-#git:framework/web/wrt-installer wrt-installer 0.1.36
+#git:framework/web/wrt-installer wrt-installer 0.1.37
Name: wrt-installer
Summary: Installer for tizen Webruntime
-Version: 0.1.36
+Version: 0.1.37
Release: 1
Group: Development/Libraries
License: Apache License, Version 2.0
capi-appfw-app-manager
app2sd
vconf
+ libprivilege-control
REQUIRED
)
}
AddTask(new TaskFileManipulation(m_installerContext));
- // TODO: Update progress information for this task
-
- //This is sort of quick solution, because ACE verdicts are based upon
- //data from DAO (DB). So AceCheck for now has to be AFTER DbUpdate
- //task.
- AddTask(new TaskSmack(m_installerContext));
AddTask(new TaskManifestFile(m_installerContext));
if (m_installerContext.widgetConfig.packagingType ==
AddTask(new TaskCertificates(m_installerContext));
AddTask(new TaskDatabase(m_installerContext));
AddTask(new TaskAceCheck(m_installerContext));
+ AddTask(new TaskSmack(m_installerContext));
} else if (result == ConfigureResult::Updated) {
LogInfo("Configure installation updated");
LogInfo("Widget Update");
AddTask(new TaskUpdateFiles(m_installerContext));
}
- /* TODO : To backup file, save md5 values */
- AddTask(new TaskSmack(m_installerContext));
-
AddTask(new TaskManifestFile(m_installerContext));
if (m_installerContext.widgetConfig.packagingType ==
PKG_TYPE_HYBRID_WEB_APP)
//TODO: remove widgetHandle from this task and move before database task
// by now widget handle is needed in ace check
// Any error in acecheck while update will break widget
+ AddTask(new TaskSmack(m_installerContext));
} else if (result == ConfigureResult::Deferred) {
// Installation is deferred
LogInfo("Configure installation deferred");
// Check running state
bool isRunning = false;
- int retval =
+ int ret =
app_manager_is_running(DPL::ToUTF8String(update.tzAppId).c_str(),
&isRunning);
- if (APP_MANAGER_ERROR_NONE != retval || isRunning) {
+ if (APP_MANAGER_ERROR_NONE != ret) {
LogError("Fail to get running state");
return ConfigureResult::Failed_WidgetRunning;
}
+ if (true == isRunning) {
+ // get app_context for running application
+ // app_context must be released with app_context_destroy
+ app_context_h appCtx = NULL;
+ ret =
+ app_manager_get_app_context(
+ DPL::ToUTF8String(update.tzAppId).c_str(),
+ &appCtx);
+ if (APP_MANAGER_ERROR_NONE != ret) {
+ LogError("Fail to get app_context");
+ return ConfigureResult::Failed_WidgetRunning;
+ }
+
+ // terminate app_context_h
+ ret = app_manager_terminate_app(appCtx);
+ if (APP_MANAGER_ERROR_NONE != ret) {
+ LogError("Fail to terminate running application");
+ app_context_destroy(appCtx);
+ return ConfigureResult::Failed_WidgetRunning;
+ } else {
+ app_context_destroy(appCtx);
+ // app_manager_terminate_app isn't sync API
+ // wait until application isn't running (50ms * 100)
+ bool isStillRunning = true;
+ int checkingloop = 100;
+ struct timespec duration = { 0, 50 * 1000 * 1000 };
+ while (--checkingloop >= 0) {
+ nanosleep(&duration, NULL);
+ int ret =
+ app_manager_is_running(
+ DPL::ToUTF8String(update.tzAppId).c_str(),
+ &isStillRunning);
+ if (APP_MANAGER_ERROR_NONE != ret) {
+ LogError("Fail to get running state");
+ return ConfigureResult::Failed_WidgetRunning;
+ }
+ if (!isStillRunning) {
+ break;
+ }
+ }
+ if (isStillRunning) {
+ LogError("Fail to terminate running application");
+ return ConfigureResult::Failed_WidgetRunning;
+ }
+ LogInfo("terminate application");
+ }
+ }
+
m_installerContext.widgetConfig.tzAppid = update.tzAppId;
if (isUpperVersion(update.existingVersion, update.incomingVersion) ||
#include <widget_install/widget_install_errors.h>
#include <widget_install/job_widget_install.h>
#include <dpl/foreach.h>
+#include <dpl/wrt-dao-ro/common_dao_types.h>
+#include <dpl/utils/bash_utils.h>
#ifdef WRT_SMACK_ENABLED
#include <privilege-control.h>
#endif
#include <sstream>
+namespace {
+const int MAX_BUF_SIZE = 128;
+const char* SMACK_RULE_STR = "/usr/bin/smackload-app.sh";
+}
+
namespace Jobs {
namespace WidgetInstall {
TaskSmack::TaskSmack(InstallerContext& context) :
DPL::TaskDecl<TaskSmack>(this),
m_context(context)
{
- AddStep(&TaskSmack::Step);
+ AddStep(&TaskSmack::SmackFolderLabelingStep);
+ AddStep(&TaskSmack::SmackPrivilegeStep);
+ AddStep(&TaskSmack::SmackTemporaryStep);
+}
+
+void TaskSmack::SmackFolderLabelingStep()
+{
+ LogInfo(
+ "----------------> SMACK: \
+ Jobs::WidgetInstall::TaskSmack::SmackFolderLabelingStep()");
+
+#ifdef WRT_SMACK_ENABLED
+ /* /opt/usr/apps/[pkgid] directory's label is "_" */
+ std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
+ if (PC_OPERATION_SUCCESS != app_label_dir("_",
+ m_context.locations->
+ getPackageInstallationDir().
+ c_str()))
+ {
+ LogError("Set smack failure. Failed to add label for app root directory");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "Add Label failure");
+ }
+
+ /* res directory */
+ std::string resDir = m_context.locations->getPackageInstallationDir() +
+ "/res";
+ if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
+ resDir.c_str()))
+ {
+ LogError("Set smack failure. Failed to add label for resource directory");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "Add Label failure");
+ }
+
+ /* bin directory */
+ if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
+ m_context.locations->getBinaryDir()
+ .c_str()))
+ {
+ LogError("Set smack failure. Failed to add label for binary directory");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "Add Label failure");
+ }
+
+ /* data directory */
+ if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(),
+ m_context.locations->
+ getPrivateStorageDir().c_str()))
+ {
+ LogError("Set smack failure. Failed to add label for private storage directory");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "Add Label failure");
+ }
+
+#endif
}
-void TaskSmack::Step()
+void TaskSmack::SmackPrivilegeStep()
{
- LogInfo("----------------> SMACK: Jobs::WidgetInstall::TaskSmack::Step()");
+ LogInfo(
+ "----------------> SMACK: \
+ Jobs::WidgetInstall::TaskSmack::SmackPrivilegeStep()");
#ifdef WRT_SMACK_ENABLED
- std::stringstream devcaps;
+ WrtDB::TizenPkgId tzPkgid = m_context.widgetConfig.tzPkgid;
+#if 0
+ char** perm_list = new char*[m_context.staticPermittedDevCaps.size()];
+
+ int index = 0;
FOREACH(it, m_context.staticPermittedDevCaps) {
if (it->second) {
- std::string utf8 = DPL::ToUTF8String(it->first);
- if (it != m_context.staticPermittedDevCaps.begin()) {
- devcaps << ",";
- }
- devcaps << utf8;
+ LogInfo("Permission : " << it->first);
+ perm_list[index++] =
+ const_cast<char*>(DPL::ToUTF8String(it->first).c_str());
+ }
+ }
+ perm_list[index] = NULL;
+
+ int result = app_add_permissions(
+ DPL::ToUTF8String(tzPkgid).c_str(),
+ const_cast<const char**>(perm_list));
+
+#else
+ const char* perm_list[0];
+ perm_list[0] = NULL;
+#endif
+ if (m_context.job->getInstallerStruct().m_installMode
+ != InstallMode::INSTALL_MODE_PRELOAD)
+ {
+ int result = app_add_permissions(
+ DPL::ToUTF8String(tzPkgid).c_str(), perm_list);
+ if (PC_OPERATION_SUCCESS != result) {
+ LogError("Failed to add permission to privilege");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "SMACK check failure");
}
}
- TizenAppId tzAppid = m_context.widgetConfig.tzAppid;
- int result = handle_access_control_conf_forWAC(
- DPL::ToUTF8String(tzAppid).c_str(),
- devcaps.str().c_str(),
- OPERATION_INSTALL);
- Assert(result == PC_OPERATION_SUCCESS && "access control setup failed");
+
m_context.job->UpdateProgress(
- UninstallerContext::INSTALL_SMACK_ENABLE,
+ InstallerContext::INSTALL_SMACK_ENABLE,
"Widget SMACK Enabled");
#endif
}
+void TaskSmack::SmackTemporaryStep()
+{
+#ifdef WRT_SMACK_ENABLED
+ //This step is temporary for smack
+
+ LogInfo("----------------> SMACK: \
+ Jobs::WidgetInstall::TaskSmack::SmackTemporaryStep()");
+ std::ostringstream commStr;
+ std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid);
+ commStr << SMACK_RULE_STR << " " << BashUtils::escape_arg(tzPkgid);
+ LogDebug("set smack rule command : " << commStr.str());
+
+ char readBuf[MAX_BUF_SIZE];
+ memset(readBuf, 0x00, MAX_BUF_SIZE);
+
+ FILE *fd;
+ fd = popen(commStr.str().c_str(), "r");
+ if (NULL == fd) {
+ LogError("Set smack rule failure. Failed to call script.");
+ ThrowMsg(Exceptions::NotAllowed, "Instalation failure. "
+ "SMACK check failure");
+ }
+ pclose(fd);
+#endif
+}
+
} //namespace WidgetInstall
} //namespace Jobs
private:
InstallerContext& m_context;
- void Step();
+ void SmackFolderLabelingStep();
+ void SmackPrivilegeStep();
+ void SmackTemporaryStep();
public:
TaskSmack(InstallerContext& context);
* @version 1.0
* @brief Header file for widget uninstall task check
*/
-#include <time.h>
+#include <ctime>
#include <dpl/sstream.h>
#include <widget_uninstall/task_check.h>
#include <widget_uninstall/job_widget_uninstall.h>
*/
#include <widget_uninstall/task_smack.h>
+#include <widget_uninstall/job_widget_uninstall.h>
#include <widget_uninstall/uninstaller_context.h>
#include <dpl/log/log.h>
#include <dpl/optional_typedefs.h>
LogInfo(
"------------------------> SMACK: Jobs::WidgetUninstall::TaskSmack::Step()");
#ifdef WRT_SMACK_ENABLED
- try {
- WrtDB::WidgetDAOReadOnly dao(m_context.widgetConfig.tzAppid);
- TizenAppId tzAppid = dao.getTzAppId();
- int result = handle_access_control_conf_forWAC(
- DPL::ToUTF8String(tzAppid).c_str(),
- NULL,
- OPERATION_UNINSTALL);
- Assert(result == PC_OPERATION_SUCCESS && "access control setup failed");
- } catch (WrtDB::WidgetDAOReadOnly::Exception) {
- Assert(false && "can't access widget data");
+ int result = app_revoke_permissions(m_context.tzPkgid.c_str());
+ if (PC_OPERATION_SUCCESS != result) {
+ LogError("Revoke permissions failure : " << result);
}
m_context.job->UpdateProgress(
- UninstallerContext::INSTALL_SMACK_ENABLE,
+ UninstallerContext::UNINSTALL_SMACK_ENABLE,
"Widget SMACK Enabled");
#endif
}
LogDebug("pkgmgr_client_check_pkginfo_from_file() is called");
package_manager_pkg_detail_info_t *pkg_detail_info;
pkg_detail_info = (package_manager_pkg_detail_info_t*)malloc(
- sizeof(package_manager_pkg_info_t));
+ sizeof(package_manager_pkg_detail_info_t));
int ret = getWidgetDetailInfoFromPackage(pkg_path, pkg_detail_info);
if (FALSE == ret) {
LogError("Failed to get package detail info ");