From: Pawel Sikorski <p.sikorski@samsung.com>
Date: Fri, 31 Jul 2015 10:17:05 +0000 (+0200)
Subject: Removing encryption key after application uninstallation.
X-Git-Tag: accepted/tizen/mobile/20150811.014001^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c80af018e4aa5fcc910190448b00740fa9c9a62e;p=platform%2Fcore%2Fappfw%2Fapp-installers.git

Removing encryption key after application uninstallation.

During deinstallation, wae_remove_app_dek function is called
to remove encryption key from WAE module.
Note: there is no information, if given application is encrypted or
not. So the function is always called. If, WAE_ERROR_NO_KEY error is
returned, it can be assumed, that given application was not encrypted.

Change-Id: I9b7f54bde88ad012249f77784c46aa80c1097ff3
---

diff --git a/src/wgt/CMakeLists.txt b/src/wgt/CMakeLists.txt
index ce9e194..9b0d9ee 100644
--- a/src/wgt/CMakeLists.txt
+++ b/src/wgt/CMakeLists.txt
@@ -5,6 +5,7 @@ SET(SRCS
   step/step_create_symbolic_link.cc
   step/step_encrypt_resources.cc
   step/step_parse.cc
+  step/step_remove_encryption_data.cc
   step/step_rds_parse.cc
   step/step_rds_modify.cc
   step/step_wgt_create_icons.cc
diff --git a/src/wgt/step/step_remove_encryption_data.cc b/src/wgt/step/step_remove_encryption_data.cc
new file mode 100644
index 0000000..24357f6
--- /dev/null
+++ b/src/wgt/step/step_remove_encryption_data.cc
@@ -0,0 +1,51 @@
+// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#include "wgt/step/step_remove_encryption_data.h"
+
+#include <web_app_enc.h>
+
+#include "common/utils/logging.h"
+
+
+namespace wgt {
+namespace encrypt {
+
+common_installer::Step::Status StepRemoveEncryptionData::process() {
+  // There is no check, if application was encrypted or not
+  // (it is not saved anywhere in tizen manifest)
+  // so, if WAE_ERROR_NO_KEY error, then application was not encrypted
+  int ret = wae_remove_app_dek(context_->pkgid.get().c_str());
+  if (WAE_ERROR_NONE == ret || WAE_ERROR_NO_KEY == ret) {
+    LOG(DEBUG) << "Encryption data removed (if existed)";
+    return common_installer::Step::Status::OK;
+  }
+
+  switch (ret) {
+  case WAE_ERROR_INVALID_PARAMETER:
+    LOG(ERROR) << "Error while removing encryption data: "
+                  "WAE_ERROR_INVALID_PARAMETER";
+    break;
+  case WAE_ERROR_PERMISSION_DENIED:
+    LOG(ERROR) << "Error while removing encryption data: "
+                  "WAE_ERROR_PERMISSION_DENIED";
+    break;
+  case WAE_ERROR_KEY_MANAGER:
+    LOG(ERROR) << "Error while removing encryption data: "
+                  "WAE_ERROR_KEY_MANAGER";
+    break;
+  case WAE_ERROR_UNKNOWN:
+    LOG(ERROR) << "Error while removing encryption data: "
+                  "WAE_ERROR_UNKNOWN";
+    break;
+  default:
+    LOG(ERROR) << "Error while removing encryption data: "
+                  "UNKNOWN";
+    break;
+  }
+  return common_installer::Step::Status::ERROR;
+}
+
+}  // namespace encrypt
+}  // namespace wgt
diff --git a/src/wgt/step/step_remove_encryption_data.h b/src/wgt/step/step_remove_encryption_data.h
new file mode 100644
index 0000000..8415cc2
--- /dev/null
+++ b/src/wgt/step/step_remove_encryption_data.h
@@ -0,0 +1,27 @@
+// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#ifndef WGT_STEP_STEP_REMOVE_ENCRYPTION_DATA_H_
+#define WGT_STEP_STEP_REMOVE_ENCRYPTION_DATA_H_
+
+#include "common/step/step.h"
+#include "common/utils/logging.h"
+
+namespace wgt {
+namespace encrypt {
+
+class StepRemoveEncryptionData : public common_installer::Step {
+ public:
+  using Step::Step;
+
+  Status process() override;
+  Status clean() override { return Status::OK; }
+  Status undo() override { return Status::OK; }
+  Status precheck() override { return Status::OK; }
+
+  SCOPE_LOG_TAG(RemoveEncryptionData)
+};
+}  // namespace encrypt
+}  // namespace wgt
+#endif  // WGT_STEP_STEP_REMOVE_ENCRYPTION_DATA_H_
diff --git a/src/wgt/wgt_backend.cc b/src/wgt/wgt_backend.cc
index a3cb9c2..d07ec17 100644
--- a/src/wgt/wgt_backend.cc
+++ b/src/wgt/wgt_backend.cc
@@ -32,6 +32,7 @@
 #include "wgt/step/step_check_settings_level.h"
 #include "wgt/step/step_encrypt_resources.h"
 #include "wgt/step/step_parse.h"
+#include "wgt/step/step_remove_encryption_data.h"
 #include "wgt/step/step_rds_parse.h"
 #include "wgt/step/step_rds_modify.h"
 #include "wgt/step/step_wgt_create_icons.h"
@@ -101,6 +102,7 @@ int main(int argc, char** argv) {
       installer.AddStep<ci::filesystem::StepRemoveFiles>();
       installer.AddStep<ci::filesystem::StepRemoveIcons>();
       installer.AddStep<ci::security::StepRevokeSecurity>();
+      installer.AddStep<wgt::encrypt::StepRemoveEncryptionData>();
       break;
     }
     case ci::PkgMgrInterface::Type::Reinstall: {