5 #include <linux/limits.h>
7 #include <tzplatform_config.h>
8 #include <security-manager.h>
9 #include <pkgmgr_parser.h>
12 #define GLOBAL_USER tzplatform_getuid(TZ_SYS_GLOBALAPP_USER)
14 static const char *_get_pkg_root_path(const char *pkgid, uid_t uid)
18 tzplatform_set_user(uid);
19 path = tzplatform_mkpath((uid == OWNER_ROOT || uid == GLOBAL_USER) ?
20 TZ_SYS_RO_APP : TZ_USER_APP, pkgid);
21 tzplatform_reset_user();
28 enum app_install_path_type type;
31 struct path_type path_type_map[] = {
32 {"/", SECURITY_MANAGER_PATH_PUBLIC_RO},
33 {"/bin", SECURITY_MANAGER_PATH_RO},
34 {"/data", SECURITY_MANAGER_PATH_RW},
35 {"/cache", SECURITY_MANAGER_PATH_RW},
36 {"/lib", SECURITY_MANAGER_PATH_RO},
37 {"/res", SECURITY_MANAGER_PATH_RO},
38 {"/shared", SECURITY_MANAGER_PATH_PUBLIC_RO},
39 {NULL, SECURITY_MANAGER_ENUM_END}
42 static app_inst_req *_prepare_request(const char *pkgid, const char *appid,
47 const char *root_path;
51 if (security_manager_app_inst_req_new(&req)) {
52 printf("security_manager_app_inst_req_new failed\n");
56 ret = security_manager_app_inst_req_set_pkg_id(req, pkgid);
57 if (ret != SECURITY_MANAGER_SUCCESS) {
58 printf("set pkgid failed: %d\n", ret);
59 security_manager_app_inst_req_free(req);
63 ret = security_manager_app_inst_req_set_app_id(req, appid);
64 if (ret != SECURITY_MANAGER_SUCCESS) {
65 printf("set appid failed: %d\n", ret);
66 security_manager_app_inst_req_free(req);
70 root_path = _get_pkg_root_path(pkgid, uid);
71 /* TODO: should be fixed */
72 if (access(root_path, F_OK) == -1) {
73 printf("cannot find %s, but the smack rule for %s "
74 "will be installed\n", root_path, appid);
78 for (i = 0; path_type_map[i].path; i++) {
79 snprintf(buf, sizeof(buf), "%s%s", root_path,
80 path_type_map[i].path);
81 if (access(buf, F_OK) == -1)
83 ret = security_manager_app_inst_req_add_path(req, buf,
84 path_type_map[i].type);
85 if (ret != SECURITY_MANAGER_SUCCESS) {
86 printf("set path failed: %d\n", ret);
87 security_manager_app_inst_req_free(req);
95 /* NOTE: We cannot use cert-svc api which checks signature level in this tool,
96 * because cert-svc does not provide c apis in Tizen 3.0.
97 * So we set default privilege as platform level temporarily.
99 #define DEFAULT_PRIVILEGE "http://tizen.org/privilege/internal/default/platform"
100 static int _insert_privilege(char *manifest, uid_t uid)
106 struct application_x *app;
108 mfx = pkgmgr_parser_process_manifest_xml(manifest);
110 printf("Parse manifest failed\n");
114 app = mfx->application;
116 req = _prepare_request(mfx->package, app->appid, uid);
118 pkgmgr_parser_free_manifest_xml(mfx);
121 if (mfx->privileges != NULL) {
122 for (priv = mfx->privileges->privilege; priv;
124 security_manager_app_inst_req_add_privilege(req,
128 if (getuid() == OWNER_ROOT)
129 security_manager_app_inst_req_add_privilege(req,
132 ret = security_manager_app_install(req);
133 if (ret != SECURITY_MANAGER_SUCCESS)
134 printf("app install failed: %d\n", ret);
135 security_manager_app_inst_req_free(req);
139 pkgmgr_parser_free_manifest_xml(mfx);
144 static int _remove_privilege(char *manifest, uid_t uid)
149 struct application_x *app;
151 mfx = pkgmgr_parser_process_manifest_xml(manifest);
153 printf("Parse manifest failed\n");
157 app = mfx->application;
159 req = _prepare_request(mfx->package, app->appid, uid);
161 pkgmgr_parser_free_manifest_xml(mfx);
165 ret = security_manager_app_uninstall(req);
166 if (ret != SECURITY_MANAGER_SUCCESS)
167 printf("app uninstall failed: %d\n", ret);
169 security_manager_app_inst_req_free(req);
173 pkgmgr_parser_free_manifest_xml(mfx);
178 static void _print_usage(const char *cmd)
180 printf("usage: %s <option> <manifest>\n"
181 " -i \t\t install privilege\n"
182 " -u \t\t uninstall privilege\n", cmd);
185 int main(int argc, char **argv)
190 _print_usage(argv[0]);
194 if (!strcmp(argv[1], "-i")) {
195 ret = _insert_privilege(argv[2], getuid());
196 } else if (!strcmp(argv[1], "-u")) {
197 ret = _remove_privilege(argv[2], getuid());
199 _print_usage(argv[0]);