Add StepRecoverTrustAnchor

- Add new step to handle some exceptional cases.

Change-Id: Idcee8bde65327738e0ad8efbe20c35f11364bac3
Signed-off-by: Junghyun Yeon <jungh.yeon@samsung.com>

diff --git a/src/common/step/security/step_recover_trust_anchor.cc b/src/common/step/security/step_recover_trust_anchor.cc
new file mode 100644 (file)
index 0000000..7ce76fc
--- /dev/null
+++ b/src/common/step/security/step_recover_trust_anchor.cc
@@ -0,0 +1,51 @@
+// Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by an apache 2.0 license that can be
+// found in the LICENSE file.
+
+#include "common/step/security/step_recover_trust_anchor.h"
+#include "common/step/security/step_register_trust_anchor.h"
+
+#include <trust-anchor.h>
+
+#include <string>
+
+#include "common/utils/file_util.h"
+
+namespace common_installer {
+namespace security {
+
+Step::Status StepRecoverTrustAnchor::RecoveryNew() {
+  manifest_x* manifest = context_->manifest_data.get();
+
+  if (!manifest || manifest->use_system_certs)
+    return Step::Status::OK;
+
+  int ret = trust_anchor_uninstall(context_->pkgid.get().c_str(),
+      context_->uid.get());
+  if (ret != TRUST_ANCHOR_ERROR_NONE) {
+    LOG(ERROR) << "Failed to recover trust anchor but continue";
+    return Step::Status::OK;
+  }
+  LOG(INFO) << "Trust anchor recovery done";
+  return Step::Status::OK;
+}
+
+Step::Status StepRecoverTrustAnchor::RecoveryUpdate() {
+  StepRegisterTrustAnchor step(context_,
+      StepRegisterTrustAnchor::RegisterType::UPDATE);
+  Step::Status status = step.precheck();
+  if (status != Step::Status::OK) {
+    LOG(ERROR) << "Failed to recover trust anchor but continue";
+    return Step::Status::OK;
+  }
+  status = step.process();
+  if (status != Step::Status::OK) {
+    LOG(ERROR) << "Failed to recover trust anchor but continue";
+    return Step::Status::OK;
+  }
+  LOG(INFO) << "Trust anchor recovery done";
+  return Step::Status::OK;
+}
+
+}  // namespace security
+}  // namespace common_installer

diff --git a/src/common/step/security/step_recover_trust_anchor.h b/src/common/step/security/step_recover_trust_anchor.h
new file mode 100644 (file)
index 0000000..fb8845e
--- /dev/null
+++ b/src/common/step/security/step_recover_trust_anchor.h
@@ -0,0 +1,40 @@
+// Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by an apache 2.0 license that can be
+// found in the LICENSE file.
+
+#ifndef COMMON_STEP_SECURITY_STEP_RECOVER_TRUST_ANCHOR_H_
+#define COMMON_STEP_SECURITY_STEP_RECOVER_TRUST_ANCHOR_H_
+
+#include <boost/filesystem/path.hpp>
+#include <manifest_parser/utils/logging.h>
+
+#include "common/installer_context.h"
+#include "common/step/recovery/step_recovery.h"
+
+namespace common_installer {
+namespace security {
+
+/**
+ * @brief responsible for restoring trust anchor values
+ *
+ *
+ * Part of Recovery Mode. In case of partial
+ * installation trust anchor values get unregistered
+ * In case of unsuccessful partial update
+ * trust anchor values for the app before update
+ * gets restored
+ */
+class StepRecoverTrustAnchor : public recovery::StepRecovery {
+ public:
+  using StepRecovery::StepRecovery;
+
+  Status RecoveryNew() override;
+  Status RecoveryUpdate() override;
+
+  STEP_NAME(RecoverTrustAnchor)
+};
+
+}  // namespace security
+}  // namespace common_installer
+
+#endif  // COMMON_STEP_SECURITY_STEP_RECOVER_TRUST_ANCHOR_H_