#include "common/certificate_validation.h"
#include <boost/format.hpp>
+#include <boost/filesystem/operations.hpp>
#include <boost/scope_exit.hpp>
#include <vcore/SignatureValidator.h>
#include <algorithm>
+#include <fstream>
#include <regex>
#include <utility>
return true;
}
+bool CheckPrivLevelFromFile(std::string& pkgid, PrivilegeLevel* level) {
+ CertSvcInstance instance;
+ CertSvcCertificate certificate;
+ CertSvcVisibility visibility = CERTSVC_VISIBILITY_DEVELOPER;
+ std::string dist_root;
+
+ bf::path file_path("/tmp/");
+ file_path /= std::string(pkgid + ".txt");
+ if (!bf::exists(file_path))
+ return false;
+
+ std::ifstream ifs(file_path.c_str(),
+ std::ifstream::in | std::ifstream::binary);
+ if (!ifs)
+ return false;
+ getline(ifs, dist_root);
+ if (dist_root.length() == 0)
+ return false;
+
+ int ret = certsvc_instance_new(&instance);
+ if (ret != CERTSVC_SUCCESS) {
+ LOG(ERROR) << "certsvc_instance_new failed :" << ret;
+ return false;
+ }
+ ret = certsvc_certificate_new_from_memory(instance,
+ (const unsigned char *)dist_root.c_str(),
+ strlen((char* )dist_root.c_str()),
+ CERTSVC_FORM_DER_BASE64,
+ &certificate);
+ if (ret != CERTSVC_SUCCESS) {
+ LOG(ERROR) << "certsvc_certificate_new_from_memory failed :" << ret;
+ certsvc_instance_free(instance);
+ return false;
+ }
+
+ ret = certsvc_certificate_get_visibility(certificate, &visibility);
+ if (ret != CERTSVC_SUCCESS) {
+ LOG(ERROR) << "getting visibility has failed :" << ret;
+ certsvc_certificate_free(certificate);
+ certsvc_instance_free(instance);
+ return false;
+ }
+
+ certsvc_certificate_free(certificate);
+ certsvc_instance_free(instance);
+ *level = CertStoreIdToPrivilegeLevel(visibility);
+
+ return true;
+}
+
bool ValidatePrivilegeLevel(common_installer::PrivilegeLevel level,
uid_t uid, const char* api_version, GList* privileges,
std::string* error_message) {
bool ValidatePrivilegeLevel(common_installer::PrivilegeLevel level,
uid_t uid, const char* api_version, GList* privileges,
std::string* error_message);
+bool CheckPrivLevelFromFile(std::string& pkgid, PrivilegeLevel* level);
bool ValidateMetadataPrivilege(common_installer::PrivilegeLevel level,
const char* api_version, GList* metadata_list,
level = PrivilegeLevel::PLATFORM;
/* for update of user apps in 2.4 */
- if (getuid() == 0 && level == PrivilegeLevel::UNTRUSTED)
- level = PrivilegeLevel::PUBLIC;
+ if (getuid() == 0 && level == PrivilegeLevel::UNTRUSTED) {
+ //get privilege level from root cert stored at file
+ if (!CheckPrivLevelFromFile(context_->pkgid.get(), &level))
+ LOG(ERROR) << "failed to get privilege level from file";
+ }
if (level == PrivilegeLevel::UNTRUSTED) {
std::string error_message =
projects / platform / core / appfw / app-installers.git / commitdiff