return true;
}
+bool ValidateMetadataPrivilege(common_installer::PrivilegeLevel level,
+ const char* api_version, GList* metadata_list,
+ std::string* error_message) {
+ if (!metadata_list)
+ return true;
+ char* error = nullptr;
+ int status = PRVMGR_ERR_NONE;
+ status = privilege_manager_verify_metadata(api_version, metadata_list,
+ PrivilegeLevelToVisibility(level), &error);
+ if (status != PRVMGR_ERR_NONE) {
+ std::string errnum = boost::str(boost::format("%d") % status);
+ LOG(ERROR) << "Error while verifing metadata privilege: "
+ << (error ? error : "") << " <" << errnum << ">";
+ *error_message = error;
+ *error_message += ":<" + errnum + ">";
+ free(error);
+ return false;
+ }
+ return true;
+}
+
} // namespace common_installer
uid_t uid, const char* api_version, GList* privileges,
std::string* error_message);
+bool ValidateMetadataPrivilege(common_installer::PrivilegeLevel level,
+ const char* api_version, GList* metadata_list,
+ std::string* error_message);
+
} // namespace common_installer
#endif // COMMON_CERTIFICATE_VALIDATION_H_
return Status::OK;
}
+Step::Status StepCheckSignature::CheckMetadataPrivilege(PrivilegeLevel level) {
+ std::string error_message;
+ if (context_->is_readonly_package.get())
+ return Status::OK;
+ manifest_x* manifest = context_->manifest_data.get();
+ for (application_x* app :
+ GListRange<application_x*>(manifest->application)) {
+ if (!ValidateMetadataPrivilege(level, manifest->api_version, app->metadata,
+ &error_message)) {
+ if (!error_message.empty()) {
+ LOG(ERROR) << "error_message: " << error_message;
+ on_error(Status::SIGNATURE_ERROR, error_message);
+ }
+ return Status::SIGNATURE_ERROR;
+ }
+ }
+ return Status::OK;
+}
+
Step::Status StepCheckSignature::process() {
PrivilegeLevel level = PrivilegeLevel::UNTRUSTED;
bool check_reference = true;
if (status != Status::OK)
return status;
+ status = CheckMetadataPrivilege(level);
+ if (status != Status::OK)
+ return status;
+
LOG(INFO) << "Signature done";
return Status::OK;
}
private:
Status CheckSignatures(bool check_reference, PrivilegeLevel* level);
Status CheckSignatureMismatch();
+ Status CheckMetadataPrivilege(PrivilegeLevel level);
STEP_NAME(Signature)
};