1 // Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
2 // Use of this source code is governed by an apache 2.0 license that can be
3 // found in the LICENSE file.
5 #include "common/step/security/step_recover_signature.h"
10 #include "common/certificate_validation.h"
11 #include "common/utils/file_util.h"
13 namespace fs = std::filesystem;
17 fs::path GetSignatureFilePath(bool is_readonly) {
18 return fs::path((is_readonly) ?
19 tzplatform_getenv(TZ_SYS_RO_SHARE) : tzplatform_getenv(TZ_SYS_SHARE)) /
23 bool RemoveSignatureBackup(const std::string& pkgid, bool is_readonly) {
24 fs::path path = GetSignatureFilePath(is_readonly);
25 fs::path backup_path = fs::path(path) / std::string(pkgid + "_backup.txt");
27 return common_installer::Remove(backup_path);
30 bool RecoverSignatureFile(const std::string& pkgid, bool is_readonly) {
31 fs::path path = GetSignatureFilePath(is_readonly);
32 fs::path target_path = fs::path(path) / std::string(pkgid + ".txt");
33 fs::path backup_path = fs::path(path) / std::string(pkgid + "_backup.txt");
35 if (fs::exists(backup_path) &&
36 !common_installer::MoveFile(backup_path, target_path, true))
44 namespace common_installer {
47 Step::Status StepRecoverSignature::RecoveryNew() {
48 fs::path path = GetSignatureFilePath(context_->is_readonly_package.get());
49 path /= std::string(context_->pkgid.get() + ".txt");
50 if (!common_installer::Remove(path))
51 return Status::CERT_ERROR;
56 Step::Status StepRecoverSignature::RecoveryUpdate() {
57 std::string error_message;
58 PrivilegeLevel level = PrivilegeLevel::UNTRUSTED;
60 if (!RecoverSignatureFile(context_->pkgid.get(),
61 context_->is_readonly_package.get()))
62 return Status::CERT_ERROR;
64 if (!ValidateSignatures(GetSignatureRoot(), &level,
65 &context_->certificate_info.get(), false,
67 LOG(ERROR) << "Failed to verify signature: " << error_message;
68 return Status::CERT_ERROR;
71 if (level == PrivilegeLevel::UNTRUSTED) {
72 // if priv level is untrusted, get priv level from backed up signature file
73 if (!GetSignatureFromFile(context_->pkgid.get(),
74 context_->is_readonly_package.get(), &level,
75 &context_->certificate_info.get())) {
76 LOG(INFO) << "Unable to get privilege level from file";
77 return Status::CERT_ERROR;
83 context_->privilege_level.set(level);
87 Step::Status StepRecoverSignature::RecoveryReadonlyUpdateInstall() {
88 std::string error_message;
89 PrivilegeLevel level = PrivilegeLevel::UNTRUSTED;
90 if (!ValidateSignatures(GetSignatureRoot(), &level,
91 &context_->certificate_info.get(), false,
93 LOG(ERROR) << "Failed to verify signature: " << error_message;
94 return Status::CERT_ERROR;
97 if (level == PrivilegeLevel::UNTRUSTED) {
98 if (!GetSignatureFromFile(context_->pkgid.get(),
99 context_->is_readonly_package.get(), &level,
100 &context_->certificate_info.get())) {
101 LOG(INFO) << "Unable to get privilege level from file";
102 return Status::CERT_ERROR;
106 if (context_->is_readonly_package.get())
107 level = PrivilegeLevel::PLATFORM;
109 context_->privilege_level.set(level);
113 Step::Status StepRecoverSignature::Cleanup() {
114 if (!RemoveSignatureBackup(context_->pkgid.get(),
115 context_->is_readonly_package.get())) {
116 LOG(ERROR) << "Failed to remove signature backup";
122 } // namespace security
123 } // namespace common_installer