#include <string>
+#include "common/paths.h"
#include "common/utils/file_util.h"
#include "common/tzip_interface.h"
}
RemoveAll(context_->unpacked_dir_path.get());
+
+ if (context_->request_type.get() == RequestType::MountUpdate) {
+ bf::path mount_point = GetMountLocation(context_->GetPkgPath());
+ TzipInterface tzip_final(mount_point);
+ if (!tzip_final.UnmountZip()) {
+ LOG(ERROR) << "Failed to unmount zip package after revoke";
+ return Status::APP_DIR_ERROR;
+ }
+ }
return Status::OK;
}
<< backup_zip_location;
return Status::APP_DIR_ERROR;
}
+
+ // mount previous file for re-registration of trust anchor
+ bf::path zip_destination_path =
+ GetZipPackageLocation(context_->GetPkgPath(), context_->pkgid.get());
+ if (!tzip_final.MountZip(zip_destination_path)) {
+ LOG(ERROR) << "Failed to mount zip package in installation path";
+ return Status::APP_DIR_ERROR;
+ }
}
return Status::OK;
}
for (bf::directory_iterator file(path);
file != bf::directory_iterator(); ++file) {
bf::path current(file->path());
- if (bf::is_symlink(symlink_status(current)))
- if (!Remove(current))
+ if (bf::is_symlink(symlink_status(current)) &&
+ !bf::remove(current))
return false;
}
return true;
}
Step::Status StepRegisterTrustAnchor::precheck() {
+ if (context_->GetPkgPath().empty()) {
+ LOG(ERROR) << "pkg path is empty";
+ return Step::Status::INVALID_VALUE;
+ }
+
if (!context_->manifest_data.get()) {
LOG(ERROR) << "manifest_data attribute is empty";
return Step::Status::INVALID_VALUE;
Step::Status StepRegisterTrustAnchor::process() {
int ret;
bf::path pkg_certs_path = context_->GetPkgPath() / kTpkTrustAnchorPath;
+ manifest_x* manifest = context_->manifest_data.get();
+
if (register_type_ == RegisterType::UPDATE) {
ret = trust_anchor_uninstall(context_->pkgid.get().c_str(),
context_->uid.get());
return Step::Status::SECURITY_ERROR;
}
- if (!context_->pkg_type.get().compare(kWgt)) {
- if (!common_installer::CreateDir(pkg_certs_path))
- return Step::Status::APP_DIR_ERROR;
- if (!RemoveWgtTrustAnchorSymLinks(pkg_certs_path))
+ if (!context_->partial_rw.get() &&
+ !context_->pkg_type.get().compare(kWgt)) {
+ if (bf::exists(pkg_certs_path) &&
+ !RemoveWgtTrustAnchorSymLinks(pkg_certs_path))
return Step::Status::APP_DIR_ERROR;
}
}
- manifest_x* manifest = context_->manifest_data.get();
if (!manifest->use_system_certs)
return Step::Status::OK;
- if (!context_->pkg_type.get().compare(kWgt)) {
- // For wgt package, create
- // [pkg_root]/res/.trust-anchor directory and create symbolic link
+ if (!context_->pkg_type.get().compare(kWgt) &&
+ (context_->request_type.get() != RequestType::ManifestPartialInstall &&
+ context_->request_type.get() != RequestType::ManifestPartialUpdate &&
+ context_->request_type.get() != RequestType::PartialUninstall &&
+ context_->request_type.get() != RequestType::ReadonlyUpdateUninstall)) {
+ // For wgt package,
+ // create [pkg_root]/res/.trust-anchor directory and create symbolic link
if (!common_installer::CreateDir(pkg_certs_path))
return Step::Status::APP_DIR_ERROR;
+
bf::path pkg_certs_src_path =
context_->GetPkgPath() / "res/wgt" / kWgtTrustAnchorPath;
for (bf::directory_iterator file(pkg_certs_src_path);
return Step::Status::OK;
}
+Step::Status StepRegisterTrustAnchor::undo() {
+ manifest_x* manifest = context_->manifest_data.get();
+ if (!manifest->use_system_certs)
+ return Step::Status::OK;
+
+ int ret = trust_anchor_uninstall(context_->pkgid.get().c_str(),
+ context_->uid.get());
+ if (ret != TRUST_ANCHOR_ERROR_NONE) {
+ LOG(ERROR) << "Failed to unregister trust anchor. error : " << ret;
+ return Step::Status::SECURITY_ERROR;
+ }
+
+ // Re-registration of trust anchor with previous value
+ // should be performed after rollback files.
+
+ return Step::Status::OK;
+}
+
} // namespace security
} // namespace common_installer
using Step::Step;
Status process() override;
- Status undo() override { return Status::OK; }
+ Status undo() override;
Status clean() override { return Status::OK; }
Status precheck() override;
STEP_NAME(StepRegisterTrustAnchor)
};
-
} // namespace security
} // namespace common_installer
--- /dev/null
+// Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#include "common/step/security/step_revoke_trust_anchor.h"
+
+#include <trust-anchor.h>
+#include <boost/filesystem.hpp>
+
+#include <string>
+
+#include "common/utils/file_util.h"
+
+namespace common_installer {
+namespace security {
+
+namespace bf = boost::filesystem;
+
+namespace {
+
+const char kTpkTrustAnchorPath[] = "res/.trust-anchor";
+const char kWgtTrustAnchorPath[] = ".trust-anchor";
+const char kWgt[] = "wgt";
+
+} // namespace
+
+StepRevokeTrustAnchor::StepRevokeTrustAnchor(InstallerContext* context)
+ : Step(context) {
+}
+
+Step::Status StepRevokeTrustAnchor::undo() {
+ manifest_x* manifest = context_->old_manifest_data.get();
+ if (!manifest) {
+ LOG(ERROR) << "old_manifest_data attribute is empty";
+ return Step::Status::INVALID_VALUE;
+ }
+
+ if (!manifest->use_system_certs)
+ return Step::Status::OK;
+
+ bf::path pkg_certs_path = context_->GetPkgPath() / kTpkTrustAnchorPath;
+ if (!context_->pkg_type.get().compare(kWgt)) {
+ // For wgt package,
+ // create [pkg_root]/res/.trust-anchor directory and create symbolic link
+ if (bf::exists(pkg_certs_path)) {
+ for (bf::directory_iterator file(pkg_certs_path);
+ file != bf::directory_iterator(); ++file) {
+ bf::path current(file->path());
+ if (bf::is_symlink(symlink_status(current))) {
+ if (!bf::remove(current)) {
+ LOG(ERROR) << "Failed to remove previous symlink : " << current;
+ return Step::Status::APP_DIR_ERROR;
+ }
+ }
+ }
+ } else {
+ if (!common_installer::CreateDir(pkg_certs_path))
+ return Step::Status::APP_DIR_ERROR;
+ }
+
+ bf::path pkg_certs_src_path =
+ context_->GetPkgPath() / "res/wgt" / kWgtTrustAnchorPath;
+ for (bf::directory_iterator file(pkg_certs_src_path);
+ file != bf::directory_iterator(); ++file) {
+ bf::path current(file->path());
+ try {
+ bf::create_symlink(current, pkg_certs_path / current.filename());
+ } catch (const bf::filesystem_error& error) {
+ LOG(ERROR) << "Failed to make trust anchor symlink : " << error.what();
+ return Step::Status::APP_DIR_ERROR;
+ }
+ }
+ }
+
+ int ret = trust_anchor_install(context_->pkgid.get().c_str(),
+ context_->uid.get(), pkg_certs_path.string().c_str(),
+ (strcasecmp(manifest->use_system_certs, "true") == 0) ? true : false);
+
+ if (ret != TRUST_ANCHOR_ERROR_NONE) {
+ LOG(ERROR) << "Failed to register trust anchor. error : " << ret;
+ return Step::Status::SECURITY_ERROR;
+ }
+
+ return Step::Status::OK;
+}
+
+} // namespace security
+} // namespace common_installer
--- /dev/null
+// Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#ifndef COMMON_STEP_SECURITY_STEP_REVOKE_TRUST_ANCHOR_H_
+#define COMMON_STEP_SECURITY_STEP_REVOKE_TRUST_ANCHOR_H_
+
+#include <manifest_parser/utils/logging.h>
+
+#include "common/step/step.h"
+
+namespace common_installer {
+namespace security {
+
+class StepRevokeTrustAnchor : public Step {
+ public:
+ enum class RegisterType {
+ INSTALL, // Register trust anchor with new package
+ UPDATE // Update trust anchor with existing package
+ };
+
+ explicit StepRevokeTrustAnchor(common_installer::InstallerContext* context);
+
+ using Step::Step;
+
+ Status process() override { return Status::OK; }
+ Status undo() override;
+ Status clean() override { return Status::OK; }
+ Status precheck() override { return Status::OK; }
+
+ STEP_NAME(StepRevokeTrustAnchor)
+};
+
+} // namespace security
+} // namespace common_installer
+
+#endif // COMMON_STEP_SECURITY_STEP_REVOKE_TRUST_ANCHOR_H_
namespace bf = boost::filesystem;
+const char kTpkTrustAnchorPath[] = "res/.trust-anchor";
+
Step::Status StepUnregisterTrustAnchor::precheck() {
if (!context_->manifest_data.get()) {
LOG(ERROR) << "manifest_data attribute is empty";
return Step::Status::OK;
}
+Step::Status StepUnregisterTrustAnchor::undo() {
+ manifest_x* manifest = context_->manifest_data.get();
+
+ if (!manifest->use_system_certs)
+ return Step::Status::OK;
+
+ bf::path pkg_certs_path = context_->GetPkgPath() / kTpkTrustAnchorPath;
+ int ret = trust_anchor_install(context_->pkgid.get().c_str(),
+ context_->uid.get(), pkg_certs_path.string().c_str(),
+ (strcasecmp(manifest->use_system_certs, "true") == 0) ? true : false);
+
+ if (ret != TRUST_ANCHOR_ERROR_NONE) {
+ LOG(ERROR) << "Failed to register trust anchor. error : " << ret;
+ return Step::Status::SECURITY_ERROR;
+ }
+
+ return Step::Status::OK;
+}
+
} // namespace security
} // namespace common_installer
using Step::Step;
Status process() override;
- Status undo() override { return Status::OK; }
+ Status undo() override;
Status clean() override { return Status::OK; }
Status precheck() override;
projects / platform / core / appfw / app-installers.git / commitdiff