From: Taejeong Lee Date: Fri, 10 May 2013 12:19:34 +0000 (+0900) Subject: [Release] wrt-installer_0.1.58 X-Git-Tag: submit/tizen_2.1/20130514.055413^0 X-Git-Url: http://review.tizen.org/git/?p=framework%2Fweb%2Fwrt-installer.git;a=commitdiff_plain;h=077e68e7d8c91c5d18f2f73ece5c3c343645a434 [Release] wrt-installer_0.1.58 Change-Id: Ia6ca54247909363a538cc00bab88fb8819516d43 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index d095c83..b3933c5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -88,7 +88,7 @@ ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM) ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features ADD_DEFINITIONS("-std=c++0x") # accept C++11x standard -#ADD_DEFINITIONS("-DWRT_SMACK_ENABLED") +ADD_DEFINITIONS("-DWRT_SMACK_ENABLED") # enable smack ############################# Targets names ################################### diff --git a/packaging/wrt-installer.spec b/packaging/wrt-installer.spec index 7730d48..e61b691 100644 --- a/packaging/wrt-installer.spec +++ b/packaging/wrt-installer.spec @@ -1,7 +1,7 @@ -#git:framework/web/wrt-installer wrt-installer_0.1.57 +#git:framework/web/wrt-installer wrt-installer_0.1.58 Name: wrt-installer Summary: Installer for tizen Webruntime -Version: 0.1.57 +Version: 0.1.58 Release: 1 Group: Development/Libraries License: Apache License, Version 2.0 @@ -43,6 +43,7 @@ BuildRequires: pkgconfig(web-provider) BuildRequires: pkgconfig(libprivilege-control) BuildRequires: pkgconfig(osp-appfw) BuildRequires: osp-appfw-internal-devel +BuildRequires: pkgconfig(libsmack) Requires: osp-appfw Requires: osp-installer Requires: xmlsec1 diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 03997c0..8832baf 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -126,6 +126,7 @@ PKG_CHECK_MODULES(INSTALLER_STATIC_DEP pkgmgr-info web-provider osp-appfw + libsmack REQUIRED ) diff --git a/src/jobs/widget_install/job_widget_install.cpp b/src/jobs/widget_install/job_widget_install.cpp index 72c2332..546d263 100644 --- a/src/jobs/widget_install/job_widget_install.cpp +++ b/src/jobs/widget_install/job_widget_install.cpp @@ -197,7 +197,6 @@ JobWidgetInstall::JobWidgetInstall( } AddTask(new TaskFileManipulation(m_installerContext)); - AddTask(new TaskManifestFile(m_installerContext)); if (m_installerContext.widgetConfig.packagingType == PKG_TYPE_HYBRID_WEB_APP) diff --git a/src/jobs/widget_install/task_smack.cpp b/src/jobs/widget_install/task_smack.cpp index 2957cfa..9769276 100644 --- a/src/jobs/widget_install/task_smack.cpp +++ b/src/jobs/widget_install/task_smack.cpp @@ -24,20 +24,30 @@ #include #include #include -#include #include +#include +#include #include +#include +#include #ifdef WRT_SMACK_ENABLED #include +#include #endif - #include +using namespace WrtDB; +using namespace ValidationCore; + namespace { const int MAX_BUF_SIZE = 128; -#ifdef WRT_SMACK_ENABLED -const char* SMACK_RULE_STR = "/usr/bin/smackload-app.sh"; -#endif +void freeList(const char** list) { + for (int i = 0; list[i] != NULL; i++) + { + delete(list[i]); + } + delete[] list; +} } namespace Jobs { @@ -48,99 +58,155 @@ TaskSmack::TaskSmack(InstallerContext& context) : { AddStep(&TaskSmack::SmackFolderLabelingStep); AddStep(&TaskSmack::SmackPrivilegeStep); - AddStep(&TaskSmack::SmackTemporaryStep); AddStep(&TaskSmack::SetEndofInstallation); + + AddAbortStep(&TaskSmack::StepAbortSmack); } void TaskSmack::SmackFolderLabelingStep() { - LogInfo( - "----------------> SMACK: \ + LogInfo("----------------> SMACK:\ Jobs::WidgetInstall::TaskSmack::SmackFolderLabelingStep()"); - #ifdef WRT_SMACK_ENABLED + std::string pkg = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid); + char* pkgId = NULL; + pkgId = (char*)calloc(1, pkg.length() + 1); + snprintf(pkgId, pkg.length() + 1, "%s", pkg.c_str()); + + if (m_context.widgetConfig.packagingType != + WrtDB::PkgType::PKG_TYPE_HYBRID_WEB_APP) + { + if (PC_OPERATION_SUCCESS != app_install(pkgId)) { + free(pkgId); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "failure in creating smack rules file."); + } + } + /* /opt/usr/apps/[pkgid] directory's label is "_" */ - std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid); if (PC_OPERATION_SUCCESS != app_label_dir("_", - m_context.locations-> - getPackageInstallationDir(). - c_str())) - { - LogError("Set smack failure. Failed to add label for app root directory"); + m_context.locations->getPackageInstallationDir().c_str())) { + free(pkgId); ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " - "Add Label failure"); + "Add Label failure"); } /* res directory */ std::string resDir = m_context.locations->getPackageInstallationDir() + "/res"; - if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(), - resDir.c_str())) + if (PC_OPERATION_SUCCESS != app_label_dir(pkgId, + resDir.c_str())) { + free(pkgId); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + + /* for prealod */ + if (m_context.mode.installTime == InstallMode::InstallTime::PRELOAD) { - LogError("Set smack failure. Failed to add label for resource directory"); + if (PC_OPERATION_SUCCESS != app_label_dir("_", + m_context.locations->getUserDataRootDir().c_str())) { + free(pkgId); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + } + + /* data directory */ + if (PC_OPERATION_SUCCESS != app_label_dir(pkgId, + m_context.locations->getPrivateStorageDir().c_str())) { + free(pkgId); ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " - "Add Label failure"); + "Add Label failure"); } /* bin directory */ - if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(), - m_context.locations->getBinaryDir() - .c_str())) - { - LogError("Set smack failure. Failed to add label for binary directory"); + if (PC_OPERATION_SUCCESS != app_label_dir(pkgId, + m_context.locations->getBinaryDir().c_str())) { + free(pkgId); ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " - "Add Label failure"); + "Add Label failure"); } - /* data directory */ - if (PC_OPERATION_SUCCESS != app_label_dir(tzPkgid.c_str(), - m_context.locations-> - getPrivateStorageDir().c_str())) - { - LogError("Set smack failure. Failed to add label for private storage directory"); + if(!setLabelForSharedDir(pkgId)) { + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + + free(pkgId); + + /* TODO : set label at wrt-client + + std::string app = DPL::ToUTF8String(m_context.widgetConfig.tzAppid); + char* appId = NULL; + appId = (char*)calloc(1, app.length() + 1); + snprintf(appId, app.length() + 1, "%s", app.c_str()); + + if (0 != smack_lsetlabel(m_context.locations->getExecFile().c_str(), + appId, SMACK_LABEL_ACCESS)) { + free(pkgId); + free(appId); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add ACESS Label for binary failure"); + } + + if (0 != smack_lsetlabel(m_context.locations->getExecFile().c_str(), + appId, SMACK_LABEL_EXEC)) { + free(pkgId); + free(appId); ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " - "Add Label failure"); + "Add EXEC Label for binary failure"); } + if (PC_OPERATION_SUCCESS != app_add_friend(pkgId, appId)) { + free(pkgId); + free(appId); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add friend failure"); + } + + if (PC_OPERATION_SUCCESS != app_label_shared_dir(appId, pkgId, + m_context.locations->getBinaryDir().c_str())) { + free(pkgId); + free(appId); + ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " + "Add Label failure"); + } + */ #endif } void TaskSmack::SmackPrivilegeStep() { - LogInfo( - "----------------> SMACK: \ + LogInfo("----------------> SMACK:\ Jobs::WidgetInstall::TaskSmack::SmackPrivilegeStep()"); #ifdef WRT_SMACK_ENABLED - WrtDB::TizenPkgId tzPkgid = m_context.widgetConfig.tzPkgid; -#if 0 - char** perm_list = new char*[m_context.staticPermittedDevCaps.size()]; + /* TODO : + std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzAppid); + */ + std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid); + char* appId = NULL; + appId = (char*)calloc(1, id.length() + 1); + snprintf(appId, id.length() + 1, "%s", id.c_str()); + WrtDB::ConfigParserData::PrivilegeList privileges = + m_context.widgetConfig.configInfo.privilegeList; + + const char** perm_list = new const char*[privileges.size() + 1]; int index = 0; - FOREACH(it, m_context.staticPermittedDevCaps) { - if (it->second) { - LogInfo("Permission : " << it->first); - perm_list[index++] = - const_cast(DPL::ToUTF8String(it->first).c_str()); - } + FOREACH(it, privileges) { + LogInfo("Permission : " << it->name); + int length = DPL::ToUTF8String(it->name).length(); + char *priv = (char*) calloc(1, (sizeof(char) * length) + 1); + snprintf(priv, length + 1, "%s", + DPL::ToUTF8String(it->name).c_str()); + perm_list[index++] = priv; } perm_list[index] = NULL; - int result = app_add_permissions( - DPL::ToUTF8String(tzPkgid).c_str(), - const_cast(perm_list)); - -#else - const char* perm_list[0]; - perm_list[0] = NULL; -#endif - if (m_context.mode.installTime != InstallMode::InstallTime::PRELOAD) { - int result = app_add_permissions( - DPL::ToUTF8String(tzPkgid).c_str(), perm_list); - if (PC_OPERATION_SUCCESS != result) { - LogError("Failed to add permission to privilege"); - ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " - "SMACK check failure"); - } + if (PC_OPERATION_SUCCESS != app_enable_permissions(appId, APP_TYPE_WGT, + perm_list, true)) { + LogError("failure in contructing smack rules based on perm_list"); } free(appId); @@ -151,29 +217,32 @@ void TaskSmack::SmackPrivilegeStep() #endif } -void TaskSmack::SmackTemporaryStep() +void TaskSmack::StepAbortSmack() { + LogInfo("----------------> SMACK:\ + Jobs::WidgetInstall::TaskSmack::StepAbortSmack()"); #ifdef WRT_SMACK_ENABLED - //This step is temporary for smack - - LogInfo("----------------> SMACK: \ - Jobs::WidgetInstall::TaskSmack::SmackTemporaryStep()"); - std::ostringstream commStr; - std::string tzPkgid = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid); - commStr << SMACK_RULE_STR << " " << BashUtils::escape_arg(tzPkgid); - LogDebug("set smack rule command : " << commStr.str()); - - char readBuf[MAX_BUF_SIZE]; - memset(readBuf, 0x00, MAX_BUF_SIZE); - - FILE *fd; - fd = popen(commStr.str().c_str(), "r"); - if (NULL == fd) { - LogError("Set smack rule failure. Failed to call script."); - ThrowMsg(Exceptions::NotAllowed, "Instalation failure. " - "SMACK check failure"); + /* TODO : + std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzAppid); + std::string id = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid); + char* appId = NULL; + appId = (char*)calloc(1, id.length() + 1); + snprintf(appId, id.length() + 1, "%s", id.c_str()); + */ + + std::string pkg = DPL::ToUTF8String(m_context.widgetConfig.tzPkgid); + char* pkgId = NULL; + pkgId = (char*)calloc(1, pkg.length() + 1); + snprintf(pkgId, pkg.length() + 1, "%s", pkg.c_str()); + + if (PC_OPERATION_SUCCESS != app_revoke_permissions(pkgId)) { + LogError("failure in revoking smack permissions"); } - pclose(fd); + + if (PC_OPERATION_SUCCESS != app_uninstall(pkgId)) { + LogError("failure in removing smack rules file"); + } + free(pkgId); #endif } @@ -183,5 +252,75 @@ void TaskSmack::SetEndofInstallation() InstallerContext::INSTALL_END, "End installation"); } + +bool TaskSmack::setLabelForSharedDir(const char* pkgId) +{ + /* shared directory */ + if (PC_OPERATION_SUCCESS != app_label_dir("*", + m_context.locations->getSharedRootDir().c_str())) { + return false; + } + + /* shared/res directory */ + if (PC_OPERATION_SUCCESS != app_label_dir("_", + m_context.locations->getSharedResourceDir().c_str())) { + return false; + } + + /* shared/trusted directory */ + CertificatePtr rootCert = m_context.wacSecurity.getAuthorCertificatePtr(); + if (rootCert.Get() != NULL) { + ValidationCore::Crypto::Hash::SHA1 sha1; + sha1.Append(rootCert->getDER()); + sha1.Finish(); + std::string sha1String = sha1.ToBase64String(); + size_t iPos = sha1String.find("/"); + while(iPos < std::string::npos) { + sha1String.replace(iPos, 1, "#"); + iPos = sha1String.find("/"); + } + + LogDebug("sha1 label string : " << sha1String); + + if (PC_OPERATION_SUCCESS != app_label_shared_dir(pkgId, + sha1String.c_str(), + m_context.locations->getSharedTrustedDir().c_str())) { + return false; + } + } + + /* shared/data directory */ + std::string dataLabel = std::string(pkgId) + "_shareddata"; + TizenPkgIdList pkgList = WidgetDAOReadOnly::getTizenPkgidList(); + const char** pList = new (std::nothrow) const char*[pkgList.size() + 1]; + + int index = 0; + FOREACH(app, pkgList) { + std::string id = DPL::ToUTF8String(*app); + char *pId = new char[id.size() + 1]; + snprintf(pId, id.length() + 1, "%s", id.c_str()); + pList[index++] = pId; + } + + pList[index] = NULL; + if (PC_OPERATION_SUCCESS != app_label_shared_dir(pkgId, + dataLabel.c_str(), + m_context.locations->getSharedDataDir().c_str())) { + freeList(pList); + return false; + } + if (PC_OPERATION_SUCCESS != add_shared_dir_readers(dataLabel.c_str(), pList)) { + freeList(pList); + return false; + } + if (PC_OPERATION_SUCCESS != app_label_shared_dir(pkgId, + "*", + m_context.locations->getSharedDataDir().c_str())) { + freeList(pList); + return false; + } + freeList(pList); + return true; +} } //namespace WidgetInstall } //namespace Jobs diff --git a/src/jobs/widget_install/task_smack.h b/src/jobs/widget_install/task_smack.h index 4b09f19..5dd15bf 100644 --- a/src/jobs/widget_install/task_smack.h +++ b/src/jobs/widget_install/task_smack.h @@ -38,8 +38,10 @@ class TaskSmack : void SmackFolderLabelingStep(); void SmackPrivilegeStep(); - void SmackTemporaryStep(); void SetEndofInstallation(); + void StepAbortSmack(); + + bool setLabelForSharedDir(const char* pkgId); public: TaskSmack(InstallerContext& context); diff --git a/src/jobs/widget_uninstall/task_smack.cpp b/src/jobs/widget_uninstall/task_smack.cpp index be66932..4e7d467 100644 --- a/src/jobs/widget_uninstall/task_smack.cpp +++ b/src/jobs/widget_uninstall/task_smack.cpp @@ -43,14 +43,18 @@ void TaskSmack::Step() LogInfo( "------------------------> SMACK: Jobs::WidgetUninstall::TaskSmack::Step()"); #ifdef WRT_SMACK_ENABLED - int result = app_revoke_permissions(m_context.tzPkgid.c_str()); - if (PC_OPERATION_SUCCESS != result) { - LogError("Revoke permissions failure : " << result); + const char* pkgId = m_context.tzPkgid.c_str(); + if (PC_OPERATION_SUCCESS != app_revoke_permissions(pkgId)) { + LogError("failure in revoking smack permissions"); + } + + if (PC_OPERATION_SUCCESS != app_uninstall(pkgId)) { + LogError("failure in removing smack rules file"); } m_context.job->UpdateProgress( - UninstallerContext::UNINSTALL_SMACK_ENABLE, - "Widget SMACK Enabled"); + UninstallerContext::UNINSTALL_SMACK_DISABLE, + "Widget SMACK Disabled"); #endif } } //namespace WidgetUninstall diff --git a/src/jobs/widget_uninstall/uninstaller_context.h b/src/jobs/widget_uninstall/uninstaller_context.h index f3eb7c1..3d9fe28 100644 --- a/src/jobs/widget_uninstall/uninstaller_context.h +++ b/src/jobs/widget_uninstall/uninstaller_context.h @@ -38,13 +38,13 @@ struct UninstallerContext enum UninstallStep { UNINSTALL_START, - UNINSTALL_SMACK_ENABLE, UNINSTALL_PRECHECK, UNINSTALL_REMOVE_WIDGETDIR, UNINSTALL_REMOVE_DESKTOP, UNINSTALL_REMOVE_FINISHED, UNINSTALL_DB_UPDATE, UNINSTALL_REMOVE_OSPSVC, + UNINSTALL_SMACK_DISABLE, UNINSTALL_END };