PKG_CHECK_MODULES(PKGMGR_DEPS REQUIRED pkgmgr)
PKG_CHECK_MODULES(MANIFEST_PARSER_DEPS REQUIRED manifest-parser)
PKG_CHECK_MODULES(MANIFEST_PARSER_UTILS_DEPS REQUIRED manifest-parser-utils)
+PKG_CHECK_MODULES(SECURITY_MANAGER_DEPS REQUIRED security-manager)
PKG_CHECK_MODULES(TPK_MANIFEST_HANDLERS_DEPS REQUIRED tpk-manifest-handlers)
PKG_CHECK_MODULES(LIBSYSTEMD_DEPS REQUIRED libsystemd)
PKG_CHECK_MODULES(AUL_DEPS REQUIRED aul)
BuildRequires: pkgconfig(manifest-parser)
BuildRequires: pkgconfig(tpk-manifest-handlers)
BuildRequires: pkgconfig(pkgmgr)
+BuildRequires: pkgconfig(security-manager)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(aul)
APPLY_PKG_CONFIG(${TARGET_LIBNAME_RPK} PUBLIC
APP_INSTALLERS_DEPS
PKGMGR_DEPS
+ SECURITY_MANAGER_DEPS
LIBSYSTEMD_DEPS
AUL_DEPS
)
#include "lib/rpk_archive_info.h"
#include "rpk/step/configuration/step_parse_rpk_manifest.h"
#include "rpk/step/pkgmgr/step_rpk_manifest_adjustment.h"
+#include "rpk/step/security/step_rpk_register_security.h"
#include "rpk/step/security/step_rpk_signature.h"
namespace ci = common_installer;
rpk::configuration::StepParseRpkManifest::StoreLocation::NORMAL);
ReplaceStep<rpk::security::StepRpkSignature>("Signature", true);
AddStepAfter<rpk::pkgmgr::StepRpkManifestAdjustment>("Copy");
+ AddStepAfter<rpk::security::StepRpkRegisterSecurity>("RunParserPlugin");
/*
Current step order :
ReplaceStep<rpk::security::StepRpkSignature>("Signature", true);
AddStepAfter<rpk::pkgmgr::StepRpkManifestAdjustment>("CopyBackup");
+ AddStepAfter<rpk::security::StepRpkRegisterSecurity>("RunParserPlugin");
/*
Current step order :
ReplaceStep<rpk::configuration::StepParseRpkManifest>("ParseManifest",
rpk::configuration::StepParseRpkManifest::ManifestLocation::INSTALLED,
rpk::configuration::StepParseRpkManifest::StoreLocation::NORMAL);
+ AddStepAfter<rpk::security::StepRpkRegisterSecurity>("RunParserPlugin");
/*
Current step order :
ReplaceStep<rpk::configuration::StepParseRpkManifest>("ParseManifest",
rpk::configuration::StepParseRpkManifest::ManifestLocation::RECOVERY,
rpk::configuration::StepParseRpkManifest::StoreLocation::NORMAL);
+
/*
Current step order :
AddStep<ci::configuration::StepConfigure>(pkgmgr_);
ReplaceStep<rpk::security::StepRpkSignature>("Signature", true);
AddStepAfter<rpk::pkgmgr::StepRpkManifestAdjustment>("RpkSignature");
+ AddStepAfter<rpk::security::StepRpkRegisterSecurity>("RunParserPlugin");
/*
Current step order :
ReplaceStep<rpk::security::StepRpkSignature>("Signature", true);
AddStepAfter<rpk::pkgmgr::StepRpkManifestAdjustment>("RpkSignature");
+ AddStepAfter<rpk::security::StepRpkRegisterSecurity>("RunParserPlugin");
/*
Current step order :
ReplaceStep<rpk::security::StepRpkSignature>("Signature", true);
AddStepAfter<rpk::pkgmgr::StepRpkManifestAdjustment>("Copy");
+ AddStepAfter<rpk::security::StepRpkRegisterSecurity>("RunParserPlugin");
/*
Current step order :
--- /dev/null
+// Copyright (c) 2024 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by an apache 2.0 license that can be
+// found in the LICENSE file.
+
+#include "rpk/step/security/step_rpk_register_security.h"
+
+#include <common/installer_context.h>
+#include <security-manager.h>
+#include <sys/types.h>
+
+#include <string>
+#include <filesystem>
+
+namespace ci = common_installer;
+namespace fs = std::filesystem;
+
+namespace {
+
+constexpr char kLibDir[] = "lib";
+
+bool PrepareRequest(path_req* req, const std::string& pkgid, uid_t uid,
+ bool is_readonly_pkg) {
+ int error = security_manager_path_req_set_pkg_id(req, pkgid.c_str());
+ if (error != SECURITY_MANAGER_SUCCESS) {
+ LOG(ERROR) << "Failed to set pkg id (error code: " << error << ")";
+ return false;
+ }
+
+ error = security_manager_path_req_set_uid(req, uid);
+ if (error != SECURITY_MANAGER_SUCCESS) {
+ LOG(ERROR) << "Failed to set uid (error code: " << error << ")";
+ return false;
+ }
+
+ app_install_type type = SM_APP_INSTALL_GLOBAL;
+ if (is_readonly_pkg)
+ type = SM_APP_INSTALL_PRELOADED;
+ error = security_manager_path_req_set_install_type(req, type);
+ if (error != SECURITY_MANAGER_SUCCESS) {
+ LOG(ERROR) << "Failed to set install type (error code: " << error << ")";
+ return false;
+ }
+
+ return true;
+}
+
+bool PreparePath(path_req* req, const fs::path& path) {
+ int error = security_manager_path_req_add_path(req, path.c_str(),
+ SECURITY_MANAGER_PATH_PUBLIC_RO);
+ if (error != SECURITY_MANAGER_SUCCESS) {
+ LOG(ERROR) << "Failed to add path to request (error code: " << error << ")";
+ return false;
+ }
+
+ return true;
+}
+
+} // namespace
+
+namespace rpk {
+namespace security {
+
+ci::Step::Status StepRpkRegisterSecurity::process() {
+ fs::path libdir = context_->GetPkgPath() / kLibDir;
+ if (!fs::exists(libdir))
+ return Status::OK;
+
+ path_req* req;
+ int error = security_manager_path_req_new(&req);
+ if (error != SECURITY_MANAGER_SUCCESS) {
+ LOG(ERROR) << "Failed to create path request (error code: " << error << ")";
+ return Status::SECURITY_ERROR;
+ }
+
+ if (!PrepareRequest(req, context_->pkgid.get(), context_->uid.get(),
+ context_->is_readonly_package.get())) {
+ security_manager_path_req_free(req);
+ return Status::SECURITY_ERROR;
+ }
+
+ for (auto const& entry : fs::directory_iterator(libdir)) {
+ LOG(ERROR) << entry;
+ if (!PreparePath(req, entry)) {
+ security_manager_path_req_free(req);
+ return Status::SECURITY_ERROR;
+ }
+ }
+
+ error = security_manager_paths_register(req);
+ if (error!= SECURITY_MANAGER_SUCCESS) {
+ LOG(ERROR) << "Failed to register paths (error code: " << error << ")";
+ security_manager_path_req_free(req);
+ return Status::SECURITY_ERROR;
+ }
+
+ security_manager_path_req_free(req);
+
+ return Status::OK;
+}
+
+} // security
+} // rpk
--- /dev/null
+// Copyright (c) 2024 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by an apache 2.0 license that can be
+// found in the LICENSE file.
+
+#ifndef RPK_STEP_SECURITY_STEP_RPK_REGISTER_SECURITY_H_
+#define RPK_STEP_SECURITY_STEP_RPK_REGISTER_SECURITY_H_
+
+#include <common/installer_context.h>
+#include <common/step/step.h>
+
+namespace rpk {
+namespace security {
+
+class StepRpkRegisterSecurity : public common_installer::Step {
+ public:
+ using Step::Step;
+
+ Status process() override;
+ Status undo() override { return Status::OK; }
+ Status clean() override { return Status::OK; }
+ Status precheck() override { return Status::OK; }
+
+ STEP_NAME(RpkRegisterSecurity)
+};
+
+} // namespace security
+} // namespace rpk
+
+#endif // RPK_STEP_SECURITY_STEP_RPK_REGISTER_SECURITY_H_
\ No newline at end of file
projects / platform / core / appfw / rpk-installer.git / commitdiff