X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fjobs%2Fwidget_install%2Ftask_smack.cpp;h=a9c285afd102f1215db0c2b4494dff6f5d60bb1a;hb=80392791b3b7919b59596326dd9fdd9b25a1be1e;hp=b468d3b5de1a924ed3d562961c3dad60db05751c;hpb=65d5d470df7db63798de20c2e9ec8e36fa6096c6;p=framework%2Fweb%2Fwrt-installer.git diff --git a/src/jobs/widget_install/task_smack.cpp b/src/jobs/widget_install/task_smack.cpp index b468d3b..a9c285a 100644 --- a/src/jobs/widget_install/task_smack.cpp +++ b/src/jobs/widget_install/task_smack.cpp @@ -25,45 +25,154 @@ #include #include #include +#include +#include #ifdef WRT_SMACK_ENABLED #include #endif #include +namespace { +const int MAX_BUF_SIZE = 128; +const char* SMACK_RULE_STR = "/usr/bin/smackload-app.sh"; +} + namespace Jobs { namespace WidgetInstall { TaskSmack::TaskSmack(InstallerContext& context) : DPL::TaskDecl(this), m_context(context) { - AddStep(&TaskSmack::Step); + AddStep(&TaskSmack::SmackFolderLabelingStep); + AddStep(&TaskSmack::SmackPrivilegeStep); + AddStep(&TaskSmack::SmackTemporaryStep); +} + +void TaskSmack::SmackFolderLabelingStep() +{ + LogInfo( + "----------------> SMACK: \ + Jobs::WidgetInstall::TaskSmack::SmackFolderLabelingStep()"); + +#ifdef WRT_SMACK_ENABLED + /* /opt/usr/apps/[pkgid] directory's label is "_" */ + std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid); + if (PC_OPERATION_SUCCESS != app_label_dir("_", + m_context.locations-> + getPackageInstallationDir(). + c_str())) + { + LogError("Set smack failure. Failed to add label for app root directory"); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + + /* res directory */ + std::string resDir = m_context.locations->getPackageInstallationDir() + + "/res"; + if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(), + resDir.c_str())) + { + LogError("Set smack failure. Failed to add label for resource directory"); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + + /* bin directory */ + if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(), + m_context.locations->getBinaryDir() + .c_str())) + { + LogError("Set smack failure. Failed to add label for binary directory"); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + + /* data directory */ + if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(), + m_context.locations-> + getPrivateStorageDir().c_str())) + { + LogError("Set smack failure. Failed to add label for private storage directory"); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + +#endif } -void TaskSmack::Step() +void TaskSmack::SmackPrivilegeStep() { - LogInfo("----------------> SMACK: Jobs::WidgetInstall::TaskSmack::Step()"); + LogInfo( + "----------------> SMACK: \ + Jobs::WidgetInstall::TaskSmack::SmackPrivilegeStep()"); #ifdef WRT_SMACK_ENABLED - std::stringstream devcaps; + WrtDB::TizenPkgId tzPkgid = m_context.widgetConfig.tzPkgid; +#if 0 + char** perm_list = new char*[m_context.staticPermittedDevCaps.size()]; + + int index = 0; FOREACH(it, m_context.staticPermittedDevCaps) { if (it->second) { - std::string utf8 = DPL::ToUTF8String(it->first); - if (it != m_context.staticPermittedDevCaps.begin()) - devcaps << ","; - devcaps << utf8; + LogInfo("Permission : " << it->first); + perm_list[index++] = + const_cast(DPL::ToUTF8String(it->first).c_str()); + } + } + perm_list[index] = NULL; + + int result = app_add_permissions( + DPL::ToUTF8String(tzPkgid).c_str(), + const_cast(perm_list)); + +#else + const char* perm_list[0]; + perm_list[0] = NULL; +#endif + if (m_context.job->getInstallerStruct().m_installMode + != InstallMode::INSTALL_MODE_PRELOAD) + { + int result = app_add_permissions( + DPL::ToUTF8String(tzPkgid).c_str(), perm_list); + if (PC_OPERATION_SUCCESS != result) { + LogError("Failed to add permission to privilege"); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "SMACK check failure"); } } - WidgetPkgName pkgName = m_context.widgetConfig.pkgName; - int result = handle_access_control_conf_forWAC( - DPL::ToUTF8String(pkgName).c_str(), - devcaps.str().c_str(), - OPERATION_INSTALL); - Assert(result==PC_OPERATION_SUCCESS && "access control setup failed"); + m_context.job->UpdateProgress( - UninstallerContext::INSTALL_SMACK_ENABLE, + InstallerContext::INSTALL_SMACK_ENABLE, "Widget SMACK Enabled"); #endif } +void TaskSmack::SmackTemporaryStep() +{ +#ifdef WRT_SMACK_ENABLED + //This step is temporary for smack + + LogInfo("----------------> SMACK: \ + Jobs::WidgetInstall::TaskSmack::SmackTemporaryStep()"); + std::ostringstream commStr; + std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid); + commStr << SMACK_RULE_STR << " " << BashUtils::escape_arg(tzPkgid); + LogDebug("set smack rule command : " << commStr.str()); + + char readBuf[MAX_BUF_SIZE]; + memset(readBuf, 0x00, MAX_BUF_SIZE); + + FILE *fd; + fd = popen(commStr.str().c_str(), "r"); + if (NULL == fd) { + LogError("Set smack rule failure. Failed to call script."); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "SMACK check failure"); + } + pclose(fd); +#endif +} + } //namespace WidgetInstall } //namespace Jobs