1 // Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
2 // Use of this source code is governed by an apache-2.0 license that can be
3 // found in the LICENSE file.
5 #include "common/signature.h"
7 #include <tzplatform_config.h>
15 #include "common/certificate_validation.h"
16 #include "common/utils/pkgmgr_query.h"
17 #include "common/utils/glist_range.h"
18 #include "common/utils/file_util.h"
19 #include "common/utils/request.h"
21 namespace ci = common_installer;
22 namespace fs = std::filesystem;
24 namespace common_installer {
26 bool Signature::SetPath() {
27 fs::path path = fs::path((is_readonly_package_) ?
28 tzplatform_getenv(TZ_SYS_RO_SHARE) : tzplatform_getenv(TZ_SYS_SHARE)) /
33 file_path_ = path / std::string(pkgid_ + ".txt");
34 backup_path_ = path / std::string(pkgid_ + "_backup.txt");
35 if (fs::exists(backup_path_))
36 fs::remove(backup_path_);
37 if (fs::exists(file_path_))
38 fs::rename(file_path_, backup_path_);
42 bool Signature::CheckSignatures(bool check_reference, PrivilegeLevel* level,
43 std::filesystem::path sig_root_path,
44 std::string *error_message) {
45 if (!ValidateSignatures(sig_root_path, level, cert_info_,
46 check_reference, error_message))
51 bool Signature::GetPrivilegeLevel(std::filesystem::path sig_root_path,
52 PrivilegeLevel* level,
53 std::string* error_message) {
54 bool check_reference = true;
55 if (request_type_ == ci::RequestType::Reinstall ||
56 request_type_ == ci::RequestType::ReadonlyUpdateUninstall ||
58 (skip_check_reference_ ||
59 request_type_ == ci::RequestType::ManifestDirectInstall ||
60 request_type_ == ci::RequestType::ManifestDirectUpdate ||
61 request_type_ == ci::RequestType::ManifestPartialInstall ||
62 request_type_ == ci::RequestType::ManifestPartialUpdate)))
63 check_reference = false;
64 if (!CheckSignatures(check_reference, level, sig_root_path, error_message))
67 if (*level == PrivilegeLevel::UNTRUSTED)
68 if (!GetSignatureFromFile(pkgid_, is_readonly_package_, level, cert_info_))
69 LOG(INFO) << "Unable to get privilege level from file";
71 if (is_readonly_package_)
72 *level = PrivilegeLevel::PLATFORM;
77 bool Signature::CheckMetadataPrivilege(PrivilegeLevel level,
79 std::string* error_message) {
80 if (is_readonly_package_)
82 for (application_x* app : GListRange<application_x*>(manifest->application)) {
83 if (!ValidateMetadataPrivilege(level, manifest->api_version,
84 app->metadata, error_message))
90 bool Signature::StoreSignature(std::ofstream* ofs,
91 const ValidationCore::CertificatePtr& cert,
92 const ValidationCore::CertificatePtr& im_cert,
93 const ValidationCore::CertificatePtr& root_cert) {
96 *ofs << ((cert) ? cert->getBase64() : "") << std::endl;
97 *ofs << ((im_cert) ? im_cert->getBase64() : "") << std::endl;
98 *ofs << ((root_cert) ? root_cert->getBase64() : "") << std::endl;
102 bool Signature::Store() {
104 std::ofstream ofs(file_path_);
105 if (!StoreSignature(&ofs,
106 cert_info_->dist2_cert.get(),
107 cert_info_->dist2_im_cert.get(),
108 cert_info_->dist2_root_cert.get()) ||
109 !StoreSignature(&ofs,
110 cert_info_->dist_cert.get(),
111 cert_info_->dist_im_cert.get(),
112 cert_info_->dist_root_cert.get()))
116 SyncFile(file_path_);
120 bool Signature::RemoveSignature(const fs::path& path) {
121 // dist signatures cannot be removed when mount install/update
122 if (request_type_ == RequestType::MountInstall ||
123 request_type_ == RequestType::MountUpdate)
126 for (fs::directory_iterator file(path);
127 file != fs::directory_iterator();
130 fs::path file_path(file->path());
132 if (fs::is_symlink(symlink_status(file_path)) ||
133 fs::is_directory(file_path))
136 std::regex distributor_regex("^(signature)([1-9][0-9]*)(\\.xml)");
137 if (std::regex_search(file_path.filename().string(), distributor_regex)) {
138 if (!common_installer::Remove(file_path)) {
139 LOG(ERROR) << "Failed to remove signature file";
143 } catch (const fs::filesystem_error& error) {
144 LOG(ERROR) << "Failed to remove signature files: " << error.what();
153 bool Signature::SaveSignature(const fs::path& path) {
154 if (!SetPath() || !Store() || !RemoveSignature(path))
159 const fs::path& Signature::GetFilePath() const {
163 const fs::path& Signature::GetBackupPath() const {
167 } // namespace common_installer