Call API to support trust-anchor

Change-Id: I7d9aef6f16ca18c7fd1cfdbdc1a7403b9cd86cae
Signed-off-by: Junghoon Park <jh9216.park@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5ecb214..1e1b618 100755 (executable)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -8,6 +8,7 @@ PKG_CHECK_MODULES(${this_target_pool} REQUIRED
        dlog
        libsystemd
        security-manager
+       tanchor
        bundle
        gio-2.0
        ttrace
@@ -25,6 +26,8 @@ PKG_CHECK_MODULES(${this_target_loader} REQUIRED
        ecore
        elementary
        security-manager
+       libtzplatform-config
+       tanchor
        bundle
        aul
        vconf
@@ -41,6 +44,8 @@ PKG_CHECK_MODULES(${this_target_lib} REQUIRED
        bundle
        aul
        security-manager
+       libtzplatform-config
+       tanchor
        )
 
 FOREACH(flag ${${this_target_lib}_CFLAGS})

diff --git a/inc/key.h b/inc/key.h
index 71877b7..2628999 100644 (file)
--- a/inc/key.h
+++ b/inc/key.h
@@ -43,6 +43,7 @@ extern "C" {
 #define AUL_K_SDK                      "__AUL_SDK__"
 #define AUL_K_ORG_CALLER_PID           "__AUL_ORG_CALLER_PID__"
 #define AUL_K_HIGHPRIORITY             "__AUL_HIGHPRIORITY__"
+#define AUL_K_IS_GLOBAL                        "__AUL_IS_GLOBAL__"
 
 #ifdef __cplusplus
 }

diff --git a/inc/launchpad_common.h b/inc/launchpad_common.h
index 5bc4142..90bb662 100644 (file)
--- a/inc/launchpad_common.h
+++ b/inc/launchpad_common.h
@@ -25,6 +25,8 @@
 #include <bundle_internal.h>
 #include <sys/socket.h>
 #include <sys/un.h>
+#include <stdbool.h>
+#include <tzplatform_config.h>
 
 #ifdef LAUNCHPAD_LOG
 #undef LOG_TAG
@@ -66,6 +68,7 @@
 } while (0)
 
 #define ARRAY_SIZE(x) ((sizeof(x)) / sizeof(x[0]))
+#define GLOBAL_USER tzplatform_getuid(TZ_SYS_GLOBALAPP_USER)
 
 enum loader_arg {
        LOADER_ARG_PATH,
@@ -95,6 +98,7 @@ typedef struct {
        char *internal_pool;
        char *root_path;
        char *loader_name;
+       bool global;
 } appinfo_t;
 
 void _modify_bundle(bundle *kb, int caller_pid, appinfo_t *menu_info, int cmd);

diff --git a/inc/loader_info.h b/inc/loader_info.h
index a3c58bb..493cdf6 100644 (file)
--- a/inc/loader_info.h
+++ b/inc/loader_info.h
@@ -40,6 +40,7 @@ typedef struct _loader_info {
        int cpu_threshold_max;
        int cpu_threshold_min;
        bool on_boot;
+       bool global;
 } loader_info_t;
 
 GList *_loader_info_load(const char *path);

diff --git a/packaging/launchpad.spec b/packaging/launchpad.spec
index e60c5bc..5c593ed 100644 (file)
--- a/packaging/launchpad.spec
+++ b/packaging/launchpad.spec
@@ -23,6 +23,7 @@ BuildRequires:  pkgconfig(aul)
 BuildRequires:  pkgconfig(ttrace)
 BuildRequires:  pkgconfig(libtzplatform-config)
 BuildRequires:  pkgconfig(libcap)
+BuildRequires:  pkgconfig(tanchor)
 
 Requires(post): /sbin/ldconfig
 Requires(post): /usr/bin/systemctl

diff --git a/src/launchpad.c b/src/launchpad.c
index fc7d8bb..8f51b79 100755 (executable)
--- a/src/launchpad.c
+++ b/src/launchpad.c
@@ -36,6 +36,7 @@
 #include <ttrace.h>
 #include <vconf.h>
 #include <math.h>
+#include <trust-anchor.h>
 
 #include "perf.h"
 #include "launchpad_common.h"
@@ -731,6 +732,16 @@ static int __prepare_exec(const char *appid, const char *app_path,
        /* TODO : should be add to check permission in the kernel*/
        setsid();
 
+       if (menu_info->global)
+               ret = trust_anchor_launch(menu_info->pkgid, GLOBAL_USER);
+       else
+               ret = trust_anchor_launch(menu_info->pkgid, getuid());
+       if (ret != TRUST_ANCHOR_ERROR_NONE &&
+                       ret != TRUST_ANCHOR_ERROR_NOT_INSTALLED) {
+               _E("trust_anchor_launch() returns %d", ret);
+               return PAD_ERR_REJECTED;
+       }
+
        /* SET PRIVILEGES*/
        ret = security_manager_prepare_app(appid);
        if (ret != SECURITY_MANAGER_SUCCESS)

diff --git a/src/launchpad_common.c b/src/launchpad_common.c
index d73952c..e6123b5 100644 (file)
--- a/src/launchpad_common.c
+++ b/src/launchpad_common.c
@@ -479,6 +479,12 @@ appinfo_t *_appinfo_create(bundle *kb)
        if (ptr)
                menu_info->loader_name = strdup(ptr);
 
+       ptr = bundle_get_val(kb, AUL_K_IS_GLOBAL);
+       if (ptr && strcmp(ptr, "true") == 0)
+               menu_info->global = true;
+       else
+               menu_info->global = false;
+
        if (!_appinfo_get_app_path(menu_info)) {
                _appinfo_free(menu_info);
                return NULL;

diff --git a/src/launchpad_lib.c b/src/launchpad_lib.c
index 183bd71..97b8e9e 100644 (file)
--- a/src/launchpad_lib.c
+++ b/src/launchpad_lib.c
@@ -25,6 +25,7 @@
 #include <bundle_internal.h>
 #include <aul.h>
 #include <security-manager.h>
+#include <trust-anchor.h>
 #include <buxton2.h>
 #include <vconf.h>
 
@@ -54,7 +55,7 @@ static void __at_exit_to_release_bundle(void)
 }
 
 static int __prepare_exec(const char *appid, const char *app_path,
-                       const char *pkg_type, int type)
+                       const char *pkg_type, int type, const char* pkgid, bool global)
 {
        const char *file_name = NULL;
        char process_name[AUL_PR_NAME] = { 0, };
@@ -66,6 +67,18 @@ static int __prepare_exec(const char *appid, const char *app_path,
        /* SET PRIVILEGES*/
        SECURE_LOGD("[candidata] appid : %s / pkg_type : %s / app_path : %s",
                appid, pkg_type, app_path);
+
+       if (global)
+               ret = trust_anchor_launch(pkgid, GLOBAL_USER);
+       else
+               ret = trust_anchor_launch(pkgid, getuid());
+
+       if (ret != TRUST_ANCHOR_ERROR_NONE &&
+                       ret != TRUST_ANCHOR_ERROR_NOT_INSTALLED) {
+               _E("trust_anchor_launch() returns %d", ret);
+               return -1;
+       }
+
        ret = security_manager_prepare_app(appid);
        if (ret != SECURITY_MANAGER_SUCCESS) {
                _E("Failed to set privileges %s:%d", appid, ret);
@@ -122,11 +135,11 @@ static int __prepare_exec(const char *appid, const char *app_path,
 
 static int __default_launch_cb(bundle *kb, const char *appid,
                const char *app_path, const char *root_path,
-               const char *pkgid, const char *pkg_type, int loader_type)
+               const char *pkgid, const char *pkg_type, int loader_type, bool global)
 {
        char err_str[MAX_LOCAL_BUFSZ] = { 0, };
 
-       if (__prepare_exec(appid, app_path, pkg_type, loader_type) < 0) {
+       if (__prepare_exec(appid, app_path, pkg_type, loader_type, pkgid, global) < 0) {
                _E("__candidate_process_prepare_exec() failed");
                if (access(app_path, F_OK | R_OK)) {
                        SECURE_LOGE("access() failed for file: \"%s\", " \
@@ -205,7 +218,7 @@ static int __candidate_process_launchpad_main_loop(app_pkt_t *pkt,
 
        __default_launch_cb(kb, menu_info->appid, app_path,
                        menu_info->root_path, menu_info->pkgid,
-                       menu_info->pkg_type, type);
+                       menu_info->pkg_type, type, menu_info->global);
 
        if (__loader_callbacks->launch) {
                ret = __loader_callbacks->launch(tmp_argc, tmp_argv, app_path,