From: Junghyun Yeon <jungh.yeon@samsung.com>
Date: Thu, 14 Sep 2017 01:31:17 +0000 (+0900)
Subject: Change behavior of trust anchor
X-Git-Tag: accepted/tizen/4.0/unified/20171018.060928~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4160fc656c905e15a179dc4c758b774a4a428c31;p=platform%2Fcore%2Fappfw%2Fwgt-backend.git

Change behavior of trust anchor

- Trust anchor certificate dir has fixed so it will not defined at manifest.
- Remove get/set codes about certificate directory.
- Enable trust-anchor on hybrid package.
  Please note that if both tpk and wgt package have trust-anchor node,
  wgt's setting will be appliced.

Related changes:
[pkgmgr-info] : https://review.tizen.org/gerrit/149784
[app-installers] : https://review.tizen.org/gerrit/149836
[tpk-manifest-handlers] : https://review.tizen.org/gerrit/150060
[wgt-manifest-handlers] : https://review.tizen.org/gerrit/150136

Change-Id: Ie110eb1b52695c985495f03b834c9bfd9e5bf960
Signed-off-by: Junghyun Yeon <jungh.yeon@samsung.com>
---

diff --git a/src/hybrid/hybrid_installer.cc b/src/hybrid/hybrid_installer.cc
index 5a6e342..2a28e39 100644
--- a/src/hybrid/hybrid_installer.cc
+++ b/src/hybrid/hybrid_installer.cc
@@ -70,6 +70,8 @@
 #include <common/step/security/step_rollback_deinstallation_security.h>
 #include <common/step/security/step_rollback_installation_security.h>
 #include <common/step/security/step_update_security.h>
+#include <common/step/security/step_register_trust_anchor.h>
+#include <common/step/security/step_unregister_trust_anchor.h>
 
 #include <tpk/step/filesystem/step_create_symbolic_link.h>
 #include <tpk/step/filesystem/step_tpk_patch_icons.h>
@@ -148,6 +150,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr)
       AddStep<wgt::filesystem::StepCreateSymbolicLink>();
       AddStep<tpk::filesystem::StepCreateSymbolicLink>();
       AddStep<ci::pkgmgr::StepRegisterApplication>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::INSTALL);
       AddStep<ci::security::StepRegisterSecurity>();
       AddStep<ci::pkgmgr::StepRunParserPlugin>(
           ci::Plugin::ActionType::Install);
@@ -201,6 +205,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr)
       AddStep<wgt::filesystem::StepCreateSymbolicLink>();
       AddStep<tpk::filesystem::StepCreateSymbolicLink>();
       AddStep<ci::pkgmgr::StepUpdateApplication>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::INSTALL);
       AddStep<ci::security::StepUpdateSecurity>();
       AddStep<ci::pkgmgr::StepRunParserPlugin>(
           ci::Plugin::ActionType::Upgrade);
@@ -229,6 +235,7 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr)
       AddStep<ci::filesystem::StepRemoveZipImage>();
       AddStep<ci::filesystem::StepRemoveIcons>();
       AddStep<wgt::encryption::StepRemoveEncryptionData>();
+      AddStep<ci::security::StepUnregisterTrustAnchor>();
       AddStep<ci::security::StepRevokeSecurity>();
       AddStep<ci::pkgmgr::StepRemoveManifest>();
       AddStep<ci::filesystem::StepCreateGlobalAppSymlinks>();
@@ -285,6 +292,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr)
       AddStep<hybrid::configuration::StepMergeTpkConfig>();
       AddStep<wgt::filesystem::StepCreateSymbolicLink>();
       AddStep<tpk::filesystem::StepCreateSymbolicLink>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::pkgmgr::StepUpdateApplication>();
       AddStep<ci::security::StepUpdateSecurity>();
       AddStep<ci::pkgmgr::StepRunParserPlugin>(
@@ -351,6 +360,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr)
       AddStep<wgt::filesystem::StepCreateSymbolicLink>();
       AddStep<tpk::filesystem::StepCreateSymbolicLink>();
       AddStep<ci::pkgmgr::StepRegisterApplication>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::INSTALL);
       AddStep<ci::security::StepRegisterSecurity>();
       AddStep<ci::pkgmgr::StepRunParserPlugin>(
           ci::Plugin::ActionType::Install);
@@ -403,6 +414,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr)
       AddStep<wgt::filesystem::StepCreateSymbolicLink>();
       AddStep<tpk::filesystem::StepCreateSymbolicLink>();
       AddStep<ci::pkgmgr::StepUpdateApplication>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepUpdateSecurity>();
       AddStep<ci::pkgmgr::StepRunParserPlugin>(
           ci::Plugin::ActionType::Upgrade);
@@ -434,6 +447,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr)
       AddStep<tpk::pkgmgr::StepManifestAdjustment>();
       AddStep<hybrid::configuration::StepMergeTpkConfig>();
       AddStep<ci::pkgmgr::StepRegisterApplication>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepRegisterSecurity>();
       AddStep<ci::pkgmgr::StepRunParserPlugin>(
           ci::Plugin::ActionType::Install);
@@ -468,6 +483,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr)
       AddStep<tpk::pkgmgr::StepManifestAdjustment>();
       AddStep<hybrid::configuration::StepMergeTpkConfig>();
       AddStep<ci::pkgmgr::StepUpdateApplication>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepUpdateSecurity>();
       AddStep<ci::pkgmgr::StepRunParserPlugin>(
           ci::Plugin::ActionType::Upgrade);
@@ -488,6 +505,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr)
       AddStep<ci::security::StepCheckSignature>();
       AddStep<ci::filesystem::StepRemoveGlobalAppSymlinks>();
       AddStep<ci::pkgmgr::StepRegisterApplication>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::INSTALL);
       AddStep<ci::security::StepRegisterSecurity>();
       AddStep<ci::pkgmgr::StepRunParserPlugin>(
           ci::Plugin::ActionType::Install);
@@ -513,6 +532,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr)
       AddStep<ci::pkgmgr::StepKillApps>();
       AddStep<ci::filesystem::StepRemoveGlobalAppSymlinks>();
       AddStep<ci::pkgmgr::StepUpdateApplication>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepUpdateSecurity>();
       AddStep<ci::pkgmgr::StepRunParserPlugin>(
           ci::Plugin::ActionType::Upgrade);
@@ -535,6 +556,7 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr)
       AddStep<ci::filesystem::StepRemovePerUserStorageDirectories>();
       AddStep<ci::pkgmgr::StepUnregisterApplication>();
       AddStep<wgt::encryption::StepRemoveEncryptionData>();
+      AddStep<ci::security::StepUnregisterTrustAnchor>();
       AddStep<ci::security::StepRevokeSecurity>();
       break;
     }
diff --git a/src/hybrid/step/pkgmgr/step_generate_xml.cc b/src/hybrid/step/pkgmgr/step_generate_xml.cc
index 00e4e5d..89772c2 100644
--- a/src/hybrid/step/pkgmgr/step_generate_xml.cc
+++ b/src/hybrid/step/pkgmgr/step_generate_xml.cc
@@ -34,6 +34,7 @@ const std::vector<std::string> kBlackListNodes = {
   {"profile"},
   {"privileges"},
   {"provides-appdefined-privileges"},
+  {"trust-anchor"},
 };
 const std::vector<std::string> kNeedMergeNodes = {
   {"manifest"},
diff --git a/src/wgt/step/configuration/step_parse.cc b/src/wgt/step/configuration/step_parse.cc
index 0fe8083..05a3b5d 100644
--- a/src/wgt/step/configuration/step_parse.cc
+++ b/src/wgt/step/configuration/step_parse.cc
@@ -592,10 +592,6 @@ bool StepParse::FillTrustAnchorInfo(manifest_x* manifest) {
   if (!trust_anchor)
     return true;
 
-  std::string certs_dir = trust_anchor->get_certs_dir();
-  if (!certs_dir.empty())
-    manifest->pkg_certs_dir = strdup(certs_dir.c_str());
-
   std::string use_system_certs = trust_anchor->get_use_system_certs();
   if (!use_system_certs.empty())
     manifest->use_system_certs = strdup(use_system_certs.c_str());
diff --git a/src/wgt/step/pkgmgr/step_generate_xml.cc b/src/wgt/step/pkgmgr/step_generate_xml.cc
index 404b5c8..91d9f56 100644
--- a/src/wgt/step/pkgmgr/step_generate_xml.cc
+++ b/src/wgt/step/pkgmgr/step_generate_xml.cc
@@ -677,14 +677,10 @@ void StepGenerateXml::GenerateShortcuts(xmlTextWriterPtr writer) {
 }
 
 void StepGenerateXml::GenerateTrustAnchor(xmlTextWriterPtr writer) {
-  if (!context_->manifest_data.get()->pkg_certs_dir ||
-      !context_->manifest_data.get()->use_system_certs)
+  if (!context_->manifest_data.get()->use_system_certs)
     return;
 
   xmlTextWriterStartElement(writer, BAD_CAST "trust-anchor");
-  xmlTextWriterWriteAttribute(writer, BAD_CAST "pkg-certs-dir",
-      BAD_CAST context_->manifest_data.get()->pkg_certs_dir);
-
   xmlTextWriterWriteAttribute(writer, BAD_CAST "use-system-certs",
       BAD_CAST context_->manifest_data.get()->use_system_certs);
 
diff --git a/src/wgt/wgt_installer.cc b/src/wgt/wgt_installer.cc
index 3a8956b..130c597 100755
--- a/src/wgt/wgt_installer.cc
+++ b/src/wgt/wgt_installer.cc
@@ -80,7 +80,6 @@
 #include <common/step/security/step_update_security.h>
 #include <common/step/security/step_register_trust_anchor.h>
 #include <common/step/security/step_unregister_trust_anchor.h>
-#include <common/step/security/step_update_trust_anchor.h>
 
 #include <wgt_manifest_handlers/widget_config_parser.h>
 
@@ -233,7 +232,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<wgt::security::StepCheckExtensionPrivileges>();
       AddStep<wgt::pkgmgr::StepGenerateXml>();
       AddStep<ci::pkgmgr::StepRegisterApplication>();
-      AddStep<ci::security::StepRegisterTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::INSTALL);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Install);
       AddStep<ci::security::StepRegisterSecurity>();
@@ -283,7 +283,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<wgt::security::StepCheckExtensionPrivileges>();
       AddStep<wgt::pkgmgr::StepGenerateXml>();
       AddStep<ci::pkgmgr::StepUpdateApplication>();
-      AddStep<ci::security::StepUpdateTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Update);
       AddStep<ci::security::StepUpdateSecurity>();
@@ -342,7 +343,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<ci::filesystem::StepUpdateTep>();
       AddStep<ci::rds::StepRDSModify>();
       AddStep<wgt::security::StepCheckExtensionPrivileges>();
-      AddStep<ci::security::StepUpdateTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Update);
       AddStep<ci::security::StepUpdateSecurity>();
@@ -393,7 +395,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<wgt::security::StepCheckExtensionPrivileges>();
       AddStep<wgt::pkgmgr::StepGenerateXml>();
       AddStep<ci::pkgmgr::StepUpdateApplication>();
-      AddStep<ci::security::StepUpdateTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Update);
       AddStep<ci::security::StepUpdateSecurity>();
@@ -455,7 +458,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<wgt::pkgmgr::StepGenerateXml>();
       AddStep<wgt::security::StepCheckExtensionPrivileges>();
       AddStep<ci::pkgmgr::StepRegisterApplication>();
-      AddStep<ci::security::StepRegisterTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::INSTALL);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Install);
       AddStep<ci::security::StepRegisterSecurity>();
@@ -502,7 +506,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<wgt::security::StepCheckExtensionPrivileges>();
       AddStep<wgt::pkgmgr::StepGenerateXml>();
       AddStep<ci::pkgmgr::StepUpdateApplication>();
-      AddStep<ci::security::StepUpdateTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Update);
       AddStep<ci::security::StepUpdateSecurity>();
@@ -531,7 +536,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<wgt::filesystem::StepWgtPatchIcons>();
       AddStep<wgt::pkgmgr::StepGenerateXml>();
       AddStep<ci::pkgmgr::StepRegisterApplication>();
-      AddStep<ci::security::StepRegisterTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Install);
       AddStep<ci::security::StepRegisterSecurity>();
@@ -564,7 +570,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<wgt::filesystem::StepWgtPatchIcons>();
       AddStep<wgt::pkgmgr::StepGenerateXml>();
       AddStep<ci::pkgmgr::StepUpdateApplication>();
-      AddStep<ci::security::StepUpdateTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Update);
       AddStep<ci::security::StepUpdateSecurity>();
@@ -609,7 +616,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<wgt::security::StepCheckExtensionPrivileges>();
       AddStep<wgt::pkgmgr::StepGenerateXml>();
       AddStep<ci::pkgmgr::StepUpdateApplication>();
-      AddStep<ci::security::StepUpdateTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Update);
       AddStep<ci::security::StepUpdateSecurity>();
@@ -640,7 +648,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<ci::filesystem::StepRemoveZipImage>();
       AddStep<ci::pkgmgr::StepUpdateApplication>();
       AddStep<ci::configuration::StepSwitchReadonlyMode>();
-      AddStep<ci::security::StepUpdateTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Update);
       AddStep<ci::security::StepUpdateSecurity>();
@@ -659,7 +668,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
       AddStep<ci::filesystem::StepRemoveGlobalAppSymlinks>();
       AddStep<ci::pkgmgr::StepRegisterApplication>();
-      AddStep<ci::security::StepRegisterTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::INSTALL);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Install);
       AddStep<ci::security::StepRegisterSecurity>();
@@ -684,7 +694,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<ci::pkgmgr::StepKillApps>();
       AddStep<ci::filesystem::StepRemoveGlobalAppSymlinks>();
       AddStep<ci::pkgmgr::StepUpdateApplication>();
-      AddStep<ci::security::StepUpdateTrustAnchor>();
+      AddStep<ci::security::StepRegisterTrustAnchor>(
+          ci::security::StepRegisterTrustAnchor::RegisterType::UPDATE);
       AddStep<ci::security::StepPrivacyPrivilege>(
           ci::security::StepPrivacyPrivilege::ActionType::Update);
       AddStep<ci::security::StepUpdateSecurity>();