From ee9fba73684f07395e3c8db893aa67d6973a72ec Mon Sep 17 00:00:00 2001 From: Arkadiusz Szulakiewicz Date: Thu, 19 Nov 2015 13:45:09 +0100 Subject: [PATCH] Fix permission for applications installed in global path Change-Id: I778a2104db654c6d9409b534e9bb7d38ec6a5a78 --- src/common/step/step_configure.cc | 21 +++++++++++++++ src/common/step/step_configure.h | 1 + src/common/step/step_generate_xml.cc | 7 +++++ src/common/step/step_unzip.cc | 7 +++++ src/common/utils/file_util.cc | 28 +++++++++++++++++--- src/common/utils/file_util.h | 5 +++- src/tpk/step/step_create_symbolic_link.cc | 6 +++++ src/wgt/step/step_create_symbolic_link.cc | 3 +++ src/wgt/step/step_rds_modify.cc | 44 +++++++++++++++++++++++++++++++ 9 files changed, 117 insertions(+), 5 deletions(-) diff --git a/src/common/step/step_configure.cc b/src/common/step/step_configure.cc index 94bd6af..1986fd9 100644 --- a/src/common/step/step_configure.cc +++ b/src/common/step/step_configure.cc @@ -4,6 +4,7 @@ #include "common/step/step_configure.h" +#include #include #include @@ -22,6 +23,7 @@ StepConfigure::StepConfigure(InstallerContext* context, PkgMgrPtr pkgmgr) Step::Status StepConfigure::process() { SetupRequestMode(); + SetupFileCreationMask(); if (!SetupRootAppDirectory()) return Status::ERROR; @@ -131,5 +133,24 @@ void StepConfigure::SetupRequestMode() { context_->request_mode.set(GetRequestMode()); } +void StepConfigure::SetupFileCreationMask() { + mode_t old_mask, new_mask; + old_mask = new_mask = 0; + + switch (context_->request_mode.get()) { + case RequestMode::USER: + new_mask = 033; // results in 744 privileges + break; + case RequestMode::GLOBAL: + new_mask = 022; // results in 755 privileges + break; + } + + old_mask = umask(new_mask); + + LOG(INFO) << "Changed file creation mask from " << std::oct << old_mask + << " to " << std::oct << new_mask; +} + } // namespace configuration } // namespace common_installer diff --git a/src/common/step/step_configure.h b/src/common/step/step_configure.h index 4787ad2..760d872 100644 --- a/src/common/step/step_configure.h +++ b/src/common/step/step_configure.h @@ -61,6 +61,7 @@ class StepConfigure : public Step { private: bool SetupRootAppDirectory(); void SetupRequestMode(); + void SetupFileCreationMask(); PkgMgrPtr pkgmgr_; diff --git a/src/common/step/step_generate_xml.cc b/src/common/step/step_generate_xml.cc index 48bea4c..d342f78 100644 --- a/src/common/step/step_generate_xml.cc +++ b/src/common/step/step_generate_xml.cc @@ -204,6 +204,13 @@ common_installer::Step::Status StepGenerateXml::process() { "Directory for manifest xml is missing and cannot be created"; return Status::ERROR; } + + if (!common_installer::SetDirPermissions(xml_path.parent_path(), + bf::owner_all | bf::group_read | bf::others_read)) { + LOG(ERROR) << + "Could not set permissions for dir:" << xml_path.parent_path(); + return Status::ERROR; + } } xmlTextWriterPtr writer; diff --git a/src/common/step/step_unzip.cc b/src/common/step/step_unzip.cc index 62a4bc2..1172ce7 100644 --- a/src/common/step/step_unzip.cc +++ b/src/common/step/step_unzip.cc @@ -92,6 +92,13 @@ Step::Status StepUnzip::process() { return Step::Status::ERROR; } + if (!SetDirPermissions(tmp_dir, + bf::owner_all | bf::group_read | bf::others_read)) { + LOG(ERROR) << + "Could not set permissions for dir:" << tmp_dir; + return Status::ERROR; + } + int64_t required_size = GetUnpackedPackageSize(context_->file_path.get()); diff --git a/src/common/utils/file_util.cc b/src/common/utils/file_util.cc index 2639fc3..66ff55e 100644 --- a/src/common/utils/file_util.cc +++ b/src/common/utils/file_util.cc @@ -95,17 +95,22 @@ bool CreateDir(const bf::path& path) { boost::system::error_code error; bf::create_directories(path, error); + if (error) { LOG(ERROR) << "Failed to create directory: " << boost::system::system_error(error).what(); return false; } + return true; +} + +bool SetDirPermissions(const boost::filesystem::path& path, + boost::filesystem::perms permissions) { + boost::system::error_code error; + bf::permissions(path, permissions, error); - bf::permissions(path, bf::owner_all - | bf::group_read | bf::others_read, - error); if (error) { - LOG(ERROR) << "Failed to set permission: " + LOG(ERROR) << "Failed to set permissions for directory: " << path << boost::system::system_error(error).what(); return false; } @@ -130,6 +135,13 @@ bool CopyDir(const bf::path& src, const bf::path& dst) { LOG(ERROR) << "Unable to create destination directory" << dst.string(); return false; } + + if (!SetDirPermissions(dst, + bf::owner_all | bf::group_read | bf::others_read)) { + LOG(ERROR) << + "Could not set permissions for dir:" << dst; + return false; + } } catch (const bf::filesystem_error& error) { LOG(ERROR) << "Failed to copy directory: " << error.what(); return false; @@ -338,6 +350,14 @@ bool ExtractToTmpDir(const char* zip_path, const bf::path& tmp_dir, << filename_in_zip_path.parent_path(); return false; } + if (!SetDirPermissions( + filename_in_zip_path.parent_path(), + bf::owner_all | bf::group_read | bf::others_read)) { + LOG(ERROR) << + "Could not set permissions for dir:" << + filename_in_zip_path.parent_path(); + return false; + } } if (!zip_file.OpenCurrent()) { diff --git a/src/common/utils/file_util.h b/src/common/utils/file_util.h index bd1c6e9..183da45 100644 --- a/src/common/utils/file_util.h +++ b/src/common/utils/file_util.h @@ -4,7 +4,7 @@ #define COMMON_UTILS_FILE_UTIL_H_ #include - +#include #include namespace common_installer { @@ -23,6 +23,9 @@ bool MoveDir(const boost::filesystem::path& src, bool MoveFile(const boost::filesystem::path& src, const boost::filesystem::path& dst); +bool SetDirPermissions(const boost::filesystem::path& path, + boost::filesystem::perms permissions); + int64_t GetUnpackedPackageSize(const boost::filesystem::path& path); boost::filesystem::path GenerateTmpDir(const boost::filesystem::path& app_path); diff --git a/src/tpk/step/step_create_symbolic_link.cc b/src/tpk/step/step_create_symbolic_link.cc index cb75a75..386a6a4 100644 --- a/src/tpk/step/step_create_symbolic_link.cc +++ b/src/tpk/step/step_create_symbolic_link.cc @@ -31,6 +31,12 @@ bool CreateSymLink(application_x* app, InstallerContext* context) { LOG(ERROR) << "Directory creation failure: " << bindir; return false; } + if (!common_installer::SetDirPermissions(bindir, + bf::owner_all | bf::group_read | bf::others_read)) { + LOG(ERROR) << + "Could not set permissions for dir:" << bindir; + return false; + } // Exec path // Make a symlink with the name of appid, pointing exec file diff --git a/src/wgt/step/step_create_symbolic_link.cc b/src/wgt/step/step_create_symbolic_link.cc index 6d53415..77c7733 100644 --- a/src/wgt/step/step_create_symbolic_link.cc +++ b/src/wgt/step/step_create_symbolic_link.cc @@ -39,6 +39,9 @@ common_installer::Step::Status StepCreateSymbolicLink::process() { / bf::path("bin"); common_installer::CreateDir(exec_path); + common_installer::SetDirPermissions(exec_path, + bf::owner_all | bf::group_read | bf::others_read); + exec_path /= bf::path(app->appid); if (strcmp(app->component_type, "uiapp") == 0) { diff --git a/src/wgt/step/step_rds_modify.cc b/src/wgt/step/step_rds_modify.cc index 4c6d13d..85273c1 100644 --- a/src/wgt/step/step_rds_modify.cc +++ b/src/wgt/step/step_rds_modify.cc @@ -93,12 +93,29 @@ bool StepRDSModify::AddFiles(bf::path unzip_path, bf::path install_path) { LOG(ERROR) << "unable to create dir for temp backup data"; return false; } + if (!cu::SetDirPermissions(temp_install_path, + bf::owner_all | bf::group_read | bf::others_read)) { + LOG(ERROR) << + "Could not set permissions for dir:" << temp_install_path; + return false; + } + + } else { if (!bf::exists(temp_install_path.parent_path()) && !cu::CreateDir(temp_install_path.parent_path())) { LOG(ERROR) << "unable to create dir for temp backup data"; return false; } + if (!cu::SetDirPermissions(temp_install_path.parent_path(), + bf::owner_all | bf::group_read | bf::others_read)) { + LOG(ERROR) << + "Could not set permissions for dir:" + << temp_install_path.parent_path(); + return false; + } + + bf::path temp_unzip_path(unzip_path / file); bf::copy_file(temp_unzip_path, temp_install_path, error); if (error) { @@ -156,6 +173,15 @@ bool StepRDSModify::SetUpTempBackupDir() { LOG(ERROR) << "unable to create backup data temp dir"; return false; } + + if (!cu::SetDirPermissions(backup_temp_dir_, + bf::owner_all | bf::group_read | bf::others_read)) { + LOG(ERROR) << + "Could not set permissions for dir:" + << backup_temp_dir_; + return false; + } + return true; } @@ -171,6 +197,14 @@ bool StepRDSModify::PerformBackup(std::string relative_path, LOG(ERROR) << "unable to create dir for temp backup data"; return false; } + if (!cu::SetDirPermissions(backup_temp_dir_ / relative_path, + bf::owner_all | bf::group_read | bf::others_read)) { + LOG(ERROR) + << "Could not set permissions for dir:" + << (backup_temp_dir_ / relative_path).string(); + return false; + } + } else { bs::error_code error; bf::path tmp_dest_path = backup_temp_dir_ / relative_path; @@ -179,6 +213,14 @@ bool StepRDSModify::PerformBackup(std::string relative_path, LOG(ERROR) << "unable to create dir for temp backup data"; return false; } + + if (!cu::SetDirPermissions((tmp_dest_path).parent_path(), + bf::owner_all | bf::group_read | bf::others_read)) { + LOG(ERROR) << "Could not set permissions for dir:" + << (tmp_dest_path).parent_path(); + return false; + } + bf::copy_file(source_path, tmp_dest_path, error); if (error) { LOG(ERROR) << "unable to backup file: " @@ -210,6 +252,8 @@ void StepRDSModify::RestoreFiles() { } else { if (bf::is_directory(source_path)) { cu::CreateDir(destination_path); + cu::SetDirPermissions(destination_path, + bf::owner_all | bf::group_read | bf::others_read); } else { bf::copy_file(source_path, destination_path, bf::copy_option::overwrite_if_exists); -- 2.7.4