}
AddTask(new TaskFileManipulation(m_installerContext));
- // TODO: Update progress information for this task
-
- //This is sort of quick solution, because ACE verdicts are based upon
- //data from DAO (DB). So AceCheck for now has to be AFTER DbUpdate
- //task.
- AddTask(new TaskSmack(m_installerContext));
AddTask(new TaskManifestFile(m_installerContext));
if (m_installerContext.widgetConfig.packagingType ==
AddTask(new TaskCertificates(m_installerContext));
AddTask(new TaskDatabase(m_installerContext));
AddTask(new TaskAceCheck(m_installerContext));
+ AddTask(new TaskSmack(m_installerContext));
} else if (result == ConfigureResult::Updated) {
LogInfo("Configure installation updated");
LogInfo("Widget Update");
AddTask(new TaskUpdateFiles(m_installerContext));
}
- /* TODO : To backup file, save md5 values */
- AddTask(new TaskSmack(m_installerContext));
-
AddTask(new TaskManifestFile(m_installerContext));
if (m_installerContext.widgetConfig.packagingType ==
PKG_TYPE_HYBRID_WEB_APP)
//TODO: remove widgetHandle from this task and move before database task
// by now widget handle is needed in ace check
// Any error in acecheck while update will break widget
+ AddTask(new TaskSmack(m_installerContext));
} else if (result == ConfigureResult::Deferred) {
// Installation is deferred
LogInfo("Configure installation deferred");
#include <widget_install/widget_install_errors.h>
#include <widget_install/job_widget_install.h>
#include <dpl/foreach.h>
+#include <dpl/wrt-dao-ro/common_dao_types.h>
+#include <dpl/utils/bash_utils.h>
#ifdef WRT_SMACK_ENABLED
#include <privilege-control.h>
#endif
#include <sstream>
+namespace {
+const int MAX_BUF_SIZE = 128;
+const char* SMACK_RULE_STR = "/usr/bin/smackload-app.sh";
+}
+
namespace Jobs {
namespace WidgetInstall {
TaskSmack::TaskSmack(InstallerContext& context) :
DPL::TaskDecl<TaskSmack>(this),
m_context(context)
{
- AddStep(&TaskSmack::Step);
+ AddStep(&TaskSmack::SmackFolderLabelingStep);
+ AddStep(&TaskSmack::SmackPrivilegeStep);
+ AddStep(&TaskSmack::SmackTemporaryStep);
+}
+
+void TaskSmack::SmackFolderLabelingStep()
+{
+ LogInfo(
+ "----------------> SMACK: \
+ Jobs::WidgetInstall::TaskSmack::SmackFolderLabelingStep()");
+
+#ifdef WRT_SMACK_ENABLED
+ /* /opt/usr/apps/[pkgid] directory's label is "_" */
+ std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
+ if (PC_OPERATION_SUCCESS != app_label_dir("_",
+ m_context.locations->
+ getPackageInstallationDir().
+ c_str()))
+ {
+ LogError("Set smack failure. Failed to add label for app root directory");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "Add Label failure");
+ }
+
+ /* res directory */
+ std::string resDir = m_context.locations->getPackageInstallationDir() +
+ "/res";
+ if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
+ resDir.c_str()))
+ {
+ LogError("Set smack failure. Failed to add label for resource directory");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "Add Label failure");
+ }
+
+ /* bin directory */
+ if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
+ m_context.locations->getBinaryDir()
+ .c_str()))
+ {
+ LogError("Set smack failure. Failed to add label for binary directory");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "Add Label failure");
+ }
+
+ /* data directory */
+ if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
+ m_context.locations->
+ getPrivateStorageDir().c_str()))
+ {
+ LogError("Set smack failure. Failed to add label for private storage directory");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "Add Label failure");
+ }
+
+#endif
}
-void TaskSmack::Step()
+void TaskSmack::SmackPrivilegeStep()
{
- LogInfo("----------------> SMACK: Jobs::WidgetInstall::TaskSmack::Step()");
+ LogInfo(
+ "----------------> SMACK: \
+ Jobs::WidgetInstall::TaskSmack::SmackPrivilegeStep()");
#ifdef WRT_SMACK_ENABLED
- std::stringstream devcaps;
+ WrtDB::TizenPkgId tzPkgid = m_context.widgetConfig.tzPkgid;
+#if 0
+ char** perm_list = new char*[m_context.staticPermittedDevCaps.size()];
+
+ int index = 0;
FOREACH(it, m_context.staticPermittedDevCaps) {
if (it->second) {
- std::string utf8 = DPL::ToUTF8String(it->first);
- if (it != m_context.staticPermittedDevCaps.begin()) {
- devcaps << ",";
- }
- devcaps << utf8;
+ LogInfo("Permission : " << it->first);
+ perm_list[index++] =
+ const_cast<char*>(DPL::ToUTF8String(it->first).c_str());
+ }
+ }
+ perm_list[index] = NULL;
+
+ int result = app_add_permissions(
+ DPL::ToUTF8String(tzPkgid).c_str(),
+ const_cast<const char**>(perm_list));
+
+#else
+ const char* perm_list[0];
+ perm_list[0] = NULL;
+#endif
+ if (m_context.job->getInstallerStruct().m_installMode
+ != InstallMode::INSTALL_MODE_PRELOAD)
+ {
+ int result = app_add_permissions(
+ DPL::ToUTF8String(tzPkgid).c_str(), perm_list);
+ if (PC_OPERATION_SUCCESS != result) {
+ LogError("Failed to add permission to privilege");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "SMACK check failure");
}
}
- TizenAppId tzAppid = m_context.widgetConfig.tzAppid;
- int result = handle_access_control_conf_forWAC(
- DPL::ToUTF8String(tzAppid).c_str(),
- devcaps.str().c_str(),
- OPERATION_INSTALL);
- Assert(result == PC_OPERATION_SUCCESS && "access control setup failed");
+
m_context.job->UpdateProgress(
- UninstallerContext::INSTALL_SMACK_ENABLE,
+ InstallerContext::INSTALL_SMACK_ENABLE,
"Widget SMACK Enabled");
#endif
}
+void TaskSmack::SmackTemporaryStep()
+{
+#ifdef WRT_SMACK_ENABLED
+ //This step is temporary for smack
+
+ LogInfo("----------------> SMACK: \
+ Jobs::WidgetInstall::TaskSmack::SmackTemporaryStep()");
+ std::ostringstream commStr;
+ std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
+ commStr << SMACK_RULE_STR << " " << BashUtils::escape_arg(tzPkgid);
+ LogDebug("set smack rule command : " << commStr.str());
+
+ char readBuf[MAX_BUF_SIZE];
+ memset(readBuf, 0x00, MAX_BUF_SIZE);
+
+ FILE *fd;
+ fd = popen(commStr.str().c_str(), "r");
+ if (NULL == fd) {
+ LogError("Set smack rule failure. Failed to call script.");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "SMACK check failure");
+ }
+ pclose(fd);
+#endif
+}
+
} //namespace WidgetInstall
} //namespace Jobs
*/
#include <widget_uninstall/task_smack.h>
+#include <widget_uninstall/job_widget_uninstall.h>
#include <widget_uninstall/uninstaller_context.h>
#include <dpl/log/log.h>
#include <dpl/optional_typedefs.h>
LogInfo(
"------------------------> SMACK: Jobs::WidgetUninstall::TaskSmack::Step()");
#ifdef WRT_SMACK_ENABLED
- try {
- WrtDB::WidgetDAOReadOnly dao(m_context.widgetConfig.tzAppid);
- TizenAppId tzAppid = dao.getTzAppId();
- int result = handle_access_control_conf_forWAC(
- DPL::ToUTF8String(tzAppid).c_str(),
- NULL,
- OPERATION_UNINSTALL);
- Assert(result == PC_OPERATION_SUCCESS && "access control setup failed");
- } catch (WrtDB::WidgetDAOReadOnly::Exception) {
- Assert(false && "can't access widget data");
+ int result = app_revoke_permissions(m_context.tzPkgid.c_str());
+ if (PC_OPERATION_SUCCESS != result) {
+ LogError("Revoke permissions failure : " << result);
}
m_context.job->UpdateProgress(
- UninstallerContext::INSTALL_SMACK_ENABLE,
+ UninstallerContext::UNINSTALL_SMACK_ENABLE,
"Widget SMACK Enabled");
#endif
}