From 9d0a90d43d70f088b9c72543a00752b1de7281c3 Mon Sep 17 00:00:00 2001 From: Tomasz Iwanek Date: Fri, 30 Sep 2016 10:09:14 +0200 Subject: [PATCH] Reworking handling privileges for hybrid application This patch keeps single list of privileges (stored in manifest_x) and filters privileges when registring security rules of applications. Following changed: - generated platform manifest xml contains tags with 'type' atttibute set to 'tpk' or 'wgt', - in case of absence of attribute, its default value is 'tpk', - manifest_x changes privilege type from GList of char* to GList of privilege_x. Structure named 'privilege_x' contain parsed privilege type, - although there is one privilege list, given the fact that privilege now have type, native and web privileges should be registered in native or web apps only. Verification: - no regression in tpk/wgt smoke tests, - install hybrid app with native and web privileges and check generated manifest file for privileges, - install web app with privileges and check generated manifest file, - install web app without privileges and check generated manifest file -> default privileges should be added. Submit together: - https://review.tizen.org/gerrit/#/c/90540/ - https://review.tizen.org/gerrit/#/c/90543/ - https://review.tizen.org/gerrit/#/c/90544/ - https://review.tizen.org/gerrit/#/c/90546/ - https://review.tizen.org/gerrit/#/c/90561/ Change-Id: I3cee36962fc3763636e430353cf4ebd362cbe37a --- src/tpk/external_dirs.cc | 11 +++++++---- src/tpk/tpk_installer.cc | 33 +++++++++++++++++++++------------ src/unit_tests/manifest_test_package.cc | 16 ++++++++-------- 3 files changed, 36 insertions(+), 24 deletions(-) diff --git a/src/tpk/external_dirs.cc b/src/tpk/external_dirs.cc index 27cd889..ac79c33 100644 --- a/src/tpk/external_dirs.cc +++ b/src/tpk/external_dirs.cc @@ -19,10 +19,13 @@ namespace ci = common_installer; namespace tpk { bool HasExternalAppdataPrivilege(manifest_x* manifest) { - auto privileges = GListRange(manifest->privileges); - return std::find(privileges.begin(), privileges.end(), - std::string(common::privileges::kPrivForExternalAppData)) - != privileges.end(); + auto privileges = GListRange(manifest->privileges); + return std::find_if(privileges.begin(), privileges.end(), + [](privilege_x* priv) { + return strcmp(priv->value, + ci::privileges::kPrivForExternalAppData) == 0; + }) + != privileges.end(); } bool CreateExternalAppdataDirectories(const std::string& pkgid, diff --git a/src/tpk/tpk_installer.cc b/src/tpk/tpk_installer.cc index 0e9f442..cf08ddb 100644 --- a/src/tpk/tpk_installer.cc +++ b/src/tpk/tpk_installer.cc @@ -2,6 +2,7 @@ #include "tpk/tpk_installer.h" #include +#include #include #include #include @@ -163,7 +164,8 @@ void TpkInstaller::InstallSteps() { AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK); AddStep(); AddStep(); AddStep(false); @@ -197,7 +199,8 @@ void TpkInstaller::UpdateSteps() { AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK); AddStep(); AddStep(); AddStep( @@ -255,18 +258,19 @@ void TpkInstaller::ReinstallSteps() { AddStep(pkgmgr_); AddStep(); AddStep( - ci::configuration::StepParseManifest::ManifestLocation::PACKAGE, - ci::configuration::StepParseManifest::StoreLocation::NORMAL); + ci::configuration::StepParseManifest::ManifestLocation::PACKAGE, + ci::configuration::StepParseManifest::StoreLocation::NORMAL); AddStep(); AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK); AddStep(); AddStep(); AddStep( - ci::configuration::StepParseManifest::ManifestLocation::INSTALLED, - ci::configuration::StepParseManifest::StoreLocation::BACKUP); + ci::configuration::StepParseManifest::ManifestLocation::INSTALLED, + ci::configuration::StepParseManifest::StoreLocation::BACKUP); AddStep(); AddStep(); AddStep(); @@ -304,7 +308,8 @@ void TpkInstaller::DeltaSteps() { AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK); AddStep(); AddStep(); AddStep(); @@ -369,7 +374,8 @@ void TpkInstaller::MountInstallSteps() { AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK); AddStep(); AddStep(); AddStep(); @@ -403,7 +409,8 @@ void TpkInstaller::MountUpdateSteps() { AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK); AddStep(); AddStep(); AddStep( @@ -444,7 +451,8 @@ void TpkInstaller::ManifestDirectInstallSteps() { AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK); AddStep(); AddStep(); AddStep(); @@ -470,7 +478,8 @@ void TpkInstaller::ManifestDirectUpdateSteps() { AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::TPK); AddStep(); AddStep(); AddStep(); diff --git a/src/unit_tests/manifest_test_package.cc b/src/unit_tests/manifest_test_package.cc index 5e21c65..d07eef2 100644 --- a/src/unit_tests/manifest_test_package.cc +++ b/src/unit_tests/manifest_test_package.cc @@ -216,7 +216,7 @@ TEST_F(ManifestTest, PrivilegesElement_Missing) { ASSERT_TRUE(runner.Run()); manifest_x* m = runner.GetManifest(); ASSERT_NE(m, nullptr); - auto privileges = GListRange(m->privileges); + auto privileges = GListRange(m->privileges); ASSERT_EQ(Size(&privileges), 0); } @@ -225,7 +225,7 @@ TEST_F(ManifestTest, PrivilegesElement_None) { ASSERT_TRUE(runner.Run()); manifest_x* m = runner.GetManifest(); ASSERT_NE(m, nullptr); - auto privileges = GListRange(m->privileges); + auto privileges = GListRange(m->privileges); ASSERT_EQ(Size(&privileges), 0); } @@ -234,9 +234,9 @@ TEST_F(ManifestTest, PrivilegesElement_Valid) { ASSERT_TRUE(runner.Run()); manifest_x* m = runner.GetManifest(); ASSERT_NE(m, nullptr); - auto privileges = GListRange(m->privileges); + auto privileges = GListRange(m->privileges); ASSERT_EQ(Size(&privileges), 1); - ASSERT_CSTR_EQ(*(privileges.begin()), + ASSERT_CSTR_EQ((*privileges.begin())->value, "http://tizen.org/privilege/application.admin"); } @@ -245,13 +245,13 @@ TEST_F(ManifestTest, PrivilegesElement_Many) { ASSERT_TRUE(runner.Run()); manifest_x* m = runner.GetManifest(); ASSERT_NE(m, nullptr); - auto privileges = GListRange(m->privileges); + auto privileges = GListRange(m->privileges); ASSERT_EQ(Size(&privileges), 3); - ASSERT_CSTR_EQ(*(privileges.begin()), + ASSERT_CSTR_EQ(((*privileges.begin()))->value, "http://tizen.org/privilege/account.read"); - ASSERT_CSTR_EQ(*(++privileges.begin()), + ASSERT_CSTR_EQ(((*++privileges.begin()))->value, "http://tizen.org/privilege/application.admin"); - ASSERT_CSTR_EQ(*(++++privileges.begin()), + ASSERT_CSTR_EQ(((*++++privileges.begin())->value), "http://tizen.org/privilege/appmanager.launch"); } -- 2.7.4