From: Lukasz Wysocki Date: Tue, 1 Dec 2015 15:07:18 +0000 (+0100) Subject: Add handling for background-category element in TPK. X-Git-Tag: accepted/tizen/mobile/20151212.071403~2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=512482291b2ac70211815745f08777746e23cb79;p=platform%2Fcore%2Fappfw%2Fapp-installers.git Add handling for background-category element in TPK. Refactoring - remove ISpecification from the solution. This commit depend on: - https://review.tizen.org/gerrit/#/c/53072/ - https://review.tizen.org/gerrit/#/c/50502/ changes should be submitted together. Fix code review from: - https://review.tizen.org/gerrit/#/c/50502/ Fix issue from: - https://review.tizen.org/gerrit/#/c/53835/ Change-Id: I8ca81da641e724822c96b6606343a619673b63a2 --- diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt index d577bf2..157524e 100644 --- a/src/common/CMakeLists.txt +++ b/src/common/CMakeLists.txt @@ -13,6 +13,7 @@ SET(SRCS step/step_backup_manifest.cc step/step_unzip.cc step/step_create_icons.cc + step/step_check_background_category.cc step/step_check_old_certificate.cc step/step_check_signature.cc step/step_configure.cc diff --git a/src/common/step/step_check_background_category.cc b/src/common/step/step_check_background_category.cc new file mode 100644 index 0000000..71cf036 --- /dev/null +++ b/src/common/step/step_check_background_category.cc @@ -0,0 +1,222 @@ +// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +// Use of this source code is governed by a apache 2.0 license that can be +// found in the LICENSE file. + +#include "common/step/step_check_background_category.h" + +#include + +#include "common/installer_context.h" +#include "common/utils/glist_range.h" + +namespace { +namespace ci = common_installer; + +const utils::VersionNumber ver24("2.4"); +} // namespace + +namespace common_installer { +namespace security { + +StepCheckBackgroundCategory::StepCheckBackgroundCategory( + ci::InstallerContext* context) : Step(context), + known_background_categories_ { + "media", "download", "background-network", + "location", "sensor", "iot-communication" }, + not_unknown_background_categories_ { + "media", "download", "background-network", "location", + "sensor", "iot-communication", "system" } { +} + +GList* StepCheckBackgroundCategory::CopyValuesToBackgroundCategory( + const BackgroundCatSet& values, GList* backgroundCategories) const { + for (const auto& background_category : values) { + backgroundCategories = g_list_append( + backgroundCategories, strdup(background_category.c_str())); + } + + return backgroundCategories; +} + +bool StepCheckBackgroundCategory::IsTrustedCert( + ci::PrivilegeLevel privilege) const { + return privilege == ci::PrivilegeLevel::PARTNER || + privilege == ci::PrivilegeLevel::PLATFORM; +} + +bool StepCheckBackgroundCategory::ShouldSendFail( + ci::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const { + return (privilege == ci::PrivilegeLevel::PUBLIC && + background_categories.find("system") != background_categories.end()) || + (privilege == ci::PrivilegeLevel::UNTRUSTED && + !background_categories.empty()); +} + +bool StepCheckBackgroundCategory::ShouldSendAll( + const utils::VersionNumber& version, + bool background_support, + ci::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const { + return version < ver24 && background_support && + ((privilege == ci::PrivilegeLevel::PUBLIC && + background_categories.find("system") == + background_categories.end()) || IsTrustedCert(privilege)); +} + +bool StepCheckBackgroundCategory::ShouldSendSystem( + ci::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const { + return IsTrustedCert(privilege) && + background_categories.find("system") != background_categories.end(); +} + +bool StepCheckBackgroundCategory::ShouldSendKnown( + const utils::VersionNumber& version, + bool background_support, + ci::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const { + BackgroundCatSet intersect; + std::set_intersection(known_background_categories_.begin(), + known_background_categories_.end(), + background_categories.begin(), background_categories.end(), + std::inserter(intersect, intersect.begin())); + + return !(ShouldSendFail(privilege, background_categories) || + ShouldSendAll( + version, background_support, privilege, background_categories)) && + !background_categories.empty() && !intersect.empty(); +} + +bool StepCheckBackgroundCategory::ShouldSendUnknown( + ci::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const { + BackgroundCatSet diff; + std::set_difference(background_categories.begin(), + background_categories.end(), + not_unknown_background_categories_.begin(), + not_unknown_background_categories_.end(), + std::inserter(diff, diff.begin())); + + return !(ShouldSendFail(privilege, background_categories) || + background_categories.empty() || diff.empty()); +} + +void StepCheckBackgroundCategory::GetBackgroundCategories( + const application_x& app, + BackgroundCatSet* background_categories) const { + for (const char* background_category : GListRange( + app.background_category)) { + background_categories->insert(background_category); + } +} + +ci::Step::Status StepCheckBackgroundCategory::DoSendFail( + ci::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const { + if (ShouldSendFail(privilege, background_categories)) { + LOG(ERROR) << "Installation fail caused by background-category"; + return Status::ERROR; + } + + return Status::OK; +} + +void StepCheckBackgroundCategory::DoSendAll( + const utils::VersionNumber& version, + bool background_support, + ci::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories, + application_x* app) const { + if (ShouldSendAll(version, background_support, privilege, + background_categories)) { + app->background_category = CopyValuesToBackgroundCategory( + known_background_categories_, app->background_category); + } +} + +void StepCheckBackgroundCategory::DoSendSystem( + ci::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories, + application_x* app) const { + if (ShouldSendSystem(privilege, background_categories)) { + app->background_category = g_list_append( + app->background_category, strdup("system")); + } +} + +void StepCheckBackgroundCategory::DoSendKnown( + const utils::VersionNumber& version, + bool background_support, + ci::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories, + application_x* app) const { + if (ShouldSendKnown(version, background_support, privilege, + background_categories)) { + BackgroundCatSet to_insert; + + // Get all known parsed values this is to handle case when more than one + // background-category element is declared and values are mixed + std::set_intersection( + known_background_categories_.begin(), + known_background_categories_.end(), + background_categories.begin(), background_categories.end(), + std::inserter(to_insert, to_insert.begin())); + + app->background_category = CopyValuesToBackgroundCategory( + to_insert, app->background_category); + } +} + +void StepCheckBackgroundCategory::DoSendUnknown( + ci::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories, + application_x* app) const { + if (ShouldSendUnknown(privilege, background_categories)) { + BackgroundCatSet to_insert; + + // Get all unknown parsed values this is to handle case when more than one + // background-category element is declared and values are mixed + std::set_difference( + background_categories.begin(), background_categories.end(), + not_unknown_background_categories_.begin(), + not_unknown_background_categories_.end(), + std::inserter(to_insert, to_insert.end())); + + app->background_category = CopyValuesToBackgroundCategory( + to_insert, app->background_category); + } +} + +void StepCheckBackgroundCategory::RemoveContextBackgroundCategories( + application_x* app) const { + g_list_free_full(app->background_category, g_free); + app->background_category = nullptr; +} + +ci::Step::Status StepCheckBackgroundCategory::process() { + std::string str_ver(context_->manifest_data.get()->api_version); + ci::PrivilegeLevel privilege_level = context_->privilege_level.get(); + bool background_supt = GetBackgroundSupport(); + utils::VersionNumber version(str_ver); + + for (application_x* app : + GListRange(context_->manifest_data.get()->application)) { + BackgroundCatSet background_cat; + + GetBackgroundCategories(*app, &background_cat); + RemoveContextBackgroundCategories(app); + + if (DoSendFail(privilege_level, background_cat) == ci::Step::Status::ERROR) + return ci::Step::Status::ERROR; + DoSendAll(version, background_supt, privilege_level, background_cat, app); + DoSendSystem(privilege_level, background_cat, app); + DoSendKnown(version, background_supt, privilege_level, background_cat, app); + DoSendUnknown(privilege_level, background_cat, app); + } + + return Status::OK; +} + +} // namespace security +} // namespace common_installer diff --git a/src/common/step/step_check_background_category.h b/src/common/step/step_check_background_category.h new file mode 100644 index 0000000..dca14e9 --- /dev/null +++ b/src/common/step/step_check_background_category.h @@ -0,0 +1,101 @@ +// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +// Use of this source code is governed by a apache 2.0 license that can be +// found in the LICENSE file. + +#ifndef COMMON_STEP_STEP_CHECK_BACKGROUND_CATEGORY_H_ +#define COMMON_STEP_STEP_CHECK_BACKGROUND_CATEGORY_H_ + +#include + +#include +#include +#include + +#include "common/step/step.h" +#include "common/utils/logging.h" + +namespace common_installer { +namespace security { + +typedef std::set BackgroundCatSet; + +/** + * \brief This step check background category value and modify it depending on + * required version, cert level, background support, and value itself + */ +class StepCheckBackgroundCategory : public common_installer::Step { + public: + using Step::Step; + + explicit StepCheckBackgroundCategory( + common_installer::InstallerContext* context); + + /** + * \brief Check background category values + * + * \return Status::ERROR when "system" detected, + * Status::OK otherwise + */ + Status process() override; + + Status clean() override { return Status::OK; } + Status undo() override { return Status::OK; } + Status precheck() override { return Status::OK; } + + protected: + virtual bool GetBackgroundSupport() = 0; + + private: + GList* CopyValuesToBackgroundCategory( + const BackgroundCatSet& values, GList* backgroundCategories) const; + bool IsTrustedCert(common_installer::PrivilegeLevel privilege) const; + bool ShouldSendFail(common_installer::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const; + bool ShouldSendAll(const utils::VersionNumber& version, + bool background_support, + common_installer::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const; + bool ShouldSendSystem(common_installer::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const; + bool ShouldSendKnown(const utils::VersionNumber& version, + bool background_support, + common_installer::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const; + bool ShouldSendUnknown(common_installer::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const; + + common_installer::Step::Status DoSendFail( + common_installer::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories) const; + void DoSendAll(const utils::VersionNumber& version, + bool background_support, + common_installer::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories, + application_x* app) const; + void DoSendSystem(common_installer::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories, + application_x* app) const; + void DoSendKnown(const utils::VersionNumber& version, + bool background_support, + common_installer::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories, + application_x* app) const; + void DoSendUnknown(common_installer::PrivilegeLevel privilege, + const BackgroundCatSet& background_categories, + application_x* app) const; + + void GetBackgroundCategories( + const application_x& app, + BackgroundCatSet* background_categories) const; + void RemoveContextBackgroundCategories(application_x* app) const; + + const BackgroundCatSet known_background_categories_; + const BackgroundCatSet not_unknown_background_categories_; + + SCOPE_LOG_TAG(CheckBackgroundCategory) +}; + +} // namespace security +} // namespace common_installer + +#endif // COMMON_STEP_STEP_CHECK_BACKGROUND_CATEGORY_H_ diff --git a/src/common/utils/specification.h b/src/common/utils/specification.h deleted file mode 100644 index 9cb7c45..0000000 --- a/src/common/utils/specification.h +++ /dev/null @@ -1,188 +0,0 @@ -// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved -// Use of this source code is governed by a apache 2.0 license that can be -// found in the LICENSE file. - -#ifndef COMMON_UTILS_SPECIFICATION_H_ -#define COMMON_UTILS_SPECIFICATION_H_ - -#include - -namespace common_installer { - -template -class ISpecification; - -template -using ISpecPtr = std::shared_ptr>; - -/** - * \brief Interface that support chain and nested logical operations - */ -template -class ISpecification { - public: - virtual ~ISpecification() {} - - /** - * \brief Declaration of method that check if condition is meet - * for candidate in order to utilize it's result in - * logical operations AND, OR, and NOT - * - * \param candidate against with test will be performed - * - * \return true if condition is satisfied by candidate, false - * otherwise - */ - virtual bool IsSatisfiedBy(const T &candidate) = 0; - - /** - * \brief Declaration of AND operation, condition has following form - * this AND other - * - * \param other Specification object to allow nested conditions - * - * \return Specification object to allow method chaining. Is expected to - * return AndSpecification implementation. - */ - virtual ISpecPtr And(ISpecPtr other) = 0; - - /** - * \brief Declaration of OR operation, condition has following form - * this OR other - * - * \param other Specification object to allow nested conditions - * - * \return Specification object to allow method chaining. Is expected - * to return OrSpecification implementation. - */ - virtual ISpecPtr Or(ISpecPtr other) = 0; - - /** - * \brief Declaration of Not operation, condition has following form - * !this - * - * \return Specification object to allow method chaining. Is expected - * to return NotSpecification implementation. - */ - virtual ISpecPtr Not() = 0; -}; - -/** - * \brief Abstract class that implement basic logical operations - * AND, OR, and NOT of ISpecification interface. It is expected to - * derive from this class when new specification is needed. Deriving - * class have to implement IsSatifiedBy method. - */ -template -class CompositeSpecification : public ISpecification, - public std::enable_shared_from_this > { - public: - virtual ~CompositeSpecification() {} - - virtual bool IsSatisfiedBy(const T &candidate) = 0; - - /** - * \brief Implementation of AND operation - */ - ISpecPtr And(ISpecPtr other) override; - - /** - * \brief Implementation of OR operation - */ - ISpecPtr Or(ISpecPtr other) override; - - /** - * \brief Implementation of NOT operation - */ - ISpecPtr Not() override; -}; - -/** - * \brief Implementation of AND operation - */ -template -class AndSpecification : public CompositeSpecification { - public: - explicit AndSpecification(ISpecPtr one, ISpecPtr other); - virtual ~AndSpecification() {} - - bool IsSatisfiedBy(const T &candidate) override; - - private: - ISpecPtr one_; - ISpecPtr other_; -}; - -/** - * \brief Implementation of OR operation - */ -template -class OrSpecification : public CompositeSpecification { - public: - explicit OrSpecification(ISpecPtr one, ISpecPtr other); - virtual ~OrSpecification() {} - - bool IsSatisfiedBy(const T &candidate) override; - - private: - ISpecPtr one_; - ISpecPtr other_; -}; - -/** - * \brief Implementation of NOT operation - */ -template -class NotSpecification : public CompositeSpecification { - public: - explicit NotSpecification(ISpecPtr one); - virtual ~NotSpecification() {} - - bool IsSatisfiedBy(const T &candidate) override; - - private: - ISpecPtr wrap_; -}; - -template -ISpecPtr CompositeSpecification::And(ISpecPtr other) { - return std::make_shared>(this->shared_from_this(), other); -} - -template -ISpecPtr CompositeSpecification::Or(ISpecPtr other) { - return std::make_shared>(this->shared_from_this(), other); -} - -template -ISpecPtr CompositeSpecification::Not() { - return std::make_shared>(this->shared_from_this()); -} - -template AndSpecification::AndSpecification( - ISpecPtr one, ISpecPtr other) : one_(one), other_(other) { } - -template bool AndSpecification::IsSatisfiedBy( - const T &candidate) { - return one_->IsSatisfiedBy(candidate) && other_->IsSatisfiedBy(candidate); -} - -template OrSpecification::OrSpecification( - ISpecPtr one, ISpecPtr other) : one_(one), other_(other) { } - -template bool OrSpecification::IsSatisfiedBy( - const T &candidate) { - return one_->IsSatisfiedBy(candidate) || other_->IsSatisfiedBy(candidate); -} - -template NotSpecification::NotSpecification( - ISpecPtr one) : wrap_(one) { } - -template bool NotSpecification::IsSatisfiedBy( - const T &candidate) { - return !wrap_->IsSatisfiedBy(candidate); -} - -} // namespace common_installer - -#endif // COMMON_UTILS_SPECIFICATION_H_ diff --git a/src/tpk/CMakeLists.txt b/src/tpk/CMakeLists.txt index 461b310..856ddac 100644 --- a/src/tpk/CMakeLists.txt +++ b/src/tpk/CMakeLists.txt @@ -1,4 +1,5 @@ SET(SRCS + step/step_check_tpk_background_category.cc step/step_create_symbolic_link.cc step/step_parse.cc step/step_parse_recovery.cc diff --git a/src/tpk/step/step_check_tpk_background_category.cc b/src/tpk/step/step_check_tpk_background_category.cc new file mode 100644 index 0000000..53ac91b --- /dev/null +++ b/src/tpk/step/step_check_tpk_background_category.cc @@ -0,0 +1,24 @@ +// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +// Use of this source code is governed by a apache 2.0 license that can be +// found in the LICENSE file. + +#include "common/installer_context.h" +#include "step_check_tpk_background_category.h" + +namespace { +namespace ci_sec = common_installer::security; +} // namespace + +namespace tpk { +namespace security { + +StepCheckTpkBackgroundCategory::StepCheckTpkBackgroundCategory( + common_installer::InstallerContext* context) : + ci_sec::StepCheckBackgroundCategory(context) {} + +bool StepCheckTpkBackgroundCategory::GetBackgroundSupport() { + return true; +} + +} // namespace security +} // namespace tpk diff --git a/src/tpk/step/step_check_tpk_background_category.h b/src/tpk/step/step_check_tpk_background_category.h new file mode 100644 index 0000000..d6ce75a --- /dev/null +++ b/src/tpk/step/step_check_tpk_background_category.h @@ -0,0 +1,32 @@ +// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +// Use of this source code is governed by a apache 2.0 license that can be +// found in the LICENSE file. + +#ifndef TPK_STEP_STEP_CHECK_TPK_BACKGROUND_CATEGORY_H_ +#define TPK_STEP_STEP_CHECK_TPK_BACKGROUND_CATEGORY_H_ + +#include + +#include "common/step/step_check_background_category.h" + +namespace tpk { +namespace security { + +/** + * \brief This step check background category value and modify it depending on + * required version, cert level, background support, and value itself + */ +class StepCheckTpkBackgroundCategory : + public common_installer::security::StepCheckBackgroundCategory { + public: + explicit StepCheckTpkBackgroundCategory( + common_installer::InstallerContext* context); + + protected: + bool GetBackgroundSupport() override; +}; + +} // namespace security +} // namespace tpk + +#endif // TPK_STEP_STEP_CHECK_TPK_BACKGROUND_CATEGORY_H_ diff --git a/src/tpk/step/step_parse.cc b/src/tpk/step/step_parse.cc index cd5357f..54ae4f5 100644 --- a/src/tpk/step/step_parse.cc +++ b/src/tpk/step/step_parse.cc @@ -243,6 +243,9 @@ bool StepParse::FillServiceApplication(manifest_x* manifest) { return false; if (!FillMetadata(service_app, application.meta_data)) return false; + if (!FillBackgroundCategoryInfo(service_app, + application.background_category)) + return false; } return true; } @@ -294,6 +297,8 @@ bool StepParse::FillUIApplication(manifest_x* manifest) { return false; if (!FillMetadata(ui_app, application.meta_data)) return false; + if (!FillBackgroundCategoryInfo(ui_app, application.background_category)) + return false; } return true; } @@ -440,6 +445,17 @@ bool StepParse::FillShortcuts() { return true; } +template +bool StepParse::FillBackgroundCategoryInfo(application_x* app, + const T& background_category_data_list) { + for (const auto& background_category : background_category_data_list) { + app->background_category = g_list_append( + app->background_category, strdup(background_category.value().c_str())); + } + + return true; +} + bool StepParse::FillManifestX(manifest_x* manifest) { if (!FillPackageInfo(manifest)) return false; diff --git a/src/tpk/step/step_parse.h b/src/tpk/step/step_parse.h index a4df33a..f4dcff5 100644 --- a/src/tpk/step/step_parse.h +++ b/src/tpk/step/step_parse.h @@ -62,6 +62,9 @@ class StepParse : public common_installer::Step { const tpk::parse::ApplicationImagesInfo& label_list); bool FillAccounts(); bool FillShortcuts(); + template + bool FillBackgroundCategoryInfo(application_x* app, + const T& background_category_data_list); bool FillManifestX(manifest_x* manifest); std::unique_ptr parser_; diff --git a/src/tpk/tpk_installer.cc b/src/tpk/tpk_installer.cc index 4896d63..f67d229 100644 --- a/src/tpk/tpk_installer.cc +++ b/src/tpk/tpk_installer.cc @@ -39,6 +39,7 @@ #include "common/step/step_update_security.h" #include "common/step/step_update_tep.h" #include "common/utils/logging.h" +#include "tpk/step/step_check_tpk_background_category.h" #include "tpk/step/step_create_symbolic_link.h" #include "tpk/step/step_parse.h" #include "tpk/step/step_parse_recovery.h" @@ -99,6 +100,7 @@ void TpkInstaller::InstallSteps() { AddStep(); AddStep(); AddStep(); + AddStep(); AddStep(); AddStep(); AddStep(); @@ -116,6 +118,7 @@ void TpkInstaller::UpdateSteps() { AddStep(); AddStep(); AddStep(); + AddStep(); AddStep(); AddStep(); AddStep(); @@ -158,6 +161,7 @@ void TpkInstaller::DeltaSteps() { AddStep(); AddStep(); AddStep(); + AddStep(); AddStep(); AddStep(); AddStep(); @@ -191,6 +195,7 @@ void TpkInstaller::ManifestDirectInstallSteps() { AddStep(); AddStep(); AddStep(); + AddStep(); AddStep(); AddStep(); AddStep(); @@ -201,6 +206,7 @@ void TpkInstaller::ManifestDirectUpdateSteps() { AddStep(); AddStep(); AddStep(); + AddStep(); AddStep(); AddStep(); AddStep(); diff --git a/src/wgt/CMakeLists.txt b/src/wgt/CMakeLists.txt index bd3dc83..feb29c0 100644 --- a/src/wgt/CMakeLists.txt +++ b/src/wgt/CMakeLists.txt @@ -2,7 +2,7 @@ SET(SRCS rds_parser.cc step/step_check_settings_level.cc - step/step_check_background_category.cc + step/step_check_wgt_background_category.cc step/step_create_symbolic_link.cc step/step_encrypt_resources.cc step/step_parse.cc diff --git a/src/wgt/step/step_check_background_category.cc b/src/wgt/step/step_check_background_category.cc deleted file mode 100644 index 930d5fc..0000000 --- a/src/wgt/step/step_check_background_category.cc +++ /dev/null @@ -1,260 +0,0 @@ -// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved -// Use of this source code is governed by a apache 2.0 license that can be -// found in the LICENSE file. - -#include "wgt/step/step_check_background_category.h" - -#include - -#include -#include -#include -#include - -#include "common/installer_context.h" -#include "common/utils/glist_range.h" -#include "common/utils/string_util.h" -#include "wgt/wgt_backend_data.h" - -namespace { - -namespace wgt_sec = wgt::security; -using CompositeSpec = - common_installer::CompositeSpecification; - -/** - * \brief Implementation of Specification that check version requirement - */ -class VersionAtLeastSpec : public CompositeSpec { - public: - explicit VersionAtLeastSpec(const utils::VersionNumber version) - : version_(version) {} - - bool IsSatisfiedBy(const wgt_sec::BackgroundCatSpecTest &candidate) override { - return version_ <= candidate.version; - } - - private: - const utils::VersionNumber version_; -}; - -/** - * \brief Implementation of Specification that check certificate level - * requirement - */ -class CertSpec : public CompositeSpec { - public: - explicit CertSpec(common_installer::PrivilegeLevel privilege) : - privilege_(privilege) {} - - bool IsSatisfiedBy(const wgt_sec::BackgroundCatSpecTest &candidate) override { - return candidate.cert == privilege_; - } - - private: - const common_installer::PrivilegeLevel privilege_; -}; - -/** - * \brief Implementation of Specification that check background support - * requirement - */ -class BackgroundSuptSpec : public CompositeSpec { - public: - bool IsSatisfiedBy(const wgt_sec::BackgroundCatSpecTest &candidate) override { - return candidate.background_supt; - } -}; - -/** - * \brief Implementation of Specification that check if any known values - * were parsed in background-category elements - */ -class KnownValueSpec : public CompositeSpec { - public: - explicit KnownValueSpec(const wgt_sec::BackgroundCatSet &values) : - valid_values_(values) { - } - - bool IsSatisfiedBy(const wgt_sec::BackgroundCatSpecTest &candidate) override { - wgt_sec::BackgroundCatSet intersect; - std::set_intersection(valid_values_.begin(), valid_values_.end(), - candidate.values.begin(), candidate.values.end(), - std::inserter(intersect, intersect.begin())); - return !intersect.empty(); - } - - private: - wgt_sec::BackgroundCatSet valid_values_; -}; - -/** - * \brief Implementation of Specification that check if any unknown values - * were parsed in background-category elements - */ -class UnknownValueSpec : public CompositeSpec { - public: - explicit UnknownValueSpec(const wgt_sec::BackgroundCatSet &values) : - invalid_values_(values) { - } - - bool IsSatisfiedBy(const wgt_sec::BackgroundCatSpecTest &candidate) override { - wgt_sec::BackgroundCatSet diff; - std::set_difference(candidate.values.begin(), candidate.values.end(), - invalid_values_.begin(), invalid_values_.end(), - std::inserter(diff, diff.begin())); - return !diff.empty(); - } - - private: - wgt_sec::BackgroundCatSet invalid_values_; -}; - -/** - * \brief Implementation of Specification that check if any of parsed values in - * background-category elements meet requirement of having "system" value - */ -class SystemValueSpec : public CompositeSpec { - public: - bool IsSatisfiedBy(const wgt_sec::BackgroundCatSpecTest &candidate) override { - return candidate.values.find("system") != candidate.values.end(); - } -}; - -/** - * \brief Implementation of Specification that check if no values were parsed - * in background-category elements - */ -class EmptyValueSpec : public CompositeSpec { - public: - bool IsSatisfiedBy(const wgt_sec::BackgroundCatSpecTest &candidate) override { - return candidate.values.empty(); - } -}; - -} // namespace - -namespace wgt { -namespace security { - -StepCheckBackgroundCategory::StepCheckBackgroundCategory( - common_installer::InstallerContext *context) : Step(context), - known_background_categories_ { - "media", "download", "background-network", - "location", "sensor", "iot-communication" }, - not_unknown_background_categories_ { - "media", "download", "background-network", "location", - "sensor", "iot-communication", "system" } { - utils::VersionNumber v24("2.4"); - auto ver24 = std::make_shared(std::move(v24)); - auto certUntrusted = - std::make_shared(common_installer::PrivilegeLevel::UNTRUSTED); - auto certPublic = - std::make_shared(common_installer::PrivilegeLevel::PUBLIC); - auto certParter = - std::make_shared(common_installer::PrivilegeLevel::PARTNER); - auto certPlatform = - std::make_shared(common_installer::PrivilegeLevel::PLATFORM); - auto background_supt = std::make_shared(); - auto known = std::make_shared(known_background_categories_); - auto unknown = - std::make_shared(not_unknown_background_categories_); - auto system = std::make_shared(); - auto empty = std::make_shared(); - - common_installer::ISpecPtr certTrusted = - certParter->Or(certPlatform); - sentAllSpec_ = ver24->Not()->And( - background_supt->And(certPublic->And(system->Not())->Or(certTrusted))); - failSpec_ = certPublic->And(system)->Or(certUntrusted); - systemSpec_ = certTrusted->And(system); - knownSpec_ = failSpec_->Not()->And( - sentAllSpec_->Not())->And(empty->Not())->And(known); - unknownSpec_ = failSpec_->Not()->And(empty->Not())->And(unknown); -} - -GList *StepCheckBackgroundCategory::CopyValuesToBackgroundCategory( - BackgroundCatSet values, GList *backgroundCategories) { - for (auto& background_category : values) { - backgroundCategories = g_list_append( - backgroundCategories, strdup(background_category.c_str())); - } - - return backgroundCategories; -} - -common_installer::Step::Status StepCheckBackgroundCategory::process() { - std::string str_ver(context_->manifest_data.get()->api_version); - common_installer::PrivilegeLevel privilege_level = - context_->privilege_level.get(); - const wgt::parse::SettingInfo& settings = static_cast( - context_->backend_data.get())->settings.get(); - bool bkgnd_supt = settings.background_support_enabled(); - utils::VersionNumber version(str_ver); - - for (application_x* app : - GListRange(context_->manifest_data.get()->application)) { - BackgroundCatSet bkgnd_cat; - - for (const char* background_category : GListRange( - app->background_category)) { - bkgnd_cat.insert(strdup(background_category)); - } - - g_list_free_full(app->background_category, g_free); - app->background_category = nullptr; - - BackgroundCatSpecTest test = - { version, privilege_level, bkgnd_supt, std::move(bkgnd_cat) }; - - if (failSpec_->IsSatisfiedBy(test)) { - LOG(DEBUG) << "Installation fail caused by background-category"; - return Status::ERROR; - } - - if (sentAllSpec_->IsSatisfiedBy(test)) { - app->background_category = CopyValuesToBackgroundCategory( - known_background_categories_, app->background_category); - } - - if (systemSpec_->IsSatisfiedBy(test)) { - app->background_category = g_list_append( - app->background_category, strdup("system")); - } - - if (knownSpec_->IsSatisfiedBy(test)) { - BackgroundCatSet to_insert; - - // Get all known parsed values this is to handle case when more than one - // background-category element is declared and values are mixed - std::set_intersection( - known_background_categories_.begin(), - known_background_categories_.end(), - test.values.begin(), test.values.end(), - std::inserter(to_insert, to_insert.begin())); - - app->background_category = CopyValuesToBackgroundCategory( - to_insert, app->background_category); - } - - if (unknownSpec_->IsSatisfiedBy(test)) { - BackgroundCatSet to_insert; - - // Get all unknown parsed values this is to handle case when more than one - // background-category element is declared and values are mixed - std::set_difference( - test.values.begin(), test.values.end(), - not_unknown_background_categories_.begin(), - not_unknown_background_categories_.end(), - std::inserter(to_insert, to_insert.end())); - - app->background_category = CopyValuesToBackgroundCategory( - to_insert, app->background_category); - } - } - - return Status::OK; -} - -} // namespace security -} // namespace wgt diff --git a/src/wgt/step/step_check_background_category.h b/src/wgt/step/step_check_background_category.h deleted file mode 100644 index 55eb8e1..0000000 --- a/src/wgt/step/step_check_background_category.h +++ /dev/null @@ -1,88 +0,0 @@ -// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved -// Use of this source code is governed by a apache 2.0 license that can be -// found in the LICENSE file. - -#ifndef WGT_STEP_STEP_CHECK_BACKGROUND_CATEGORY_H_ -#define WGT_STEP_STEP_CHECK_BACKGROUND_CATEGORY_H_ - -#include -#include -#include -#include - -#include "common/step/step.h" -#include "common/utils/logging.h" -#include "common/utils/specification.h" - -namespace wgt { -namespace security { - -typedef std::set BackgroundCatSet; - -struct BackgroundCatSpecTest { - utils::VersionNumber version; - common_installer::PrivilegeLevel cert; - bool background_supt; - BackgroundCatSet values; -}; - -/** - * \brief This step check background category value and modify it depending on - * required version, cert level, background support, and value itself - */ -class StepCheckBackgroundCategory : public common_installer::Step { - public: - using Step::Step; - - explicit StepCheckBackgroundCategory( - common_installer::InstallerContext *context); - - /** - * \brief Check background category values - * - * \return Status::ERROR when "system" detected, - * Status::OK otherwise - */ - Status process() override; - - /** - * \brief Empty method - * - * \return Status::OK - */ - Status clean() override { return Status::OK; } - - /** - * \brief Empty method - * - * \return Status::OK - */ - Status undo() override { return Status::OK; } - - /** - * \brief Empty method - * - * \return Status::OK - */ - Status precheck() override { return Status::OK; } - - SCOPE_LOG_TAG(CheckBackgroundCategory) - - private: - GList *CopyValuesToBackgroundCategory( - BackgroundCatSet values, GList *backgroundCategories); - - common_installer::ISpecPtr sentAllSpec_; - common_installer::ISpecPtr failSpec_; - common_installer::ISpecPtr systemSpec_; - common_installer::ISpecPtr knownSpec_; - common_installer::ISpecPtr unknownSpec_; - - const BackgroundCatSet known_background_categories_; - const BackgroundCatSet not_unknown_background_categories_; -}; - -} // namespace security -} // namespace wgt - -#endif // WGT_STEP_STEP_CHECK_BACKGROUND_CATEGORY_H_ diff --git a/src/wgt/step/step_check_wgt_background_category.cc b/src/wgt/step/step_check_wgt_background_category.cc new file mode 100644 index 0000000..b5efff6 --- /dev/null +++ b/src/wgt/step/step_check_wgt_background_category.cc @@ -0,0 +1,29 @@ +// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +// Use of this source code is governed by a apache 2.0 license that can be +// found in the LICENSE file. + +#include + +#include "common/installer_context.h" +#include "step_check_wgt_background_category.h" +#include "wgt/wgt_backend_data.h" + +namespace { +namespace ci_sec = common_installer::security; +} // namespace + +namespace wgt { +namespace security { + +StepCheckWgtBackgroundCategory::StepCheckWgtBackgroundCategory( + common_installer::InstallerContext* context) : + ci_sec::StepCheckBackgroundCategory(context) {} + +bool StepCheckWgtBackgroundCategory::GetBackgroundSupport() { + const wgt::parse::SettingInfo& settings = static_cast( + context_->backend_data.get())->settings.get(); + return settings.background_support_enabled(); +} + +} // namespace security +} // namespace wgt diff --git a/src/wgt/step/step_check_wgt_background_category.h b/src/wgt/step/step_check_wgt_background_category.h new file mode 100644 index 0000000..68a63d8 --- /dev/null +++ b/src/wgt/step/step_check_wgt_background_category.h @@ -0,0 +1,32 @@ +// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +// Use of this source code is governed by a apache 2.0 license that can be +// found in the LICENSE file. + +#ifndef WGT_STEP_STEP_CHECK_WGT_BACKGROUND_CATEGORY_H_ +#define WGT_STEP_STEP_CHECK_WGT_BACKGROUND_CATEGORY_H_ + +#include + +#include "common/step/step_check_background_category.h" + +namespace wgt { +namespace security { + +/** + * \brief This step check background category value and modify it depending on + * required version, cert level, background support, and value itself + */ +class StepCheckWgtBackgroundCategory : + public common_installer::security::StepCheckBackgroundCategory { + public: + explicit StepCheckWgtBackgroundCategory( + common_installer::InstallerContext* context); + + protected: + bool GetBackgroundSupport() override; +}; + +} // namespace security +} // namespace wgt + +#endif // WGT_STEP_STEP_CHECK_WGT_BACKGROUND_CATEGORY_H_ diff --git a/src/wgt/wgt_installer.cc b/src/wgt/wgt_installer.cc index 7f63344..70253be 100644 --- a/src/wgt/wgt_installer.cc +++ b/src/wgt/wgt_installer.cc @@ -43,8 +43,8 @@ #include "common/step/step_check_old_certificate.h" #include "wgt/step/step_add_default_privileges.h" -#include "wgt/step/step_check_background_category.h" #include "wgt/step/step_check_settings_level.h" +#include "wgt/step/step_check_wgt_background_category.h" #include "wgt/step/step_create_symbolic_link.h" #include "wgt/step/step_encrypt_resources.h" #include "wgt/step/step_parse.h" @@ -72,7 +72,7 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr) AddStep(); AddStep(); AddStep(); -// TODO(p.sikorski): AddStep(); + AddStep(); AddStep(); AddStep(); AddStep(); @@ -92,7 +92,7 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr) AddStep(); AddStep(); AddStep(); -// TODO(p.sikorski): AddStep(); + AddStep(); AddStep(); AddStep(); AddStep(); @@ -141,7 +141,7 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep(); AddStep(); AddStep(); AddStep();