From 922fe5fca626176d61b53d52cedf4ba459264593 Mon Sep 17 00:00:00 2001 From: Dongeup Ham Date: Tue, 9 Apr 2013 20:22:53 +0900 Subject: [PATCH] Installer SignatureValidator implementation Change-Id: I0bf305bcbf82d5ea6a98ac481ff2394b860a2e5c Signed-off-by: Dongeup Ham --- inc/InstallerDefs.h | 10 ++- src/Context/InstallationContext.cpp | 1 + src/Context/InstallationContext.h | 1 + src/Context/InstallationContextData.cpp | 3 +- src/Context/InstallationContextData.h | 5 +- src/Installer/PreloadedInstaller.cpp | 8 ++ src/Manager/ConfigurationManager.cpp | 19 ----- src/Manager/DatabaseManager.cpp | 2 +- src/Manager/SignatureManager.cpp | 130 ++++++++++++++++++++++++++++--- src/Manager/SignatureManager.h | 7 +- src/Manager/SmackManager.cpp | 10 ++- src/Step/SignatureStep.cpp | 132 +++++++++++++++++++++++++++++--- src/Step/SignatureStep.h | 2 + src/Util/InstallerUtil.cpp | 53 ++++++++++++- src/Util/InstallerUtil.h | 1 + src/XmlHandler/ManifestGenerator.cpp | 35 +++++---- src/XmlHandler/ManifestHandler.cpp | 10 +-- src/XmlHandler/SignatureHandler.cpp | 110 +++++++++++++++++++++++++- src/XmlHandler/SignatureHandler.h | 14 +++- 19 files changed, 480 insertions(+), 73 deletions(-) mode change 100644 => 100755 src/XmlHandler/SignatureHandler.h diff --git a/inc/InstallerDefs.h b/inc/InstallerDefs.h index c107745..a8803b3 100755 --- a/inc/InstallerDefs.h +++ b/inc/InstallerDefs.h @@ -23,7 +23,7 @@ #include "InstallerUtil.h" -#define OSP_INSTALLER_VERSION "version=[20130409.1]" +#define OSP_INSTALLER_VERSION "version=[20130409.2]" #define DIR_BIN L"/bin" #define DIR_INFO L"/info" @@ -337,4 +337,12 @@ enum PermDirType PERM_DIR_ROOT = 10, }; +enum PrivilegeLevel +{ + PRIVILEGE_LEVEL_PUBLIC, + PRIVILEGE_LEVEL_PARTNER, + PRIVILEGE_LEVEL_PLATFORM, + +}; + #endif // _INSTALLER_DEFS_H_ diff --git a/src/Context/InstallationContext.cpp b/src/Context/InstallationContext.cpp index be2d8df..3b994ba 100755 --- a/src/Context/InstallationContext.cpp +++ b/src/Context/InstallationContext.cpp @@ -55,6 +55,7 @@ InstallationContext::InstallationContext(void) ,__operation(INSTALLER_OPERATION_INSTALL) ,__storage(INSTALLATION_STORAGE_INTERNAL) ,__rootCertType(ROOT_CERTIFICATE_NONE) +,__privilegeLevel(PRIVILEGE_LEVEL_PUBLIC) ,__pApp2ExtHandle(null) ,__pPrivilegeList(null) ,__pStringPrivilegeList(null) diff --git a/src/Context/InstallationContext.h b/src/Context/InstallationContext.h index cebd6f7..abb9f99 100755 --- a/src/Context/InstallationContext.h +++ b/src/Context/InstallationContext.h @@ -105,6 +105,7 @@ public: InstallerOperation __operation; InstallationStorage __storage; RootCertificateType __rootCertType; + int __privilegeLevel; int __packageNameType; void* __pApp2ExtHandle; diff --git a/src/Context/InstallationContextData.cpp b/src/Context/InstallationContextData.cpp index 39bcc89..753a490 100755 --- a/src/Context/InstallationContextData.cpp +++ b/src/Context/InstallationContextData.cpp @@ -442,9 +442,10 @@ AppData::AppData() ,__pLaunchConditionList(null) ,__feature(0) ,__isSubMode(false) +,__isSubModeAllowed(true) ,__legacyAppControls(false) ,__isSystemService(false) -,__mainmenuVisible(false) +,__menuIconVisible(false) { } diff --git a/src/Context/InstallationContextData.h b/src/Context/InstallationContextData.h index 15d5ff8..e8d82f8 100755 --- a/src/Context/InstallationContextData.h +++ b/src/Context/InstallationContextData.h @@ -251,7 +251,7 @@ public: Tizen::Base::String __name; Tizen::Base::String __appId; Tizen::Base::String __displayName; - Tizen::Base::String __mainmenuIcon; + Tizen::Base::String __menuIcon; Tizen::Base::String __settingIcon; Tizen::Base::String __notificationIcon; Tizen::Base::String __type; @@ -277,9 +277,10 @@ public: int __feature; bool __isSubMode; + bool __isSubModeAllowed; bool __legacyAppControls; bool __isSystemService; - bool __mainmenuVisible; + bool __menuIconVisible; private: }; diff --git a/src/Installer/PreloadedInstaller.cpp b/src/Installer/PreloadedInstaller.cpp index ba18b4e..20585de 100755 --- a/src/Installer/PreloadedInstaller.cpp +++ b/src/Installer/PreloadedInstaller.cpp @@ -54,6 +54,14 @@ PreloadedInstaller::OnInit(void) path.SubString(prefix.GetLength(), PACKAGE_ID_LENGTH, appId); + // check version info + String versionFile = path + VERSION_INFO_FILE; + if (File::IsFileExist(versionFile) == true) + { + AppLog("install preloaded app again.") + pContext->__isUpdated = true; + } + String destRootPath(PATH_OPT_USR_APPS); destRootPath += L"/"; destRootPath += appId; diff --git a/src/Manager/ConfigurationManager.cpp b/src/Manager/ConfigurationManager.cpp index fb37dce..776ddba 100755 --- a/src/Manager/ConfigurationManager.cpp +++ b/src/Manager/ConfigurationManager.cpp @@ -311,25 +311,6 @@ ConfigurationManager::RemoveFile(InstallationContext* pContext) InstallerUtil::Remove(pXmlPath.get()); } -// _PackageInfoImpl* pPackageInfoImpl = pContext->GetPackageInfoImpl(); -// TryReturn(pPackageInfoImpl, false, "[osp-installer] pPackageInfoImpl is null."); -// -// ArrayList* pAppList = pPackageInfoImpl->GetAppInfoList(); -// for (int i = 0 ; i < pAppList->GetCount(); i++) -// { -// _PackageAppInfoImpl* pAppInfoImpl = dynamic_cast<_PackageAppInfoImpl*>(pAppList->GetAt(i)); -// if (pAppInfoImpl) -// { -// String packageName = pAppInfoImpl->GetPackageName(); -// String destPath; -// char dest[772] = {0}; -// -// destPath.Format(1024, L"%ls/%ls", SLP_APP_PATH, packageName.GetPointer()); -// sprintf(dest, "%ls", destPath.GetPointer()); -// unlink(dest); -// } -// } - return true; } diff --git a/src/Manager/DatabaseManager.cpp b/src/Manager/DatabaseManager.cpp index 32db552..8279068 100755 --- a/src/Manager/DatabaseManager.cpp +++ b/src/Manager/DatabaseManager.cpp @@ -190,7 +190,7 @@ DatabaseManager::RegisterAppInfoList(InstallationContext* pContext, Database& db { String name = pAppData->__name; String main = pAppData->__main; - String mainmenuIcon = pAppData->__mainmenuIcon; + String mainmenuIcon = pAppData->__menuIcon; String settingIcon = pAppData->__settingIcon; String notificationIcon = pAppData->__notificationIcon; int feature = pAppData->__feature; diff --git a/src/Manager/SignatureManager.cpp b/src/Manager/SignatureManager.cpp index 86e16fe..03bc248 100755 --- a/src/Manager/SignatureManager.cpp +++ b/src/Manager/SignatureManager.cpp @@ -78,7 +78,7 @@ SignatureManager::ValidateSignatures() std::string("/opt/dbspace/.cert_svc_vcore.db")); TryReturn(res, false, "ValidationCore::VCoreInit() is failed."); TryReturn(__pContext->__rootPath.IsEmpty() == false, false, "__pContext->__rootPath is empty."); - fprintf(stderr, " ## sValidationCore::VCoreInit() is done\n"); + AppLog("ValidationCore::VCoreInit() is done"); std::unique_ptr pRootPath(_StringConverter::CopyToCharArrayN(__pContext->__rootPath)); TryReturn(pRootPath, false, "__pRootPath is null."); @@ -93,8 +93,8 @@ SignatureManager::ValidateSignatures() findRes = signatureFinder.find(signatureFiles); TryReturn(findRes == ValidationCore::SignatureFinder::NO_ERROR , false, "signatureFinder.find() is failed, findRes=[%d]", (int)findRes); + AppLog("signatureFinder.find() is done"); - fprintf(stderr, " ## signatureFinder.find() is done\n"); ValidationCore::SignatureFileInfoSet::reverse_iterator iter = signatureFiles.rbegin(); for (; iter != signatureFiles.rend(); ++iter) { @@ -107,8 +107,7 @@ SignatureManager::ValidateSignatures() ValidationCore::SignatureReader xml; xml.initialize(data, "/usr/share/wrt-engine/schema.xsd"); xml.read(data); - AppLog("ValidationCore::SignatureReader() done"); - fprintf(stderr, " ## ValidationCore::SignatureReader() is done\n"); + AppLog("ValidationCore::SignatureReader() is done"); ValidationCore::CertificateList certList = data.getCertList(); ValidationCore::CertificateList::iterator it = certList.begin(); @@ -137,13 +136,9 @@ SignatureManager::ValidateSignatures() ValidationCore::SignatureValidator validator(appType, false, false, false); AppLog("validator.check() start >>"); - fprintf(stderr, " ## validator.check() start\n"); - valRes = validator.check(data, rootPath); TryReturn(valRes == ValidationCore::SignatureValidator::SIGNATURE_VERIFIED, false, "validator.check() is failed, valRes=[%d]", (int)valRes); - fprintf(stderr, " ## validator.check() done\n"); - AppLog("validator.check() done <<"); - fprintf(stderr, " ## Signature validator.check success, name=[%s], number=[%d]\n", iter->getFileName().c_str(), iter->getFileNumber()); + AppLog("Signature validator.check success, name=[%s], number=[%d]", iter->getFileName().c_str(), iter->getFileNumber()); ValidationCore::CertificatePtr pRootCert = data.getRootCaCertificatePtr(); TryReturn(pRootCert, false, "__pRootPath is null."); @@ -181,6 +176,48 @@ SignatureManager::ValidateSignatures() } bool +SignatureManager::ValidatePartialReferences() +{ + AppLog("ValidatePartialReferences start >>"); + + bool res = true; + std::unique_ptr pSignaturePath(_StringConverter::CopyToCharArrayN(__pContext->GetSignatureXmlPath())); + TryReturn(pSignaturePath, false, "pSignaturePath is null."); + + std::unique_ptr pAuthorSignaturePath(_StringConverter::CopyToCharArrayN(__pContext->GetAuthorSignatureXmlPath())); + TryReturn(pAuthorSignaturePath, false, "pAuthorSignaturePath is null."); + + std::unique_ptr pDistributorSignature(new (std::nothrow) SignatureHandler()); + TryReturn(pDistributorSignature, false, "pDistributorSignature is null."); + + res = pDistributorSignature->Construct(__pContext); + TryReturn(res == true, false, "pDistributorSignature->Construct() is failed."); + + res = pDistributorSignature->Parse(pSignaturePath.get()); + TryReturn(res == true, false, "pDistributorSignature->Parse() is failed."); + + HashMap* pDistributorRefMap = pDistributorSignature->GetReferenceMap(); + TryReturn(pDistributorRefMap, false, "pDistributorRefMap is null."); + + std::unique_ptr pAuthorSignature(new (std::nothrow) SignatureHandler()); + TryReturn(pAuthorSignature, false, "pAuthorSignature is null."); + + res = pAuthorSignature->Construct(__pContext); + TryReturn(res == true, false, "pAuthorSignature.Construct() is failed."); + + res = pAuthorSignature->Parse(pAuthorSignaturePath.get()); + TryReturn(res == true, false, "pAuthorSignature->Parse() is failed."); + + HashMap* pAuthorRefMap = pAuthorSignature->GetReferenceMap(); + TryReturn(pAuthorRefMap, false, "pAuthorRefMap is null."); + + res = CompareReferences(pDistributorRefMap, pAuthorRefMap); + TryReturn(res == true, false, "CompareReferences() is failed."); + + return true; +} + +bool SignatureManager::RegisterCertInfo() const { TryReturn(__pContext, false, "__pContext is null"); @@ -304,6 +341,22 @@ SignatureManager::GetApiVisibility(RootCertificateType certType) return apiVisibility; } +int +SignatureManager::GetPrivilegeLevel(int apiVisibility) +{ + int privilegeLevel = 0; + if (apiVisibility == _API_VISIBILITY_PARTNER_MANUFACTURER || apiVisibility == _API_VISIBILITY_PARTNER_OPERATOR) + { + privilegeLevel = PRIVILEGE_LEVEL_PLATFORM; + } + else if (apiVisibility == _API_VISIBILITY_PARTNER) + { + privilegeLevel = PRIVILEGE_LEVEL_PARTNER; + } + + return PRIVILEGE_LEVEL_PUBLIC; +} + bool SignatureManager::SetSignature() { @@ -565,6 +618,65 @@ SignatureManager::GetCertValue(ICertificate* pCert, String& value) const } bool +SignatureManager::CompareReferences(HashMap* pDistributorRefMap, HashMap* pAuthorRefMap) +{ + TryReturn(__pContext, false, "__pContext is null."); + bool res = false; + + std::unique_ptr< IMapEnumerator > pEnum(pAuthorRefMap->GetMapEnumeratorN()); + TryReturn(pEnum, false, "pEnum is null."); + + while (pEnum->MoveNext() == E_SUCCESS) + { + String* pAuthorKey = static_cast< String* > (pEnum->GetKey()); + TryReturn(pAuthorKey, false, "pAuthorKey is null."); + + String* pAuthorValue = static_cast< String* > (pEnum->GetValue()); + TryReturn(pAuthorValue, false, "pAuthorValue is failed."); + + String* pDistValue = static_cast< String* >(pDistributorRefMap->GetValue(*pAuthorKey)); + TryReturn(pDistValue, false, "pDistValue is null, failed to compare."); + + AppLog("\n >> pAuthorValue=[%ls]", pAuthorValue->GetPointer()); + AppLog("\n >> pDistValue=[%ls]", pDistValue->GetPointer()); + if (*pAuthorValue != *pDistValue) + { + TryReturn(0, false, "Digest value does not be matched."); + } + + String filePath = __pContext->__rootPath + L"/" + *pAuthorKey; + String fileDigest; + + AppLog("\n >> filePath=[%ls]", filePath.GetPointer()); + res = InstallerUtil::GetFileDigest(filePath, fileDigest); + TryReturn(res == true, false, "GetFileDigest() is failed."); + + AppLog("\n >> fileDigest=[%ls]", fileDigest.GetPointer()); + if (*pAuthorValue != fileDigest) + { + TryReturn(0, false, "Digest value does not be matched."); + } + } + + return true; +} + +bool +SignatureManager::PrintCertValue(const String& certValue) const +{ + const int certLength = 30; + + String startString; + String endString; + certValue.SubString(0, certLength, startString); + certValue.SubString(certValue.GetLength() - certLength, certLength, endString); + AppLog("cert value, start with [%ls]", startString.GetPointer()); + AppLog("cert value, end with [%ls]", endString.GetPointer()); + + return true; +} + +bool SignatureManager::Validate(X509CertificatePath* pCertPath) { TryReturn(pCertPath, false, "pCertPath is null."); diff --git a/src/Manager/SignatureManager.h b/src/Manager/SignatureManager.h index 3898b4f..c06d977 100755 --- a/src/Manager/SignatureManager.h +++ b/src/Manager/SignatureManager.h @@ -43,11 +43,13 @@ public: SignatureManager(void); virtual ~SignatureManager(void); - bool Construct(InstallationContext *pConext); + bool Construct(InstallationContext* pContext); bool ValidateSignatures(); + bool ValidatePartialReferences(); bool RegisterCertInfo() const; bool UnregisterCertInfo() const; int GetApiVisibility(RootCertificateType certType); + int GetPrivilegeLevel(int apiVisibility); bool SetSignature(); bool AddCert(); @@ -63,6 +65,9 @@ private: bool SetCertificatePath(SignatureFileType type, Tizen::Security::Cert::X509CertificatePath* pCertPath); bool GetCertValue(Tizen::Security::Cert::ICertificate* pCert, Tizen::Base::String& value) const; + bool CompareReferences(Tizen::Base::Collection::HashMap* pDistributorRefMap, Tizen::Base::Collection::HashMap* pAuthorRefMap); + bool PrintCertValue(const Tizen::Base::String& certValue) const; + // bool Validate(Tizen::Security::Cert::X509CertificatePath* pCertPath); bool AddCertificate(Tizen::Security::Cert::X509CertificatePath* pCertPath, Tizen::Base::Collection::IList* pCertChain); bool AddDistributorRootCert(Tizen::Security::Cert::X509CertificatePath* pCertPath); diff --git a/src/Manager/SmackManager.cpp b/src/Manager/SmackManager.cpp index 1fc4012..2194c83 100755 --- a/src/Manager/SmackManager.cpp +++ b/src/Manager/SmackManager.cpp @@ -199,10 +199,14 @@ SmackManager::AddLabelSharedDir(const PackageId& packageId, const String& dirPat TryReturn(pHashValue, false, "pHashValue is null."); r = StringUtil::EncodeToBase64String(*pHashValue, base64Value); - TryReturn(r == E_SUCCESS, false, "EncodeToBase64String() is failed."); + TryReturn(!IsFailed(r), false, "EncodeToBase64String() is failed."); + + // in smack, '/' is not allowed for label. + r = base64Value.Replace(L"/", L"#"); + TryReturn(!IsFailed(r), false, "base64Value.Replace() is failed."); std::unique_ptr pHashEncodedValue(_StringConverter::CopyToCharArrayN(base64Value)); - TryReturn(pHashEncodedValue, false, "pHashEncodedValue is null."); + TryReturn(!IsFailed(r), false, "pHashEncodedValue is null."); label = pHashEncodedValue.get(); AppLog("pHashEncodedValue = [%s]", pHashEncodedValue.get()); @@ -283,7 +287,7 @@ SmackManager::EnablePermissions(const PackageId& packageId) res = EnablePermissions(pPackageId.get(), 1, pList, true); - if (__pContext->__isPreloaded == true) + if ((__pContext->__isPreloaded == true) && (__pContext->__isUpdated == false)) { String smackFile(L"/etc/smack/accesses2.d/"); smackFile.Append(packageId); diff --git a/src/Step/SignatureStep.cpp b/src/Step/SignatureStep.cpp index f604efc..a6ca89d 100755 --- a/src/Step/SignatureStep.cpp +++ b/src/Step/SignatureStep.cpp @@ -82,6 +82,11 @@ SignatureStep::Run(InstallationContext* pContext) error = OnStateRootCert(); break; + case STATE_CONTEXT_AUDIT: + AppLog("[STATE_CONTEXT_AUDIT]"); + error = OnStateContextAudit(); + break; + case STATE_DONE: AppLog("[STATE_DONE]"); error = OnStateDone(); @@ -116,30 +121,39 @@ InstallerError SignatureStep::OnStateSignerInit(void) { InstallerError error = INSTALLER_ERROR_NONE; - bool ret = true; + bool res = true; __pSignatureManager = new (std::nothrow) SignatureManager(); - TryReturn(__pSignatureManager, error = INSTALLER_ERROR_OUT_OF_MEMORY, "__pSignatureManager is null."); + TryReturn(__pSignatureManager, INSTALLER_ERROR_OUT_OF_MEMORY, "__pSignatureManager is null."); - ret = __pSignatureManager->Construct(__pContext); - TryReturn(ret == true, error = INSTALLER_ERROR_INTERNAL_STATE, "Construct() failed"); + res = __pSignatureManager->Construct(__pContext); + TryReturn(res == true, INSTALLER_ERROR_INTERNAL_STATE, "Construct() failed"); - ret = __pSignatureManager->ValidateSignatures(); - fprintf(stderr, " ## __pSignatureManager->ValidateSignatures() result = [%d]\n", ret); + res = __pSignatureManager->ValidateSignatures(); + AppLog(" ## __pSignatureManager->ValidateSignatures() result = [%s]", res?"true":"false"); + fprintf(stderr, " ## __pSignatureManager->ValidateSignatures() result = [%s]\n", res?"true":"false"); - if (ret == true) + if (res == true) { - AppLog("_pSignatureManager->ValidateSignatures() is ok."); - __state = STATE_ROOT_CERT; + res = __pSignatureManager->ValidatePartialReferences(); + AppLog(" ## __pSignatureManager->ValidatePartialReferences() result = [%s]", res?"true":"false"); + fprintf(stderr, " ## __pSignatureManager->ValidatePartialReferences() result = [%s]\n", res?"true":"false"); } else { - AppLog("_pSignatureManager->ValidateSignatures() does not be passed, using another validator."); - __pContext->__rootCertType = ROOT_CERTIFICATE_NONE; __pContext->__pAuthorCertList->RemoveAll(); __pContext->__pDistributorCertList->RemoveAll(); + } + if (res == true) + { + AppLog("_pSignatureManager->ValidateSignatures() is done."); + __state = STATE_ROOT_CERT; + } + else + { + AppLog("_pSignatureManager->ValidateSignatures() does not be passed, using another validator."); GoNextState(); } @@ -200,7 +214,16 @@ SignatureStep::OnStateRootCert(void) PackageId packageId = __pContext->__packageId; int apiVisibility = __pSignatureManager->GetApiVisibility(certType); - AppLog("PackageId = [%ls], CertType = [%d], ApiVisibility = [%d]", packageId.GetPointer(), certType, apiVisibility); + if (__pContext->__isPreloaded == true) + { + __pContext->__privilegeLevel = PRIVILEGE_LEVEL_PLATFORM; + } + else + { + __pContext->__privilegeLevel = __pSignatureManager->GetPrivilegeLevel(apiVisibility); + } + AppLog("PackageId = [%ls], CertType = [%d], ApiVisibility = [%d], preloaded = [%d], privilege level = [%d]", + packageId.GetPointer(), certType, apiVisibility, __pContext->__isPreloaded, __pContext->__privilegeLevel); if (pPrivilegeList != null) { @@ -220,6 +243,91 @@ CATCH: } InstallerError +SignatureStep::OnStateContextAudit(void) +{ + InstallerError error = INSTALLER_ERROR_NONE; +#if 0 + TryCatch(__pContext->__pAppDataList, error = INSTALLER_ERROR_NONE, "__pContext->__pAppDataList is null."); + + if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PLATFORM) + { + TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_NONE, "__pContext->__privilegeLevel is PRIVILEGE_LEVEL_PLATFORM."); + } + else if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PARTNER) + { + TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_NONE, "__pContext->__privilegeLevel is PRIVILEGE_LEVEL_PARTNER."); + } + else if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PUBLIC) + { + int count = __pContext->__pAppDataList->GetCount(); + result r = E_SUCCESS; + + for (int i = 0; i < count; i++) + { + AppData* pAppData = null; + r = __pContext->__pAppDataList->GetAt(i, pAppData); + TryCatch(!IsFailed(r), error = INSTALLER_ERROR_NONE, "pAppDataList->GetAt() is failed."); + + if (pAppData) + { + if ((pAppData->__type.Equals(L"UiApp", false) == true) + && (pAppData->__main.Equals(L"True", false) == true)) + { + if (pAppData->__menuIconVisible == false) + { + AppLog("pAppData->__menuIconVisible[%d] does not be allowed in public privilege level", (int)pAppData->__menuIconVisible); + pAppData->__menuIconVisible = true; + } + + if (pAppData->__launchingHistoryVisible.Equals(L"False", false) == true) + { + AppLog("pAppData->__launchingHistoryVisible(%ls) does not be allowed in public privilege level", + pAppData->__launchingHistoryVisible.GetPointer()); + pAppData->__launchingHistoryVisible = L"True"; + } + } + + if (pAppData->__isSubMode == true) + { + AppLog("pAppData->__isSubMode(%d) does not be allowed in public privilege level", + pAppData->__isSubMode); + + pAppData->__isSubModeAllowed = false; + } + + if (pAppData->__pFeatureList) + { + String autoStart = L"AutoRestart"; + String* pValue = static_cast(pAppData->__pFeatureList->GetValue(autoStart)); + if (pValue && (pValue->Equals("True", false) == true)) + { + AppLog("AutoRestart does not be allowed in public privilege level"); + pAppData->__pFeatureList->Remove(autoStart); + } + + String launchOnBoot = L"LaunchOnBoot"; + pValue = static_cast(pAppData->__pFeatureList->GetValue(launchOnBoot)); + if (pValue && (pValue->Equals("True", false) == true)) + { + AppLog("LaunchOnBoot does not be allowed in public privilege level"); + pAppData->__pFeatureList->Remove(launchOnBoot); + } + } + } + } + } + else + { + TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_SIGNATURE_INVALID, "__pContext->__privilegeLevel is unknown."); + } + +CATCH: +#endif + GoNextState(); + return error; +} + +InstallerError SignatureStep::OnStateDone(void) { InstallerError error = INSTALLER_ERROR_NONE; diff --git a/src/Step/SignatureStep.h b/src/Step/SignatureStep.h index 4ff7c03..8887002 100755 --- a/src/Step/SignatureStep.h +++ b/src/Step/SignatureStep.h @@ -50,6 +50,7 @@ private: STATE_SIGNER_CERT, STATE_CERT_CHAIN, STATE_ROOT_CERT, + STATE_CONTEXT_AUDIT, STATE_DONE }; @@ -61,6 +62,7 @@ private: InstallerError OnStateSignerCert(void); InstallerError OnStateCertChain(void); InstallerError OnStateRootCert(void); + InstallerError OnStateContextAudit(void); InstallerError OnStateDone(void); private: diff --git a/src/Util/InstallerUtil.cpp b/src/Util/InstallerUtil.cpp index 2f040d3..b47e175 100755 --- a/src/Util/InstallerUtil.cpp +++ b/src/Util/InstallerUtil.cpp @@ -29,6 +29,7 @@ #include #include #include +#include #include "InstallerDefs.h" #include "InstallerUtil.h" @@ -37,8 +38,10 @@ using namespace Tizen::Base; using namespace Tizen::Base::Collection; +using namespace Tizen::Base::Utility; using namespace Tizen::App; using namespace Tizen::Io; +using namespace Tizen::Security::Crypto; InstallerUtil::InstallerUtil(void) { @@ -250,7 +253,7 @@ InstallerUtil::CreateSymlink(const String& oldPath, const String& newPath) String label("_"); smackManager.AddLabelDir(label, newPath); - AppLog("CreateSymlink(): [%ls] -> [%ls]", newPath.GetPointer(), oldPath.GetPointer()); + AppLog("\n >> CreateSymlink(): [%ls] -> [%ls]", newPath.GetPointer(), oldPath.GetPointer()); return true; } @@ -352,7 +355,7 @@ InstallerUtil::ChangeDirectoryPermission(const String& filePath, int mode, bool } } - AppLog("path=[%ls], mode=[%04o], appOwner=[%s]", + AppLog("\n >> path=[%ls], mode=[%04o], appOwner=[%s]", filePath.GetPointer(), mode, appOwner?"true":"false"); return true; @@ -804,3 +807,49 @@ InstallerUtil::GetInstallerOperationString(int operation) return "Unknown"; } +bool +InstallerUtil::GetFileDigest(const String& filePath, String& digestValue) +{ + const int bufSize = 64*1024; + int readBytes = 0; + result r = E_SUCCESS; + + File file; + std::unique_ptr pHash(new (std::nothrow) Sha2Hash()); + + r = pHash->SetAlgorithm("SHA2/256"); + TryReturn(!IsFailed(r), false, "pHash->SetAlgorithm() is failed."); + + r = pHash->Initialize(); + TryReturn(!IsFailed(r), false, "pHash->Initialize() is failed."); + + std::unique_ptr pBuf(new (std::nothrow) char[bufSize]); + TryReturn(pBuf, false, "pBuf is null"); + + r = file.Construct(filePath, L"r"); + TryReturn(!IsFailed(r), false, "file.Construct() is failed."); + + do + { + readBytes = file.Read(pBuf.get(), bufSize); + AppLog("readBytes for Hash=[%d]", readBytes); + + if (readBytes > 0) + { + ByteBuffer buffer; + buffer.Construct((const byte*)pBuf.get(), 0, readBytes, bufSize); + + r = pHash->Update(buffer); + TryReturn(!IsFailed(r), false, "pHash->Update() is failed."); + } + } + while (readBytes > 0); + + std::unique_ptr pResultBuf(pHash->FinalizeN()); + TryReturn(pResultBuf, false, "pResultBuf is null."); + + r = StringUtil::EncodeToBase64String(*pResultBuf, digestValue); + TryReturn(!IsFailed(r), false, "EncodeToBase64String() is failed."); + + return true; +} diff --git a/src/Util/InstallerUtil.h b/src/Util/InstallerUtil.h index 042c557..05f8adb 100755 --- a/src/Util/InstallerUtil.h +++ b/src/Util/InstallerUtil.h @@ -81,6 +81,7 @@ public: Tizen::Base::Collection::IList* pModifiedList); static const char* GetInstallerOperationString(int operation); + static bool GetFileDigest(const Tizen::Base::String& filePath, Tizen::Base::String& digestValue); private: static char LogChangeHexToStr(int hex); diff --git a/src/XmlHandler/ManifestGenerator.cpp b/src/XmlHandler/ManifestGenerator.cpp index 42f99e9..fdf0616 100755 --- a/src/XmlHandler/ManifestGenerator.cpp +++ b/src/XmlHandler/ManifestGenerator.cpp @@ -121,7 +121,16 @@ ManifestGenerator::Write() if (pAppData->__isSubMode == true) { AppLog("Write(): pAppData->__isSubMode is detected"); - WriteSubModeApp(i, pAppData); + + if (pAppData->__isSubModeAllowed == true) + { + AppLog("Write(): WriteSubModeApp()"); + WriteSubModeApp(i, pAppData); + } + else + { + AppLog("Write(): WriteSubModeApp() is skipped because __isSubModeAllowed is false."); + } } } @@ -144,12 +153,12 @@ ManifestGenerator::GetGlFrameValue(HashMap* pFeatureList) const while (pEnum->MoveNext() == E_SUCCESS) { String* pKey = static_cast< String* > (pEnum->GetKey()); - TryReturn(pEnum, "use-system-setting", "GetKey() failed. [%s]", GetErrorMessage(GetLastResult())); + TryReturn(pKey, "use-system-setting", "GetKey() failed. [%s]", GetErrorMessage(GetLastResult())); if ((*pKey) == L"HwAcceleration" || (*pKey) == L"GlFrame") { String* pValue = static_cast< String* > (pEnum->GetValue()); - TryReturn(pEnum, "use-system-setting", "GetValue() failed. [%s]", GetErrorMessage(GetLastResult())); + TryReturn(pValue, "use-system-setting", "GetValue() failed. [%s]", GetErrorMessage(GetLastResult())); if ((*pValue) == L"On") { @@ -256,7 +265,7 @@ ManifestGenerator::WriteLiveboxes(AppData* pAppData) const WriteLanguageValue(pLiveboxNameList, label); - String menuIcon = pAppData->__mainmenuIcon; + String menuIcon = pAppData->__menuIcon; if (menuIcon.IsEmpty() == false) { String menuIconPath; @@ -472,14 +481,14 @@ ManifestGenerator::WriteApp(int index, AppData* pAppData) String binaryPath; binaryPath.Format(1024, L"%ls%ls/%ls", __pContext->__rootPath.GetPointer(), DIR_BIN, pAppData->__name.GetPointer()); - if (pAppData->__main == L"True") + if (pAppData->__main.Equals(L"True", false) == true) { WriteLanguageValue(pNameList, label); - if (pAppData->__mainmenuIcon.IsEmpty() == false) + if (pAppData->__menuIcon.IsEmpty() == false) { String iconPath; - GetIconPath(pAppData->__mainmenuIcon, iconPath); + GetIconPath(pAppData->__menuIcon, iconPath); __pWriter->StartElement("icon"); __pWriter->WriteString(iconPath); @@ -496,7 +505,7 @@ ManifestGenerator::WriteApp(int index, AppData* pAppData) { if (pAppData->__launchingHistoryVisible.IsEmpty() == true) { - if (pAppData->__mainmenuVisible == true) + if (pAppData->__menuIconVisible == true) { taskmanage = L"true"; } @@ -512,7 +521,7 @@ ManifestGenerator::WriteApp(int index, AppData* pAppData) taskmanage = history; } - if (pAppData->__mainmenuVisible == true) + if (pAppData->__menuIconVisible == true) { nodisplay = L"false"; } @@ -642,10 +651,10 @@ ManifestGenerator::WriteApp(int index, AppData* pAppData) WriteLanguageValue(pNameList, label); - if (pAppData->__mainmenuIcon.IsEmpty() == false) + if (pAppData->__menuIcon.IsEmpty() == false) { String iconPath; - GetIconPath(pAppData->__mainmenuIcon, iconPath); + GetIconPath(pAppData->__menuIcon, iconPath); __pWriter->StartElement("icon"); __pWriter->WriteString(iconPath); @@ -738,10 +747,10 @@ ManifestGenerator::WriteSubModeApp(int index, AppData* pAppData) __pWriter->WriteString(__pContext->__displayName); __pWriter->EndElement(); - if (pAppData->__mainmenuIcon.IsEmpty() == false) + if (pAppData->__menuIcon.IsEmpty() == false) { String iconPath; - GetIconPath(pAppData->__mainmenuIcon, iconPath); + GetIconPath(pAppData->__menuIcon, iconPath); __pWriter->StartElement("icon"); __pWriter->WriteString(iconPath); diff --git a/src/XmlHandler/ManifestHandler.cpp b/src/XmlHandler/ManifestHandler.cpp index 65c52d5..6e27307 100755 --- a/src/XmlHandler/ManifestHandler.cpp +++ b/src/XmlHandler/ManifestHandler.cpp @@ -970,7 +970,7 @@ ManifestHandler::OnIconValue(const char *pCharacters) { if (strcasecmp(pSection, "MainMenu") == 0) { - __pAppData->__mainmenuIcon = iconRelPath; + __pAppData->__menuIcon = iconRelPath; } else if (strcasecmp(pSection, "Setting") == 0) { @@ -987,7 +987,7 @@ ManifestHandler::OnIconValue(const char *pCharacters) { if (__isDefaultMainmenu == false) { - __pAppData->__mainmenuIcon = iconRelPath; + __pAppData->__menuIcon = iconRelPath; } if (strcasecmp(pType, __pDefaultIconType) == 0) @@ -1374,11 +1374,11 @@ ManifestHandler::ParseAppAttribute(XmlAttribute* pAttr, bool isUiApp) { if (strcasecmp(pMenuIconVisible, "True") == 0) { - __pAppData->__mainmenuVisible = true; + __pAppData->__menuIconVisible = true; } else { - __pAppData->__mainmenuVisible = false; + __pAppData->__menuIconVisible = false; } AddAppFeature("MenuIconVisible", pMenuIconVisible); @@ -1388,7 +1388,7 @@ ManifestHandler::ParseAppAttribute(XmlAttribute* pAttr, bool isUiApp) else { __pAppData->__type = L"ServiceApp"; - __pAppData->__mainmenuVisible = false; + __pAppData->__menuIconVisible = false; char *pUseUi = pAttr->Find("UseUi"); if (pUseUi) diff --git a/src/XmlHandler/SignatureHandler.cpp b/src/XmlHandler/SignatureHandler.cpp index 725cd20..ca4401d 100755 --- a/src/XmlHandler/SignatureHandler.cpp +++ b/src/XmlHandler/SignatureHandler.cpp @@ -31,6 +31,8 @@ SignatureHandler::SignatureHandler(void) ,__pDistributorCertChain(null) ,__isAuthorSignature(false) ,__isDistributorSignature(false) +,__pReferenceMap(null) +,__isReferenceDetected(false) { } @@ -47,13 +49,26 @@ SignatureHandler::~SignatureHandler(void) __pDistributorCertChain->RemoveAll(true); delete __pDistributorCertChain; } + + if (__pReferenceMap) + { + __pReferenceMap->RemoveAll(true); + delete __pReferenceMap; + } } bool SignatureHandler::Construct(InstallationContext* pContext) { + result r = E_SUCCESS; __pContext = pContext; + __pReferenceMap = new (std::nothrow) HashMap; + TryReturn(__pReferenceMap, false, "__pReferenceMap is null."); + + r = __pReferenceMap->Construct(); + TryReturn(!IsFailed(r), false, "__pReferenceMap->Construct() is failed."); + return true; } @@ -76,7 +91,15 @@ SignatureHandler::OnStartElement(const char *pName) AppLog("signature.xml"); AppLog("------------------------------------------"); AppLog("<%s>", pName); - status = OnSignatureElement(); + status = OnSignatureStartElement(); + } + else if (strcasecmp(pName, "Reference") == 0) + { + status = OnReferenceStartElement(); + } + else if (strcasecmp(pName, "DigestMethod") == 0) + { + status = OnDigestMethodStartElement(); } if (!status) @@ -98,6 +121,10 @@ SignatureHandler::OnEndElement(const char *pName) __isAuthorSignature = false; AppLog("", pName); } + else if (strcasecmp(pName, "Reference") == 0) + { + OnReferenceEndElement(); + } return true; } @@ -115,6 +142,10 @@ SignatureHandler::OnCharacters(const char *pCharacters) { status = OnCertificateValue(pCharacters); } + else if (strcasecmp(pName, "DigestValue") == 0) + { + status = OnDigestValue(pCharacters); + } if (!status) { @@ -125,7 +156,7 @@ SignatureHandler::OnCharacters(const char *pCharacters) } bool -SignatureHandler::OnSignatureElement(void) +SignatureHandler::OnSignatureStartElement(void) { XmlAttribute *pAttr = null; char *pId = null; @@ -152,9 +183,47 @@ SignatureHandler::OnSignatureElement(void) } bool +SignatureHandler::OnReferenceStartElement(void) +{ + static const char* pRefDir[] = {"bin/", "info/", null}; + + XmlAttribute *pAttr = null; + char *pUri = null; + + pAttr = GetAttribute(); + TryReturn(pAttr, true, "pAttr is null"); + + pUri = pAttr->Find("URI"); + TryReturn(pUri, true, "pUri is null"); + + if (pUri) + { + String referenceUri = pUri; + + for (int i = 0; pRefDir[i]; i++) + { + if (referenceUri.StartsWith(pRefDir[i], 0) == true) + { + __referenceUri = referenceUri; + AppLog("Reference URI=[%ls]", __referenceUri.GetPointer()); + __isReferenceDetected = true; + } + } + } + + return true; +} + +bool +SignatureHandler::OnDigestMethodStartElement(void) +{ + return true; +} + +bool SignatureHandler::OnCertificateValue(const char *pCharacters) { - AppLog("%s", pCharacters); + //AppLog("%s", pCharacters); result r = E_SUCCESS; bool res = true; @@ -210,6 +279,35 @@ CATCH: return res; } +bool +SignatureHandler::OnDigestValue(const char *pCharacters) +{ + if (__isReferenceDetected == true) + { + __digestValue = pCharacters; + AppLog("digest value=[%ls]", __digestValue.GetPointer()); + } + + return true; +} + +bool +SignatureHandler::OnReferenceEndElement(void) +{ + TryReturn(__pReferenceMap, true, "__pReferenceMap is null."); + + if (__isReferenceDetected == true) + { + __pReferenceMap->Add(new String(__referenceUri), new String(__digestValue)); + __referenceUri.Clear(); + __digestValue.Clear(); + } + + __isReferenceDetected = false; + + return true; +} + ArrayList* SignatureHandler::GetAuthorCertChain(void) { @@ -221,3 +319,9 @@ SignatureHandler::GetDistributorCertChain(void) { return __pDistributorCertChain; } + +HashMap* +SignatureHandler::GetReferenceMap() +{ + return __pReferenceMap; +} diff --git a/src/XmlHandler/SignatureHandler.h b/src/XmlHandler/SignatureHandler.h old mode 100644 new mode 100755 index 6078fba..be30569 --- a/src/XmlHandler/SignatureHandler.h +++ b/src/XmlHandler/SignatureHandler.h @@ -46,6 +46,7 @@ public: Tizen::Base::Collection::ArrayList* GetAuthorCertChain(void); Tizen::Base::Collection::ArrayList* GetDistributorCertChain(void); + Tizen::Base::Collection::HashMap* GetReferenceMap(); private: SignatureHandler(const SignatureHandler& value); @@ -55,9 +56,14 @@ private: virtual bool OnEndElement(const char *pName); virtual bool OnCharacters(const char *pCharacters); - bool OnSignatureElement(void); + bool OnSignatureStartElement(void); + bool OnReferenceStartElement(void); + bool OnDigestMethodStartElement(void); + bool OnCertificateValue(const char *pCharacters); + bool OnDigestValue(const char* pCharacters); + bool OnReferenceEndElement(); private: InstallationContext* __pContext; @@ -66,6 +72,12 @@ private: bool __isAuthorSignature; bool __isDistributorSignature; + Tizen::Base::String __referenceUri; + Tizen::Base::String __digestValue; + + Tizen::Base::Collection::HashMap* __pReferenceMap; + bool __isReferenceDetected; + }; // SignatureHandler -- 2.7.4