From 862aaf4ef90dec8af0a86d91cafebd42bdbb08e5 Mon Sep 17 00:00:00 2001 From: jongmyeongko Date: Thu, 17 Mar 2016 10:14:54 +0900 Subject: [PATCH] apply new security api related to TZ_SYS_APP_RO/RW seperation. Change-Id: I596e0b94b180c71b6379a8a5379c30d8558d749f Signed-off-by: jongmyeongko --- src/common/request.cc | 2 +- src/common/security_registration.cc | 36 ++++++++++++++++++++++++++++-------- src/common/security_registration.h | 5 +++-- src/common/step/step_configure.cc | 1 + src/pkgdir_tool/pkgdir_tool.cc | 2 +- 5 files changed, 34 insertions(+), 12 deletions(-) diff --git a/src/common/request.cc b/src/common/request.cc index 7f4107e..279a719 100644 --- a/src/common/request.cc +++ b/src/common/request.cc @@ -18,7 +18,7 @@ RequestMode GetRequestMode() { const char *GetRootAppPath(bool is_preload) { return GetRequestMode() == RequestMode::USER ? tzplatform_getenv(TZ_USER_APP) : is_preload ? - tzplatform_getenv(TZ_SYS_RO_APP) :tzplatform_getenv(TZ_SYS_RW_APP); + tzplatform_getenv(TZ_SYS_RO_APP) : tzplatform_getenv(TZ_SYS_RW_APP); } } // namespace common_installer diff --git a/src/common/security_registration.cc b/src/common/security_registration.cc index 01a7cd2..1c1ed8a 100644 --- a/src/common/security_registration.cc +++ b/src/common/security_registration.cc @@ -36,8 +36,8 @@ const std::vector& privileges, + const std::string& preload, const boost::filesystem::path& path, + uid_t uid, const std::vector& privileges, app_inst_req* req, std::string* error_message) { if (app_id.empty() || pkg_id.empty()) { LOG(ERROR) << "Appid or pkgid is empty. Both values must be set"; @@ -93,6 +93,25 @@ bool PrepareRequest(const std::string& app_id, const std::string& pkg_id, } } + if (!preload.empty()) { + app_install_type type; + if (preload == "true") + type = SM_APP_INSTALL_PRELOADED; + else if (uid == GLOBAL_USER || uid == 0) + type = SM_APP_INSTALL_GLOBAL; + else + type = SM_APP_INSTALL_LOCAL; + LOG(INFO) << "install_type(" << type << ")"; + error = security_manager_app_inst_req_set_install_type(req, type); + if (error != SECURITY_MANAGER_SUCCESS) { + std::string errnum = boost::str(boost::format("%d") % error); + *error_message = + security_manager_strerror(static_cast(error)); + *error_message += ":<" + errnum + ">"; + return false; + } + } + if (!path.empty()) { for (auto& policy : kSecurityPolicies) { bf::path subpath = path / policy.first; @@ -128,8 +147,9 @@ namespace common_installer { bool RegisterSecurityContext(const std::string& app_id, const std::string& pkg_id, const std::string& author_id, - const std::string& api_version, const boost::filesystem::path& path, - uid_t uid, const std::vector& privileges, + const std::string& api_version, const std::string& preload, + const boost::filesystem::path& path, uid_t uid, + const std::vector& privileges, std::string* error_message) { app_inst_req* req; @@ -144,7 +164,7 @@ bool RegisterSecurityContext(const std::string& app_id, return false; } - if (!PrepareRequest(app_id, pkg_id, author_id, api_version, path, uid, + if (!PrepareRequest(app_id, pkg_id, author_id, api_version, preload, path, uid, privileges, req, error_message)) { LOG(ERROR) << "Failed while preparing security_manager_app_inst_req"; security_manager_app_inst_req_free(req); @@ -180,8 +200,8 @@ bool UnregisterSecurityContext(const std::string& app_id, return false; } - if (!PrepareRequest(app_id, pkg_id, std::string(), std::string(), bf::path(), - uid, {}, req, error_message)) { + if (!PrepareRequest(app_id, pkg_id, std::string(), std::string(), std::string(), + bf::path(), uid, {}, req, error_message)) { LOG(ERROR) << "Failed while preparing security_manager_app_inst_req"; security_manager_app_inst_req_free(req); return false; @@ -215,7 +235,7 @@ bool RegisterSecurityContextForManifest( return false; } if (!RegisterSecurityContext(app->appid, pkg_id, cert_info->author_id.get(), - manifest->api_version, path, uid, priv_vec, error_message)) { + manifest->api_version, manifest->preload, path, uid, priv_vec, error_message)) { return false; } } diff --git a/src/common/security_registration.h b/src/common/security_registration.h index 1a5e7e0..9949569 100644 --- a/src/common/security_registration.h +++ b/src/common/security_registration.h @@ -35,8 +35,9 @@ namespace common_installer { */ bool RegisterSecurityContext(const std::string& app_id, const std::string& pkg_id, const std::string& author_id, - const std::string& api_version, const boost::filesystem::path& path, - uid_t uid, const std::vector& privileges, + const std::string& api_version, const std::string& preload, + const boost::filesystem::path& path, uid_t uid, + const std::vector& privileges, std::string* error_message); /** diff --git a/src/common/step/step_configure.cc b/src/common/step/step_configure.cc index d5739b0..0b512ab 100644 --- a/src/common/step/step_configure.cc +++ b/src/common/step/step_configure.cc @@ -163,6 +163,7 @@ bool StepConfigure::SetupRootAppDirectory() { return false; } } + LOG(INFO) << "AppDir(" << context_->root_application_path.get() << ")"; return true; } diff --git a/src/pkgdir_tool/pkgdir_tool.cc b/src/pkgdir_tool/pkgdir_tool.cc index d54a13a..dcf4cde 100644 --- a/src/pkgdir_tool/pkgdir_tool.cc +++ b/src/pkgdir_tool/pkgdir_tool.cc @@ -144,7 +144,7 @@ bool SetPackageDirectorySmackRules(const bf::path& base_dir, std::string error_message; for (const auto& appid : appids) { if (!common_installer::RegisterSecurityContext(appid, pkgid, - author_id, api_version, base_dir, uid, privileges, + author_id, api_version, "false", base_dir, uid, privileges, &error_message)) { LOG(ERROR) << "Failed to register security context"; if (!error_message.empty()) { -- 2.7.4