Sync code with private

author Jihoon Chung <jihoon.chung@samsung.com>

Tue, 23 Apr 2013 05:29:23 +0000 (14:29 +0900)

committer Gerrit Code Review <gerrit2@kim11>

Tue, 23 Apr 2013 05:57:14 +0000 (14:57 +0900)
author Jihoon Chung <jihoon.chung@samsung.com>
Tue, 23 Apr 2013 05:29:23 +0000 (14:29 +0900)
committer Gerrit Code Review <gerrit2@kim11>
Tue, 23 Apr 2013 05:57:14 +0000 (14:57 +0900)
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt

index 994b6ce..5e33b52 100644 (file)
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -145,6 +145,7 @@ PKG_CHECK_MODULES(SYS_INSTALLER_STATIC_DEP
      capi-appfw-app-manager
      app2sd
      vconf
+    libprivilege-control
      REQUIRED
  )
  
diff --git a/src/jobs/widget_install/job_widget_install.cpp b/src/jobs/widget_install/job_widget_install.cpp

index 239f8d1..e2b2086 100644 (file)
--- a/src/jobs/widget_install/job_widget_install.cpp
+++ b/src/jobs/widget_install/job_widget_install.cpp
@@ -194,12 +194,6 @@ JobWidgetInstall::JobWidgetInstall(
          }
  
          AddTask(new TaskFileManipulation(m_installerContext));
-        // TODO: Update progress information for this task
-
-        //This is sort of quick solution, because ACE verdicts are based upon
-        //data from DAO (DB). So AceCheck for now has to be AFTER DbUpdate
-        //task.
-        AddTask(new TaskSmack(m_installerContext));
  
          AddTask(new TaskManifestFile(m_installerContext));
          if (m_installerContext.widgetConfig.packagingType ==
@@ -210,6 +204,7 @@ JobWidgetInstall::JobWidgetInstall(
          AddTask(new TaskCertificates(m_installerContext));
          AddTask(new TaskDatabase(m_installerContext));
          AddTask(new TaskAceCheck(m_installerContext));
+        AddTask(new TaskSmack(m_installerContext));
      } else if (result == ConfigureResult::Updated) {
          LogInfo("Configure installation updated");
          LogInfo("Widget Update");
@@ -249,9 +244,6 @@ JobWidgetInstall::JobWidgetInstall(
              AddTask(new TaskUpdateFiles(m_installerContext));
          }
  
-        /* TODO : To backup file, save md5 values */
-        AddTask(new TaskSmack(m_installerContext));
-
          AddTask(new TaskManifestFile(m_installerContext));
          if (m_installerContext.widgetConfig.packagingType ==
              PKG_TYPE_HYBRID_WEB_APP)
@@ -268,6 +260,7 @@ JobWidgetInstall::JobWidgetInstall(
          //TODO: remove widgetHandle from this task and move before database task
          // by now widget handle is needed in ace check
          // Any error in acecheck while update will break widget
+        AddTask(new TaskSmack(m_installerContext));
      } else if (result == ConfigureResult::Deferred) {
          // Installation is deferred
          LogInfo("Configure installation deferred");
diff --git a/src/jobs/widget_install/task_smack.cpp b/src/jobs/widget_install/task_smack.cpp

index 75d0fc8..a9c285a 100644 (file)
--- a/src/jobs/widget_install/task_smack.cpp
+++ b/src/jobs/widget_install/task_smack.cpp
@@ -25,46 +25,154 @@
  #include <widget_install/widget_install_errors.h>
  #include <widget_install/job_widget_install.h>
  #include <dpl/foreach.h>
+#include <dpl/wrt-dao-ro/common_dao_types.h>
+#include <dpl/utils/bash_utils.h>
  #ifdef WRT_SMACK_ENABLED
  #include <privilege-control.h>
  #endif
  
  #include <sstream>
  
+namespace {
+const int MAX_BUF_SIZE = 128;
+const char* SMACK_RULE_STR = "/usr/bin/smackload-app.sh";
+}
+
  namespace Jobs {
  namespace WidgetInstall {
  TaskSmack::TaskSmack(InstallerContext& context) :
      DPL::TaskDecl<TaskSmack>(this),
      m_context(context)
  {
-    AddStep(&TaskSmack::Step);
+    AddStep(&TaskSmack::SmackFolderLabelingStep);
+    AddStep(&TaskSmack::SmackPrivilegeStep);
+    AddStep(&TaskSmack::SmackTemporaryStep);
+}
+
+void TaskSmack::SmackFolderLabelingStep()
+{
+    LogInfo(
+        "----------------> SMACK: \
+            Jobs::WidgetInstall::TaskSmack::SmackFolderLabelingStep()");
+
+#ifdef WRT_SMACK_ENABLED
+    /* /opt/usr/apps/[pkgid] directory's label is "_" */
+    std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
+    if (PC_OPERATION_SUCCESS != app_label_dir("_",
+                                              m_context.locations->
+                                                  getPackageInstallationDir().
+                                                  c_str()))
+    {
+        LogError("Set smack failure. Failed to add label for app root directory");
+        ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                                         "Add Label failure");
+    }
+
+    /* res directory */
+    std::string resDir = m_context.locations->getPackageInstallationDir() +
+        "/res";
+    if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
+                                              resDir.c_str()))
+    {
+        LogError("Set smack failure. Failed to add label for resource directory");
+        ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                                         "Add Label failure");
+    }
+
+    /* bin directory */
+    if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
+                                              m_context.locations->getBinaryDir()
+                                                  .c_str()))
+    {
+        LogError("Set smack failure. Failed to add label for binary directory");
+        ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                                         "Add Label failure");
+    }
+
+    /* data directory */
+    if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
+                                              m_context.locations->
+                                                  getPrivateStorageDir().c_str()))
+    {
+        LogError("Set smack failure. Failed to add label for private storage directory");
+        ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                                         "Add Label failure");
+    }
+
+#endif
  }
  
-void TaskSmack::Step()
+void TaskSmack::SmackPrivilegeStep()
  {
-    LogInfo("----------------> SMACK: Jobs::WidgetInstall::TaskSmack::Step()");
+    LogInfo(
+        "----------------> SMACK: \
+            Jobs::WidgetInstall::TaskSmack::SmackPrivilegeStep()");
  #ifdef WRT_SMACK_ENABLED
-    std::stringstream devcaps;
+    WrtDB::TizenPkgId tzPkgid = m_context.widgetConfig.tzPkgid;
+#if 0
+    char** perm_list = new char*[m_context.staticPermittedDevCaps.size()];
+
+    int index = 0;
      FOREACH(it, m_context.staticPermittedDevCaps) {
          if (it->second) {
-            std::string utf8 = DPL::ToUTF8String(it->first);
-            if (it != m_context.staticPermittedDevCaps.begin()) {
-                devcaps << ",";
-            }
-            devcaps << utf8;
+            LogInfo("Permission : " << it->first);
+            perm_list[index++] =
+                const_cast<char*>(DPL::ToUTF8String(it->first).c_str());
+        }
+    }
+    perm_list[index] = NULL;
+
+    int result = app_add_permissions(
+            DPL::ToUTF8String(tzPkgid).c_str(),
+            const_cast<const char**>(perm_list));
+
+#else
+    const char* perm_list[0];
+    perm_list[0] = NULL;
+#endif
+    if (m_context.job->getInstallerStruct().m_installMode
+            != InstallMode::INSTALL_MODE_PRELOAD)
+    {
+        int result = app_add_permissions(
+                DPL::ToUTF8String(tzPkgid).c_str(), perm_list);
+        if (PC_OPERATION_SUCCESS != result) {
+            LogError("Failed to add permission to privilege");
+            ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                    "SMACK check failure");
          }
      }
-    TizenAppId tzAppid = m_context.widgetConfig.tzAppid;
-    int result = handle_access_control_conf_forWAC(
-            DPL::ToUTF8String(tzAppid).c_str(),
-            devcaps.str().c_str(),
-            OPERATION_INSTALL);
-    Assert(result == PC_OPERATION_SUCCESS && "access control setup failed");
+
      m_context.job->UpdateProgress(
-        UninstallerContext::INSTALL_SMACK_ENABLE,
+        InstallerContext::INSTALL_SMACK_ENABLE,
          "Widget SMACK Enabled");
  #endif
  }
  
+void TaskSmack::SmackTemporaryStep()
+{
+#ifdef WRT_SMACK_ENABLED
+    //This step is temporary for smack
+
+    LogInfo("----------------> SMACK: \
+            Jobs::WidgetInstall::TaskSmack::SmackTemporaryStep()");
+    std::ostringstream commStr;
+    std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
+    commStr << SMACK_RULE_STR << " " << BashUtils::escape_arg(tzPkgid);
+    LogDebug("set smack rule command : " << commStr.str());
+
+    char readBuf[MAX_BUF_SIZE];
+    memset(readBuf, 0x00, MAX_BUF_SIZE);
+
+    FILE *fd;
+    fd = popen(commStr.str().c_str(), "r");
+    if (NULL == fd) {
+        LogError("Set smack rule failure. Failed to call script.");
+        ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+                "SMACK check failure");
+    }
+    pclose(fd);
+#endif
+}
+
  } //namespace WidgetInstall
  } //namespace Jobs
diff --git a/src/jobs/widget_install/task_smack.h b/src/jobs/widget_install/task_smack.h

index ce05d29..b602819 100644 (file)
--- a/src/jobs/widget_install/task_smack.h
+++ b/src/jobs/widget_install/task_smack.h
@@ -36,7 +36,9 @@ class TaskSmack :
    private:
      InstallerContext& m_context;
  
-    void Step();
+    void SmackFolderLabelingStep();
+    void SmackPrivilegeStep();
+    void SmackTemporaryStep();
  
    public:
      TaskSmack(InstallerContext& context);
diff --git a/src/jobs/widget_uninstall/task_smack.cpp b/src/jobs/widget_uninstall/task_smack.cpp

index d437ed1..be66932 100644 (file)
--- a/src/jobs/widget_uninstall/task_smack.cpp
+++ b/src/jobs/widget_uninstall/task_smack.cpp
@@ -21,6 +21,7 @@
   */
  
  #include <widget_uninstall/task_smack.h>
+#include <widget_uninstall/job_widget_uninstall.h>
  #include <widget_uninstall/uninstaller_context.h>
  #include <dpl/log/log.h>
  #include <dpl/optional_typedefs.h>
@@ -42,20 +43,13 @@ void TaskSmack::Step()
      LogInfo(
          "------------------------> SMACK: Jobs::WidgetUninstall::TaskSmack::Step()");
  #ifdef WRT_SMACK_ENABLED
-    try {
-        WrtDB::WidgetDAOReadOnly dao(m_context.widgetConfig.tzAppid);
-        TizenAppId tzAppid = dao.getTzAppId();
-        int result = handle_access_control_conf_forWAC(
-                DPL::ToUTF8String(tzAppid).c_str(),
-                NULL,
-                OPERATION_UNINSTALL);
-        Assert(result == PC_OPERATION_SUCCESS && "access control setup failed");
-    } catch (WrtDB::WidgetDAOReadOnly::Exception) {
-        Assert(false && "can't access widget data");
+    int result = app_revoke_permissions(m_context.tzPkgid.c_str());
+    if (PC_OPERATION_SUCCESS != result) {
+        LogError("Revoke permissions failure : " << result);
      }
  
      m_context.job->UpdateProgress(
-        UninstallerContext::INSTALL_SMACK_ENABLE,
+        UninstallerContext::UNINSTALL_SMACK_ENABLE,
          "Widget SMACK Enabled");
  #endif
  }
author	Jihoon Chung <jihoon.chung@samsung.com>
	Tue, 23 Apr 2013 05:29:23 +0000 (14:29 +0900)
committer	Gerrit Code Review <gerrit2@kim11>
	Tue, 23 Apr 2013 05:57:14 +0000 (14:57 +0900)
src/CMakeLists.txt		patch \| blob \| history
src/jobs/widget_install/job_widget_install.cpp		patch \| blob \| history
src/jobs/widget_install/task_smack.cpp		patch \| blob \| history
src/jobs/widget_install/task_smack.h		patch \| blob \| history
src/jobs/widget_uninstall/task_smack.cpp		patch \| blob \| history