[Release] wrt-installer_0.1.58

Change-Id: Ia6ca54247909363a538cc00bab88fb8819516d43

diff --git a/CMakeLists.txt b/CMakeLists.txt
index d095c83..b3933c5 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -88,7 +88,7 @@ ADD_DEFINITIONS("-Wextra")              # Generate even more extra warnings
 ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM)
 ADD_DEFINITIONS("-Wno-deprecated")      # No warnings about deprecated features
 ADD_DEFINITIONS("-std=c++0x")           # accept C++11x standard
-#ADD_DEFINITIONS("-DWRT_SMACK_ENABLED")
+ADD_DEFINITIONS("-DWRT_SMACK_ENABLED")  # enable smack
 
 ############################# Targets names ###################################
 

diff --git a/packaging/wrt-installer.spec b/packaging/wrt-installer.spec
index 7730d48..e61b691 100644 (file)
--- a/packaging/wrt-installer.spec
+++ b/packaging/wrt-installer.spec
@@ -1,7 +1,7 @@
-#git:framework/web/wrt-installer wrt-installer_0.1.57
+#git:framework/web/wrt-installer wrt-installer_0.1.58
 Name:       wrt-installer
 Summary:    Installer for tizen Webruntime
-Version:    0.1.57
+Version:    0.1.58
 Release:    1
 Group:      Development/Libraries
 License:    Apache License, Version 2.0
@@ -43,6 +43,7 @@ BuildRequires:  pkgconfig(web-provider)
 BuildRequires:  pkgconfig(libprivilege-control)
 BuildRequires:  pkgconfig(osp-appfw)
 BuildRequires:  osp-appfw-internal-devel
+BuildRequires:  pkgconfig(libsmack)
 Requires: osp-appfw
 Requires: osp-installer
 Requires: xmlsec1

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 03997c0..8832baf 100644 (file)
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -126,6 +126,7 @@ PKG_CHECK_MODULES(INSTALLER_STATIC_DEP
     pkgmgr-info
     web-provider
     osp-appfw
+    libsmack
     REQUIRED
 )
 

diff --git a/src/jobs/widget_install/job_widget_install.cpp b/src/jobs/widget_install/job_widget_install.cpp
index 72c2332..546d263 100644 (file)
--- a/src/jobs/widget_install/job_widget_install.cpp
+++ b/src/jobs/widget_install/job_widget_install.cpp
@@ -197,7 +197,6 @@ JobWidgetInstall::JobWidgetInstall(
         }
 
         AddTask(new TaskFileManipulation(m_installerContext));
-
         AddTask(new TaskManifestFile(m_installerContext));
         if (m_installerContext.widgetConfig.packagingType ==
             PKG_TYPE_HYBRID_WEB_APP)

diff --git a/src/jobs/widget_install/task_smack.cpp b/src/jobs/widget_install/task_smack.cpp
index 2957cfa..9769276 100644 (file)
--- a/src/jobs/widget_install/task_smack.cpp
+++ b/src/jobs/widget_install/task_smack.cpp
@@ -24,20 +24,30 @@
 #include <widget_install/widget_install_context.h>
 #include <widget_install/widget_install_errors.h>
 #include <widget_install/job_widget_install.h>
-#include <dpl/foreach.h>
 #include <dpl/wrt-dao-ro/common_dao_types.h>
+#include <dpl/foreach.h>
+#include <dpl/wrt-dao-ro/widget_dao_read_only.h>
 #include <dpl/utils/bash_utils.h>
+#include <vcore/Certificate.h>
+#include <vcore/CryptoHash.h>
 #ifdef WRT_SMACK_ENABLED
 #include <privilege-control.h>
+#include <sys/smack.h>
 #endif
-
 #include <sstream>
 
+using namespace WrtDB;
+using namespace ValidationCore;
+
 namespace {
 const int MAX_BUF_SIZE = 128;
-#ifdef WRT_SMACK_ENABLED
-const char* SMACK_RULE_STR = "/usr/bin/smackload-app.sh";
-#endif
+void freeList(const char** list) {
+    for (int i = 0; list[i] != NULL; i++)
+    {
+        delete(list[i]);
+    }
+    delete[] list;
+}
 }
 
 namespace Jobs {
@@ -48,99 +58,155 @@ TaskSmack::TaskSmack(InstallerContext& context) :
 {
     AddStep(&TaskSmack::SmackFolderLabelingStep);
     AddStep(&TaskSmack::SmackPrivilegeStep);
-    AddStep(&TaskSmack::SmackTemporaryStep);
     AddStep(&TaskSmack::SetEndofInstallation);
+
+    AddAbortStep(&TaskSmack::StepAbortSmack);
 }
 
 void TaskSmack::SmackFolderLabelingStep()
 {
-    LogInfo(
-        "----------------> SMACK: \
+    LogInfo("----------------> SMACK:\
             Jobs::WidgetInstall::TaskSmack::SmackFolderLabelingStep()");
-
 #ifdef WRT_SMACK_ENABLED
+    std::string pkg = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
+    char* pkgId = NULL;
+    pkgId = (char*)calloc(1, pkg.length() + 1);
+    snprintf(pkgId, pkg.length() + 1, "%s", pkg.c_str());
+
+    if (m_context.widgetConfig.packagingType !=
+            WrtDB::PkgType::PKG_TYPE_HYBRID_WEB_APP)
+    {
+            if (PC_OPERATION_SUCCESS != app_install(pkgId)) {
+            free(pkgId);
+            ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                    "failure in creating smack rules file.");
+        }
+    }
+
     /* /opt/usr/apps/[pkgid] directory's label is "_" */
-    std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
     if (PC_OPERATION_SUCCESS != app_label_dir("_",
-                                              m_context.locations->
-                                                  getPackageInstallationDir().
-                                                  c_str()))
-    {
-        LogError("Set smack failure. Failed to add label for app root directory");
+                m_context.locations->getPackageInstallationDir().c_str())) {
+        free(pkgId);
         ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
-                                         "Add Label failure");
+                "Add Label failure");
     }
 
     /* res directory */
     std::string resDir = m_context.locations->getPackageInstallationDir() +
         "/res";
-    if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
-                                              resDir.c_str()))
+    if (PC_OPERATION_SUCCESS != app_label_dir(pkgId,
+                resDir.c_str())) {
+        free(pkgId);
+        ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                "Add Label failure");
+    }
+
+    /* for prealod */
+    if (m_context.mode.installTime == InstallMode::InstallTime::PRELOAD)
     {
-        LogError("Set smack failure. Failed to add label for resource directory");
+        if (PC_OPERATION_SUCCESS != app_label_dir("_",
+                    m_context.locations->getUserDataRootDir().c_str())) {
+            free(pkgId);
+            ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                    "Add Label failure");
+        }
+    }
+
+    /* data directory */
+    if (PC_OPERATION_SUCCESS != app_label_dir(pkgId,
+                m_context.locations->getPrivateStorageDir().c_str())) {
+        free(pkgId);
         ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
-                                         "Add Label failure");
+                "Add Label failure");
     }
 
     /* bin directory */
-    if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
-                                              m_context.locations->getBinaryDir()
-                                                  .c_str()))
-    {
-        LogError("Set smack failure. Failed to add label for binary directory");
+    if (PC_OPERATION_SUCCESS != app_label_dir(pkgId,
+                m_context.locations->getBinaryDir().c_str())) {
+        free(pkgId);
         ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
-                                         "Add Label failure");
+                "Add Label failure");
     }
 
-    /* data directory */
-    if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
-                                              m_context.locations->
-                                                  getPrivateStorageDir().c_str()))
-    {
-        LogError("Set smack failure. Failed to add label for private storage directory");
+    if(!setLabelForSharedDir(pkgId)) {
+        ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                "Add Label failure");
+    }
+
+    free(pkgId);
+
+    /* TODO : set label at wrt-client 
+
+    std::string app = DPL::ToUTF8String(m_context.widgetConfig.tzAppid);
+    char* appId = NULL;
+    appId = (char*)calloc(1, app.length() + 1);
+    snprintf(appId, app.length() + 1, "%s", app.c_str());
+
+    if (0 != smack_lsetlabel(m_context.locations->getExecFile().c_str(),
+                appId, SMACK_LABEL_ACCESS)) {
+        free(pkgId);
+        free(appId);
+        ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                "Add ACESS Label for binary failure");
+    }
+
+    if (0 != smack_lsetlabel(m_context.locations->getExecFile().c_str(),
+                appId, SMACK_LABEL_EXEC)) {
+        free(pkgId);
+        free(appId);
         ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
-                                         "Add Label failure");
+                "Add EXEC Label for binary failure");
     }
 
+   if (PC_OPERATION_SUCCESS != app_add_friend(pkgId, appId)) {
+        free(pkgId);
+        free(appId);
+        ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                "Add friend failure");
+   }
+
+    if (PC_OPERATION_SUCCESS != app_label_shared_dir(appId, pkgId,
+                m_context.locations->getBinaryDir().c_str())) {
+        free(pkgId);
+        free(appId);
+        ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                "Add Label failure");
+    }
+    */
 #endif
 }
 
 void TaskSmack::SmackPrivilegeStep()
 {
-    LogInfo(
-        "----------------> SMACK: \
+    LogInfo("----------------> SMACK:\
             Jobs::WidgetInstall::TaskSmack::SmackPrivilegeStep()");
 #ifdef WRT_SMACK_ENABLED
-    WrtDB::TizenPkgId tzPkgid = m_context.widgetConfig.tzPkgid;
-#if 0
-    char** perm_list = new char*[m_context.staticPermittedDevCaps.size()];
+    /* TODO : 
+    std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzAppid);
+    */
+    std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
+    char* appId = NULL;
+    appId = (char*)calloc(1, id.length() + 1);
+    snprintf(appId, id.length() + 1, "%s", id.c_str());
 
+    WrtDB::ConfigParserData::PrivilegeList privileges =
+        m_context.widgetConfig.configInfo.privilegeList;
+
+    const char** perm_list = new const char*[privileges.size() + 1];
     int index = 0;
-    FOREACH(it, m_context.staticPermittedDevCaps) {
-        if (it->second) {
-            LogInfo("Permission : " << it->first);
-            perm_list[index++] =
-                const_cast<char*>(DPL::ToUTF8String(it->first).c_str());
-        }
+    FOREACH(it, privileges) {
+        LogInfo("Permission : " << it->name);
+        int length = DPL::ToUTF8String(it->name).length();
+        char *priv = (char*) calloc(1, (sizeof(char) * length) + 1);
+        snprintf(priv, length + 1, "%s",
+                DPL::ToUTF8String(it->name).c_str());
+        perm_list[index++] = priv;
     }
     perm_list[index] = NULL;
 
-    int result = app_add_permissions(
-            DPL::ToUTF8String(tzPkgid).c_str(),
-            const_cast<const char**>(perm_list));
-
-#else
-    const char* perm_list[0];
-    perm_list[0] = NULL;
-#endif
-    if (m_context.mode.installTime != InstallMode::InstallTime::PRELOAD) {
-        int result = app_add_permissions(
-                DPL::ToUTF8String(tzPkgid).c_str(), perm_list);
-        if (PC_OPERATION_SUCCESS != result) {
-            LogError("Failed to add permission to privilege");
-            ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
-                    "SMACK check failure");
-        }
+    if (PC_OPERATION_SUCCESS != app_enable_permissions(appId, APP_TYPE_WGT,
+                perm_list, true)) {
+        LogError("failure in contructing smack rules based on perm_list");
     }
 
     free(appId);
@@ -151,29 +217,32 @@ void TaskSmack::SmackPrivilegeStep()
 #endif
 }
 
-void TaskSmack::SmackTemporaryStep()
+void TaskSmack::StepAbortSmack()
 {
+    LogInfo("----------------> SMACK:\
+            Jobs::WidgetInstall::TaskSmack::StepAbortSmack()");
 #ifdef WRT_SMACK_ENABLED
-    //This step is temporary for smack
-
-    LogInfo("----------------> SMACK: \
-            Jobs::WidgetInstall::TaskSmack::SmackTemporaryStep()");
-    std::ostringstream commStr;
-    std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
-    commStr << SMACK_RULE_STR << " " << BashUtils::escape_arg(tzPkgid);
-    LogDebug("set smack rule command : " << commStr.str());
-
-    char readBuf[MAX_BUF_SIZE];
-    memset(readBuf, 0x00, MAX_BUF_SIZE);
-
-    FILE *fd;
-    fd = popen(commStr.str().c_str(), "r");
-    if (NULL == fd) {
-        LogError("Set smack rule failure. Failed to call script.");
-        ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
-                "SMACK check failure");
+    /* TODO :
+    std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzAppid);
+    std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
+    char* appId = NULL;
+    appId = (char*)calloc(1, id.length() + 1);
+    snprintf(appId, id.length() + 1, "%s", id.c_str());
+    */
+
+    std::string pkg = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
+    char* pkgId = NULL;
+    pkgId = (char*)calloc(1, pkg.length() + 1);
+    snprintf(pkgId, pkg.length() + 1, "%s", pkg.c_str());
+
+    if (PC_OPERATION_SUCCESS != app_revoke_permissions(pkgId)) {
+        LogError("failure in revoking smack permissions");
     }
-    pclose(fd);
+
+    if (PC_OPERATION_SUCCESS != app_uninstall(pkgId)) {
+        LogError("failure in removing smack rules file");
+    }
+    free(pkgId);
 #endif
 }
 
@@ -183,5 +252,75 @@ void TaskSmack::SetEndofInstallation()
         InstallerContext::INSTALL_END,
         "End installation");
 }
+
+bool TaskSmack::setLabelForSharedDir(const char* pkgId)
+{
+    /* shared directory */
+    if (PC_OPERATION_SUCCESS != app_label_dir("*",
+                m_context.locations->getSharedRootDir().c_str())) {
+        return false;
+    }
+
+    /* shared/res directory */
+    if (PC_OPERATION_SUCCESS != app_label_dir("_",
+                m_context.locations->getSharedResourceDir().c_str())) {
+        return false;
+    }
+
+    /* shared/trusted directory */
+    CertificatePtr rootCert = m_context.wacSecurity.getAuthorCertificatePtr();
+    if (rootCert.Get() != NULL) {
+        ValidationCore::Crypto::Hash::SHA1 sha1;
+        sha1.Append(rootCert->getDER());
+        sha1.Finish();
+        std::string sha1String = sha1.ToBase64String();
+        size_t iPos = sha1String.find("/");
+        while(iPos < std::string::npos) {
+            sha1String.replace(iPos, 1, "#");
+            iPos = sha1String.find("/");
+        }
+
+        LogDebug("sha1 label string : " << sha1String);
+
+        if (PC_OPERATION_SUCCESS != app_label_shared_dir(pkgId,
+                    sha1String.c_str(),
+                    m_context.locations->getSharedTrustedDir().c_str())) {
+            return false;
+        }
+    }
+
+    /* shared/data directory */
+    std::string dataLabel = std::string(pkgId) + "_shareddata";
+    TizenPkgIdList pkgList = WidgetDAOReadOnly::getTizenPkgidList();
+    const char** pList = new (std::nothrow) const char*[pkgList.size() + 1];
+
+    int index = 0;
+    FOREACH(app, pkgList) {
+        std::string id = DPL::ToUTF8String(*app);
+        char *pId = new char[id.size() + 1];
+        snprintf(pId, id.length() + 1, "%s", id.c_str());
+        pList[index++] = pId;
+    }
+
+    pList[index] = NULL;
+    if (PC_OPERATION_SUCCESS != app_label_shared_dir(pkgId,
+                dataLabel.c_str(),
+                m_context.locations->getSharedDataDir().c_str())) {
+        freeList(pList);
+        return false;
+    }
+    if (PC_OPERATION_SUCCESS != add_shared_dir_readers(dataLabel.c_str(), pList)) {
+        freeList(pList);
+        return false;
+    }
+    if (PC_OPERATION_SUCCESS != app_label_shared_dir(pkgId,
+                "*",
+                m_context.locations->getSharedDataDir().c_str())) {
+        freeList(pList);
+        return false;
+    }
+    freeList(pList);
+    return true;
+}
 } //namespace WidgetInstall
 } //namespace Jobs

diff --git a/src/jobs/widget_install/task_smack.h b/src/jobs/widget_install/task_smack.h
index 4b09f19..5dd15bf 100644 (file)
--- a/src/jobs/widget_install/task_smack.h
+++ b/src/jobs/widget_install/task_smack.h
@@ -38,8 +38,10 @@ class TaskSmack :
 
     void SmackFolderLabelingStep();
     void SmackPrivilegeStep();
-    void SmackTemporaryStep();
     void SetEndofInstallation();
+    void StepAbortSmack();
+
+    bool setLabelForSharedDir(const char* pkgId);
 
   public:
     TaskSmack(InstallerContext& context);

diff --git a/src/jobs/widget_uninstall/task_smack.cpp b/src/jobs/widget_uninstall/task_smack.cpp
index be66932..4e7d467 100644 (file)
--- a/src/jobs/widget_uninstall/task_smack.cpp
+++ b/src/jobs/widget_uninstall/task_smack.cpp
@@ -43,14 +43,18 @@ void TaskSmack::Step()
     LogInfo(
         "------------------------> SMACK: Jobs::WidgetUninstall::TaskSmack::Step()");
 #ifdef WRT_SMACK_ENABLED
-    int result = app_revoke_permissions(m_context.tzPkgid.c_str());
-    if (PC_OPERATION_SUCCESS != result) {
-        LogError("Revoke permissions failure : " << result);
+    const char* pkgId = m_context.tzPkgid.c_str();
+    if (PC_OPERATION_SUCCESS != app_revoke_permissions(pkgId)) {
+        LogError("failure in revoking smack permissions");
+    }
+
+    if (PC_OPERATION_SUCCESS != app_uninstall(pkgId)) {
+        LogError("failure in removing smack rules file");
     }
 
     m_context.job->UpdateProgress(
-        UninstallerContext::UNINSTALL_SMACK_ENABLE,
-        "Widget SMACK Enabled");
+        UninstallerContext::UNINSTALL_SMACK_DISABLE,
+        "Widget SMACK Disabled");
 #endif
 }
 } //namespace WidgetUninstall

diff --git a/src/jobs/widget_uninstall/uninstaller_context.h b/src/jobs/widget_uninstall/uninstaller_context.h
index f3eb7c1..3d9fe28 100644 (file)
--- a/src/jobs/widget_uninstall/uninstaller_context.h
+++ b/src/jobs/widget_uninstall/uninstaller_context.h
@@ -38,13 +38,13 @@ struct UninstallerContext
     enum UninstallStep
     {
         UNINSTALL_START,
-        UNINSTALL_SMACK_ENABLE,
         UNINSTALL_PRECHECK,
         UNINSTALL_REMOVE_WIDGETDIR,
         UNINSTALL_REMOVE_DESKTOP,
         UNINSTALL_REMOVE_FINISHED,
         UNINSTALL_DB_UPDATE,
         UNINSTALL_REMOVE_OSPSVC,
+        UNINSTALL_SMACK_DISABLE,
         UNINSTALL_END
     };