CONFIGURE_FILE(packaging/${SERVICE_NAME}-client.manifest.in ${SERVICE_NAME}-client.manifest @ONLY)
CONFIGURE_FILE(packaging/${SERVICE_NAME}-common.manifest.in ${SERVICE_NAME}-common.manifest @ONLY)
-IF (PLATFORM_VERSION_3)
- ADD_DEFINITIONS("-DPLATFORM_VERSION_3")
+ADD_DEFINITIONS("-DTZ_SYS_STORAGE=\"${TZ_SYS_STORAGE}\"")
+ADD_DEFINITIONS("-DTZ_SYS_RW_APP=\"${TZ_SYS_RW_APP}\"")
+ADD_DEFINITIONS("-DTZ_SYS_RO_APP=\"${TZ_SYS_RO_APP}\"")
- ADD_DEFINITIONS("-DTZ_SYS_STORAGE=\"${TZ_SYS_STORAGE}\"")
- ADD_DEFINITIONS("-DTZ_SYS_RW_APP=\"${TZ_SYS_RW_APP}\"")
- ADD_DEFINITIONS("-DTZ_SYS_RO_APP=\"${TZ_SYS_RO_APP}\"")
-
- CONFIGURE_FILE(packaging/${SERVICE_NAME}.manifest.in ${SERVICE_NAME}.manifest @ONLY)
- CONFIGURE_FILE(packaging/${SERVICE_NAME}-test.manifest.in ${SERVICE_NAME}-test.manifest @ONLY)
- CONFIGURE_FILE(data/scripts/500.${SERVICE_NAME}.sh.in data/scripts/500.${SERVICE_NAME}.sh @ONLY)
-ELSE (PLATFORM_VERSION_3)
- CONFIGURE_FILE(packaging/${SERVICE_NAME}.manifest.smack.in ${SERVICE_NAME}.manifest @ONLY)
- CONFIGURE_FILE(packaging/${SERVICE_NAME}-test.manifest.smack.in ${SERVICE_NAME}-test.manifest @ONLY)
-ENDIF (PLATFORM_VERSION_3)
+CONFIGURE_FILE(packaging/${SERVICE_NAME}.manifest.in ${SERVICE_NAME}.manifest @ONLY)
+CONFIGURE_FILE(packaging/${SERVICE_NAME}-test.manifest.in ${SERVICE_NAME}-test.manifest @ONLY)
+CONFIGURE_FILE(data/scripts/500.${SERVICE_NAME}.sh.in data/scripts/500.${SERVICE_NAME}.sh @ONLY)
IF (DEFINED DETAILED_URL_BASE)
MESSAGE("Use base of detailed url: ${DETAILED_URL_BASE}")
BuildRequires: pkgconfig(elementary)
BuildRequires: pkgconfig(efl-extension)
BuildRequires: pkgconfig(icu-i18n)
-%if 0%{?tizen_version_major} >= 3
BuildRequires: pkgconfig(libtzplatform-config)
BuildRequires: pkgconfig(cynara-client)
-%else
-BuildRequires: pkgconfig(libsmack)
-%endif
Requires: lib%{name}-common = %{version}-%{release}
%{?systemd_requires}
%global test_dir %{rw_data_dir}/%{service_name}-test
%global test_res_dir %{ro_data_dir}/%{service_name}-test
-%if 0%{?tizen_version_major} >= 3
%global service_user security_fw
%global service_group security_fw
%global test_user owner
%global smack_domain_name System
%global popup_unitdir %{_unitdir_user}
%global upgrade_script_dir %{ro_data_dir}/upgrade/scripts
-%else
-%global service_user system
-%global service_group system
-%global test_user system
-%global smack_domain_name %{service_name}
-%global popup_service_env_file_path /run/tizen-mobile-env
-%global popup_unitdir %{_unitdir}
-%endif
%package -n lib%{name}-common
Summary: CSR framework (common library)
License: Apache-2.0
Group: Security/Libraries
-%if 0%{?tizen_version_major} >= 3
BuildRequires: pkgconfig(cynara-creds-socket)
-%else
-BuildRequires: pkgconfig(libsmack)
-%endif
Requires: %{sbin_dir}/ldconfig
%description -n lib%{name}-common
%else
-DWITH_SAMPLE_ENGINE:BOOL=OFF \
%endif
-%if 0%{?tizen_version_major} >= 3
-DTZ_SYS_STORAGE=%TZ_SYS_STORAGE \
-DTZ_SYS_RW_APP=%TZ_SYS_RW_APP \
- -DTZ_SYS_RO_APP=%TZ_SYS_RO_APP \
- -DPLATFORM_VERSION_3:BOOL=ON
-%else
- -DPLATFORM_VERSION_3:BOOL=OFF
-%endif
+ -DTZ_SYS_RO_APP=%TZ_SYS_RO_APP
make %{?jobs:-j%jobs}
mkdir -p %{buildroot}%{ro_db_dir}
cp data/scripts/*.sql %{buildroot}%{ro_db_dir}
-%if 0%{?tizen_version_major} >= 3
mkdir -p %{buildroot}%{upgrade_script_dir}
cp data/scripts/500.%{service_name}.sh %{buildroot}%{upgrade_script_dir}
-%endif
mkdir -p %{buildroot}%{engine_dir}
mkdir -p %{buildroot}%{engine_rw_working_dir}
%dir %attr(775, %{service_user}, %{service_group}) %{engine_rw_working_dir}
# RW area platform upgrade script
-%if 0%{?tizen_version_major} >= 3
%attr(755, -, -) %{upgrade_script_dir}/500.%{service_name}.sh
-%endif
%files -n lib%{name}-common
%defattr(-,root,root,-)
+++ /dev/null
-<manifest>
- <define>
- <domain name="@SERVICE_NAME@-test" />
- <request>
- <smack request="device::sys_logging" type="rw" />
- <smack request="device::app_logging" type="rw" />
- <smack request="sys-assert::core" type="rwxat" />
- <smack request="systemd" type="rx" />
- <smack request="tizen::vconf::setting::admin" type="rl" />
- <smack request="@SERVICE_NAME@" type="rwxat" />
- <smack request="sdbd" type="rx" />
- <smack request="pkgmgr::db" type="rwx" />
- <smack request="pkgmgr::svc" type="r" />
-
- <smack request="csr::csapi" type="w" />
- <smack request="csr::wpapi" type="w" />
- <smack request="csr::adminapi" type="w" />
-
- <smack request="system::media" type="rwxat" />
- <smack request="system::homedir" type="rwxat" />
- <smack request="_" type="rwx" />
- </request>
- <permit>
- <smack permit="_" type="rx" />
- <smack permit="pkgmgr" type="rx" />
- <smack permit="pkgmgr-server" type="rx" />
- <smack permit="wrt-installer" type="rx" />
- <smack permit="@SERVICE_NAME@" type="rwxat" />
- </permit>
- </define>
- <request>
- <domain name="@SERVICE_NAME@-test" />
- </request>
-</manifest>
+++ /dev/null
-<manifest>
- <define>
- <domain name="@SERVICE_NAME@" />
- <request>
- <smack request="device::sys_logging" type="rw" />
- <smack request="device::app_logging" type="rw" />
- <smack request="sys-assert::core" type="rwxat" />
- <smack request="systemd" type="rx" />
- <smack request="xorg" type="rwxat" />
- <smack request="tizen::vconf::setting" type="rl" />
- <smack request="tizen::vconf::setting::admin" type="rl" />
- <smack request="tizen::vconf::public::r::platform::rw" type="rl" />
- <smack request="tizen::vconf::camcorder" type="rl" />
- <smack request="isf" type="rx" />
- <smack request="dbus" type="w" />
- <smack request="pulseaudio" type="w" />
- <smack request="sdbd" type="rwxat" />
- <smack request="pkgmgr::db" type="rwx" />
- <smack request="pkgmgr::svc" type="r" />
- <smack request="system::use_internet" type="w" />
- <smack request="aul::launch" type="x" />
- <smack request="app-svc::db" type="rw" />
-
- <smack request="system::media" type="rwxat" />
- <smack request="system::homedir" type="rwxat" />
- <smack request="system::ext_storage" type="rwxat" />
- <smack request="system::ext_storage_appdata" type="rwxat" />
- <smack request="system::clipboard" type="rwxat" />
- <smack request="data-provider-master::share" type="rwxat" />
- <smack request="data-provider-master::bin" type="rl" />
- <smack request="rpm-backend" type="rl" />
- <smack request="tpk-backend" type="rl" />
- <smack request="wgt-backend" type="rl" />
- </request>
- <permit>
- <smack permit="_" type="rwx" />
- <smack permit="xorg" type="rx" />
- <smack permit="pkgmgr" type="rx" />
- <smack permit="pkgmgr-server" type="rx" />
- <smack permit="wrt-installer" type="rx" />
- <smack permit="system::use_internet" type="w" />
- <smack permit="dbus" type="rx" />
-
- <smack permit="crash-worker" type="rx" />
- </permit>
- </define>
- <request>
- <domain name="@SERVICE_NAME@" />
- </request>
-</manifest>
############### SERVER ###################
-IF (PLATFORM_VERSION_3)
- MESSAGE("Use Cynara as access control backend")
- SET(AC_BACKEND_REQUIRE cynara-client)
- SET(AC_BACKEND_SRCS framework/service/access-control-cynara.cpp)
-ELSE (PLATFORM_VERSION_3)
- MESSAGE("Use Smack as access control backend")
- SET(AC_BACKEND_REQUIRE libsmack)
- SET(AC_BACKEND_SRCS framework/service/access-control-smack.cpp)
-ENDIF (PLATFORM_VERSION_3)
+MESSAGE("Use Cynara as access control backend")
+SET(AC_BACKEND_REQUIRE cynara-client)
+SET(AC_BACKEND_SRCS framework/service/access-control-cynara.cpp)
PKG_CHECK_MODULES(${TARGET_CSR_SERVER}_DEP
REQUIRED
# @brief Make common library for both of server and client
#
-IF (PLATFORM_VERSION_3)
- MESSAGE("Use Cynara as access control backend")
- SET(AC_BACKEND_COMMON_REQUIRE cynara-creds-socket)
- SET(AC_BACKEND_COMMON_SRCS common/credential-cynara.cpp)
-ELSE (PLATFORM_VERSION_3)
- MESSAGE("Use Smack as access control backend")
- SET(AC_BACKEND_COMMON_REQUIRE libsmack)
- SET(AC_BACKEND_COMMON_SRCS common/credential-smack.cpp)
-ENDIF (PLATFORM_VERSION_3)
+MESSAGE("Use Cynara as access control backend")
+SET(AC_BACKEND_COMMON_REQUIRE cynara-creds-socket)
+SET(AC_BACKEND_COMMON_SRCS common/credential-cynara.cpp)
PKG_CHECK_MODULES(${TARGET_CSR_COMMON}_DEP
REQUIRED
Credential::Credential(const std::string &_user, const std::string &_client) :
user(_user), client(_client) {}
-Credential::Credential(uid_t, gid_t, const std::string &)
-{
- ThrowExc(CSR_ERROR_SERVER, "Invalid credential ctor called which is for smack backend.");
-}
-
std::unique_ptr<Credential> Credential::get(int sockfd)
{
char *userptr = nullptr;
+++ /dev/null
-/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file credential-smack.cpp
- * @author Kyungwook Tak (k.tak@samsung.com)
- * @version 1.0
- * @brief
- */
-#include "common/credential.h"
-
-#include <vector>
-#include <sys/socket.h>
-#include <sys/smack.h>
-
-#include "common/exception.h"
-
-namespace Csr {
-
-Credential::Credential(uid_t _uid, gid_t _gid, const std::string &_label) :
- uid(_uid), gid(_gid), label(_label) {}
-
-Credential::Credential(const std::string &, const std::string &)
-{
- ThrowExc(CSR_ERROR_SERVER, "Invalid credential ctor called which is for cynara backend.");
-}
-
-std::unique_ptr<Credential> Credential::get(int sockfd)
-{
- struct ucred cred;
- socklen_t lenCred = sizeof(ucred);
-
- if (getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cred, &lenCred) != 0)
- ThrowExc(CSR_ERROR_SERVER, "getsockopt peercred failed. errno: " << errno);
-
- std::vector<char> label(SMACK_LABEL_LEN + 1, '0');
- socklen_t lenLabel = SMACK_LABEL_LEN;
-
- if (getsockopt(sockfd, SOL_SOCKET, SO_PEERSEC, label.data(), &lenLabel) != 0)
- ThrowExc(CSR_ERROR_SERVER, "getsockopt peersec failed. errno: " << errno);
-
- return std::unique_ptr<Credential>(new Credential(cred.uid, cred.gid,
- std::string(label.data(), lenLabel)));
-}
-
-}
static std::unique_ptr<Credential> get(int sockfd);
private:
- explicit Credential(uid_t, gid_t, const std::string &);
explicit Credential(const std::string &user, const std::string &client);
};
+++ /dev/null
-/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file access-control-smack.cpp
- * @author Kyungwook Tak (k.tak@samsung.com)
- * @version 1.0
- * @brief access control with smack backend
- */
-#include "service/access-control.h"
-
-#include <sys/smack.h>
-
-#include "common/exception.h"
-
-namespace Csr {
-
-void hasPermission(const ConnShPtr &conn)
-{
- hasPermission(conn, conn->getSockId());
-}
-
-void hasPermission(const ConnShPtr &conn, SockId sockId)
-{
- const auto &cred = conn->getCredential();
- const auto &sockDesc = getSockDesc(sockId);
-
- auto ret = smack_have_access(cred.label.c_str(), sockDesc.label.c_str(), "w");
- if (ret < 0)
- ThrowExc(CSR_ERROR_SERVER, "smack_have_access failed.");
-
- if (ret != 1)
- ThrowExc(CSR_ERROR_PERMISSION_DENIED, "Client[" << cred.label << "] doesn't have"
- " permission to call API. Checked by smack.");
-}
-
-}
throw std::bad_alloc();
int ret = PKGMGR_R_OK;
-#ifdef PLATFORM_VERSION_3
if (username.empty())
ret = ::pkgmgr_client_uninstall(client.get(), nullptr, pkgid.c_str(), PM_QUIET,
nullptr, nullptr);
else
ret = ::pkgmgr_client_usr_uninstall(client.get(), nullptr, pkgid.c_str(), PM_QUIET,
nullptr, nullptr, getUid(username));
-#else
- (void) username;
- ret = ::pkgmgr_client_uninstall(client.get(), nullptr, pkgid.c_str(), PM_QUIET,
- nullptr, nullptr);
-#endif
if (ret < PKGMGR_R_OK)
ThrowExc(CSR_ERROR_REMOVE_FAILED, "Failed to pkgmgr_client_uninstall for pkg: " <<
{
#define __INS_REGEX(str) AppDirs::m_regex.emplace_back(_regex(str))
-#ifdef PLATFORM_VERSION_3
// internal storages
__INS_REGEX("^(" TZ_SYS_RW_APP "/([^/]+))"); // $TZ_SYS_RW_APP/{pkgid}/
__INS_REGEX("^(" TZ_SYS_RO_APP "/([^/]+))"); // $TZ_SYS_RO_APP/{pkgid}/
__INS_REGEX("^(" TZ_SYS_STORAGE "/sdcard/app2sd/([^/]+))");
__INS_REGEX("^(" TZ_SYS_STORAGE "/sdcard/app2sd/([^/]+)/([^/]+))");
__INS_REGEX("^(" TZ_SYS_STORAGE "/sdcard/apps/([^/]+)/apps_rw/([^/]+))");
-#else
- // internal storages
- __INS_REGEX("^(/usr/apps/([^/]+))"); // /usr/apps/{pkgid}/
- __INS_REGEX("^(/opt/usr/apps/([^/]+))"); // /opt/usr/apps/{pkgid}/
-
- // external storages
- __INS_REGEX("^(/sdcard/apps/([^/]+))"); // /sdcard/apps/{pkgid}/
- __INS_REGEX("^(/sdcard/app2sd/([^/]+))"); // /sdcard/app2sd/{pkgid}/
-#endif
#undef __INS_REGEX
}
{
pkgmgrinfo_pkginfo_h handle;
-#ifdef PLATFORM_VERSION_3
int ret = -1;
if (user.empty())
ret = ::pkgmgrinfo_pkginfo_get_pkginfo(pkgid.c_str(), &handle);
else
ret = ::pkgmgrinfo_pkginfo_get_usr_pkginfo(pkgid.c_str(), getUid(user), &handle);
-#else
- (void) user;
- auto ret = ::pkgmgrinfo_pkginfo_get_pkginfo(pkgid.c_str(), &handle);
-#endif
if (ret != PMINFO_R_OK) {
INFO("Extracted pkgid[" << pkgid << "] from filepath isn't pkg id. "
CONFIGURE_FILE(${SERVICE_NAME}-wp.socket.in ${SERVICE_NAME}-wp.socket @ONLY)
CONFIGURE_FILE(${SERVICE_NAME}-admin.socket.in ${SERVICE_NAME}-admin.socket @ONLY)
-IF (PLATFORM_VERSION_3)
- CONFIGURE_FILE(${SERVICE_NAME}-popup.service.in ${SERVICE_NAME}-popup.service @ONLY)
- CONFIGURE_FILE(${SERVICE_NAME}-popup.socket.in ${SERVICE_NAME}-popup.socket @ONLY)
-ELSE (PLATFORM_VERSION_3)
- CONFIGURE_FILE(${SERVICE_NAME}-popup.service.old.in ${SERVICE_NAME}-popup.service @ONLY)
- CONFIGURE_FILE(${SERVICE_NAME}-popup.socket.old.in ${SERVICE_NAME}-popup.socket @ONLY)
-ENDIF (PLATFORM_VERSION_3)
+CONFIGURE_FILE(${SERVICE_NAME}-popup.service.in ${SERVICE_NAME}-popup.service @ONLY)
+CONFIGURE_FILE(${SERVICE_NAME}-popup.socket.in ${SERVICE_NAME}-popup.socket @ONLY)
INSTALL(
FILES
+++ /dev/null
-[Unit]
-Description=CSR popup service for user session
-
-[Service]
-User=app
-Group=app
-SmackProcessLabel=@SMACK_DOMAIN_NAME@
-Type=simple
-EnvironmentFile=@POPUP_SERVICE_ENV_FILE_PATH@
-ExecStart=@BIN_DIR@/@SERVICE_NAME@-popup
-Sockets=@SERVICE_NAME@-popup.socket
+++ /dev/null
-[Unit]
-Description= Csr popup socket
-Wants=@SERVICE_NAME@-popup.service
-Before=@SERVICE_NAME@-popup.service
-
-[Socket]
-ListenStream=/tmp/.@SERVICE_NAME@-popup.socket
-Service=@SERVICE_NAME@-popup.service
-SocketMode=0777
-SmackLabelIPIn=*
-SmackLabelIPOut=@
-
-[Install]
-WantedBy=sockets.target
PkgEventData() : isSuccess(false), loop(nullptr) {}
};
-#ifdef PLATFORM_VERSION_3
int __quit_loop_on_end_cb(uid_t, int req_id, const char *pkg_type, const char *pkgid,
const char *key, const char *val, const void *pmsg, void *data)
-#else
-int __quit_loop_on_end_cb(int req_id, const char *pkg_type, const char *pkgid,
- const char *key, const char *val, const void *pmsg, void *data)
-#endif
{
(void) req_id;
(void) pkg_type;
bool uninstall_app(const char *pkg_id)
{
return pkgmgr_request([&](pkgmgr_client *pc, PkgEventData *data) {
-#ifdef PLATFORM_VERSION_3
return ::pkgmgr_client_usr_uninstall(pc, nullptr, pkg_id, PM_QUIET,
__quit_loop_on_end_cb, data, ::getuid());
-#else
- return ::pkgmgr_client_uninstall(pc, nullptr, pkg_id, PM_QUIET,
- __quit_loop_on_end_cb, data);
-#endif
});
}
bool install_app(const char *app_path, const char *pkg_type)
{
return pkgmgr_request([&](pkgmgr_client *pc, PkgEventData *data) {
-#ifdef PLATFORM_VERSION_3
return ::pkgmgr_client_usr_install(pc, pkg_type, nullptr, app_path, nullptr,
PM_QUIET, __quit_loop_on_end_cb, data,
::getuid());
-#else
- return ::pkgmgr_client_install(pc, pkg_type, nullptr, app_path, nullptr, PM_QUIET,
- __quit_loop_on_end_cb, data);
-#endif
});
}
void initialize_db()
{
#if 0
-#ifdef PLATFORM_VERSION_3
remove_file(RW_DBSPACE ".csr.db");
remove_file(RW_DBSPACE ".csr.db-journal");
int ret = system("systemctl restart csr.service");
BOOST_MESSAGE("CSR DB Initalization & Daemon Restart. Result=" << ret);
#endif
-#endif
}
} // namespace Test
std::string s_fakeAppRoot;
std::string s_fakeAppFile;
-#ifdef PLATFORM_VERSION_3
std::string getUsername(void)
{
struct passwd pwd;
return std::string(pwd.pw_name);
}
-#endif
} // namespace anonymous
const char *TEST_DIR_APPS(void)
{
if (s_testDirApps.empty())
-#ifdef PLATFORM_VERSION_3
s_testDirApps = "/home/" + ::getUsername() + "/apps_rw";
-#else
- s_testDirApps = "/opt/usr/apps";
-#endif
return s_testDirApps.c_str();
}
projects / platform / upstream / csr-framework.git / commitdiff