#include "wgt/step/pkgmgr/step_generate_xml.h"
#include "wgt/step/security/step_check_settings_level.h"
#include "wgt/step/security/step_check_wgt_background_category.h"
+#include "wgt/step/security/step_check_wgt_notification_category.h"
+#include "wgt/step/security/step_check_wgt_ime_privilege.h"
namespace ci = common_installer;
AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
+ AddStep<wgt::security::StepCheckWgtNotificationCategory>();
+ AddStep<wgt::security::StepCheckWgtImePrivilege>();
AddStep<hybrid::encryption::StepEncryptResources>();
AddStep<ci::security::StepRollbackInstallationSecurity>();
AddStep<ci::filesystem::StepCopy>();
AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
+ AddStep<wgt::security::StepCheckWgtNotificationCategory>();
+ AddStep<wgt::security::StepCheckWgtImePrivilege>();
AddStep<hybrid::encryption::StepEncryptResources>();
AddStep<ci::security::StepRollbackInstallationSecurity>();
AddStep<ci::configuration::StepParseManifest>(
AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
+ AddStep<wgt::security::StepCheckWgtNotificationCategory>();
+ AddStep<wgt::security::StepCheckWgtImePrivilege>();
AddStep<hybrid::encryption::StepEncryptResources>();
AddStep<ci::security::StepRollbackInstallationSecurity>();
AddStep<ci::configuration::StepParseManifest>(
AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
+ AddStep<wgt::security::StepCheckWgtNotificationCategory>();
+ AddStep<wgt::security::StepCheckWgtImePrivilege>();
AddStep<hybrid::encryption::StepEncryptResources>();
AddStep<ci::security::StepRollbackInstallationSecurity>();
AddStep<ci::mount::StepMountInstall>();
AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
+ AddStep<wgt::security::StepCheckWgtNotificationCategory>();
+ AddStep<wgt::security::StepCheckWgtImePrivilege>();
AddStep<hybrid::encryption::StepEncryptResources>();
AddStep<ci::security::StepRollbackInstallationSecurity>();
AddStep<ci::configuration::StepParseManifest>(
# Target - sources
SET(SRCS
+ step/common/privileges.cc
step/configuration/step_parse.cc
step/configuration/step_parse_recovery.cc
step/encryption/step_encrypt_resources.cc
step/security/step_check_settings_level.cc
step/security/step_check_wgt_background_category.cc
step/security/step_check_wgt_notification_category.cc
+ step/security/step_check_wgt_ime_privilege.cc
wgt_app_query_interface.cc
wgt_installer.cc
)
--- /dev/null
+// Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+#include "privileges.h"
+
+namespace wgt {
+namespace common {
+namespace privileges {
+const char kImePrivilegeName[] = "http://tizen.org/privilege/ime";
+} // namespace privileges
+} // namespace common
+} // namespace wgt
--- /dev/null
+// Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#ifndef WGT_STEP_COMMON_PRIVILEGES_H_
+#define WGT_STEP_COMMON_PRIVILEGES_H_
+
+namespace wgt {
+namespace common {
+namespace privileges {
+extern const char kImePrivilegeName[];
+} // namespace privileges
+} // namespace common
+} // namespace wgt
+
+#endif // WGT_STEP_COMMON_PRIVILEGES_H_
#include <wgt_manifest_handlers/setting_handler.h>
#include <wgt_manifest_handlers/tizen_application_handler.h>
#include <wgt_manifest_handlers/widget_handler.h>
+#include <wgt_manifest_handlers/ime_handler.h>
#include <pkgmgr/pkgmgr_parser.h>
return true;
}
+bool StepParse::FillImeInfo() {
+ const auto ime_info = std::static_pointer_cast<const wgt::parse::ImeInfo>(
+ parser_->GetManifestData(app_keys::kTizenImeKey));
+ if (!ime_info)
+ return true;
+
+ common_installer::ImeInfo info;
+ info.setUuid(ime_info->uuid());
+
+ const auto &languages = ime_info->languages();
+ for (const auto &language : languages)
+ info.AddLanguage(language);
+
+ context_->manifest_plugins_data.get().ime_info.set(std::move(info));
+ return true;
+}
+
bool StepParse::FillExtraManifestInfo(manifest_x* manifest) {
- return FillAccounts(manifest);
+ return FillAccounts(manifest) && FillImeInfo();
}
bool StepParse::FillManifestX(manifest_x* manifest) {
bool FillMetadata(manifest_x* manifest);
bool FillExtraManifestInfo(manifest_x* manifest);
bool FillAccounts(manifest_x* manifest);
+ bool FillImeInfo();
bool FillBackgroundCategoryInfo(manifest_x* manifest);
bool FillManifestX(manifest_x* manifest);
#include <cstring>
#include <string>
+#include "wgt/step/common/privileges.h"
namespace bs = boost::system;
namespace bf = boost::filesystem;
xmlTextWriterEndElement(writer);
}
+ const auto &ime = context_->manifest_plugins_data.get().ime_info.get();
+ const auto ime_uuid = ime.uuid();
+
// add privilege element
if (context_->manifest_data.get()->privileges) {
xmlTextWriterStartElement(writer, BAD_CAST "privileges");
xmlTextWriterWriteFormatElement(writer, BAD_CAST "privilege",
"%s", BAD_CAST priv);
}
+
xmlTextWriterEndElement(writer);
}
xmlTextWriterEndElement(writer);
}
+ if (!ime_uuid.empty()) {
+ xmlTextWriterStartElement(writer, BAD_CAST "ime");
+
+ GListRange<application_x *> app_range(context_->manifest_data.get()->application);
+ if (!app_range.Empty()) {
+ // wgt app have ui-application as first application element.
+ // there may be service-applications but not as first element.
+ xmlTextWriterWriteAttribute(writer, BAD_CAST "appid", BAD_CAST (*app_range.begin())->appid);
+ }
+
+ xmlTextWriterStartElement(writer, BAD_CAST "uuid");
+ xmlTextWriterWriteString(writer, BAD_CAST ime_uuid.c_str());
+ xmlTextWriterEndElement(writer);
+
+ xmlTextWriterStartElement(writer, BAD_CAST "languages");
+
+ for (auto it = ime.LanguagesBegin(); it != ime.LanguagesEnd(); ++it) {
+ xmlTextWriterStartElement(writer, BAD_CAST "language");
+ xmlTextWriterWriteString(writer, BAD_CAST it->c_str());
+ xmlTextWriterEndElement(writer);
+ }
+
+ xmlTextWriterEndElement(writer);
+
+ xmlTextWriterEndElement(writer);
+ }
+
for (const char* profile :
GListRange<char*>(context_->manifest_data.get()->deviceprofile)) {
xmlTextWriterStartElement(writer, BAD_CAST "profile");
--- /dev/null
+// Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#include <wgt/step/security/step_check_wgt_ime_privilege.h>
+#include <wgt/step/common/privileges.h>
+
+#include <manifest_parser/utils/version_number.h>
+#include <manifest_parser/utils/logging.h>
+
+#include <common/utils/glist_range.h>
+
+namespace {
+const char kImeCategoryName[] = "http://tizen.org/category/ime";
+}
+
+namespace wgt {
+namespace security {
+
+common_installer::Step::Status StepCheckWgtImePrivilege::process() {
+ utils::VersionNumber apiVersion(context_->manifest_data.get()->api_version);
+
+ const auto version23 = apiVersion < utils::VersionNumber("2.4");
+ auto has_ime = false;
+
+ for (const auto app :
+ GListRange<application_x*>(context_->manifest_data.get()->application)) {
+ for (const auto category : GListRange<char *>(app->category)) {
+ if (!strcmp(category, kImeCategoryName)) {
+ has_ime = true;
+
+ const auto result = version23 ? Check23Api() : Check24Api();
+ if (result != Status::OK) {
+ LOG(ERROR) << "Insufficient privileges for IME application.";
+ return result;
+ }
+
+ break;
+ }
+ }
+ }
+
+ if (!has_ime) {
+ // be sure no ime data is present without the category
+ context_->manifest_plugins_data.get().ime_info.get().setUuid(std::string());
+ } else if (version23) {
+ // be sure there's a privilege in manifest
+ context_->manifest_data.get()->privileges
+ = g_list_append(context_->manifest_data.get()->privileges,
+ strdup(common::privileges::kImePrivilegeName));
+ }
+
+ return Status::OK;
+}
+
+common_installer::Step::Status StepCheckWgtImePrivilege::Check23Api() const {
+ const auto &ime = context_->manifest_plugins_data.get().ime_info.get();
+ if (ime.uuid().empty()) {
+ LOG(ERROR) << "Missing IME tag.";
+ return Status::CONFIG_ERROR;
+ }
+
+ // ime priv not supported in 2.3
+ return CheckImePrivilege() != Status::OK ?
+ Status::OK : Status::PRIVILEGE_ERROR;
+}
+
+common_installer::Step::Status StepCheckWgtImePrivilege::Check24Api() const {
+ return CheckImePrivilege();
+}
+
+common_installer::Step::Status
+StepCheckWgtImePrivilege::CheckImePrivilege() const {
+ for (const auto privilege :
+ GListRange<char *>(context_->manifest_data.get()->privileges)) {
+ if (!strcmp(privilege, common::privileges::kImePrivilegeName))
+ return Status::OK;
+ }
+
+ LOG(DEBUG) << "Missing IME privilege.";
+ return Status::PRIVILEGE_ERROR;
+}
+} // namespace security
+} // namespace wgt
--- /dev/null
+// Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#ifndef WGT_STEP_SECURITY_STEP_CHECK_WGT_IME_PRIVILEGE_H_
+#define WGT_STEP_SECURITY_STEP_CHECK_WGT_IME_PRIVILEGE_H_
+
+#include <common/step/step.h>
+
+namespace wgt {
+namespace security {
+
+/**
+ * \brief Checks if the app has IME privileges.
+ */
+class StepCheckWgtImePrivilege :
+ public common_installer::Step {
+ public:
+ using common_installer::Step::Step;
+ ~StepCheckWgtImePrivilege() override = default;
+
+ Status process() override;
+
+ Status clean() override { return Status::OK; }
+ Status undo() override { return Status::OK; }
+ Status precheck() override { return Status::OK; }
+
+ private:
+ Status Check23Api() const;
+ Status Check24Api() const;
+
+ Status CheckImePrivilege() const;
+
+ SCOPE_LOG_TAG(CheckWgtImePrivilege)
+};
+} // namespace security
+} // namespace wgt
+
+#endif // WGT_STEP_SECURITY_STEP_CHECK_WGT_IME_PRIVILEGE_H_
#include "wgt/step/security/step_check_settings_level.h"
#include "wgt/step/security/step_check_wgt_background_category.h"
#include "wgt/step/security/step_check_wgt_notification_category.h"
+#include "wgt/step/security/step_check_wgt_ime_privilege.h"
namespace ci = common_installer;
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
AddStep<wgt::security::StepCheckWgtNotificationCategory>();
+ AddStep<wgt::security::StepCheckWgtImePrivilege>();
AddStep<wgt::encryption::StepEncryptResources>();
AddStep<wgt::filesystem::StepWgtResourceDirectory>();
AddStep<ci::security::StepRollbackInstallationSecurity>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
AddStep<wgt::security::StepCheckWgtNotificationCategory>();
+ AddStep<wgt::security::StepCheckWgtImePrivilege>();
AddStep<ci::security::StepCheckOldCertificate>();
AddStep<wgt::filesystem::StepWgtResourceDirectory>();
AddStep<ci::configuration::StepParseManifest>(
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
AddStep<wgt::security::StepCheckWgtNotificationCategory>();
+ AddStep<wgt::security::StepCheckWgtImePrivilege>();
AddStep<ci::security::StepCheckOldCertificate>();
AddStep<wgt::filesystem::StepWgtResourceDirectory>();
AddStep<ci::configuration::StepParseManifest>(
AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
+ AddStep<wgt::security::StepCheckWgtNotificationCategory>();
+ AddStep<wgt::security::StepCheckWgtImePrivilege>();
AddStep<wgt::encryption::StepEncryptResources>();
AddStep<ci::security::StepRollbackInstallationSecurity>();
AddStep<ci::mount::StepMountInstall>();
AddStep<ci::security::StepPrivilegeCompatibility>();
AddStep<wgt::security::StepCheckSettingsLevel>();
AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
+ AddStep<wgt::security::StepCheckWgtNotificationCategory>();
+ AddStep<wgt::security::StepCheckWgtImePrivilege>();
AddStep<ci::security::StepCheckOldCertificate>();
AddStep<ci::configuration::StepParseManifest>(
ci::configuration::StepParseManifest::ManifestLocation::INSTALLED,