// Use of this source code is governed by a apache 2.0 license that can be
// found in the LICENSE file.
-#include "common/step/filesystem/step_change_owner.h"
+#include "common/step/filesystem/step_change_ownership_and_permission.h"
#include <unistd.h>
#include <sys/types.h>
#include <string>
#include <vector>
+#include <boost/range/iterator_range.hpp>
+
#include "common/paths.h"
#include "common/request.h"
#include "common/shared_dirs.h"
const char kDataDir[] = "data";
const char kSharedDataDir[] = "shared/data";
+bool GrantPermission755(const bf::path& path) {
+ auto permission = bf::perms::owner_all |
+ bf::perms::group_read | bf::perms::group_exe |
+ bf::perms::others_read | bf::perms::others_exe;
+ if (!ci::SetDirPermissions(path, permission)) {
+ LOG(ERROR) << "Grant permission error" << " path: " << path
+ << " permission: " << permission;
+ return false;
+ }
+ return true;
+}
+
+bool GrantPermission644(const bf::path& path) {
+ auto permission = bf::perms::owner_read | bf::perms::owner_write |
+ bf::perms::group_read | bf::perms::others_read;
+ if (!ci::SetDirPermissions(path, permission)) {
+ LOG(ERROR) << "Grant permission error" << " path: " << path
+ << " permission: " << permission;
+ return false;
+ }
+ return true;
+}
+
bool ChangeDataDir(const bf::path& pkg_path, uid_t uid) {
if (ci::GetRequestMode(uid) == ci::RequestMode::GLOBAL)
return true;
return false;
}
- bf::perms prms = bf::add_perms | bf::group_write | bf::group_exe |
- bf::set_gid_on_exe;
+ bf::perms prms = bf::add_perms | bf::group_write | bf::set_gid_on_exe;
bf::path data = pkg_path / kDataDir;
if (!ci::SetOwnership(data, uid, *gid)) {
LOG(ERROR) << "Failed to change owner: " << data
return true;
}
+bool GrantDefaultPermissions(bf::path pkg_path) {
+ if (bf::is_directory(pkg_path)) {
+ if (!GrantPermission755(pkg_path))
+ return false;
+ }
+ for (auto& entry :
+ boost::make_iterator_range(bf::directory_iterator(pkg_path), {})) {
+ auto path = entry.path();
+
+ // symlink will be skipped
+ if (bf::is_symlink(symlink_status(path)))
+ continue;
+
+ // skip path, which is related to mount or directory installer creates
+ if (bf::is_directory(path) &&
+ (path.filename() == ".mmc" || path.filename() == ".pkg" ||
+ path.filename() == "tep"))
+ continue;
+
+ if (bf::is_directory(path) && path.filename() == "bin") {
+ if (!GrantPermission755(path))
+ return false;
+ for (auto& entry :
+ boost::make_iterator_range(bf::directory_iterator(path), {})) {
+ auto path = entry.path();
+ if (bf::is_regular_file(path)) {
+ if (!GrantPermission755(path))
+ return false;
+ }
+ }
+ continue;
+ }
+
+ if (bf::is_directory(path) && path.filename() == "lib") {
+ if (!GrantPermission755(path))
+ return false;
+ for (auto& entry :
+ boost::make_iterator_range(bf::directory_iterator(path), {})) {
+ auto path = entry.path();
+ if (bf::is_regular_file(path)) {
+ if (!GrantPermission644(path))
+ return false;
+ }
+ }
+ continue;
+ }
+
+ if (bf::is_directory(path)) {
+ if (!GrantPermission755(path))
+ return false;
+ continue;
+ }
+
+ if (bf::is_regular_file(path)) {
+ if (!GrantPermission644(path))
+ return false;
+ continue;
+ }
+ }
+
+ return true;
+}
+
} // namespace
namespace common_installer {
namespace filesystem {
-Step::Status StepChangeOwner::precheck() {
+Step::Status StepChangeOwnershipAndPermission::precheck() {
if (context_->root_application_path.get().empty()) {
LOG(ERROR) << "root_application_path attribute is empty";
return Step::Status::INVALID_VALUE;
return Step::Status::OK;
}
-Step::Status StepChangeOwner::process() {
+Step::Status StepChangeOwnershipAndPermission::process() {
uid_t uid = context_->uid.get();
boost::optional<gid_t> gid = ci::GetGidByUid(uid);
if (!gid)
return Status::ERROR;
+ // Grant default permissions
+ if (!GrantDefaultPermissions(context_->pkg_path.get()))
+ return Status::GRANT_PERMISSION_ERROR;
+
// Change owner of files at root path
if (!ci::SetOwnershipAll(context_->pkg_path.get(), uid, *gid))
return Status::ERROR;
icon_x* icon = reinterpret_cast<icon_x*>(app->icon->data);
bf::path icon_path = icon->text;
- // bf::path base_path = iconpath;
bf::path found_icon_path = GetIconPath(iconpath,
context_->pkgid.get(), icon_path.filename(),
context_->root_application_path.get());
// Use of this source code is governed by a apache 2.0 license that can be
// found in the LICENSE file.
-#ifndef COMMON_STEP_FILESYSTEM_STEP_CHANGE_OWNER_H_
-#define COMMON_STEP_FILESYSTEM_STEP_CHANGE_OWNER_H_
+#ifndef COMMON_STEP_FILESYSTEM_STEP_CHANGE_OWNERSHIP_AND_PERMISSION_H_
+#define COMMON_STEP_FILESYSTEM_STEP_CHANGE_OWNERSHIP_AND_PERMISSION_H_
#include <manifest_parser/utils/logging.h>
* \brief step responsible for changing ownership from system uid to actual user.
* Used by WGT and TPK
*/
-class StepChangeOwner : public Step {
+class StepChangeOwnershipAndPermission : public Step {
public:
using Step::Step;
Status clean() override { return Status::OK; }
Status undo() override { return Status::OK; }
Status precheck() override;
- STEP_NAME(ChangeOwner)
+ STEP_NAME(ChangeOwnershipAndPermission)
};
} // namespace filesystem
} // namespace common_installer
-#endif // COMMON_STEP_FILESYSTEM_STEP_CHANGE_OWNER_H_
+#endif // COMMON_STEP_FILESYSTEM_STEP_CHANGE_OWNERSHIP_AND_PERMISSION_H_