From: jongmyeongko <jongmyeong.ko@samsung.com>
Date: Tue, 15 Mar 2016 11:36:44 +0000 (+0900)
Subject: skip checking reference-hash in case of direct-install by privileged user.
X-Git-Tag: accepted/tizen/common/20160321.150444~4
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=68403ca5fda1c2527615cae1b0d642ae370c96f7;p=platform%2Fcore%2Fappfw%2Fapp-installers.git

skip checking reference-hash in case of direct-install by privileged user.

Change-Id: I35b278a8e93000100690b56142264d01f4d69d3e
Signed-off-by: jongmyeongko <jongmyeong.ko@samsung.com>
---

diff --git a/src/common/step/step_check_signature.cc b/src/common/step/step_check_signature.cc
index 635d2f7..15dedea 100644
--- a/src/common/step/step_check_signature.cc
+++ b/src/common/step/step_check_signature.cc
@@ -110,7 +110,7 @@ common_installer::Step::Status ValidateSignatureFile(
     const ValidationCore::SignatureFileInfo& file_info,
     common_installer::PrivilegeLevel* level,
     common_installer::CertificateInfo* cert_info,
-    std::string* error_message) {
+    bool check_reference, std::string* error_message) {
   bf::path path = base_path / file_info.getFileName();
   LOG(INFO) << "Processing signature: " << path;
 
@@ -119,7 +119,7 @@ common_installer::Step::Status ValidateSignatureFile(
   ValidationCore::VCerr result = validator.check(
       base_path.string(),  // app content path for checking hash of file ref.
       true,                // ocsp check flag
-      true,                // file reference hash check flag
+      check_reference,     // file reference hash check flag
       data);               // output signature data
 
   std::string errnum =
@@ -199,7 +199,7 @@ namespace security {
 
 Step::Status ValidateSignatures(const bf::path& base_path,
     PrivilegeLevel* level, common_installer::CertificateInfo* cert_info,
-    std::string* error_message) {
+    bool check_reference, std::string* error_message) {
   // Find signature files
   ValidationCore::SignatureFileInfoSet signature_files;
   ValidationCore::SignatureFinder signature_finder(base_path.string());
@@ -214,7 +214,7 @@ Step::Status ValidateSignatures(const bf::path& base_path,
   for (auto& file_info : signature_files) {
     std::string error;
     Step::Status status = ValidateSignatureFile(base_path, file_info, level,
-                                                cert_info, &error);
+                                        cert_info, check_reference, &error);
     if (status != Step::Status::OK) {
       *error_message = error;
       return status;
@@ -241,9 +241,15 @@ Step::Status StepCheckSignature::precheck() {
 Step::Status StepCheckSignature::process() {
   PrivilegeLevel level = PrivilegeLevel::UNTRUSTED;
   std::string error_message;
+  bool check_reference = true;
+  if (context_->uid.get() == 0 &&
+      (context_->request_type.get()== ci::RequestType::ManifestDirectInstall ||
+      context_->request_type.get() == ci::RequestType::ManifestDirectUpdate))
+    check_reference = false;
   Status status =
       ValidateSignatures(context_->unpacked_dir_path.get(), &level,
-                         &context_->certificate_info.get(), &error_message);
+                         &context_->certificate_info.get(), check_reference,
+                         &error_message);
   if (status != Status::OK) {
     on_error(status, error_message);
     return status;
diff --git a/src/common/step/step_check_signature.h b/src/common/step/step_check_signature.h
index 27518b0..2455de3 100644
--- a/src/common/step/step_check_signature.h
+++ b/src/common/step/step_check_signature.h
@@ -47,7 +47,7 @@ class StepCheckSignature : public Step {
 // Exposed for tests
 Step::Status ValidateSignatures(const boost::filesystem::path& base_path,
     PrivilegeLevel* level, common_installer::CertificateInfo* cert_info,
-    std::string* error_message);
+    bool check_reference, std::string* error_message);
 
 }  // namespace security
 }  // namespace common_installer
diff --git a/src/unit_tests/signature_unittest.cc b/src/unit_tests/signature_unittest.cc
index 89b91cb..8de4045 100644
--- a/src/unit_tests/signature_unittest.cc
+++ b/src/unit_tests/signature_unittest.cc
@@ -26,7 +26,7 @@ TEST_F(SignatureValidatorTest, HandlesInitializedSignatureDir) {
   PrivilegeLevel level = PrivilegeLevel::UNTRUSTED;
   common_installer::CertificateInfo cert_info;
   std::string error;
-  EXPECT_EQ(ValidateSignatures(*signature_file, &level, &cert_info, &error),
+  EXPECT_EQ(ValidateSignatures(*signature_file, &level, &cert_info, true, &error),
             Step::Status::OK);
 }
 
@@ -37,7 +37,7 @@ TEST_F(SignatureValidatorTest, HandlesBadSignatureDir) {
   PrivilegeLevel level = PrivilegeLevel::UNTRUSTED;
   common_installer::CertificateInfo cert_info;
   std::string error;
-  EXPECT_EQ(ValidateSignatures(*signature_file, &level, &cert_info, &error),
+  EXPECT_EQ(ValidateSignatures(*signature_file, &level, &cert_info, true, &error),
             Step::Status::ERROR);
 }