aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2015-12-11 22:55:11 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2015-12-11 22:55:11 +0100
commit12a227a2fc574cf0fd560453e1cdd15c50550abb (patch)
tree279f52c897e44951ca6d3a66ec2b3e0e2befb634
parent7e1027342a3cff95635ba2107f283321cf0efa08 (diff)
more work
Change-Id: I7eac968a21766be44068463bcab8aaaa3d12941f
-rw-r--r--src/Makefile.am12
-rw-r--r--src/secmgr-wrap.c66
-rw-r--r--src/secmgr-wrap.h2
-rw-r--r--src/verbose.c16
-rw-r--r--src/verbose.h2
-rw-r--r--src/wgtpkg-digsig.c4
-rw-r--r--src/wgtpkg-files.c1
-rw-r--r--src/wgtpkg-install.c101
-rw-r--r--src/wgtpkg-permissions.c18
-rw-r--r--src/wgtpkg.h2
10 files changed, 148 insertions, 76 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index a538a38..8b7abff 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -28,19 +28,21 @@ APPFWK = \
#pkgsysconfdir = $(sysconfdir)
pkgsysconfdir = .
-
+#deffwdir = $(datadir)/af
+deffwdir = ./af
+defappdir = $(deffwdir)/applications
+deficondir = $(deffwdir)/icons
AM_CFLAGS = -Wall -Wno-pointer-sign
AM_CFLAGS += -ffunction-sections -fdata-sections
AM_CFLAGS += ${ZIP_CFLAGS} ${XML2_CFLAGS} ${OPENSSL_CFLAGS} ${XMLSEC_CFLAGS}
-
-
+AM_CFLAGS += -Isimulation
AM_CFLAGS += -DPKGSYSCONFDIR=\"$(pkgsysconfdir)\"
AM_CFLAGS += -DPREFIXPERMISSION=\"urn:agl-perm:\"
-AM_CFLAGS += -DICONDESTDIR=\"\"
-
+AM_CFLAGS += -DICONDESTDIR=\"$(deficondir)\"
+AM_CFLAGS += -DAPPDEFDIR=\"$(defappdir)\"
AM_LDFLAGS = -Wl,--gc-sections
diff --git a/src/secmgr-wrap.c b/src/secmgr-wrap.c
index c95160f..75c63ca 100644
--- a/src/secmgr-wrap.c
+++ b/src/secmgr-wrap.c
@@ -17,49 +17,9 @@
#include <string.h>
#include <errno.h>
#include <assert.h>
+#include <syslog.h>
-#if 0
#include <security-manager.h>
-#else
-#include <stdio.h>
-#include <stdint.h>
-enum lib_retcode {
- SECURITY_MANAGER_SUCCESS,
- SECURITY_MANAGER_ERROR_INPUT_PARAM,
- SECURITY_MANAGER_ERROR_MEMORY,
- SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE,
- SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- SECURITY_MANAGER_ERROR_ACCESS_DENIED
-};
-enum app_install_path_type {
- SECURITY_MANAGER_PATH_PUBLIC_RO,
- SECURITY_MANAGER_PATH_RO,
- SECURITY_MANAGER_PATH_RW
-};
-typedef void app_inst_req;
-static int diese = 0;
-#define security_manager_app_inst_req_free(r) \
- (printf("security_manager_app_inst_req_free(%p)\n",r),(void)0)
-
-#define security_manager_app_inst_req_new(pr) \
- (*(pr)=(void*)(intptr_t)(++diese), printf("security_manager_app_inst_req_new(%p)\n",*pr), SECURITY_MANAGER_SUCCESS)
-
-#define security_manager_app_inst_req_set_pkg_id(r,i) \
- (printf("security_manager_app_inst_req_set_pkg_id(%p,\"%s\")\n",r,i), SECURITY_MANAGER_SUCCESS)
-
-#define security_manager_app_inst_req_set_app_id(r,i) \
- (printf("security_manager_app_inst_req_set_app_id(%p,\"%s\")\n",r,i), SECURITY_MANAGER_SUCCESS)
-
-#define security_manager_app_inst_req_add_privilege(r,p) \
- (printf("security_manager_app_inst_req_add_privilege(%p,\"%s\")\n",r,p), SECURITY_MANAGER_SUCCESS)
-
-#define security_manager_app_inst_req_add_path(r,p,t) \
- (printf("security_manager_app_inst_req_add_path(%p,\"%s\",%d)\n",r,p,t), SECURITY_MANAGER_SUCCESS)
-
-#define security_manager_app_install(r) \
- (printf("security_manager_app_install(%p)\n",r), SECURITY_MANAGER_SUCCESS)
-
-#endif
#include "secmgr-wrap.h"
@@ -79,15 +39,22 @@ static int retcode(enum lib_retcode rc)
return -1;
}
-int secmgr_init(const char *pkgid, const char *appid)
+int secmgr_init(const char *id)
{
int rc;
assert(request == NULL);
rc = security_manager_app_inst_req_new(&request);
- if (rc == SECURITY_MANAGER_SUCCESS) {
- rc = security_manager_app_inst_req_set_pkg_id(request, pkgid);
- if (rc == SECURITY_MANAGER_SUCCESS)
- rc = security_manager_app_inst_req_set_app_id(request, appid);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_inst_req_new failed");
+ else {
+ rc = security_manager_app_inst_req_set_pkg_id(request, id);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_inst_req_set_pkg_id failed");
+ else {
+ rc = security_manager_app_inst_req_set_app_id(request, id);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_inst_req_set_app_id failed");
+ }
}
if (rc != SECURITY_MANAGER_SUCCESS)
secmgr_cancel();
@@ -105,6 +72,9 @@ int secmgr_install()
int rc;
assert(request != NULL);
rc = security_manager_app_install(request);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_install failed");
+ security_manager_app_inst_req_free(request);
return retcode(rc);
}
@@ -113,6 +83,8 @@ int secmgr_permit(const char *permission)
int rc;
assert(request != NULL);
rc = security_manager_app_inst_req_add_privilege(request, permission);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_inst_add_privilege %s failed", permission);
return retcode(rc);
}
@@ -121,6 +93,8 @@ static int addpath(const char *pathname, enum app_install_path_type type)
int rc;
assert(request != NULL);
rc = security_manager_app_inst_req_add_path(request, pathname, type);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_inst_add_path %s failed", pathname);
return retcode(rc);
}
diff --git a/src/secmgr-wrap.h b/src/secmgr-wrap.h
index 81bc02c..3558c69 100644
--- a/src/secmgr-wrap.h
+++ b/src/secmgr-wrap.h
@@ -14,7 +14,7 @@
limitations under the License.
*/
-int secmgr_init(const char *pkgid, const char *appid);
+int secmgr_init(const char *id);
void secmgr_cancel();
int secmgr_install();
int secmgr_permit(const char *permission);
diff --git a/src/verbose.c b/src/verbose.c
index 1472a90..fa7ea3f 100644
--- a/src/verbose.c
+++ b/src/verbose.c
@@ -18,19 +18,3 @@
int verbosity = 1;
-int verbose_scan_args(int argc, char **argv)
-{
- int i, r;
- for (i=r=0 ; i < argc ; i++) {
- if (!strcmp(argv[i], "-q"))
- verbosity = verbosity ? verbosity-1 : 0;
- else if (!strcmp(argv[i], "-v"))
- verbosity++;
- else
- argv[r++] = argv[i];
- }
- argv[r] = NULL;
- return r;
-}
-
-
diff --git a/src/verbose.h b/src/verbose.h
index 0a15564..9e5e784 100644
--- a/src/verbose.h
+++ b/src/verbose.h
@@ -17,8 +17,8 @@
extern int verbosity;
#define warning(...) do{if(verbosity)syslog(LOG_WARNING,__VA_ARGS__);}while(0)
+#define warning(...) do{if(verbosity)syslog(LOG_WARNING,__VA_ARGS__);}while(0)
#define notice(...) do{if(verbosity)syslog(LOG_NOTICE,__VA_ARGS__);}while(0)
#define info(...) do{if(verbosity)syslog(LOG_INFO,__VA_ARGS__);}while(0)
#define debug(...) do{if(verbosity>1)syslog(LOG_DEBUG,__VA_ARGS__);}while(0)
-extern int verbose_scan_args(int argc, char **argv);
diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c
index 80428fa..984127b 100644
--- a/src/wgtpkg-digsig.c
+++ b/src/wgtpkg-digsig.c
@@ -209,7 +209,7 @@ static int check_references(xmlNodePtr sinfo)
if (f->type == type_file) {
flags = f->flags;
if (!(flags & (flag_signature | flag_referenced))) {
- syslog(LOG_ERR, "file not referenced in signature", f->name);
+ syslog(LOG_ERR, "file not referenced in signature: %s", f->name);
result = -1;
}
}
@@ -385,7 +385,7 @@ int create_digsig(int index, const char *key, const char **certs)
len = xmlSaveDoc(ctx, doc);
if (len < 0) {
syslog(LOG_ERR, "xmlSaveDoc to %s failed", fdesc->name);
- goto error2;
+ goto error4;
}
rc = 0;
diff --git a/src/wgtpkg-files.c b/src/wgtpkg-files.c
index 8840fa9..16d94e2 100644
--- a/src/wgtpkg-files.c
+++ b/src/wgtpkg-files.c
@@ -22,6 +22,7 @@
#include <dirent.h>
#include <stdio.h>
#include <fcntl.h>
+#include <unistd.h>
#include "wgtpkg.h"
diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c
index dc746c2..37a47ff 100644
--- a/src/wgtpkg-install.c
+++ b/src/wgtpkg-install.c
@@ -20,6 +20,8 @@
#include <syslog.h>
#include <string.h>
#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
#include "verbose.h"
#include "wgtpkg.h"
@@ -110,7 +112,7 @@ static int move_widget(const char *root, const struct wgt_desc *desc, int force)
rc = snprintf(newdir, sizeof newdir, "%s/%s/%s", root, desc->id, desc->version);
if (rc >= sizeof newdir) {
- syslog(LOG_ERR, "path to long: %s/%s/%s", root, desc->id, desc->version);
+ syslog(LOG_ERR, "path to long in move_widget");
errno = EINVAL;
return -1;
}
@@ -118,11 +120,96 @@ static int move_widget(const char *root, const struct wgt_desc *desc, int force)
return move_workdir(newdir, 1, force);
}
-static int install_security(struct wgt_info *ifo)
+static int install_icon(const struct wgt_desc *desc)
{
+ char link[PATH_MAX];
+ char target[PATH_MAX];
int rc;
- rc = secmgr_init(wgt_info_desc(ifo)->
+ rc = snprintf(link, sizeof link, "%s/%s@%s", ICONDESTDIR, desc->id, desc->version);
+ if (rc >= sizeof link) {
+ syslog(LOG_ERR, "link to long in install_icon");
+ errno = EINVAL;
+ return -1;
+ }
+
+ rc = snprintf(target, sizeof target, "%s/%s", workdir, desc->icons->src);
+ if (rc >= sizeof target) {
+ syslog(LOG_ERR, "target to long in install_icon");
+ errno = EINVAL;
+ return -1;
+ }
+
+ unlink(link);
+ rc = symlink(target, link);
+ if (rc)
+ syslog(LOG_ERR, "can't create link %s -> %s", link, target);
+ return rc;
+}
+
+static int install_security(const struct wgt_desc *desc)
+{
+ char path[PATH_MAX], *head;
+ const char *icon, *perm;
+ int rc, len, lic, lf;
+ unsigned int i, n;
+ struct filedesc *f;
+
+ rc = secmgr_init(desc->id);
+ if (rc)
+ goto error;
+
+ rc = secmgr_path_public_read_only(workdir);
+ if (rc)
+ goto error2;
+
+ /* instal the files */
+ head = stpcpy(path, workdir);
+ assert(sizeof path > (head - path));
+ len = (int)(sizeof path - (head - path));
+ if (!len) {
+ syslog(LOG_ERR, "root path too long in install_security");
+ errno = ENAMETOOLONG;
+ goto error2;
+ }
+ len--;
+ *head++ = '/';
+ icon = desc->icons->src;
+ lic = (int)strlen(icon);
+ n = file_count();
+ i = 0;
+ while(i < n) {
+ f = file_of_index(i++);
+ lf = (int)strlen(f->name);
+ if (lf >= len) {
+ syslog(LOG_ERR, "path too long in install_security");
+ errno = ENAMETOOLONG;
+ goto error2;
+ }
+ strcpy(head, f->name);
+ if (lf <= lic && !memcmp(f->name, icon, lf) && (!f->name[lf] || f->name[lf] == '/'))
+ rc = secmgr_path_public_read_only(path);
+ else
+ rc = secmgr_path_read_only(path);
+ if (rc)
+ goto error2;
+ }
+
+ /* install the permissions */
+ perm = first_usable_permission();
+ while(perm) {
+ rc = secmgr_permit(perm);
+ if (rc)
+ goto error2;
+ perm = next_usable_permission();
+ }
+
+ rc = secmgr_install();
+ return rc;
+error2:
+ secmgr_cancel();
+error:
+ return -1;
}
/* install the widget of the file */
@@ -134,7 +221,7 @@ void install_widget(const char *wgtfile, const char *root, int force)
notice("-- INSTALLING widget %s --", wgtfile);
/* workdir */
- if (make_workdir_base(root, "UNPACK", 0)) {
+ if (make_workdir_base(root, "TMP", 0)) {
syslog(LOG_ERR, "failed to create a working directory");
goto error1;
}
@@ -156,7 +243,11 @@ void install_widget(const char *wgtfile, const char *root, int force)
if (move_widget(root, desc, force))
goto error3;
-
+ if (install_icon(desc))
+ goto error3;
+
+ if (install_security(desc))
+ goto error3;
return;
diff --git a/src/wgtpkg-permissions.c b/src/wgtpkg-permissions.c
index 25758e4..e20cede 100644
--- a/src/wgtpkg-permissions.c
+++ b/src/wgtpkg-permissions.c
@@ -33,6 +33,7 @@ static const char prefix_of_permissions[] = PREFIXPERMISSION;
static int nrpermissions = 0;
static struct permission *permissions = NULL;
+static int indexiter = 0;
/* check is the name has the correct prefix for permissions */
int is_standard_permission(const char *name)
@@ -130,3 +131,20 @@ int request_permission(const char *name)
return 0;
}
+/* iteration over granted and requested permissions */
+const char *first_usable_permission()
+{
+ indexiter = 0;
+ return next_usable_permission();
+}
+
+const char *next_usable_permission()
+{
+ while(indexiter < nrpermissions) {
+ struct permission *p = &permissions[indexiter++];
+ if (p->granted && p->requested)
+ return p->name;
+ }
+ return NULL;
+}
+
diff --git a/src/wgtpkg.h b/src/wgtpkg.h
index 95c2f37..52a78dc 100644
--- a/src/wgtpkg.h
+++ b/src/wgtpkg.h
@@ -102,6 +102,8 @@ extern void crop_permissions(unsigned level);
extern void grant_permission_list(const char *list);
extern int permission_exists(const char *name);
extern int request_permission(const char *name);
+extern const char *first_usable_permission();
+extern const char *next_usable_permission();
/**************************************************************/
/* from wgtpkg-workdir */