1 // Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
2 // Use of this source code is governed by an apache-2.0 license that can be
3 // found in the LICENSE file.
5 #include "common/signature.h"
7 #include <tzplatform_config.h>
15 #include "common/certificate_validation.h"
16 #include "common/utils/pkgmgr_query.h"
17 #include "common/utils/glist_range.h"
18 #include "common/utils/file_util.h"
19 #include "common/utils/request.h"
21 namespace ci = common_installer;
22 namespace fs = std::filesystem;
24 namespace common_installer {
26 bool Signature::SetPath() {
27 fs::path path = fs::path((is_readonly_package_) ?
28 tzplatform_getenv(TZ_SYS_RO_SHARE) : tzplatform_getenv(TZ_SYS_SHARE)) /
33 file_path_ = path / std::string(pkgid_ + ".txt");
34 backup_path_ = path / std::string(pkgid_ + "_backup.txt");
35 if (fs::exists(backup_path_))
36 fs::remove(backup_path_);
37 if (fs::exists(file_path_))
38 fs::rename(file_path_, backup_path_);
42 bool Signature::CheckSignatures(bool check_reference, PrivilegeLevel* level,
43 std::filesystem::path sig_root_path,
44 std::string *error_message) {
45 if (!ValidateSignatures(sig_root_path, level, cert_info_,
46 check_reference, error_message))
51 bool Signature::GetPrivilegeLevel(std::filesystem::path sig_root_path,
52 PrivilegeLevel* level,
53 std::string* error_message) {
54 bool check_reference = true;
55 if (request_type_ == ci::RequestType::Reinstall ||
56 request_type_ == ci::RequestType::ReadonlyUpdateUninstall ||
58 (skip_check_reference_ ||
59 request_type_ == ci::RequestType::ManifestDirectInstall ||
60 request_type_ == ci::RequestType::ManifestDirectUpdate ||
61 request_type_ == ci::RequestType::ManifestPartialInstall ||
62 request_type_ == ci::RequestType::ManifestPartialUpdate)))
63 check_reference = false;
64 if (!CheckSignatures(check_reference, level, std::move(sig_root_path),
68 if (*level == PrivilegeLevel::UNTRUSTED)
69 if (!GetSignatureFromFile(pkgid_, is_readonly_package_, level, cert_info_))
70 LOG(INFO) << "Unable to get privilege level from file";
72 if (is_readonly_package_)
73 *level = PrivilegeLevel::PLATFORM;
78 bool Signature::CheckMetadataPrivilege(PrivilegeLevel level,
80 std::string* error_message) {
81 if (is_readonly_package_)
83 for (application_x* app : GListRange<application_x*>(manifest->application)) {
84 if (!ValidateMetadataPrivilege(level, manifest->api_version,
85 app->metadata, error_message))
91 bool Signature::StoreSignature(std::ofstream* ofs,
92 const ValidationCore::CertificatePtr& cert,
93 const ValidationCore::CertificatePtr& im_cert,
94 const ValidationCore::CertificatePtr& root_cert) {
97 *ofs << ((cert) ? cert->getBase64() : "") << std::endl;
98 *ofs << ((im_cert) ? im_cert->getBase64() : "") << std::endl;
99 *ofs << ((root_cert) ? root_cert->getBase64() : "") << std::endl;
103 bool Signature::Store() {
105 std::ofstream ofs(file_path_);
106 if (!StoreSignature(&ofs,
107 cert_info_->dist2_cert.get(),
108 cert_info_->dist2_im_cert.get(),
109 cert_info_->dist2_root_cert.get()) ||
110 !StoreSignature(&ofs,
111 cert_info_->dist_cert.get(),
112 cert_info_->dist_im_cert.get(),
113 cert_info_->dist_root_cert.get()))
117 SyncFile(file_path_);
121 bool Signature::RemoveSignature(const fs::path& path) {
122 // dist signatures cannot be removed when mount install/update
123 if (request_type_ == RequestType::MountInstall ||
124 request_type_ == RequestType::MountUpdate)
127 for (fs::directory_iterator file(path);
128 file != fs::directory_iterator();
131 fs::path file_path(file->path());
133 if (fs::is_symlink(symlink_status(file_path)) ||
134 fs::is_directory(file_path))
137 std::regex distributor_regex("^(signature)([1-9][0-9]*)(\\.xml)");
138 if (std::regex_search(file_path.filename().string(), distributor_regex)) {
139 if (!common_installer::Remove(file_path)) {
140 LOG(ERROR) << "Failed to remove signature file";
144 } catch (const fs::filesystem_error& error) {
145 LOG(ERROR) << "Failed to remove signature files: " << error.what();
154 bool Signature::SaveSignature(const fs::path& path) {
155 if (!SetPath() || !Store() || !RemoveSignature(path))
160 const fs::path& Signature::GetFilePath() const {
164 const fs::path& Signature::GetBackupPath() const {
168 } // namespace common_installer