From: Sangyoon Jang <s89.jang@samsung.com>
Date: Mon, 13 Apr 2015 04:14:29 +0000 (+0900)
Subject: Add a tool: pkg_privilege
X-Git-Tag: accepted/tizen/common/20150414.100259^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=67a6fd4afcf9a526c943dfd32fd02384f443c9a2;p=platform%2Fcore%2Fappfw%2Fslp-pkgmgr.git

Add a tool: pkg_privilege

pkg_privilege is a tool for install privilege using security-manager api
pkg_initdb will run this tool

Change-Id: If82ab279a690f43385c4c616153ef885f1b4ea51
Signed-off-by: Sangyoon Jang <s89.jang@samsung.com>
---

diff --git a/packaging/pkgmgr.spec b/packaging/pkgmgr.spec
index 3a5a1e9..158531f 100644
--- a/packaging/pkgmgr.spec
+++ b/packaging/pkgmgr.spec
@@ -32,6 +32,7 @@ BuildRequires:  pkgconfig(pkgmgr-info)
 BuildRequires:  pkgconfig(iniparser)
 BuildRequires:  pkgconfig(notification)
 BuildRequires:  pkgconfig(libtzplatform-config)
+BuildRequires:  pkgconfig(security-manager)
 BuildRequires:  pkgconfig(db-util)
 BuildRequires:  pkgmgr-info-parser-devel
 BuildRequires:  pkgmgr-info-parser
@@ -156,6 +157,7 @@ chsmack -a '*' %{TZ_SYS_RW_PACKAGES}
 %attr(755,root,root) %{_bindir}/pkg_initdb_user
 %{_bindir}/pkg_getsize
 %{_bindir}/pkg_clearcache
+%{_bindir}/pkg_privilege
 %{_bindir}/pkginfo
 %{_bindir}/pkgmgr-install
 %attr(-,tizenglobalapp,root) %dir %{TZ_SYS_RW_PACKAGES}
diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt
index 435dfc5..2a8a7e1 100644
--- a/tool/CMakeLists.txt
+++ b/tool/CMakeLists.txt
@@ -12,7 +12,7 @@ FOREACH(flag ${pkgs_initdb_CFLAGS})
 ENDFOREACH(flag)
 
 
-pkg_check_modules(pkgs_test REQUIRED ecore dbus-1 ail libxml-2.0 bundle pkgmgr-parser vconf pkgmgr-info libtzplatform-config)
+pkg_check_modules(pkgs_test REQUIRED ecore dbus-1 ail libxml-2.0 bundle pkgmgr-parser vconf pkgmgr-info libtzplatform-config security-manager)
 FOREACH(flag ${pkgs_test_CFLAGS})
 	SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
 ENDFOREACH(flag)
@@ -39,6 +39,11 @@ add_executable(pkginfo
 target_link_libraries(pkginfo pkgmgr-client pkgmgr_installer ${pkgs_test_LDFLAGS})
 INSTALL(TARGETS pkginfo DESTINATION bin)
 
+add_executable(pkg_privilege
+                pkg_privilege.c)
+target_link_libraries(pkg_privilege ${pkgs_test_LDFLAGS})
+INSTALL(TARGETS pkg_privilege DESTINATION bin)
+
 add_executable(pkg_getsize
                 pkg_getsize.c)
 target_link_libraries(pkg_getsize pkgmgr-client pkgmgr_installer ${pkgs_test_LDFLAGS})
diff --git a/tool/pkg_initdb.c b/tool/pkg_initdb.c
index 36c3425..2b586c5 100644
--- a/tool/pkg_initdb.c
+++ b/tool/pkg_initdb.c
@@ -129,7 +129,7 @@ char* _manifest_to_package(const char* manifest)
 
 
 
-int initdb_load_directory(const char *directory)
+static int __initdb_load_directory(const char *directory, const char *cmd)
 {
 	DIR *dir;
 	struct dirent entry, *result;
@@ -176,7 +176,7 @@ int initdb_load_directory(const char *directory)
 		// pkgmgr_parser_parse_manifest_for_installation(buf, NULL);
 
 		char buf2[BUFSZE];
-		snprintf(buf2, sizeof(buf2), "/usr/bin/pkginfo --imd %s", buf);
+		snprintf(buf2, sizeof(buf2), "%s %s", cmd, buf);
 		system(buf2);
 
 		free(manifest);
@@ -187,7 +187,15 @@ int initdb_load_directory(const char *directory)
 	return 0;
 }
 
+static int initdb_install_manifest(void)
+{
+	return __initdb_load_directory(SYS_MANIFEST_DIRECTORY, "/usr/bin/pkginfo --imd");
+}
 
+static int initdb_install_privilege(void)
+{
+	return __initdb_load_directory(SYS_MANIFEST_DIRECTORY, "/usr/bin/pkg_privilege");
+}
 
 static int initdb_change_perm(const char *db_file)
 {
@@ -263,9 +271,9 @@ int main(int argc, char *argv[])
 		_D("Some Packages in the Package Info DB.");
 		return 0;
 	}
-	ret = initdb_load_directory(SYS_MANIFEST_DIRECTORY);
+	ret = initdb_install_manifest();
 	if (ret == -1) {
-		_E("cannot load opt manifest directory.");
+		_E("cannot install manifest.");
 	}
 
 	ret = initdb_change_perm(PACKAGE_INFO_DB_FILE);
@@ -274,12 +282,18 @@ int main(int argc, char *argv[])
 		return -1;
 	}
 
-	setuid(OWNER_ROOT);
-	
+	setresuid(OWNER_ROOT, OWNER_ROOT, OWNER_ROOT);
+
 	SET_DEFAULT_LABEL(PACKAGE_INFO_DB_FILE);
 	SET_DEFAULT_LABEL(PACKAGE_INFO_DB_FILE_JOURNAL);
 	SET_DEFAULT_LABEL(PKG_CERT_DB_FILE);
 	SET_DEFAULT_LABEL(PKG_CERT_DB_FILE_JOURNAL);
 
+	ret = initdb_install_privilege();
+	if (ret == -1) {
+		_E("cannot install priveilge.");
+		return -1;
+	}
+
 	return 0;
 }
diff --git a/tool/pkg_privilege.c b/tool/pkg_privilege.c
new file mode 100644
index 0000000..f34ce0d
--- /dev/null
+++ b/tool/pkg_privilege.c
@@ -0,0 +1,98 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#include <tzplatform_config.h>
+#include <security-manager.h>
+#include <pkgmgr_parser.h>
+
+#define BUFSIZE 4096
+#define OWNER_ROOT 0
+#define GLOBAL_USER tzplatform_getuid(TZ_SYS_GLOBALAPP_USER)
+
+static const char *__get_path(char *pkgid, char *appid, uid_t uid)
+{
+	char buf[BUFSIZE];
+	char *path;
+
+	/* TODO: unify application directory layout */
+	if (uid == OWNER_ROOT || uid == GLOBAL_USER)
+		snprintf(buf, BUFSIZE - 1, "%s", pkgid);
+	else
+		snprintf(buf, BUFSIZE - 1, "%s/%s", pkgid, appid);
+
+	tzplatform_set_user(uid);
+	path = tzplatform_mkpath((uid == OWNER_ROOT || uid == GLOBAL_USER) ?
+			TZ_SYS_RO_APP : TZ_USER_APP, buf);
+	tzplatform_reset_user();
+
+	return path;
+}
+
+static int __insert_privilege(char *manifest, uid_t uid)
+{
+	int ret;
+	manifest_x *mfx;
+	struct uiapplication_x *uiapp;
+	struct serviceapplication_x *svcapp;
+	char *path;
+
+	privilege_x *priv;
+	app_inst_req *req;
+
+	mfx = pkgmgr_parser_process_manifest_xml(manifest);
+	if (mfx == NULL) {
+		printf("Parse manifest failed\n");
+		return -1;
+	}
+	if (security_manager_app_inst_req_new(&req)) {
+		printf("security_manager_app_inst_req_new failed\n");
+		pkgmgr_parser_free_manifest_xml(mfx);
+		return -1;
+	}
+
+	security_manager_app_inst_req_set_pkg_id(req, mfx->package);
+
+	uiapp = mfx->uiapplication;
+	while (uiapp) {
+		security_manager_app_inst_req_set_app_id(req, uiapp->appid);
+		path = __get_path(mfx->package, uiapp->appid, uid);
+		security_manager_app_inst_req_add_path(req, path,
+				SECURITY_MANAGER_PATH_PUBLIC_RO);
+		uiapp = uiapp->next;
+	}
+
+	svcapp = mfx->serviceapplication;
+	while (svcapp) {
+		security_manager_app_inst_req_set_app_id(req, svcapp->appid);
+		path = __get_path(mfx->package, svcapp->appid, uid);
+		security_manager_app_inst_req_add_path(req, path,
+				SECURITY_MANAGER_PATH_PUBLIC_RO);
+		svcapp = svcapp->next;
+	}
+
+	if (mfx->privileges != NULL) {
+		for (priv = mfx->privileges->privilege; priv; priv = priv->next)
+			security_manager_app_inst_req_add_privilege(req,
+					priv->text);
+	}
+
+	ret = security_manager_app_install(req);
+	if (ret != SECURITY_MANAGER_SUCCESS)
+		printf("security_manager_app_install failed: %d\n", ret);
+
+	security_manager_app_inst_req_free(req);
+	pkgmgr_parser_free_manifest_xml(mfx);
+
+	return 0;
+}
+
+int main(int argc, char **argv)
+{
+	if (argc < 2) {
+		printf("missing operand\n");
+		return -1;
+	}
+
+	return __insert_privilege(argv[1], getuid());
+}