowed, "Installation not allowed. "
239 "failure in installing permissions.");
245 void TaskSmack::StartStep()
247 _D("--------- <TaskSmack> : START ----------");
250 void TaskSmack::EndStep()
252 _D("--------- <TaskSmack> : END ----------");
254 } //namespace WidgetInstall