step/step_old_manifest.cc
step/step_open_recovery_file.cc
step/step_parse.cc
+ step/step_privilege_compatibility.cc
step/step_remove_icons.cc
step/step_remove_files.cc
step/step_remove_temporary_directory.cc
Property<AccountInfo> account_info;
};
-class ConfigData {
- public:
- ConfigData() {}
- /** version pointed in <application> tag*/
- Property<std::string> required_api_version;
-};
-
class BackendData {
public:
virtual ~BackendData() { }
// uid of the user that request the operation
Property<uid_t> uid;
- // data from config.xml
- Property<ConfigData> config_data;
-
// path for the applications root directory
Property<boost::filesystem::path> root_application_path;
// TODO(t.iwanek): refactoring, move to wgt backend
bool is_webapp = context_->pkg_type.get() == "wgt";
if (!ValidatePrivilegeLevel(level, is_webapp,
- context_->config_data.get().required_api_version.get().c_str(),
+ context_->manifest_data.get()->api_version,
context_->manifest_data.get()->privileges))
return Status::ERROR;
--- /dev/null
+// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by an apache-2.0 license that can be
+// found in the LICENSE file.
+
+#include "common/step/step_privilege_compatibility.h"
+
+#include <pkgmgrinfo_basic.h>
+#include <security-manager.h>
+
+#include <cstdlib>
+#include <cstring>
+#include <memory>
+
+#include "common/utils/clist_helpers.h"
+
+namespace {
+
+const char kPlatformVersion[] = "3.0";
+
+bool TranslatePrivilegesForCompatibility(manifest_x* m) {
+ if (!m->api_version) {
+ LOG(WARNING) << "Skipping privileges mapping because api-version "
+ << "is not specified by package";
+ return true;
+ }
+ if (strcmp(m->api_version, kPlatformVersion) == 0)
+ return true;
+
+ // calculate number of privileges
+ size_t size = 0;
+ privileges_x *privileges = nullptr;
+ PKGMGR_LIST_MOVE_NODE_TO_HEAD(m->privileges, privileges);
+ for (; privileges; privileges = privileges->next) {
+ size += PKGMGR_LIST_LEN(privileges);
+ }
+
+ // prepare input structure
+ std::unique_ptr<const char*[]> input_privileges(new const char*[size]);
+ size_t input_size = 0;
+ privileges = nullptr;
+ PKGMGR_LIST_MOVE_NODE_TO_HEAD(m->privileges, privileges);
+ for (; privileges; privileges = privileges->next) {
+ privilege_x* priv = nullptr;
+ PKGMGR_LIST_MOVE_NODE_TO_HEAD(privileges->privilege, priv);
+ for (; priv; priv = priv->next) {
+ input_privileges[input_size++] = priv->text;
+ }
+ }
+
+ // get mapping
+ size_t output_size = 0;
+ char** output_privileges = nullptr;
+ if (security_manager_get_privileges_mapping(m->api_version, kPlatformVersion,
+ input_privileges.get(), input_size, &output_privileges, &output_size)
+ != SECURITY_MANAGER_SUCCESS) {
+ LOG(ERROR) << "security_manager_get_privileges_mapping failed";
+ return false;
+ }
+
+ // delete pkgmgr old list
+ privileges = nullptr;
+ privileges_x* privileges_next = nullptr;
+ PKGMGR_LIST_MOVE_NODE_TO_HEAD(m->privileges, privileges);
+ for (; privileges; privileges = privileges_next) {
+ privileges_next = privileges->next;
+ privilege_x* priv = nullptr;
+ privilege_x* next = nullptr;
+ PKGMGR_LIST_MOVE_NODE_TO_HEAD(privileges->privilege, priv);
+ for (; priv; priv = next) {
+ next = priv->next;
+ // mark as const but we actually have ownership
+ free(const_cast<char*>(priv->text));
+ free(priv);
+ }
+ free(privileges);
+ }
+
+ // set pkgmgr new list
+ m->privileges =
+ reinterpret_cast<privileges_x*>(calloc(1, sizeof(privileges_x)));
+ for (size_t i = 0; i < output_size; ++i) {
+ privilege_x* priv =
+ reinterpret_cast<privilege_x*>(calloc(1, sizeof(privilege_x)));
+ priv->text = strdup(output_privileges[i]);
+ LISTADD(m->privileges->privilege, priv);
+ }
+
+ security_manager_privilege_mapping_free(output_privileges, output_size);
+ return true;
+}
+
+} // namespace
+
+namespace common_installer {
+namespace security {
+
+Step::Status StepPrivilegeCompatibility::precheck() {
+ if (!context_->manifest_data.get()) {
+ LOG(ERROR) << "Manifest data is not set";
+ return Status::ERROR;
+ }
+ return Status::OK;
+}
+
+Step::Status StepPrivilegeCompatibility::process() {
+ return TranslatePrivilegesForCompatibility(context_->manifest_data.get()) ?
+ Status::OK : Status::ERROR;
+}
+
+} // namespace security
+} // namespace common_installer
+
--- /dev/null
+// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by an apache-2.0 license that can be
+// found in the LICENSE file.
+
+#ifndef COMMON_STEP_STEP_PRIVILEGE_COMPATIBILITY_H_
+#define COMMON_STEP_STEP_PRIVILEGE_COMPATIBILITY_H_
+
+#include "common/context_installer.h"
+#include "common/step/step.h"
+#include "common/utils/logging.h"
+
+namespace common_installer {
+namespace security {
+
+/**
+ * @brief This step converts privileges declared in package manifest to the
+ * privileges for current platform version
+ */
+class StepPrivilegeCompatibility : public Step {
+ public:
+ using Step::Step;
+
+ Status process() override;
+ Status clean() override { return Status::OK; }
+ // backward translation not needed
+ Status undo() override { return Status::OK; }
+ Status precheck() override;
+
+ SCOPE_LOG_TAG(PrivilegeCompatibility)
+};
+
+} // namespace security
+} // namespace common_installer
+
+#endif // COMMON_STEP_STEP_PRIVILEGE_COMPATIBILITY_H_
if (list) { \
LISTHEAD(list, node); \
} \
- } while (0) \
+ } while (false) \
+
+/*
+ * Calculates size of C style list from any of its point
+ */
+#define PKGMGR_LIST_LEN(list) \
+ [list]() { \
+ size_t size = 0; \
+ auto node = list; \
+ PKGMGR_LIST_MOVE_NODE_TO_HEAD(list, node); \
+ while (node) { \
+ node = node->next; \
+ ++size; \
+ } \
+ return size; \
+ }() \
#endif // COMMON_UTILS_CLIST_HELPERS_H_
#include "tpk/step/step_parse.h"
#include <boost/filesystem.hpp>
+
#include <memory>
#include <string>
#include <vector>
+
#include "common/context_installer.h"
#include "common/step/step.h"
LOG(DEBUG) << "Getting manifest xml data";
LOG(DEBUG) << "manifest: xmlns='" << manifest->attr("xmlns") <<
- "' api_version='" << manifest->attr("api_version") <<
+ "' api-version='" << manifest->attr("api-version") <<
"' package='" << manifest->attr("package") <<
"' versionr='" << manifest->attr("version") << "'";
}
// set context_
- context_->config_data.get().required_api_version.set(
- manifest->attr("api-version"));
context_->pkgid.set(manifest->attr("package"));
// write pkgid for recovery file
m->type = strdup("tpk");
m->version = string_strdup(manifest->attr("version"));
m->installlocation = string_strdup(manifest->attr("install-location"));
+ m->api_version = string_strdup(manifest->attr("api-version"));
// Choose main app among ui-application or service-application
// NOTE: main app must have appid attribute
#include "common/step/step_old_manifest.h"
#include "common/step/step_open_recovery_file.h"
#include "common/step/step_parse.h"
+#include "common/step/step_privilege_compatibility.h"
#include "common/step/step_recover_application.h"
#include "common/step/step_recover_files.h"
#include "common/step/step_recover_icons.h"
AddStep<ci::filesystem::StepUnzip>();
AddStep<tpk::parse::StepParse>();
AddStep<ci::security::StepCheckSignature>();
+ AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<ci::security::StepRollbackInstallationSecurity>();
AddStep<ci::filesystem::StepCopy>();
AddStep<ci::filesystem::StepCreateStorageDirectories>();
AddStep<ci::filesystem::StepUnzip>();
AddStep<tpk::parse::StepParse>();
AddStep<ci::security::StepCheckSignature>();
+ AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<ci::security::StepCheckOldCertificate>();
AddStep<ci::backup::StepOldManifest>();
AddStep<ci::backup::StepBackupManifest>();
std::static_pointer_cast<const PermissionsInfo>(parser_->GetManifestData(
app_keys::kTizenPermissionsKey));
std::set<std::string> privileges;
- privileges.insert({"priv"});
- privileges.clear();
if (perm_info)
privileges = ExtractPrivileges(perm_info);
if (!privileges.empty()) {
privileges_x* privileges_x_list =
- reinterpret_cast<privileges_x*> (calloc(1, sizeof(privileges_x)));\
+ reinterpret_cast<privileges_x*>(calloc(1, sizeof(privileges_x)));
manifest->privileges = privileges_x_list;
for (const std::string& p : privileges) {
privilege_x* privilege_x_node =
const std::string& package_version = wgt_info->version();
const std::string& required_api_version = info->required_version();
- context_->config_data.get().required_api_version.set(required_api_version);
+ context_->manifest_data.get()->api_version =
+ strdup(required_api_version.c_str());
context_->pkgid.set(manifest->package);
// write pkgid for recovery file
namespace filesystem {
common_installer::Step::Status StepWgtCopyStorageDirectories::process() {
- int version =
- context_->config_data.get().required_api_version.get().at(0) - '0';
+ int version = context_->manifest_data.get()->api_version[0] - '0';
if (version < 3) {
LOG(DEBUG) << "Shared directory coping for tizen 2.x";
return StepCopyStorageDirectories::process();
}
common_installer::Step::Status StepWgtCopyStorageDirectories::undo() {
- int version =
- context_->config_data.get().required_api_version.get().at(0) - '0';
+ int version = context_->manifest_data.get()->api_version[0] - '0';
if (version < 3) {
LOG(DEBUG) << "Shared directory coping for tizen 2.x";
return StepCopyStorageDirectories::undo();
if (!PrivateDir())
return Status::ERROR;
- char version =
- context_->config_data.get().required_api_version.get().at(0);
+ char version = context_->manifest_data.get()->api_version[0];
if ((version-'0') < 3) {
LOG(DEBUG) << "Shared directory preparation for tizen 2.x";
#include "common/step/step_fail.h"
#include "common/step/step_open_recovery_file.h"
#include "common/step/step_parse.h"
+#include "common/step/step_privilege_compatibility.h"
#include "common/step/step_register_app.h"
#include "common/step/step_recover_application.h"
#include "common/step/step_recover_files.h"
AddStep<ci::filesystem::StepUnzip>();
AddStep<wgt::parse::StepParse>(true);
AddStep<ci::security::StepCheckSignature>();
+ AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::encrypt::StepEncryptResources>();
AddStep<wgt::filesystem::StepWgtResourceDirectory>();
AddStep<ci::filesystem::StepUnzip>();
AddStep<wgt::parse::StepParse>(true);
AddStep<ci::security::StepCheckSignature>();
+ AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<ci::security::StepCheckOldCertificate>();
AddStep<wgt::filesystem::StepWgtResourceDirectory>();