*/
#include <utility>
+#include <vector>
+#include <string>
#include <widget_install/task_ace_check.h>
#include <dpl/assert.h>
#include <dpl/log/log.h>
-#include <ace-dao-rw/AceDAO.h>
#include <dpl/foreach.h>
#include <widget_install/widget_install_context.h>
#include <widget_install/widget_install_errors.h>
#include <widget_install/job_widget_install.h>
-#include <security_controller.h>
-#include <ace/PolicyResult.h>
-#include <ace/Request.h>
#include <dpl/wrt-dao-rw/widget_dao.h>
+#include <ace_api_install.h>
namespace Jobs {
namespace WidgetInstall {
void TaskAceCheck::StepPrepareForAce()
{
- Assert(!!m_context.widgetHandle);
+ WrtDB::WidgetDAO dao(m_context.locations->getPkgname());
m_context.featureLogic =
- FeatureLogicPtr(new FeatureLogic(*m_context.widgetHandle));
+ FeatureLogicPtr(new FeatureLogic(dao.getHandle()));
m_context.job->UpdateProgress(
InstallerContext::INSTALL_ACE_PREPARE,
"Widget Access Control Check Prepared");
void TaskAceCheck::StepAceCheck()
{
-
+ WrtDB::WidgetDAO dao(m_context.locations->getPkgname());
LogInfo("StepAceCheck!");
// This widget does not use any device cap
if (m_context.featureLogic->isDone()) {
DPL::String deviceCap = m_context.featureLogic->getDevice();
LogInfo("StepAceCheck!");
+ LogInfo("DevCap is : " << deviceCap);
- Assert(!!m_context.widgetHandle);
- Request *request = new Request(*m_context.widgetHandle,
- WidgetExecutionPhase_WidgetInstall);
- request->addDeviceCapability(DPL::ToUTF8String(deviceCap));
+ std::string devCapStr = DPL::ToUTF8String(deviceCap);
+ ace_policy_result_t policyResult = ACE_DENY;
+ ace_return_t ret = ace_get_policy_result(
+ const_cast<const ace_resource_t>(devCapStr.c_str()),
+ dao.getHandle(),
+ &policyResult);
+ if (ACE_OK != ret) {
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "ACE check failure");
+ }
- CONTROLLER_POST_EVENT(
- SecurityController,
- SecurityControllerEvents::AuthorizeWidgetInstallEvent(
- request,
- makeICDelegate(&TaskAceCheck::ProcessAceResponse)));
+ LogInfo("PolicyResult is : " << static_cast<int>(policyResult));
+ m_context.staticPermittedDevCaps.insert(std::make_pair(deviceCap,
+ policyResult == ACE_PERMIT));
- // PorcessAceResponse will Resume me.
- m_context.job->Pause();
+ m_context.featureLogic->setAceResponse(policyResult != ACE_DENY);
}
void TaskAceCheck::StepProcessAceResponse()
{
+ WrtDB::WidgetDAO dao(m_context.locations->getPkgname());
+ if (m_context.locations->browserRequest()) {
+ return;
+ }
+
LogInfo("StepProcessAceResponse");
m_context.featureLogic->next();
// No device caps left to process
if (m_context.featureLogic->isDone()) {
LogInfo("All responses has been received from ACE.");
-
+ // Data to convert to C API
+ std::vector<std::string> devCaps;
+ std::vector<bool> devCapsSmack;
// Saving static dev cap permissions
FOREACH (cap, m_context.staticPermittedDevCaps) {
LogInfo("staticPermittedDevCaps : " << cap->first
<< " smack: " << cap->second);
+ std::string devCapStr = DPL::ToUTF8String(cap->first);
+ devCaps.push_back(devCapStr);
+ devCapsSmack.push_back(cap->second);
+ }
+ ace_requested_dev_cap_list_t list;
+ list.count = devCaps.size();
+ list.items = new ace_requested_dev_cap_t[list.count];
+
+ for (unsigned int i = 0; i < devCaps.size(); ++i) {
+ list.items[i].device_capability =
+ const_cast<const ace_resource_t>(devCaps[i].c_str());
+ list.items[i].smack_granted =
+ devCapsSmack[i] ? ACE_TRUE : ACE_FALSE;
+ }
+ ace_return_t ret = ace_set_requested_dev_caps(dao.getHandle(), //TODO: (ace_widget_handle_t not int needed)
+ &list);
+ if (ACE_OK != ret) {
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "ACE failure");
+ }
+ delete [] list.items;
+
+ std::set<std::string> acceptedFeature;
+ auto it = m_context.featureLogic->resultBegin();
+ for (;it != m_context.featureLogic->resultEnd(); ++it) {
+ if (!(it->rejected)) {
+ acceptedFeature.insert(DPL::ToUTF8String(it->name));
+ }
}
+ ace_feature_list_t featureList;
+ featureList.count = acceptedFeature.size();
+ featureList.items = new ace_string_t[featureList.count];
+
+ size_t i=0;
+ for (std::set<std::string>::const_iterator iter = acceptedFeature.begin();
+ iter != acceptedFeature.end(); ++iter) {
+ LogDebug("Accepted feature item: " << iter->c_str());
+ featureList.items[i] = const_cast<char *>(iter->c_str());
+ i++;
+ }
+
+ ret = ace_set_accepted_feature(dao.getHandle(), &featureList);
- AceDB::AceDAO::setRequestedDevCaps(
- *(m_context.widgetHandle),
- m_context.staticPermittedDevCaps);
+ delete [] featureList.items;
+ if (ACE_OK != ret) {
+ LogError("Error in ace_set_feature");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "ace_set_feature failure.");
+ }
return;
}
{
LogInfo("Checking ACE response");
if (m_context.featureLogic->isRejected()) {
- LogDebug("Installation failure. Some devCap was not accepted by ACE.");
+ LogError("Installation failure. Some devCap was not accepted by ACE.");
ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
"Some deviceCap was not accepted by ACE.");
}
for(;it != end; ++it){
LogInfo(" |- Feature: " << it->name << " has reject status: " << it->rejected);
if (it->rejected) {
- WrtDB::WidgetDAO dao(*(m_context.widgetHandle));
+ WrtDB::WidgetDAO dao(m_context.locations->getPkgname());
dao.updateFeatureRejectStatus(*it);
}
}
"Widget Access Control Check Finished");
}
-void TaskAceCheck::ProcessAceResponse(PolicyResult policyResult)
-{
- LogInfo("Received ACE response.");
-
- DPL::String deviceCap = m_context.featureLogic->getDevice();
-
- LogInfo("DevCap is : " << deviceCap);
- LogInfo("PolicyResult is : " <<
- PolicyResult::serialize(policyResult));
- m_context.staticPermittedDevCaps.insert(std::make_pair(deviceCap,
- policyResult == PolicyEffect::PERMIT));
-
- m_context.featureLogic->setAceResponse(policyResult != PolicyEffect::DENY);
- m_context.job->Resume();
-}
-
} //namespace WidgetInstall
} //namespace Jobs