Reworking handling privileges for hybrid application

This patch keeps single list of privileges (stored in
manifest_x) and filters privileges when registring
security rules of applications. Following changed:
 - generated platform manifest xml contains <privilege>
   tags with 'type' atttibute set to 'tpk' or 'wgt',
 - in case of absence of attribute, its default value
   is 'tpk',
 - manifest_x changes privilege type from GList of char*
   to GList of privilege_x. Structure named 'privilege_x'
   contain parsed privilege type,
 - although there is one privilege list, given the fact
   that privilege now have type, native and web privileges
   should be registered in native or web apps only.

Verification:
 - no regression in tpk/wgt smoke tests,
 - install hybrid app with native and web privileges
   and check generated manifest file for privileges,
 - install web app with privileges and check generated
   manifest file,
 - install web app without privileges and check generated
   manifest file -> default privileges should be added.

Submit together:
 - https://review.tizen.org/gerrit/#/c/90540/
 - https://review.tizen.org/gerrit/#/c/90543/
 - https://review.tizen.org/gerrit/#/c/90544/
 - https://review.tizen.org/gerrit/#/c/90546/
 - https://review.tizen.org/gerrit/#/c/90561/

Change-Id: I3cee36962fc3763636e430353cf4ebd362cbe37a

diff --git a/src/tpk/external_dirs.cc b/src/tpk/external_dirs.cc
index 27cd889..ac79c33 100644 (file)
--- a/src/tpk/external_dirs.cc
+++ b/src/tpk/external_dirs.cc
@@ -19,10 +19,13 @@ namespace ci = common_installer;
 namespace tpk {
 
 bool HasExternalAppdataPrivilege(manifest_x* manifest) {
-  auto privileges = GListRange<char*>(manifest->privileges);
-  return std::find(privileges.begin(), privileges.end(),
-      std::string(common::privileges::kPrivForExternalAppData))
-          != privileges.end();
+  auto privileges = GListRange<privilege_x*>(manifest->privileges);
+  return std::find_if(privileges.begin(), privileges.end(),
+      [](privilege_x* priv) {
+        return strcmp(priv->value,
+                      ci::privileges::kPrivForExternalAppData) == 0;
+      })
+      != privileges.end();
 }
 
 bool CreateExternalAppdataDirectories(const std::string& pkgid,

diff --git a/src/tpk/tpk_installer.cc b/src/tpk/tpk_installer.cc
index 0e9f442..cf08ddb 100644 (file)
--- a/src/tpk/tpk_installer.cc
+++ b/src/tpk/tpk_installer.cc
@@ -2,6 +2,7 @@
 #include "tpk/tpk_installer.h"
 
 #include <common/app_installer.h>
+#include <common/privileges.h>
 #include <common/step/backup/step_backup_icons.h>
 #include <common/step/backup/step_backup_manifest.h>
 #include <common/step/backup/step_copy_backup.h>
@@ -163,7 +164,8 @@ void TpkInstaller::InstallSteps() {
   AddStep<ci::configuration::StepCheckTizenVersion>();
   AddStep<ci::security::StepCheckSignature>();
   AddStep<tpk::configuration::StepAdjustInstallLocation>();
-  AddStep<ci::security::StepPrivilegeCompatibility>();
+  AddStep<ci::security::StepPrivilegeCompatibility>(
+      ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK);
   AddStep<tpk::security::StepCheckTpkBackgroundCategory>();
   AddStep<ci::filesystem::StepRemoveGlobalAppSymlinks>();
   AddStep<ci::filesystem::StepAcquireExternalStorage>(false);
@@ -197,7 +199,8 @@ void TpkInstaller::UpdateSteps() {
   AddStep<ci::configuration::StepCheckTizenVersion>();
   AddStep<ci::security::StepCheckSignature>();
   AddStep<tpk::configuration::StepAdjustInstallLocation>();
-  AddStep<ci::security::StepPrivilegeCompatibility>();
+  AddStep<ci::security::StepPrivilegeCompatibility>(
+      ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK);
   AddStep<tpk::security::StepCheckTpkBackgroundCategory>();
   AddStep<ci::security::StepCheckOldCertificate>();
   AddStep<ci::configuration::StepParseManifest>(
@@ -255,18 +258,19 @@ void TpkInstaller::ReinstallSteps() {
   AddStep<ci::configuration::StepConfigure>(pkgmgr_);
   AddStep<tpk::configuration::StepCheckReinstallManifest>();
   AddStep<ci::configuration::StepParseManifest>(
-     ci::configuration::StepParseManifest::ManifestLocation::PACKAGE,
-     ci::configuration::StepParseManifest::StoreLocation::NORMAL);
+      ci::configuration::StepParseManifest::ManifestLocation::PACKAGE,
+      ci::configuration::StepParseManifest::StoreLocation::NORMAL);
   AddStep<ci::configuration::StepParsePreload>();
   AddStep<ci::pkgmgr::StepCheckRestriction>();
   AddStep<ci::configuration::StepCheckTizenVersion>();
   AddStep<ci::security::StepCheckSignature>();
-  AddStep<ci::security::StepPrivilegeCompatibility>();
+  AddStep<ci::security::StepPrivilegeCompatibility>(
+      ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK);
   AddStep<tpk::security::StepCheckTpkBackgroundCategory>();
   AddStep<ci::security::StepCheckOldCertificate>();
   AddStep<ci::configuration::StepParseManifest>(
-     ci::configuration::StepParseManifest::ManifestLocation::INSTALLED,
-     ci::configuration::StepParseManifest::StoreLocation::BACKUP);
+      ci::configuration::StepParseManifest::ManifestLocation::INSTALLED,
+      ci::configuration::StepParseManifest::StoreLocation::BACKUP);
   AddStep<ci::configuration::StepBlockCrossUpdate>();
   AddStep<ci::pkgmgr::StepKillApps>();
   AddStep<ci::backup::StepBackupManifest>();
@@ -304,7 +308,8 @@ void TpkInstaller::DeltaSteps() {
   AddStep<ci::filesystem::StepDisableExternalMount>();
   AddStep<ci::security::StepCheckSignature>();
   AddStep<tpk::configuration::StepAdjustInstallLocation>();
-  AddStep<ci::security::StepPrivilegeCompatibility>();
+  AddStep<ci::security::StepPrivilegeCompatibility>(
+      ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK);
   AddStep<tpk::security::StepCheckTpkBackgroundCategory>();
   AddStep<ci::security::StepCheckOldCertificate>();
   AddStep<ci::configuration::StepBlockCrossUpdate>();
@@ -369,7 +374,8 @@ void TpkInstaller::MountInstallSteps() {
   AddStep<ci::configuration::StepCheckTizenVersion>();
   AddStep<ci::security::StepCheckSignature>();
   AddStep<tpk::configuration::StepAdjustInstallLocation>();
-  AddStep<ci::security::StepPrivilegeCompatibility>();
+  AddStep<ci::security::StepPrivilegeCompatibility>(
+      ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK);
   AddStep<tpk::security::StepCheckTpkBackgroundCategory>();
   AddStep<ci::security::StepRollbackInstallationSecurity>();
   AddStep<ci::filesystem::StepRemoveGlobalAppSymlinks>();
@@ -403,7 +409,8 @@ void TpkInstaller::MountUpdateSteps() {
   AddStep<ci::configuration::StepCheckTizenVersion>();
   AddStep<ci::security::StepCheckSignature>();
   AddStep<tpk::configuration::StepAdjustInstallLocation>();
-  AddStep<ci::security::StepPrivilegeCompatibility>();
+  AddStep<ci::security::StepPrivilegeCompatibility>(
+      ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK);
   AddStep<tpk::security::StepCheckTpkBackgroundCategory>();
   AddStep<ci::security::StepCheckOldCertificate>();
   AddStep<ci::configuration::StepParseManifest>(
@@ -444,7 +451,8 @@ void TpkInstaller::ManifestDirectInstallSteps() {
   AddStep<tpk::pkgmgr::StepManifestAdjustment>();
   AddStep<ci::security::StepCheckSignature>();
   AddStep<tpk::configuration::StepAdjustInstallLocation>();
-  AddStep<ci::security::StepPrivilegeCompatibility>();
+  AddStep<ci::security::StepPrivilegeCompatibility>(
+      ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK);
   AddStep<tpk::security::StepCheckTpkBackgroundCategory>();
   AddStep<tpk::filesystem::StepCreateSymbolicLink>();
   AddStep<tpk::filesystem::StepTpkPatchIcons>();
@@ -470,7 +478,8 @@ void TpkInstaller::ManifestDirectUpdateSteps() {
   AddStep<tpk::pkgmgr::StepManifestAdjustment>();
   AddStep<ci::security::StepCheckSignature>();
   AddStep<tpk::configuration::StepAdjustInstallLocation>();
-  AddStep<ci::security::StepPrivilegeCompatibility>();
+  AddStep<ci::security::StepPrivilegeCompatibility>(
+      ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK);
   AddStep<tpk::security::StepCheckTpkBackgroundCategory>();
   AddStep<tpk::filesystem::StepCreateSymbolicLink>();
   AddStep<tpk::filesystem::StepTpkPatchIcons>();

diff --git a/src/unit_tests/manifest_test_package.cc b/src/unit_tests/manifest_test_package.cc
index 5e21c65..d07eef2 100644 (file)
--- a/src/unit_tests/manifest_test_package.cc
+++ b/src/unit_tests/manifest_test_package.cc
@@ -216,7 +216,7 @@ TEST_F(ManifestTest, PrivilegesElement_Missing) {
   ASSERT_TRUE(runner.Run());
   manifest_x* m = runner.GetManifest();
   ASSERT_NE(m, nullptr);
-  auto privileges = GListRange<const char*>(m->privileges);
+  auto privileges = GListRange<privilege_x*>(m->privileges);
   ASSERT_EQ(Size(&privileges), 0);
 }
 
@@ -225,7 +225,7 @@ TEST_F(ManifestTest, PrivilegesElement_None) {
   ASSERT_TRUE(runner.Run());
   manifest_x* m = runner.GetManifest();
   ASSERT_NE(m, nullptr);
-  auto privileges = GListRange<char*>(m->privileges);
+  auto privileges = GListRange<privilege_x*>(m->privileges);
   ASSERT_EQ(Size(&privileges), 0);
 }
 
@@ -234,9 +234,9 @@ TEST_F(ManifestTest, PrivilegesElement_Valid) {
   ASSERT_TRUE(runner.Run());
   manifest_x* m = runner.GetManifest();
   ASSERT_NE(m, nullptr);
-  auto privileges = GListRange<char*>(m->privileges);
+  auto privileges = GListRange<privilege_x*>(m->privileges);
   ASSERT_EQ(Size(&privileges), 1);
-  ASSERT_CSTR_EQ(*(privileges.begin()),
+  ASSERT_CSTR_EQ((*privileges.begin())->value,
                  "http://tizen.org/privilege/application.admin");
 }
 
@@ -245,13 +245,13 @@ TEST_F(ManifestTest, PrivilegesElement_Many) {
   ASSERT_TRUE(runner.Run());
   manifest_x* m = runner.GetManifest();
   ASSERT_NE(m, nullptr);
-  auto privileges = GListRange<char*>(m->privileges);
+  auto privileges = GListRange<privilege_x*>(m->privileges);
   ASSERT_EQ(Size(&privileges), 3);
-  ASSERT_CSTR_EQ(*(privileges.begin()),
+  ASSERT_CSTR_EQ(((*privileges.begin()))->value,
                  "http://tizen.org/privilege/account.read");
-  ASSERT_CSTR_EQ(*(++privileges.begin()),
+  ASSERT_CSTR_EQ(((*++privileges.begin()))->value,
                  "http://tizen.org/privilege/application.admin");
-  ASSERT_CSTR_EQ(*(++++privileges.begin()),
+  ASSERT_CSTR_EQ(((*++++privileges.begin())->value),
                  "http://tizen.org/privilege/appmanager.launch");
 }