preload package without signing can be installed.
Change-Id: I7567f4067a376f62b75630fe137f7907a32cbdd3
Signed-off-by: Sangyoon Jang <s89.jang@samsung.com>
bool ValidateSignatures(const bf::path& base_path,
PrivilegeLevel* level, common_installer::CertificateInfo* cert_info,
- bool check_reference, std::string* error_message) {
+ bool check_reference, bool is_preload, std::string* error_message) {
// Find signature files
ValidationCore::SignatureFileInfoSet signature_files;
ValidationCore::SignatureFinder signature_finder(base_path.string());
bool distributor_signatures = std::any_of(
signature_files.begin(), signature_files.end(), CheckDistSignature);
- if (!author_signatures || !distributor_signatures) {
+ if (!is_preload && (!author_signatures || !distributor_signatures)) {
LOG(ERROR) << "Author or distribuor signature is missing.";
return false;
}
bool ValidateSignatures(const boost::filesystem::path& base_path,
PrivilegeLevel* level, common_installer::CertificateInfo* cert_info,
- bool check_reference, std::string* error_message);
+ bool check_reference, bool is_preload, std::string* error_message);
bool ValidatePrivilegeLevel(common_installer::PrivilegeLevel level,
bool is_webapp, const char* api_version, GList* privileges,
}
Step::Status StepCheckSignature::CheckSignatures(bool check_reference,
+ bool is_preload,
PrivilegeLevel* level) {
std::string error_message;
if (!ValidateSignatures(context_->unpacked_dir_path.get(), level,
&context_->certificate_info.get(), check_reference,
- &error_message)) {
+ is_preload, &error_message)) {
on_error(Status::CERT_ERROR, error_message);
return Status::CERT_ERROR;
}
(context_->request_type.get()== ci::RequestType::ManifestDirectInstall ||
context_->request_type.get() == ci::RequestType::ManifestDirectUpdate))
check_reference = false;
-
- Status status = CheckSignatures(check_reference, &level);
+ bool is_preload = context_->is_preload_request.get();
+ Status status = CheckSignatures(check_reference, is_preload, &level);
if (status != Status::OK)
return status;
if (status != Status::OK)
return status;
- if (context_->is_preload_request.get())
+ if (is_preload)
level = PrivilegeLevel::PLATFORM;
if (level == PrivilegeLevel::UNTRUSTED) {
Status precheck() override;
private:
- Status CheckSignatures(bool check_reference, PrivilegeLevel* level);
+ Status CheckSignatures(bool check_reference, bool is_preload,
+ PrivilegeLevel* level);
Status CheckSignatureMismatch();
Status CheckPrivilegeLevel(PrivilegeLevel level);
common_installer::CertificateInfo cert_info;
std::string error;
EXPECT_TRUE(ValidateSignatures(*signature_file, &level, &cert_info, true,
- &error));
+ false, &error));
}
// Tests signature verifier with signature directory containing bad signatures
common_installer::CertificateInfo cert_info;
std::string error;
EXPECT_FALSE(ValidateSignatures(*signature_file, &level, &cert_info, true,
- &error));
+ false, &error));
}
} // namespace security