1 // Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
2 // Use of this source code is governed by a apache 2.0 license that can be
3 // found in the LICENSE file.
5 #include "common/step/security/step_revoke_trust_anchor.h"
7 #include <trust-anchor.h>
12 #include "common/utils/file_util.h"
14 namespace common_installer {
17 namespace fs = std::filesystem;
21 const char kTpkTrustAnchorPath[] = "res/.trust-anchor";
22 const char kWgtTrustAnchorPath[] = ".trust-anchor";
23 const char kWgt[] = "wgt";
27 Step::Status StepRevokeTrustAnchor::undo() {
28 manifest_x* manifest = context_->old_manifest_data.get();
30 LOG(ERROR) << "old_manifest_data attribute is empty";
31 return Step::Status::INVALID_VALUE;
34 if (!manifest->use_system_certs)
35 return Step::Status::OK;
37 fs::path pkg_certs_path = context_->GetPkgPath() / kTpkTrustAnchorPath;
38 if (!context_->pkg_type.get().compare(kWgt)) {
40 // create [pkg_root]/res/.trust-anchor directory and create symbolic link
41 if (fs::exists(pkg_certs_path)) {
42 for (fs::directory_iterator file(pkg_certs_path);
43 file != fs::directory_iterator(); ++file) {
44 fs::path current(file->path());
45 if (fs::is_symlink(symlink_status(current))) {
46 if (!fs::remove(current)) {
47 LOG(ERROR) << "Failed to remove previous symlink : " << current;
48 return Step::Status::APP_DIR_ERROR;
53 if (!common_installer::CreateDir(pkg_certs_path))
54 return Step::Status::APP_DIR_ERROR;
57 fs::path pkg_certs_src_path =
58 context_->GetPkgPath() / "res/wgt" / kWgtTrustAnchorPath;
59 for (fs::directory_iterator file(pkg_certs_src_path);
60 file != fs::directory_iterator(); ++file) {
61 fs::path current(file->path());
63 fs::create_symlink(current, pkg_certs_path / current.filename());
64 } catch (const fs::filesystem_error& error) {
65 LOG(ERROR) << "Failed to make trust anchor symlink : " << error.what();
66 return Step::Status::APP_DIR_ERROR;
71 int ret = trust_anchor_install(context_->pkgid.get().c_str(),
72 context_->uid.get(), pkg_certs_path.c_str(),
73 (strcasecmp(manifest->use_system_certs, "true") == 0) ? true : false);
75 if (ret != TRUST_ANCHOR_ERROR_NONE) {
76 LOG(ERROR) << "Failed to register trust anchor. error : " << ret;
77 return Step::Status::SECURITY_ERROR;
80 return Step::Status::OK;
83 } // namespace security
84 } // namespace common_installer