*/
#include <utility>
+#include <vector>
+#include <string>
#include <widget_install/task_ace_check.h>
#include <dpl/assert.h>
#include <dpl/log/log.h>
-#include <ace-dao-rw/AceDAO.h>
#include <dpl/foreach.h>
#include <widget_install/widget_install_context.h>
#include <widget_install/widget_install_errors.h>
#include <widget_install/job_widget_install.h>
-#include <security_controller.h>
-#include <ace/PolicyResult.h>
-#include <ace/Request.h>
#include <dpl/wrt-dao-rw/widget_dao.h>
+#include <ace_api_install.h>
namespace Jobs {
namespace WidgetInstall {
-
TaskAceCheck::TaskAceCheck(InstallerContext& context) :
DPL::TaskDecl<TaskAceCheck>(this),
m_context(context)
{
+ AddStep(&TaskAceCheck::StartStep);
AddStep(&TaskAceCheck::StepPrepareForAce);
AddStep(&TaskAceCheck::StepAceCheck);
AddStep(&TaskAceCheck::StepProcessAceResponse);
AddStep(&TaskAceCheck::StepCheckAceResponse);
+ AddStep(&TaskAceCheck::EndStep);
}
void TaskAceCheck::StepPrepareForAce()
{
- Assert(!!m_context.widgetHandle);
m_context.featureLogic =
- FeatureLogicPtr(new FeatureLogic(*m_context.widgetHandle));
+ FeatureLogicPtr(new FeatureLogic(m_context.widgetConfig.tzAppid));
m_context.job->UpdateProgress(
InstallerContext::INSTALL_ACE_PREPARE,
"Widget Access Control Check Prepared");
void TaskAceCheck::StepAceCheck()
{
-
- LogInfo("StepAceCheck!");
+ WrtDB::WidgetDAO dao(m_context.widgetConfig.tzAppid);
+ LogDebug("StepAceCheck!");
// This widget does not use any device cap
if (m_context.featureLogic->isDone()) {
return;
}
- LogInfo("StepAceCheck!");
+ LogDebug("StepAceCheck!");
DPL::String deviceCap = m_context.featureLogic->getDevice();
- LogInfo("StepAceCheck!");
-
- Assert(!!m_context.widgetHandle);
- Request *request = new Request(*m_context.widgetHandle,
- WidgetExecutionPhase_WidgetInstall);
- request->addDeviceCapability(DPL::ToUTF8String(deviceCap));
+ LogDebug("StepAceCheck!");
+ LogDebug("DevCap is : " << deviceCap);
+
+ std::string devCapStr = DPL::ToUTF8String(deviceCap);
+ ace_policy_result_t policyResult = ACE_DENY;
+
+ //TODO: remove dao.getHandle()
+ if (m_context.mode.installTime == InstallMode::InstallTime::PRELOAD) {
+ LogDebug("This widget is prealoaded. So ace check will be skiped");
+ policyResult = ACE_PERMIT;
+ } else {
+ ace_return_t ret = ace_get_policy_result(
+ const_cast<const ace_resource_t>(devCapStr.c_str()),
+ dao.getHandle(),
+ &policyResult);
+ if (ACE_OK != ret) {
+ ThrowMsg(Exceptions::AceCheckFailed, "Instalation failure. "
+ "ACE check failure");
+ }
+ }
- CONTROLLER_POST_EVENT(
- SecurityController,
- SecurityControllerEvents::AuthorizeWidgetInstallEvent(
- request,
- makeICDelegate(&TaskAceCheck::ProcessAceResponse)));
+ LogDebug("PolicyResult is : " << static_cast<int>(policyResult));
+ m_context.staticPermittedDevCaps.insert(std::make_pair(deviceCap,
+ policyResult ==
+ ACE_PERMIT));
- // PorcessAceResponse will Resume me.
- m_context.job->Pause();
+ m_context.featureLogic->setAceResponse(policyResult != ACE_DENY);
}
void TaskAceCheck::StepProcessAceResponse()
{
- LogInfo("StepProcessAceResponse");
+ WrtDB::WidgetDAO dao(m_context.widgetConfig.tzAppid);
+ if (m_context.widgetConfig.packagingType ==
+ WrtDB::PKG_TYPE_HOSTED_WEB_APP)
+ {
+ return;
+ }
+
+ LogDebug("StepProcessAceResponse");
m_context.featureLogic->next();
// No device caps left to process
if (m_context.featureLogic->isDone()) {
- LogInfo("All responses has been received from ACE.");
-
+ LogDebug("All responses has been received from ACE.");
+ // Data to convert to C API
+ std::vector<std::string> devCaps;
+ std::vector<bool> devCapsSmack;
// Saving static dev cap permissions
- FOREACH (cap, m_context.staticPermittedDevCaps) {
- LogInfo("staticPermittedDevCaps : " << cap->first
- << " smack: " << cap->second);
+ FOREACH(cap, m_context.staticPermittedDevCaps) {
+ LogDebug("staticPermittedDevCaps : " << cap->first
+ << " smack: " << cap->second);
+ std::string devCapStr = DPL::ToUTF8String(cap->first);
+ devCaps.push_back(devCapStr);
+ devCapsSmack.push_back(cap->second);
+ }
+ ace_requested_dev_cap_list_t list;
+ list.count = devCaps.size();
+ list.items = new ace_requested_dev_cap_t[list.count];
+
+ for (unsigned int i = 0; i < devCaps.size(); ++i) {
+ list.items[i].device_capability =
+ const_cast<const ace_resource_t>(devCaps[i].c_str());
+ list.items[i].smack_granted =
+ devCapsSmack[i] ? ACE_TRUE : ACE_FALSE;
+ }
+ //TODO: remove dao.getHandle()
+ ace_return_t ret = ace_set_requested_dev_caps(dao.getHandle(),
+ &list);
+ if (ACE_OK != ret) {
+ ThrowMsg(Exceptions::AceCheckFailed, "Instalation failure. "
+ "ACE failure");
}
+ delete[] list.items;
+
+ std::set<std::string> acceptedFeature;
+ auto it = m_context.featureLogic->resultBegin();
+ for (; it != m_context.featureLogic->resultEnd(); ++it) {
+ if (!(it->rejected)) {
+ acceptedFeature.insert(DPL::ToUTF8String(it->name));
+ }
+ }
+ ace_feature_list_t featureList;
+ featureList.count = acceptedFeature.size();
+ featureList.items = new ace_string_t[featureList.count];
+
+ size_t i = 0;
+ for (std::set<std::string>::const_iterator iter = acceptedFeature.begin();
+ iter != acceptedFeature.end(); ++iter)
+ {
+ LogDebug("Accepted feature item: " << iter->c_str());
+ featureList.items[i] = const_cast<char *>(iter->c_str());
+ i++;
+ }
+
+ //TODO: remove dao.getHandle()
+ ret = ace_set_accepted_feature(dao.getHandle(), &featureList);
- AceDB::AceDAO::setRequestedDevCaps(
- *(m_context.widgetHandle),
- m_context.staticPermittedDevCaps);
+ delete[] featureList.items;
+ if (ACE_OK != ret) {
+ LogError("Error in ace_set_feature");
+ ThrowMsg(Exceptions::AceCheckFailed, "Instalation failure. "
+ "ace_set_feature failure.");
+ }
return;
}
- LogInfo("Next device cap.");
+ LogDebug("Next device cap.");
// Process next device cap
SwitchToStep(&TaskAceCheck::StepAceCheck);
}
void TaskAceCheck::StepCheckAceResponse()
{
- LogInfo("Checking ACE response");
+ LogDebug("Checking ACE response");
if (m_context.featureLogic->isRejected()) {
- LogDebug("Installation failure. Some devCap was not accepted by ACE.");
- ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ LogError("Installation failure. Some devCap was not accepted by ACE.");
+ ThrowMsg(
+ Exceptions::PrivilegeLevelViolation,
+ "Instalation failure. "
"Some deviceCap was not accepted by ACE.");
}
- LogInfo("Updating \"feature reject status\" in database!");
+ LogDebug("Updating \"feature reject status\" in database!");
auto it = m_context.featureLogic->resultBegin();
auto end = m_context.featureLogic->resultEnd();
- for(;it != end; ++it){
- LogInfo(" |- Feature: " << it->name << " has reject status: " << it->rejected);
+ for (; it != end; ++it) {
+ LogDebug(
+ " |- Feature: " << it->name << " has reject status: " <<
+ it->rejected);
if (it->rejected) {
- WrtDB::WidgetDAO dao(*(m_context.widgetHandle));
+ WrtDB::WidgetDAO dao(m_context.widgetConfig.tzAppid);
dao.updateFeatureRejectStatus(*it);
}
}
- LogInfo("Installation continues...");
-
- m_context.job->UpdateProgress(
- InstallerContext::INSTALL_ACE_CHECK,
- "Widget Access Control Check Finished");
+ LogDebug("Installation continues...");
}
-void TaskAceCheck::ProcessAceResponse(PolicyResult policyResult)
+void TaskAceCheck::StartStep()
{
- LogInfo("Received ACE response.");
-
- DPL::String deviceCap = m_context.featureLogic->getDevice();
+ LogDebug("--------- <TaskAceCheck> : START ----------");
+}
- LogInfo("DevCap is : " << deviceCap);
- LogInfo("PolicyResult is : " <<
- PolicyResult::serialize(policyResult));
- m_context.staticPermittedDevCaps.insert(std::make_pair(deviceCap,
- policyResult == PolicyEffect::PERMIT));
+void TaskAceCheck::EndStep()
+{
+ m_context.job->UpdateProgress(
+ InstallerContext::INSTALL_ACE_CHECK,
+ "Widget Access Control Check Finished");
- m_context.featureLogic->setAceResponse(policyResult != PolicyEffect::DENY);
- m_context.job->Resume();
+ LogDebug("--------- <TaskAceCheck> : END ----------");
}
-
} //namespace WidgetInstall
} //namespace Jobs
projects / framework / web / wrt-installer.git / blobdiff