2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file task_smack.cpp
18 * @author Piotr Kozbial (p.kozbial@samsung.com)
20 * @brief Implementation file for installer task smack
23 #include <widget_install/task_smack.h>
24 #include <widget_install/widget_install_context.h>
25 #include <widget_install/widget_install_errors.h>
26 #include <widget_install/job_widget_install.h>
27 #include <dpl/wrt-dao-ro/common_dao_types.h>
28 #include <dpl/foreach.h>
29 #include <dpl/wrt-dao-ro/widget_dao_read_only.h>
30 #include <dpl/utils/bash_utils.h>
31 #include <vcore/Certificate.h>
32 #include <vcore/CryptoHash.h>
33 #ifdef WRT_SMACK_ENABLED
34 #include <privilege-control.h>
35 #include <sys/smack.h>
39 using namespace WrtDB;
40 using namespace ValidationCore;
43 const int MAX_BUF_SIZE = 128;
44 void freeList(const char** list) {
45 for (int i = 0; list[i] != NULL; i++)
54 namespace WidgetInstall {
55 TaskSmack::TaskSmack(InstallerContext& context) :
56 DPL::TaskDecl<TaskSmack>(this),
60 AddStep(&TaskSmack::StepSetInstall);
61 AddStep(&TaskSmack::StepSmackFolderLabeling);
62 AddStep(&TaskSmack::StepSmackPrivilege);
63 AddStep(&TaskSmack::StepSetEndofInstallation);
65 AddAbortStep(&TaskSmack::StepAbortSmack);
68 void TaskSmack::StepSetInstall()
70 LogInfo("----------------> SMACK: StepStartSetSmack()");
71 #ifdef WRT_SMACK_ENABLED
72 std::string pkg = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
73 m_pkgId = (char*)calloc(1, pkg.length() + 1);
74 snprintf(m_pkgId, pkg.length() + 1, "%s", pkg.c_str());
76 if (m_context.widgetConfig.packagingType !=
77 WrtDB::PkgType::PKG_TYPE_HYBRID_WEB_APP)
79 if (PC_OPERATION_SUCCESS != app_install(m_pkgId)) {
81 ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
82 "failure in creating smack rules file.");
88 void TaskSmack::StepSmackFolderLabeling()
90 LogInfo("----------------> SMACK:\
91 Jobs::WidgetInstall::TaskSmack::SmackFolderLabelingStep()");
92 #ifdef WRT_SMACK_ENABLED
93 /* /opt/usr/apps/[pkgid] directory's label is "_" */
94 if (PC_OPERATION_SUCCESS != app_setup_path(m_pkgId,
95 m_context.locations->getPackageInstallationDir().c_str(),
96 APP_PATH_ANY_LABEL, "_")) {
97 LogWarning("Add label to " <<
98 m_context.locations->getPackageInstallationDir());
102 std::string resDir = m_context.locations->getPackageInstallationDir() +
105 if (PC_OPERATION_SUCCESS != app_setup_path(m_pkgId, resDir.c_str(),
107 LogWarning("Add label to " << resDir);
111 if (PC_OPERATION_SUCCESS != app_setup_path(m_pkgId,
112 m_context.locations->getPrivateStorageDir().c_str(),
114 LogWarning("Add label to " << m_context.locations->getPrivateStorageDir());
118 if (m_context.mode.installTime == InstallMode::InstallTime::PRELOAD &&
119 m_context.mode.extension != InstallMode::ExtensionType::DIR)
121 if (PC_OPERATION_SUCCESS != app_setup_path(m_pkgId,
122 m_context.locations->getUserDataRootDir().c_str(),
123 APP_PATH_GROUP_RW, "_")) {
128 if (PC_OPERATION_SUCCESS != app_setup_path(m_pkgId,
129 m_context.locations->getPrivateTempStorageDir().c_str(),
132 LogWarning("Add label to " << m_context.locations->getPrivateTempStorageDir());
136 if (PC_OPERATION_SUCCESS != app_setup_path(m_pkgId,
137 m_context.locations->getBinaryDir().c_str(),
139 LogWarning("Add label to " << m_context.locations->getBinaryDir());
142 if(!setLabelForSharedDir(m_pkgId)) {
143 LogWarning("Add label to shared directory");
148 /* TODO : set label at wrt-client */
152 void TaskSmack::StepSmackPrivilege()
154 LogInfo("----------------> SMACK:\
155 Jobs::WidgetInstall::TaskSmack::SmackPrivilegeStep()");
156 #ifdef WRT_SMACK_ENABLED
158 std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzAppid);
160 std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
162 appId = (char*)calloc(1, id.length() + 1);
163 snprintf(appId, id.length() + 1, "%s", id.c_str());
165 WrtDB::ConfigParserData::PrivilegeList privileges =
166 m_context.widgetConfig.configInfo.privilegeList;
168 char** perm_list = new char*[privileges.size() + 1];
170 FOREACH(it, privileges) {
171 LogInfo("Permission : " << it->name);
172 int length = DPL::ToUTF8String(it->name).length();
173 char *priv = new char[length + 1];
174 snprintf(priv, length + 1, "%s",
175 DPL::ToUTF8String(it->name).c_str());
176 perm_list[index++] = priv;
178 perm_list[index] = NULL;
180 if (PC_OPERATION_SUCCESS != app_enable_permissions(appId, APP_TYPE_WGT,
181 const_cast<const char **>(perm_list), true)) {
182 LogWarning("failure in contructing smack rules based on perm_list");
187 while (NULL != perm_list[index]) {
188 delete [] perm_list[index++];
192 m_context.job->UpdateProgress(
193 InstallerContext::INSTALL_SMACK_ENABLE,
194 "Widget SMACK Enabled");
198 void TaskSmack::StepRevokeForUpdate()
200 LogInfo("----------------> SMACK:\
201 Jobs::WidgetInstall::TaskSmack::StepRevokePrivilegeForUpdate()");
202 #ifdef WRT_SMACK_ENABLED
203 if (PC_OPERATION_SUCCESS != app_revoke_permissions(m_pkgId)) {
204 LogWarning("failure in revoking smack permissions");
209 void TaskSmack::StepAbortSmack()
211 LogInfo("----------------> SMACK:\
212 Jobs::WidgetInstall::TaskSmack::StepAbortSmack()");
213 #ifdef WRT_SMACK_ENABLED
215 std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzAppid);
217 appId = (char*)calloc(1, id.length() + 1);
218 snprintf(appId, id.length() + 1, "%s", id.c_str());
221 if (PC_OPERATION_SUCCESS != app_revoke_permissions(m_pkgId)) {
222 LogWarning("failure in revoking smack permissions");
225 if (PC_OPERATION_SUCCESS != app_uninstall(m_pkgId)) {
226 LogWarning("failure in removing smack rules file");
232 void TaskSmack::StepSetEndofInstallation()
234 m_context.job->UpdateProgress(
235 InstallerContext::INSTALL_END,
239 bool TaskSmack::setLabelForSharedDir(const char* pkgId)
241 /* shared/res directory */
242 if (PC_OPERATION_SUCCESS != app_setup_path(m_pkgId,
243 m_context.locations->getSharedResourceDir().c_str(),
244 APP_PATH_ANY_LABEL, "_")) {
245 LogWarning("Add label to " << m_context.locations->getSharedResourceDir());
248 /* shared/trusted directory */
249 CertificatePtr rootCert = m_context.wacSecurity.getAuthorCertificatePtr();
250 if (rootCert.Get() != NULL) {
251 ValidationCore::Crypto::Hash::SHA1 sha1;
252 sha1.Append(rootCert->getDER());
254 std::string sha1String = sha1.ToBase64String();
255 size_t iPos = sha1String.find("/");
256 while(iPos < std::string::npos) {
257 sha1String.replace(iPos, 1, "#");
258 iPos = sha1String.find("/");
261 LogDebug("sha1 label string : " << sha1String);
263 if (PC_OPERATION_SUCCESS != app_setup_path(m_pkgId,
264 m_context.locations->getSharedTrustedDir().c_str(),
265 APP_PATH_GROUP_RW, sha1String.c_str())) {
266 LogWarning("Add label to " << m_context.locations->getBinaryDir());
270 /* shared/data directory */
271 if (PC_OPERATION_SUCCESS != app_setup_path(m_pkgId,
272 m_context.locations->getSharedDataDir().c_str(),
273 APP_PATH_PUBLIC_RO)) {
274 LogWarning("Add label to " << m_context.locations->getSharedDataDir());
279 } //namespace WidgetInstall