Add FOTA script to apply privilege mapping changes

Change-Id: I499cdb692d10caafcd66b096ee36acd6bd4689ab
Signed-off-by: Junghoon Park <jh9216.park@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 33c70ffb1f61dfbadc8bec88c60cf09b12977d29..4721fa1e82b22ffe47665a03b89fdc72f923bfc2 100755 (executable)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -17,6 +17,7 @@ INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/security-config.conf DESTINATION /usr/l
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/90_user-content-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/91_user-dbspace-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/201.security_upgrade.sh DESTINATION /usr/share/upgrade/scripts)
+INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/202.privilege_upgrade.sh DESTINATION /usr/share/upgrade/scripts)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/onlycap DESTINATION /etc/smack)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/smack_default_labeling DESTINATION /usr/share/security-config)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/netlabel_config DESTINATION /etc/smack/netlabel.d)

diff --git a/packaging/security-config.spec b/packaging/security-config.spec
index 01d26e6f3defe110ffcc24f4fc225e4396a8c3f5..64c71262de25a6636135947a73339bd3b3f8ba26 100755 (executable)
--- a/packaging/security-config.spec
+++ b/packaging/security-config.spec
@@ -130,6 +130,7 @@ rm -r /usr/share/security-config/mount_list/
 %attr(755,root,root) %{SECURITY_TEST_DIR}/setuid_test/*
 %attr(755,root,root) %{SECURITY_TEST_DIR}/execute_label_check_test/*
 %attr(755,root,root) /usr/share/upgrade/scripts/201.security_upgrade.sh
+%attr(755,root,root) /usr/share/upgrade/scripts/202.privilege_upgrade.sh
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/90_user-content-permissions.post
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/91_user-dbspace-permissions.post
 %attr(644,root,root) /etc/smack/netlabel.d/netlabel_config

diff --git a/upgrade/202.privilege_upgrade.sh b/upgrade/202.privilege_upgrade.sh
new file mode 100644 (file)
index 0000000..159fa3a
--- /dev/null
+++ b/upgrade/202.privilege_upgrade.sh
@@ -0,0 +1,107 @@
+#!/bin/bash
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+. /etc/tizen-platform.conf
+
+
+for package_data in `sqlite3 /opt/dbspace/.pkgmgr_parser.db "select package, type from package_privilege_info where privilege='http://tizen.org/privilege/systemsettings.admin'"`
+do
+       package=$(echo "$package_data" | cut -d '|' -f1)
+       package_type=$(echo "$package_data" | cut -d '|' -f2)
+
+       if  [ "$package_type" == "wgt" ]; then
+               echo "$package is wgt app"
+               app_list=($(sqlite3 /opt/dbspace/.security-manager.db "select app_name from user_app_pkg_view where pkg_name='${package}' and is_hybrid=1;"))
+
+               if [ ${#app_list[@]} -eq 0 ]; then
+                       echo "$package is pure wgt"
+
+                       echo "remove systemsettings.admin"
+                       cyad -e "MANIFESTS_GLOBAL" -r no -c "User::Pkg::${package}" -u "*" -p "http://tizen.org/privilege/systemsettings.admin"
+                       sqlite3 /opt/dbspace/.pkgmgr_parser.db "DELETE FROM package_privilege_info WHERE package = '${package}' AND  privilege = 'http://tizen.org/privilege/systemsettings.admin' AND type = 'wgt';"
+
+                       #check latest first
+                       if [ -f /opt/usr/globalapps/${package}/res/wgt/config.xml ]; then
+                               manifest_file="/opt/usr/globalapps/${package}/res/wgt/config.xml"
+                       else
+                               manifest_file="/usr/apps/${package}/res/wgt/config.xml"
+                       fi
+                       echo "manifest_file $manifest_file"
+
+                       if grep -q "http://tizen.org/privilege/filesystem.read" "$manifest_file"; then
+                               echo "$package have filesystem.read"
+                               cyad -s -k "MANIFESTS_GLOBAL" -c "User::Pkg::${package}" -u "*" -p "http://tizen.org/privilege/filesystem.read" -t ALLOW
+                               sqlite3 /opt/dbspace/.pkgmgr_parser.db "INSERT OR IGNORE INTO package_privilege_info VALUES ('${package}', 'http://tizen.org/privilege/filesystem.read', 'wgt');"
+                       fi
+                       if grep -q "http://tizen.org/privilege/filesystem.write" "$manifest_file"; then
+                               echo "$package have filesystem.write"
+                               cyad -s -k "MANIFESTS_GLOBAL" -c "User::Pkg::${package}" -u "*" -p "http://tizen.org/privilege/filesystem.write" -t ALLOW
+                               sqlite3 /opt/dbspace/.pkgmgr_parser.db "INSERT OR IGNORE INTO package_privilege_info VALUES ('${package}', 'http://tizen.org/privilege/filesystem.write', 'wgt');"
+                       fi
+                       if grep -q "http://tizen.org/privilege/setting" "$manifest_file"; then
+                               echo "$package have setting"
+                               cyad -s -k "MANIFESTS_GLOBAL" -c "User::Pkg::${package}" -u "*" -p "http://tizen.org/privilege/internal/buxton/systemsettings" -t ALLOW
+                               sqlite3 /opt/dbspace/.pkgmgr_parser.db "INSERT OR IGNORE INTO package_privilege_info VALUES ('${package}', 'http://tizen.org/privilege/internal/buxton/systemsettings', 'wgt');"
+                       fi
+               else
+                       echo "$package is hybrid app"
+
+                       for app in "${app_list[@]}"
+                       do
+                               if find /opt/usr/globalapps/${package}/ /usr/apps/${package}/ -name "config.xml" 2>/dev/null | xargs grep -q ${app}; then
+                                       echo "$app is web part of hybrid $package"
+
+                                       echo "remove systemsettings.admin from $app"
+                                       cyad -e "MANIFESTS_GLOBAL" -r no -c "User::Pkg::${package}::App::${app}" -u "*" -p "http://tizen.org/privilege/systemsettings.admin"
+                                       sqlite3 /opt/dbspace/.pkgmgr_parser.db "DELETE FROM package_privilege_info WHERE package = '${package}' AND  privilege = 'http://tizen.org/privilege/systemsettings.admin' AND type = 'wgt';"
+
+                                       #check latest first
+                                       if [ -f /opt/usr/globalapps/${package}/res/wgt/config.xml ]; then
+                                               manifest_file="/opt/usr/globalapps/${package}/res/wgt/config.xml"
+                                       else
+                                               manifest_file="/usr/apps/${package}/res/wgt/config.xml"
+                                       fi
+                                       echo "manifest_file $manifest_file"
+
+                                       if grep -q "http://tizen.org/privilege/filesystem.read" "$manifest_file"; then
+                                               echo "$app have filesystem.read"
+                                               cyad -s -k "MANIFESTS_GLOBAL" -c "User::Pkg::${package}::App::${app}" -u "*" -p "http://tizen.org/privilege/filesystem.read" -t ALLOW
+                                               sqlite3 /opt/dbspace/.pkgmgr_parser.db "INSERT OR IGNORE INTO package_privilege_info VALUES ('${package}', 'http://tizen.org/privilege/filesystem.read', 'wgt');"
+                                       fi
+                                       if grep -q "http://tizen.org/privilege/filesystem.write" "$manifest_file"; then
+                                               echo "$app have filesystem.write"
+                                               cyad -s -k "MANIFESTS_GLOBAL" -c "User::Pkg::${package}::App::${app}" -u "*" -p "http://tizen.org/privilege/filesystem.write" -t ALLOW
+                                               sqlite3 /opt/dbspace/.pkgmgr_parser.db "INSERT OR IGNORE INTO package_privilege_info VALUES ('${package}', 'http://tizen.org/privilege/filesystem.write', 'wgt');"
+                                       fi
+                                       if grep -q "http://tizen.org/privilege/setting" "$manifest_file"; then
+                                               echo "$app have setting"
+                                               cyad -s -k "MANIFESTS_GLOBAL" -c "User::Pkg::${package}::App::${app}" -u "*" -p "http://tizen.org/privilege/internal/buxton/systemsettings" -t ALLOW
+                                               sqlite3 /opt/dbspace/.pkgmgr_parser.db "INSERT OR IGNORE INTO package_privilege_info VALUES ('${package}', 'http://tizen.org/privilege/internal/buxton/systemsettings', 'wgt');"
+                                       fi
+                               fi
+                       done
+               fi
+       else
+               #add cynara policy
+               echo "$package is tpk app"
+               app_list=($(sqlite3 /opt/dbspace/.security-manager.db "select app_name from user_app_pkg_view where pkg_name='${package}' and is_hybrid=1;"))
+               if [ ${#app_list[@]} -eq 0 ]; then
+                       echo "$package is pure tpk app"
+                       echo "add internal/buxton/systemsettings"
+                       cyad -s -k "MANIFESTS_GLOBAL" -c "User::Pkg::${package}" -u "*" -p "http://tizen.org/privilege/internal/buxton/systemsettings" -t ALLOW
+                       sqlite3 /opt/dbspace/.pkgmgr_parser.db "INSERT OR IGNORE INTO package_privilege_info VALUES ('${package}', 'http://tizen.org/privilege/internal/buxton/systemsettings', 'tpk');"
+               else
+                       echo "$package is hybrid app"
+                       for app in "${app_list[@]}"
+                       do
+                               if find /opt/usr/globalapps/${package}/ /usr/apps/${package}/ -name "tizen-manifest.xml" 2>/dev/null | xargs grep -q ${app}; then
+                                       echo "$app is native part of hybrid $package"
+                                       echo "add internal/buxton/systemsettings"
+                                       cyad -s -k "MANIFESTS_GLOBAL" -c "User::Pkg::${package}::App::${app}" -u "*" -p "http://tizen.org/privilege/internal/buxton/systemsettings" -t ALLOW
+                                       sqlite3 /opt/dbspace/.pkgmgr_parser.db "INSERT OR IGNORE INTO package_privilege_info VALUES ('${package}', 'http://tizen.org/privilege/internal/buxton/systemsettings', 'tpk');"
+                               fi
+                       done
+               fi
+       fi
+       echo ""
+done