Add some privileges as default in next cases.
If the package is wgt,
add 'http://tizen.org/privilege/internal/webappdefault'.
If the package has public cert,
add 'http://tizen.org/privilege/internal/default/public'.
If the package has partner cert,
add 'http://tizen.org/privilege/internal/default/partner'.
If the package has platform cert,
add 'http://tizen.org/privilege/internal/default/platform'.
These default privileges will be converted to mapped privileges by
the security-manager.
NOTE: api version 3.0 is not considered yet. should be fixed later.
Change-Id: I70d0ec09efbcd8c80e6189412c8bdbac84ef438a
namespace {
const char kPlatformVersion[] = "3.0";
-const char kDefaultPrivilegeForWebApp[] = "http://tizen.org/privilege/webappdefault";
+const char kPrivForPublic[] =
+ "http://tizen.org/privilege/internal/default/public";
+const char kPrivForPartner[] =
+ "http://tizen.org/privilege/internal/default/partner";
+const char kPrivForPlatform[] =
+ "http://tizen.org/privilege/internal/default/platform";
+
+bool AddPrivilegeToList(manifest_x* m, const char* priv_str) {
+ if (!m->privileges) {
+ m->privileges =
+ reinterpret_cast<privileges_x*>(calloc(1, sizeof(privileges_x*)));
+ if (!m->privileges)
+ return false;
+ }
+ privilege_x* priv =
+ reinterpret_cast<privilege_x*>(calloc(1, sizeof(privilege_x)));
+ if (!priv)
+ return false;
-bool TranslatePrivilegesForCompatibility(const std::string& pkg_type, manifest_x* m) {
+ priv->text = strdup(priv_str);
+ LISTADD(m->privileges->privilege, priv);
+ return true;
+}
+
+bool TranslatePrivilegesForCompatibility(manifest_x* m) {
if (!m->api_version) {
LOG(WARNING) << "Skipping privileges mapping because api-version "
<< "is not specified by package";
if (strcmp(m->api_version, kPlatformVersion) == 0)
return true;
- // add default privilege for webapp
- if (pkg_type == "wgt") {
- if (!m->privileges) {
- m->privileges =
- reinterpret_cast<privileges_x*>(calloc(1, sizeof(privileges_x)));
- }
- privilege_x* priv =
- reinterpret_cast<privilege_x*>(calloc(1, sizeof(privilege_x)));
- priv->text = strdup(kDefaultPrivilegeForWebApp);
- LISTADD(m->privileges->privilege, priv);
- }
-
- // No privileges to map
- if (!m->privileges) {
- return true;
- }
-
// calculate number of privileges
size_t size = 0;
privileges_x *privileges = nullptr;
}
Step::Status StepPrivilegeCompatibility::process() {
- return TranslatePrivilegesForCompatibility(context_->pkg_type.get(),
- context_->manifest_data.get()) ?
+ // Add default privileges for each certificates level.
+ bool ret = true;
+ switch(context_->privilege_level.get()) {
+ case common_installer::PrivilegeLevel::PUBLIC:
+ ret = AddPrivilegeToList(context_->manifest_data.get(),
+ kPrivForPublic);
+ break;
+ case common_installer::PrivilegeLevel::PARTNER:
+ ret = AddPrivilegeToList(context_->manifest_data.get(),
+ kPrivForPartner);
+ break;
+ case common_installer::PrivilegeLevel::PLATFORM:
+ ret = AddPrivilegeToList(context_->manifest_data.get(),
+ kPrivForPlatform);
+ break;
+ default:
+ // No default privileges for untrusted application.
+ break;
+ }
+ if (!ret) {
+ LOG(ERROR) << "Error during adding default privileges for certificates.";
+ return Status::ERROR;
+ }
+
+ return TranslatePrivilegesForCompatibility(context_->manifest_data.get()) ?
Status::OK : Status::ERROR;
}
step/step_wgt_create_storage_directories.cc
step/step_wgt_copy_storage_directories.cc
step/step_wgt_resource_directory.cc
+ step/step_add_default_privileges.cc
wgt_app_query_interface.cc
wgt_installer.cc
)
--- /dev/null
+// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#include "wgt/step/step_add_default_privileges.h"
+
+#include <pkgmgrinfo_basic.h>
+
+#include <cstdlib>
+#include <cstring>
+#include <memory>
+
+#include "common/utils/clist_helpers.h"
+
+namespace {
+
+const char kPrivForWebApp[] =
+ "http://tizen.org/privilege/internal/webappdefault";
+
+bool AddPrivilegeToList(manifest_x* m, const char* priv_str) {
+ if (!m->privileges) {
+ m->privileges =
+ reinterpret_cast<privileges_x*>(calloc(1, sizeof(privileges_x*)));
+ if (!m->privileges)
+ return false;
+ }
+ privilege_x* priv =
+ reinterpret_cast<privilege_x*>(calloc(1, sizeof(privilege_x)));
+ if (!priv)
+ return false;
+
+ priv->text = strdup(priv_str);
+ LISTADD(m->privileges->privilege, priv);
+ return true;
+}
+
+} // namespace
+
+namespace wgt {
+namespace security {
+
+common_installer::Step::Status StepAddDefaultPrivileges::precheck() {
+ if (!context_->manifest_data.get()) {
+ LOG(ERROR) << "Manifest data is not set";
+ return Status::ERROR;
+ }
+ return Status::OK;
+}
+
+common_installer::Step::Status StepAddDefaultPrivileges::process() {
+ if (!AddPrivilegeToList(context_->manifest_data.get(), kPrivForWebApp)) {
+ LOG(ERROR) << "Error during adding default privileges for webapp.";
+ return Status::ERROR;
+ }
+ return Status::OK;
+}
+
+} // namespace security
+} // namespace wgt
--- /dev/null
+// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#ifndef WGT_STEP_STEP_ADD_DEFAULT_PRIVILEGES_H_
+#define WGT_STEP_STEP_ADD_DEFAULT_PRIVILEGES_H_
+
+#include "common/app_installer.h"
+#include "common/installer_context.h"
+#include "common/step/step.h"
+#include "common/utils/logging.h"
+
+namespace wgt {
+namespace security {
+
+class StepAddDefaultPrivileges : public common_installer::Step {
+ public:
+ using Step::Step;
+
+ Status process() override;
+ Status clean() override { return Status::OK; }
+ Status undo() override { return Status::OK; }
+ Status precheck() override;
+
+ SCOPE_LOG_TAG(AddDefaultPrivileges)
+};
+
+} // namespace security
+} // namespace wgt
+
+#endif // WGT_STEP_STEP_ADD_DEFAULT_PRIVILEGES_H_
#include "wgt/step/step_wgt_create_storage_directories.h"
#include "wgt/step/step_wgt_copy_storage_directories.h"
#include "wgt/step/step_wgt_resource_directory.h"
+#include "wgt/step/step_add_default_privileges.h"
namespace ci = common_installer;
AddStep<ci::filesystem::StepUnzip>();
AddStep<wgt::parse::StepParse>(true);
AddStep<ci::security::StepCheckSignature>();
+ AddStep<wgt::security::StepAddDefaultPrivileges>();
AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::encrypt::StepEncryptResources>();
AddStep<ci::filesystem::StepUnzip>();
AddStep<wgt::parse::StepParse>(true);
AddStep<ci::security::StepCheckSignature>();
+ AddStep<wgt::security::StepAddDefaultPrivileges>();
AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<ci::security::StepCheckOldCertificate>();