// found in the LICENSE file.
#include "wgt/step/security/step_check_extension_privileges.h"
+
+#include <boost/scope_exit.hpp>
+
+#include <common/privileges.h>
+#include <common/certificate_validation.h>
+#include <common/utils/glist_range.h>
+#include <manifest_parser/values.h>
+
#include <pkgmgrinfo_basic.h>
+#include <glib.h>
#include <glob.h>
#include <sys/utsname.h>
#include <memory>
#include "wgt/extension_config_parser.h"
-#include "manifest_parser/values.h"
-#include "common/certificate_validation.h"
-#include "common/utils/glist_range.h"
namespace {
const char kPluginsDirectory[] = "/res/wgt/plugin/";
}
return Status::OK;
}
+
common_installer::Step::Status StepCheckExtensionPrivileges::process() {
std::string app_ext_config_pattern(GetExtensionPath());
manifest_x* m = context_->manifest_data.get();
std::set<std::string> current_privileges;
- for (const char* priv : GListRange<char*>(m->privileges)) {
- current_privileges.insert(priv);
+ for (privilege_x* priv : GListRange<privilege_x*>(m->privileges)) {
+ if (strcmp(priv->type, common_installer::kWebPrivilegeType) == 0)
+ current_privileges.insert(priv->value);
}
std::set<std::string> xmlFiles;
xmlFiles.insert(glob_result.gl_pathv[i]);
}
}
- std::set<std::string> privileges;
+ GList* privileges = nullptr;
+ BOOST_SCOPE_EXIT_ALL(&) {
+ g_list_free_full(privileges, &common_installer::FreePrivilegeX);
+ };
for (auto it = xmlFiles.begin(); it != xmlFiles.end(); ++it) {
LOG(DEBUG) << "start to parse extension xml : " << *it;
ExtensionConfigParser extensionParser(*it);
std::vector<std::string> list = extensionParser.GetExtensionPrivilegeList();
- for (int i = 0 ; i < list.size() ; i++) {
- if (current_privileges.find(list[i]) == current_privileges.end()) {
- privileges.insert(list[i]);
+ for (const std::string& priv : list) {
+ if (current_privileges.find(priv) == current_privileges.end()) {
+ privilege_x* privilege =
+ reinterpret_cast<privilege_x*>(calloc(1, sizeof(privilege_x)));
+ if (!privilege) {
+ g_list_free_full(privileges, &common_installer::FreePrivilegeX);
+ return Status::ERROR;
+ }
+ privilege->type = strdup(common_installer::kWebPrivilegeType);
+ if (!privilege->type) {
+ common_installer::FreePrivilegeX(privilege);
+ g_list_free_full(privileges, &common_installer::FreePrivilegeX);
+ return Status::ERROR;
+ }
+ privilege->value = strdup(priv.c_str());
+ if (!privilege->value) {
+ common_installer::FreePrivilegeX(privilege);
+ g_list_free_full(privileges, &common_installer::FreePrivilegeX);
+ return Status::ERROR;
+ }
+ privileges = g_list_append(privileges, privilege);
}
}
}
- if (!privileges.empty()) {
- if (!CheckPriviligeLevel(privileges)) {
+ if (privileges) {
+ if (!CheckPrivilegeLevel(privileges)) {
LOG(DEBUG) << "Fail to validation of privilege";
return Status::ERROR;
}
- for (auto it = privileges.begin(); it != privileges.end(); ++it) {
- LOG(DEBUG) << "set list privilege : " << *it;
- m->privileges = g_list_append(m->privileges, strdup((*it).c_str()));
- }
+ m->privileges = g_list_concat(m->privileges, privileges);
+ privileges = nullptr;
}
return Status::OK;
}
return app_ext_config_pattern;
}
-bool StepCheckExtensionPrivileges::CheckPriviligeLevel(
- std::set<std::string> priv_set) {
- GList* privileges = nullptr;
- for (auto it = priv_set.begin(); it != priv_set.end(); ++it) {
- privileges = g_list_append(privileges, strdup((*it).c_str()));
- }
- guint size = g_list_length(privileges);
- if (size == 0) return true;
+bool StepCheckExtensionPrivileges::CheckPrivilegeLevel(
+ GList* privileges) {
+ if (g_list_length(privileges) == 0)
+ return true;
std::string error_message;
if (!common_installer::ValidatePrivilegeLevel(
context_->privilege_level.get(),
- false,
+ context_->uid.get(),
context_->manifest_data.get()->api_version,
privileges,
&error_message)) {
if (!error_message.empty()) {
LOG(ERROR) << "error_message: " << error_message;
- return false;
}
return false;
}