tool/pkg_privilege.c

   1 #include <stdio.h>
   2 #include <string.h>
   3 #include <unistd.h>
   4 #include <sys/types.h>
   5 #include <linux/limits.h>
   6
   7 #include <tzplatform_config.h>
   8 #include <security-manager.h>
   9 #include <pkgmgr_parser.h>
  10
  11 #define OWNER_ROOT 0
  12 #define GLOBAL_USER tzplatform_getuid(TZ_SYS_GLOBALAPP_USER)
  13
  14 static const char *_get_pkg_root_path(const char *pkgid, uid_t uid)
  15 {
  16         const char *path;
  17
  18         tzplatform_set_user(uid);
  19         path = tzplatform_mkpath((uid == OWNER_ROOT || uid == GLOBAL_USER) ?
  20                         TZ_SYS_RO_APP : TZ_USER_APP, pkgid);
  21         tzplatform_reset_user();
  22
  23         return path;
  24 }
  25
  26 struct path_type {
  27         const char *path;
  28         enum app_install_path_type type;
  29 };
  30
  31 struct path_type path_type_map[] = {
  32         {"/", SECURITY_MANAGER_PATH_PUBLIC_RO},
  33         {"/bin", SECURITY_MANAGER_PATH_RO},
  34         {"/data", SECURITY_MANAGER_PATH_RW},
  35         {"/cache", SECURITY_MANAGER_PATH_RW},
  36         {"/lib", SECURITY_MANAGER_PATH_RO},
  37         {"/res", SECURITY_MANAGER_PATH_RO},
  38         {"/shared", SECURITY_MANAGER_PATH_PUBLIC_RO},
  39         {NULL, SECURITY_MANAGER_ENUM_END}
  40 };
  41
  42 static app_inst_req *_prepare_request(const char *pkgid, const char *appid,
  43                 uid_t uid)
  44 {
  45         int ret;
  46         app_inst_req *req;
  47         const char *root_path;
  48         char buf[PATH_MAX];
  49         int i;
  50
  51         if (security_manager_app_inst_req_new(&req)) {
  52                 printf("security_manager_app_inst_req_new failed\n");
  53                 return NULL;
  54         }
  55
  56         ret = security_manager_app_inst_req_set_pkg_id(req, pkgid);
  57         if (ret != SECURITY_MANAGER_SUCCESS) {
  58                 printf("set pkgid failed: %d\n", ret);
  59                 security_manager_app_inst_req_free(req);
  60                 return NULL;
  61         }
  62
  63         ret = security_manager_app_inst_req_set_app_id(req, appid);
  64         if (ret != SECURITY_MANAGER_SUCCESS) {
  65                 printf("set appid failed: %d\n", ret);
  66                 security_manager_app_inst_req_free(req);
  67                 return NULL;
  68         }
  69
  70         root_path = _get_pkg_root_path(pkgid, uid);
  71         /* TODO: should be fixed */
  72         if (access(root_path, F_OK) == -1) {
  73                 printf("cannot find %s, but the smack rule for %s "
  74                                 "will be installed\n", root_path, appid);
  75                 return req;
  76         }
  77
  78         for (i = 0; path_type_map[i].path; i++) {
  79                 snprintf(buf, sizeof(buf), "%s%s", root_path,
  80                                 path_type_map[i].path);
  81                 if (access(buf, F_OK) == -1)
  82                         continue;
  83                 ret = security_manager_app_inst_req_add_path(req, buf,
  84                                 path_type_map[i].type);
  85                 if (ret != SECURITY_MANAGER_SUCCESS) {
  86                         printf("set path failed: %d\n", ret);
  87                         security_manager_app_inst_req_free(req);
  88                         return NULL;
  89                 }
  90         }
  91
  92         return req;
  93 }
  94
  95 /* NOTE: We cannot use cert-svc api which checks signature level in this tool,
  96  * because cert-svc does not provide c apis in Tizen 3.0.
  97  * So we set default privilege as platform level temporarily.
  98  */
  99 #define DEFAULT_PRIVILEGE "http://tizen.org/privilege/internal/default/platform"
 100 static int _insert_privilege(char *manifest, uid_t uid)
 101 {
 102         int ret;
 103         app_inst_req *req;
 104         manifest_x *mfx;
 105         privilege_x *priv;
 106         struct application_x *app;
 107
 108         mfx = pkgmgr_parser_process_manifest_xml(manifest);
 109         if (mfx == NULL) {
 110                 printf("Parse manifest failed\n");
 111                 return -1;
 112         }
 113
 114         app = mfx->application;
 115         while (app) {
 116                 req = _prepare_request(mfx->package, app->appid, uid);
 117                 if (req == NULL) {
 118                         pkgmgr_parser_free_manifest_xml(mfx);
 119                         return -1;
 120                 }
 121                 if (mfx->privileges != NULL) {
 122                         for (priv = mfx->privileges->privilege; priv;
 123                                         priv = priv->next)
 124                                 security_manager_app_inst_req_add_privilege(req,
 125                                                 priv->text);
 126                 }
 127
 128                 if (getuid() == OWNER_ROOT)
 129                         security_manager_app_inst_req_add_privilege(req,
 130                                         DEFAULT_PRIVILEGE);
 131
 132                 ret = security_manager_app_install(req);
 133                 if (ret != SECURITY_MANAGER_SUCCESS)
 134                         printf("app install failed: %d\n", ret);
 135                 security_manager_app_inst_req_free(req);
 136                 app = app->next;
 137         }
 138
 139         pkgmgr_parser_free_manifest_xml(mfx);
 140
 141         return 0;
 142 }
 143
 144 static int _remove_privilege(char *manifest, uid_t uid)
 145 {
 146         int ret;
 147         app_inst_req *req;
 148         manifest_x *mfx;
 149         struct application_x *app;
 150
 151         mfx = pkgmgr_parser_process_manifest_xml(manifest);
 152         if (mfx == NULL) {
 153                 printf("Parse manifest failed\n");
 154                 return -1;
 155         }
 156
 157         app = mfx->application;
 158         while (app) {
 159                 req = _prepare_request(mfx->package, app->appid, uid);
 160                 if (req == NULL) {
 161                         pkgmgr_parser_free_manifest_xml(mfx);
 162                         return -1;
 163                 }
 164
 165                 ret = security_manager_app_uninstall(req);
 166                 if (ret != SECURITY_MANAGER_SUCCESS)
 167                         printf("app uninstall failed: %d\n", ret);
 168
 169                 security_manager_app_inst_req_free(req);
 170                 app = app->next;
 171         }
 172
 173         pkgmgr_parser_free_manifest_xml(mfx);
 174
 175         return 0;
 176 }
 177
 178 static void _print_usage(const char *cmd)
 179 {
 180         printf("usage: %s <option> <manifest>\n"
 181                "   -i \t\t install privilege\n"
 182                "   -u \t\t uninstall privilege\n", cmd);
 183 }
 184
 185 int main(int argc, char **argv)
 186 {
 187         int ret;
 188
 189         if (argc < 3) {
 190                 _print_usage(argv[0]);
 191                 return -1;
 192         }
 193
 194         if (!strcmp(argv[1], "-i")) {
 195                 ret = _insert_privilege(argv[2], getuid());
 196         } else if (!strcmp(argv[1], "-u")) {
 197                 ret = _remove_privilege(argv[2], getuid());
 198         } else {
 199                 _print_usage(argv[0]);
 200                 ret = -1;
 201         }
 202
 203         return ret;
 204 }