From 0ef8a4fec09d222efd16fd595a57f2e71a1ab264 Mon Sep 17 00:00:00 2001 From: Tomasz Iwanek Date: Fri, 30 Sep 2016 10:07:13 +0200 Subject: [PATCH] Reworking handling privileges for hybrid application This patch keeps single list of privileges (stored in manifest_x) and filters privileges when registring security rules of applications. Following changed: - generated platform manifest xml contains tags with 'type' atttibute set to 'tpk' or 'wgt', - in case of absence of attribute, its default value is 'tpk', - manifest_x changes privilege type from GList of char* to GList of privilege_x. Structure named 'privilege_x' contain parsed privilege type, - although there is one privilege list, given the fact that privilege now have type, native and web privileges should be registered in native or web apps only. Verification: - no regression in tpk/wgt smoke tests, - install hybrid app with native and web privileges and check generated manifest file for privileges, - install web app with privileges and check generated manifest file, - install web app without privileges and check generated manifest file -> default privileges should be added. Submit together: - https://review.tizen.org/gerrit/#/c/90540/ - https://review.tizen.org/gerrit/#/c/90543/ - https://review.tizen.org/gerrit/#/c/90544/ - https://review.tizen.org/gerrit/#/c/90546/ - https://review.tizen.org/gerrit/#/c/90561/ Change-Id: I4ec7c8714a55917dbda665bf2a1c08ca30ce3f97 --- src/hybrid/hybrid_installer.cc | 23 +++++++--- src/unit_tests/manifest_test.cc | 8 ++-- src/wgt/step/configuration/step_parse.cc | 8 +++- src/wgt/step/pkgmgr/step_generate_xml.cc | 13 +++--- .../step/security/step_add_default_privileges.cc | 7 ++- .../security/step_check_extension_privileges.cc | 51 ++++++++++++---------- .../security/step_check_extension_privileges.h | 3 +- .../step/security/step_check_wgt_ime_privilege.cc | 16 ++++--- src/wgt/wgt_installer.cc | 22 +++++++--- 9 files changed, 94 insertions(+), 57 deletions(-) diff --git a/src/hybrid/hybrid_installer.cc b/src/hybrid/hybrid_installer.cc index 1a0e76f..ee59c63 100644 --- a/src/hybrid/hybrid_installer.cc +++ b/src/hybrid/hybrid_installer.cc @@ -4,6 +4,7 @@ #include "hybrid/hybrid_installer.h" +#include #include #include #include @@ -94,6 +95,7 @@ namespace hybrid { HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr) : AppInstaller("wgt", pkgmgr) { + context_->cross_app_rules.set(true); context_->backend_data.set(new HybridBackendData()); switch (pkgmgr_->GetRequestType()) { @@ -111,7 +113,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::BOTH); AddStep(); AddStep(); AddStep(); @@ -152,7 +155,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::BOTH); AddStep(); AddStep(); AddStep(); @@ -232,7 +236,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::BOTH); AddStep(); AddStep(); AddStep(); @@ -302,7 +307,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::BOTH); AddStep(); AddStep(); AddStep(); @@ -343,7 +349,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::BOTH); AddStep(); AddStep(); AddStep(); @@ -388,7 +395,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::BOTH); AddStep(); AddStep(); AddStep(); @@ -415,7 +423,8 @@ HybridInstaller::HybridInstaller(common_installer::PkgMgrPtr pkgmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::BOTH); AddStep(); AddStep(); AddStep(); diff --git a/src/unit_tests/manifest_test.cc b/src/unit_tests/manifest_test.cc index 46a8e36..52f9a81 100644 --- a/src/unit_tests/manifest_test.cc +++ b/src/unit_tests/manifest_test.cc @@ -184,8 +184,8 @@ TEST_F(ManifestTest, PrivilegeElement_ValidName) { manifest_x* m = runner.GetManifest(); ASSERT_NE(m, nullptr); std::vector priv_vec; - for (const char* priv : GListRange(m->privileges)) { - priv_vec.push_back(priv); + for (privilege_x* priv : GListRange(m->privileges)) { + priv_vec.push_back(priv->value); } ASSERT_FALSE(priv_vec.empty()); const char* expected_name = "http://tizen.org/privilege/application.launch"; @@ -198,8 +198,8 @@ TEST_F(ManifestTest, PrivilegeElement_ManyElements) { manifest_x* m = runner.GetManifest(); ASSERT_NE(m, nullptr); std::vector priv_vec; - for (const char* priv : GListRange(m->privileges)) { - priv_vec.push_back(priv); + for (privilege_x* priv : GListRange(m->privileges)) { + priv_vec.push_back(priv->value); } ASSERT_EQ(priv_vec.size(), 2); const char* first_priv = "http://tizen.org/privilege/application.close"; diff --git a/src/wgt/step/configuration/step_parse.cc b/src/wgt/step/configuration/step_parse.cc index c15d8af..cf349e8 100644 --- a/src/wgt/step/configuration/step_parse.cc +++ b/src/wgt/step/configuration/step_parse.cc @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -518,8 +519,11 @@ bool StepParse::FillPrivileges(manifest_x* manifest) { privileges = ExtractPrivileges(perm_info); for (auto& priv : privileges) { - manifest->privileges = - g_list_append(manifest->privileges, strdup(priv.c_str())); + privilege_x* privilege = + reinterpret_cast(calloc(1, sizeof(privilege_x))); + privilege->type = strdup(common_installer::kWebPrivilegeType); + privilege->value = strdup(priv.c_str()); + manifest->privileges = g_list_append(manifest->privileges, privilege); } return true; } diff --git a/src/wgt/step/pkgmgr/step_generate_xml.cc b/src/wgt/step/pkgmgr/step_generate_xml.cc index 669bb26..a20a3a3 100644 --- a/src/wgt/step/pkgmgr/step_generate_xml.cc +++ b/src/wgt/step/pkgmgr/step_generate_xml.cc @@ -499,12 +499,15 @@ common_installer::Step::Status StepGenerateXml::GenerateApplications( } void StepGenerateXml::GeneratePrivilege(xmlTextWriterPtr writer) { - if (context_->manifest_data.get()->privileges) { + if (context_->manifest_data.get()->privileges) { xmlTextWriterStartElement(writer, BAD_CAST "privileges"); - for (const char* priv : - GListRange(context_->manifest_data.get()->privileges)) { - xmlTextWriterWriteFormatElement(writer, BAD_CAST "privilege", - "%s", BAD_CAST priv); + for (privilege_x* priv : + GListRange(context_->manifest_data.get()->privileges)) { + xmlTextWriterStartElement(writer, BAD_CAST "privilege"); + xmlTextWriterWriteAttribute(writer, BAD_CAST "type", + BAD_CAST priv->type); + xmlTextWriterWriteString(writer, BAD_CAST priv->value); + xmlTextWriterEndElement(writer); } xmlTextWriterEndElement(writer); diff --git a/src/wgt/step/security/step_add_default_privileges.cc b/src/wgt/step/security/step_add_default_privileges.cc index e5e0288..47098d3 100644 --- a/src/wgt/step/security/step_add_default_privileges.cc +++ b/src/wgt/step/security/step_add_default_privileges.cc @@ -24,8 +24,11 @@ common_installer::Step::Status StepAddDefaultPrivileges::precheck() { common_installer::Step::Status StepAddDefaultPrivileges::process() { manifest_x* m = context_->manifest_data.get(); - m->privileges = g_list_append(m->privileges, - strdup(common::privileges::kPrivForWebApp)); + privilege_x* privilege = + reinterpret_cast(calloc(1, sizeof(privilege_x))); + privilege->type = strdup(common_installer::kWebPrivilegeType); + privilege->value = strdup(common_installer::privileges::kPrivForWebApp); + m->privileges = g_list_append(m->privileges, privilege); return Status::OK; } diff --git a/src/wgt/step/security/step_check_extension_privileges.cc b/src/wgt/step/security/step_check_extension_privileges.cc index c28071a..990ba97 100755 --- a/src/wgt/step/security/step_check_extension_privileges.cc +++ b/src/wgt/step/security/step_check_extension_privileges.cc @@ -3,7 +3,16 @@ // found in the LICENSE file. #include "wgt/step/security/step_check_extension_privileges.h" + +#include + +#include +#include +#include +#include + #include +#include #include #include @@ -14,9 +23,6 @@ #include #include "wgt/extension_config_parser.h" -#include "manifest_parser/values.h" -#include "common/certificate_validation.h" -#include "common/utils/glist_range.h" namespace { const char kPluginsDirectory[] = "/res/wgt/plugin/"; @@ -40,8 +46,9 @@ common_installer::Step::Status StepCheckExtensionPrivileges::process() { manifest_x* m = context_->manifest_data.get(); std::set current_privileges; - for (const char* priv : GListRange(m->privileges)) { - current_privileges.insert(priv); + for (privilege_x* priv : GListRange(m->privileges)) { + if (strcmp(priv->type, common_installer::kWebPrivilegeType) == 0) + current_privileges.insert(priv->value); } std::set xmlFiles; @@ -52,27 +59,32 @@ common_installer::Step::Status StepCheckExtensionPrivileges::process() { xmlFiles.insert(glob_result.gl_pathv[i]); } } - std::set privileges; + GList* privileges = nullptr; + BOOST_SCOPE_EXIT_ALL(&) { + g_list_free_full(privileges, &common_installer::FreePrivilegeX); + }; for (auto it = xmlFiles.begin(); it != xmlFiles.end(); ++it) { LOG(DEBUG) << "start to parse extension xml : " << *it; ExtensionConfigParser extensionParser(*it); std::vector list = extensionParser.GetExtensionPrivilegeList(); - for (std::string priv : list) { + for (const std::string& priv : list) { if (current_privileges.find(priv) == current_privileges.end()) { - privileges.emplace(priv); + privilege_x* privilege = + reinterpret_cast(calloc(1, sizeof(privilege_x))); + privilege->type = strdup(common_installer::kWebPrivilegeType); + privilege->value = strdup(priv.c_str()); + privileges = g_list_append(privileges, privilege); } } } - if (!privileges.empty()) { + if (privileges) { if (!CheckPrivilegeLevel(privileges)) { LOG(DEBUG) << "Fail to validation of privilege"; return Status::ERROR; } - for (auto it = privileges.begin(); it != privileges.end(); ++it) { - LOG(DEBUG) << "set list privilege : " << *it; - m->privileges = g_list_append(m->privileges, strdup((*it).c_str())); - } + m->privileges = g_list_concat(m->privileges, privileges); + privileges = nullptr; } return Status::OK; } @@ -104,28 +116,21 @@ std::string StepCheckExtensionPrivileges::GetExtensionPath() { } bool StepCheckExtensionPrivileges::CheckPrivilegeLevel( - std::set priv_set) { - GList* privileges = nullptr; - for (auto it = priv_set.begin(); it != priv_set.end(); ++it) { - privileges = g_list_append(privileges, strdup((*it).c_str())); - } - guint size = g_list_length(privileges); - if (size == 0) return true; + GList* privileges) { + if (g_list_length(privileges) == 0) + return true; std::string error_message; if (!common_installer::ValidatePrivilegeLevel( context_->privilege_level.get(), - context_->pkg_type.get(), context_->manifest_data.get()->api_version, privileges, &error_message)) { - g_list_free_full(privileges, free); if (!error_message.empty()) { LOG(ERROR) << "error_message: " << error_message; } return false; } - g_list_free_full(privileges, free); return true; } diff --git a/src/wgt/step/security/step_check_extension_privileges.h b/src/wgt/step/security/step_check_extension_privileges.h index 837f564..c390d3c 100755 --- a/src/wgt/step/security/step_check_extension_privileges.h +++ b/src/wgt/step/security/step_check_extension_privileges.h @@ -11,6 +11,7 @@ #include #include #include +#include #include #include @@ -45,7 +46,7 @@ class StepCheckExtensionPrivileges : public common_installer::Step { Status precheck() override; private: std::string GetExtensionPath(); - bool CheckPrivilegeLevel(std::set priv_set); + bool CheckPrivilegeLevel(GList* privileges); STEP_NAME(CheckExtensionPrivileges) }; diff --git a/src/wgt/step/security/step_check_wgt_ime_privilege.cc b/src/wgt/step/security/step_check_wgt_ime_privilege.cc index 9976852..aedbbaf 100644 --- a/src/wgt/step/security/step_check_wgt_ime_privilege.cc +++ b/src/wgt/step/security/step_check_wgt_ime_privilege.cc @@ -47,9 +47,12 @@ common_installer::Step::Status StepCheckWgtImePrivilege::process() { context_->manifest_plugins_data.get().ime_info.get().setUuid(std::string()); } else if (version23) { // be sure there's a privilege in manifest - context_->manifest_data.get()->privileges - = g_list_append(context_->manifest_data.get()->privileges, - strdup(common::privileges::kImePrivilegeName)); + privilege_x* privilege = + reinterpret_cast(calloc(1, sizeof(privilege_x))); + privilege->type = strdup(common_installer::kWebPrivilegeType); + privilege->value = strdup(common_installer::privileges::kImePrivilegeName); + context_->manifest_data.get()->privileges = + g_list_append(context_->manifest_data.get()->privileges, privilege); } return Status::OK; @@ -73,9 +76,10 @@ common_installer::Step::Status StepCheckWgtImePrivilege::Check24Api() const { common_installer::Step::Status StepCheckWgtImePrivilege::CheckImePrivilege() const { - for (const auto privilege : - GListRange(context_->manifest_data.get()->privileges)) { - if (!strcmp(privilege, common::privileges::kImePrivilegeName)) + for (privilege_x* privilege : + GListRange(context_->manifest_data.get()->privileges)) { + if (!strcmp(privilege->value, + common_installer::privileges::kImePrivilegeName)) return Status::OK; } diff --git a/src/wgt/wgt_installer.cc b/src/wgt/wgt_installer.cc index 4905e55..e1140e2 100755 --- a/src/wgt/wgt_installer.cc +++ b/src/wgt/wgt_installer.cc @@ -6,6 +6,7 @@ #include +#include #include #include #include @@ -115,7 +116,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::WGT); AddStep(); AddStep(); AddStep(); @@ -152,7 +154,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::WGT); AddStep(); AddStep(); AddStep(); @@ -248,7 +251,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::WGT); AddStep(); AddStep(); AddStep(); @@ -316,7 +320,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::WGT); AddStep(); AddStep(); AddStep(); @@ -352,7 +357,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::WGT); AddStep(); AddStep(); AddStep(); @@ -391,7 +397,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::WGT); AddStep(); AddStep(); AddStep(); @@ -414,7 +421,8 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr) AddStep(); AddStep(); AddStep(); - AddStep(); + AddStep( + ci::security::StepPrivilegeCompatibility::InternalPrivType::WGT); AddStep(); AddStep(); AddStep(); -- 2.7.4