StepRecoverSignature

This step will be added to recovery mode because currently
certificate information is lost during recovery.

Requires working smoke tests:
 - https://review.tizen.org/gerrit/#/c/84564/
 - https://review.tizen.org/gerrit/#/c/84567/

Change-Id: I73063279cf453a3635d9dbca9492bdc5752313fd

diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
index a7dcc1e..722cfe4 100644 (file)
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@ -88,6 +88,7 @@ SET(SRCS
   step/security/step_check_signature.cc
   step/security/step_privilege_compatibility.cc
   step/security/step_recover_security.cc
+  step/security/step_recover_signature.cc
   step/security/step_register_security.cc
   step/security/step_revoke_security.cc
   step/security/step_rollback_deinstallation_security.cc

diff --git a/src/common/step/security/step_recover_signature.cc b/src/common/step/security/step_recover_signature.cc
new file mode 100644 (file)
index 0000000..ce47815
--- /dev/null
+++ b/src/common/step/security/step_recover_signature.cc
@@ -0,0 +1,27 @@
+// Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by an apache 2.0 license that can be
+// found in the LICENSE file.
+
+#include "common/step/security/step_recover_signature.h"
+
+#include <string>
+
+#include "common/certificate_validation.h"
+
+namespace common_installer {
+namespace security {
+
+Step::Status StepRecoverSignature::RecoveryUpdate() {
+  std::string error_message;
+  PrivilegeLevel level;
+  if (!ValidateSignatures(GetSignatureRoot(), &level,
+                         &context_->certificate_info.get(), false,
+                         false, &error_message)) {
+    LOG(ERROR) << "Failed to verify signature: " << error_message;
+    return Status::CERT_ERROR;
+  }
+  return Status::OK;
+}
+
+}  // namespace security
+}  // namespace common_installer

diff --git a/src/common/step/security/step_recover_signature.h b/src/common/step/security/step_recover_signature.h
new file mode 100644 (file)
index 0000000..c05eb2d
--- /dev/null
+++ b/src/common/step/security/step_recover_signature.h
@@ -0,0 +1,43 @@
+// Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by an apache 2.0 license that can be
+// found in the LICENSE file.
+
+#ifndef COMMON_STEP_SECURITY_STEP_RECOVER_SIGNATURE_H_
+#define COMMON_STEP_SECURITY_STEP_RECOVER_SIGNATURE_H_
+
+#include <boost/filesystem/path.hpp>
+#include <manifest_parser/utils/logging.h>
+
+#include "common/installer_context.h"
+#include "common/step/recovery/step_recovery.h"
+
+namespace common_installer {
+namespace security {
+
+/**
+ * @brief responsible for restoring security
+ *        rules
+ *
+ * Part of Recovery Mode. In case of partial
+ * installation security rules get unregistered
+ * In case of unsuccessful partial update
+ * security rules for the app before update
+ * gets restored
+ */
+class StepRecoverSignature : public recovery::StepRecovery {
+ public:
+  using StepRecovery::StepRecovery;
+
+  Status RecoveryNew() override { return Status::OK; }
+  Status RecoveryUpdate() override;
+
+ private:
+  virtual boost::filesystem::path GetSignatureRoot() = 0;
+
+  STEP_NAME(RecoverSignature)
+};
+
+}  // namespace security
+}  // namespace common_installer
+
+#endif  // COMMON_STEP_SECURITY_STEP_RECOVER_SIGNATURE_H_