From 373696532fc5ac86078243b600ad1c141f3e98ff Mon Sep 17 00:00:00 2001 From: Jihoon Chung Date: Tue, 23 Apr 2013 14:29:23 +0900 Subject: [PATCH] Sync code with private [Issue#] N/A [Problem] N/A [Cause] N/A [Solution] Sync code with private [SCMRequest] N/A Change-Id: Ib8a0fe0498187b2f28185ac66ebbbc4c157b7f7a --- src/CMakeLists.txt | 1 + src/jobs/widget_install/job_widget_install.cpp | 11 +- src/jobs/widget_install/task_smack.cpp | 140 ++++++++++++++++++++++--- src/jobs/widget_install/task_smack.h | 4 +- src/jobs/widget_uninstall/task_smack.cpp | 16 +-- 5 files changed, 135 insertions(+), 37 deletions(-) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 994b6ce..5e33b52 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -145,6 +145,7 @@ PKG_CHECK_MODULES(SYS_INSTALLER_STATIC_DEP capi-appfw-app-manager app2sd vconf + libprivilege-control REQUIRED ) diff --git a/src/jobs/widget_install/job_widget_install.cpp b/src/jobs/widget_install/job_widget_install.cpp index 239f8d1..e2b2086 100644 --- a/src/jobs/widget_install/job_widget_install.cpp +++ b/src/jobs/widget_install/job_widget_install.cpp @@ -194,12 +194,6 @@ JobWidgetInstall::JobWidgetInstall( } AddTask(new TaskFileManipulation(m_installerContext)); - // TODO: Update progress information for this task - - //This is sort of quick solution, because ACE verdicts are based upon - //data from DAO (DB). So AceCheck for now has to be AFTER DbUpdate - //task. - AddTask(new TaskSmack(m_installerContext)); AddTask(new TaskManifestFile(m_installerContext)); if (m_installerContext.widgetConfig.packagingType == @@ -210,6 +204,7 @@ JobWidgetInstall::JobWidgetInstall( AddTask(new TaskCertificates(m_installerContext)); AddTask(new TaskDatabase(m_installerContext)); AddTask(new TaskAceCheck(m_installerContext)); + AddTask(new TaskSmack(m_installerContext)); } else if (result == ConfigureResult::Updated) { LogInfo("Configure installation updated"); LogInfo("Widget Update"); @@ -249,9 +244,6 @@ JobWidgetInstall::JobWidgetInstall( AddTask(new TaskUpdateFiles(m_installerContext)); } - /* TODO : To backup file, save md5 values */ - AddTask(new TaskSmack(m_installerContext)); - AddTask(new TaskManifestFile(m_installerContext)); if (m_installerContext.widgetConfig.packagingType == PKG_TYPE_HYBRID_WEB_APP) @@ -268,6 +260,7 @@ JobWidgetInstall::JobWidgetInstall( //TODO: remove widgetHandle from this task and move before database task // by now widget handle is needed in ace check // Any error in acecheck while update will break widget + AddTask(new TaskSmack(m_installerContext)); } else if (result == ConfigureResult::Deferred) { // Installation is deferred LogInfo("Configure installation deferred"); diff --git a/src/jobs/widget_install/task_smack.cpp b/src/jobs/widget_install/task_smack.cpp index 75d0fc8..a9c285a 100644 --- a/src/jobs/widget_install/task_smack.cpp +++ b/src/jobs/widget_install/task_smack.cpp @@ -25,46 +25,154 @@ #include #include #include +#include +#include #ifdef WRT_SMACK_ENABLED #include #endif #include +namespace { +const int MAX_BUF_SIZE = 128; +const char* SMACK_RULE_STR = "/usr/bin/smackload-app.sh"; +} + namespace Jobs { namespace WidgetInstall { TaskSmack::TaskSmack(InstallerContext& context) : DPL::TaskDecl(this), m_context(context) { - AddStep(&TaskSmack::Step); + AddStep(&TaskSmack::SmackFolderLabelingStep); + AddStep(&TaskSmack::SmackPrivilegeStep); + AddStep(&TaskSmack::SmackTemporaryStep); +} + +void TaskSmack::SmackFolderLabelingStep() +{ + LogInfo( + "----------------> SMACK: \ + Jobs::WidgetInstall::TaskSmack::SmackFolderLabelingStep()"); + +#ifdef WRT_SMACK_ENABLED + /* /opt/usr/apps/[pkgid] directory's label is "_" */ + std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid); + if (PC_OPERATION_SUCCESS != app_label_dir("_", + m_context.locations-> + getPackageInstallationDir(). + c_str())) + { + LogError("Set smack failure. Failed to add label for app root directory"); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + + /* res directory */ + std::string resDir = m_context.locations->getPackageInstallationDir() + + "/res"; + if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(), + resDir.c_str())) + { + LogError("Set smack failure. Failed to add label for resource directory"); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + + /* bin directory */ + if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(), + m_context.locations->getBinaryDir() + .c_str())) + { + LogError("Set smack failure. Failed to add label for binary directory"); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + + /* data directory */ + if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(), + m_context.locations-> + getPrivateStorageDir().c_str())) + { + LogError("Set smack failure. Failed to add label for private storage directory"); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + +#endif } -void TaskSmack::Step() +void TaskSmack::SmackPrivilegeStep() { - LogInfo("----------------> SMACK: Jobs::WidgetInstall::TaskSmack::Step()"); + LogInfo( + "----------------> SMACK: \ + Jobs::WidgetInstall::TaskSmack::SmackPrivilegeStep()"); #ifdef WRT_SMACK_ENABLED - std::stringstream devcaps; + WrtDB::TizenPkgId tzPkgid = m_context.widgetConfig.tzPkgid; +#if 0 + char** perm_list = new char*[m_context.staticPermittedDevCaps.size()]; + + int index = 0; FOREACH(it, m_context.staticPermittedDevCaps) { if (it->second) { - std::string utf8 = DPL::ToUTF8String(it->first); - if (it != m_context.staticPermittedDevCaps.begin()) { - devcaps << ","; - } - devcaps << utf8; + LogInfo("Permission : " << it->first); + perm_list[index++] = + const_cast(DPL::ToUTF8String(it->first).c_str()); + } + } + perm_list[index] = NULL; + + int result = app_add_permissions( + DPL::ToUTF8String(tzPkgid).c_str(), + const_cast(perm_list)); + +#else + const char* perm_list[0]; + perm_list[0] = NULL; +#endif + if (m_context.job->getInstallerStruct().m_installMode + != InstallMode::INSTALL_MODE_PRELOAD) + { + int result = app_add_permissions( + DPL::ToUTF8String(tzPkgid).c_str(), perm_list); + if (PC_OPERATION_SUCCESS != result) { + LogError("Failed to add permission to privilege"); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "SMACK check failure"); } } - TizenAppId tzAppid = m_context.widgetConfig.tzAppid; - int result = handle_access_control_conf_forWAC( - DPL::ToUTF8String(tzAppid).c_str(), - devcaps.str().c_str(), - OPERATION_INSTALL); - Assert(result == PC_OPERATION_SUCCESS && "access control setup failed"); + m_context.job->UpdateProgress( - UninstallerContext::INSTALL_SMACK_ENABLE, + InstallerContext::INSTALL_SMACK_ENABLE, "Widget SMACK Enabled"); #endif } +void TaskSmack::SmackTemporaryStep() +{ +#ifdef WRT_SMACK_ENABLED + //This step is temporary for smack + + LogInfo("----------------> SMACK: \ + Jobs::WidgetInstall::TaskSmack::SmackTemporaryStep()"); + std::ostringstream commStr; + std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid); + commStr << SMACK_RULE_STR << " " << BashUtils::escape_arg(tzPkgid); + LogDebug("set smack rule command : " << commStr.str()); + + char readBuf[MAX_BUF_SIZE]; + memset(readBuf, 0x00, MAX_BUF_SIZE); + + FILE *fd; + fd = popen(commStr.str().c_str(), "r"); + if (NULL == fd) { + LogError("Set smack rule failure. Failed to call script."); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "SMACK check failure"); + } + pclose(fd); +#endif +} + } //namespace WidgetInstall } //namespace Jobs diff --git a/src/jobs/widget_install/task_smack.h b/src/jobs/widget_install/task_smack.h index ce05d29..b602819 100644 --- a/src/jobs/widget_install/task_smack.h +++ b/src/jobs/widget_install/task_smack.h @@ -36,7 +36,9 @@ class TaskSmack : private: InstallerContext& m_context; - void Step(); + void SmackFolderLabelingStep(); + void SmackPrivilegeStep(); + void SmackTemporaryStep(); public: TaskSmack(InstallerContext& context); diff --git a/src/jobs/widget_uninstall/task_smack.cpp b/src/jobs/widget_uninstall/task_smack.cpp index d437ed1..be66932 100644 --- a/src/jobs/widget_uninstall/task_smack.cpp +++ b/src/jobs/widget_uninstall/task_smack.cpp @@ -21,6 +21,7 @@ */ #include +#include #include #include #include @@ -42,20 +43,13 @@ void TaskSmack::Step() LogInfo( "------------------------> SMACK: Jobs::WidgetUninstall::TaskSmack::Step()"); #ifdef WRT_SMACK_ENABLED - try { - WrtDB::WidgetDAOReadOnly dao(m_context.widgetConfig.tzAppid); - TizenAppId tzAppid = dao.getTzAppId(); - int result = handle_access_control_conf_forWAC( - DPL::ToUTF8String(tzAppid).c_str(), - NULL, - OPERATION_UNINSTALL); - Assert(result == PC_OPERATION_SUCCESS && "access control setup failed"); - } catch (WrtDB::WidgetDAOReadOnly::Exception) { - Assert(false && "can't access widget data"); + int result = app_revoke_permissions(m_context.tzPkgid.c_str()); + if (PC_OPERATION_SUCCESS != result) { + LogError("Revoke permissions failure : " << result); } m_context.job->UpdateProgress( - UninstallerContext::INSTALL_SMACK_ENABLE, + UninstallerContext::UNINSTALL_SMACK_ENABLE, "Widget SMACK Enabled"); #endif } -- 2.7.4