From 12a227a2fc574cf0fd560453e1cdd15c50550abb Mon Sep 17 00:00:00 2001 From: José Bollo Date: Fri, 11 Dec 2015 22:55:11 +0100 Subject: more work Change-Id: I7eac968a21766be44068463bcab8aaaa3d12941f --- src/Makefile.am | 12 +++--- src/secmgr-wrap.c | 66 ++++++++++--------------------- src/secmgr-wrap.h | 2 +- src/verbose.c | 16 -------- src/verbose.h | 2 +- src/wgtpkg-digsig.c | 4 +- src/wgtpkg-files.c | 1 + src/wgtpkg-install.c | 101 ++++++++++++++++++++++++++++++++++++++++++++--- src/wgtpkg-permissions.c | 18 +++++++++ src/wgtpkg.h | 2 + 10 files changed, 148 insertions(+), 76 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index a538a38..8b7abff 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -28,19 +28,21 @@ APPFWK = \ #pkgsysconfdir = $(sysconfdir) pkgsysconfdir = . - +#deffwdir = $(datadir)/af +deffwdir = ./af +defappdir = $(deffwdir)/applications +deficondir = $(deffwdir)/icons AM_CFLAGS = -Wall -Wno-pointer-sign AM_CFLAGS += -ffunction-sections -fdata-sections AM_CFLAGS += ${ZIP_CFLAGS} ${XML2_CFLAGS} ${OPENSSL_CFLAGS} ${XMLSEC_CFLAGS} - - +AM_CFLAGS += -Isimulation AM_CFLAGS += -DPKGSYSCONFDIR=\"$(pkgsysconfdir)\" AM_CFLAGS += -DPREFIXPERMISSION=\"urn:agl-perm:\" -AM_CFLAGS += -DICONDESTDIR=\"\" - +AM_CFLAGS += -DICONDESTDIR=\"$(deficondir)\" +AM_CFLAGS += -DAPPDEFDIR=\"$(defappdir)\" AM_LDFLAGS = -Wl,--gc-sections diff --git a/src/secmgr-wrap.c b/src/secmgr-wrap.c index c95160f..75c63ca 100644 --- a/src/secmgr-wrap.c +++ b/src/secmgr-wrap.c @@ -17,49 +17,9 @@ #include #include #include +#include -#if 0 #include -#else -#include -#include -enum lib_retcode { - SECURITY_MANAGER_SUCCESS, - SECURITY_MANAGER_ERROR_INPUT_PARAM, - SECURITY_MANAGER_ERROR_MEMORY, - SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE, - SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, - SECURITY_MANAGER_ERROR_ACCESS_DENIED -}; -enum app_install_path_type { - SECURITY_MANAGER_PATH_PUBLIC_RO, - SECURITY_MANAGER_PATH_RO, - SECURITY_MANAGER_PATH_RW -}; -typedef void app_inst_req; -static int diese = 0; -#define security_manager_app_inst_req_free(r) \ - (printf("security_manager_app_inst_req_free(%p)\n",r),(void)0) - -#define security_manager_app_inst_req_new(pr) \ - (*(pr)=(void*)(intptr_t)(++diese), printf("security_manager_app_inst_req_new(%p)\n",*pr), SECURITY_MANAGER_SUCCESS) - -#define security_manager_app_inst_req_set_pkg_id(r,i) \ - (printf("security_manager_app_inst_req_set_pkg_id(%p,\"%s\")\n",r,i), SECURITY_MANAGER_SUCCESS) - -#define security_manager_app_inst_req_set_app_id(r,i) \ - (printf("security_manager_app_inst_req_set_app_id(%p,\"%s\")\n",r,i), SECURITY_MANAGER_SUCCESS) - -#define security_manager_app_inst_req_add_privilege(r,p) \ - (printf("security_manager_app_inst_req_add_privilege(%p,\"%s\")\n",r,p), SECURITY_MANAGER_SUCCESS) - -#define security_manager_app_inst_req_add_path(r,p,t) \ - (printf("security_manager_app_inst_req_add_path(%p,\"%s\",%d)\n",r,p,t), SECURITY_MANAGER_SUCCESS) - -#define security_manager_app_install(r) \ - (printf("security_manager_app_install(%p)\n",r), SECURITY_MANAGER_SUCCESS) - -#endif #include "secmgr-wrap.h" @@ -79,15 +39,22 @@ static int retcode(enum lib_retcode rc) return -1; } -int secmgr_init(const char *pkgid, const char *appid) +int secmgr_init(const char *id) { int rc; assert(request == NULL); rc = security_manager_app_inst_req_new(&request); - if (rc == SECURITY_MANAGER_SUCCESS) { - rc = security_manager_app_inst_req_set_pkg_id(request, pkgid); - if (rc == SECURITY_MANAGER_SUCCESS) - rc = security_manager_app_inst_req_set_app_id(request, appid); + if (rc != SECURITY_MANAGER_SUCCESS) + syslog(LOG_ERR, "security_manager_app_inst_req_new failed"); + else { + rc = security_manager_app_inst_req_set_pkg_id(request, id); + if (rc != SECURITY_MANAGER_SUCCESS) + syslog(LOG_ERR, "security_manager_app_inst_req_set_pkg_id failed"); + else { + rc = security_manager_app_inst_req_set_app_id(request, id); + if (rc != SECURITY_MANAGER_SUCCESS) + syslog(LOG_ERR, "security_manager_app_inst_req_set_app_id failed"); + } } if (rc != SECURITY_MANAGER_SUCCESS) secmgr_cancel(); @@ -105,6 +72,9 @@ int secmgr_install() int rc; assert(request != NULL); rc = security_manager_app_install(request); + if (rc != SECURITY_MANAGER_SUCCESS) + syslog(LOG_ERR, "security_manager_app_install failed"); + security_manager_app_inst_req_free(request); return retcode(rc); } @@ -113,6 +83,8 @@ int secmgr_permit(const char *permission) int rc; assert(request != NULL); rc = security_manager_app_inst_req_add_privilege(request, permission); + if (rc != SECURITY_MANAGER_SUCCESS) + syslog(LOG_ERR, "security_manager_app_inst_add_privilege %s failed", permission); return retcode(rc); } @@ -121,6 +93,8 @@ static int addpath(const char *pathname, enum app_install_path_type type) int rc; assert(request != NULL); rc = security_manager_app_inst_req_add_path(request, pathname, type); + if (rc != SECURITY_MANAGER_SUCCESS) + syslog(LOG_ERR, "security_manager_app_inst_add_path %s failed", pathname); return retcode(rc); } diff --git a/src/secmgr-wrap.h b/src/secmgr-wrap.h index 81bc02c..3558c69 100644 --- a/src/secmgr-wrap.h +++ b/src/secmgr-wrap.h @@ -14,7 +14,7 @@ limitations under the License. */ -int secmgr_init(const char *pkgid, const char *appid); +int secmgr_init(const char *id); void secmgr_cancel(); int secmgr_install(); int secmgr_permit(const char *permission); diff --git a/src/verbose.c b/src/verbose.c index 1472a90..fa7ea3f 100644 --- a/src/verbose.c +++ b/src/verbose.c @@ -18,19 +18,3 @@ int verbosity = 1; -int verbose_scan_args(int argc, char **argv) -{ - int i, r; - for (i=r=0 ; i < argc ; i++) { - if (!strcmp(argv[i], "-q")) - verbosity = verbosity ? verbosity-1 : 0; - else if (!strcmp(argv[i], "-v")) - verbosity++; - else - argv[r++] = argv[i]; - } - argv[r] = NULL; - return r; -} - - diff --git a/src/verbose.h b/src/verbose.h index 0a15564..9e5e784 100644 --- a/src/verbose.h +++ b/src/verbose.h @@ -17,8 +17,8 @@ extern int verbosity; #define warning(...) do{if(verbosity)syslog(LOG_WARNING,__VA_ARGS__);}while(0) +#define warning(...) do{if(verbosity)syslog(LOG_WARNING,__VA_ARGS__);}while(0) #define notice(...) do{if(verbosity)syslog(LOG_NOTICE,__VA_ARGS__);}while(0) #define info(...) do{if(verbosity)syslog(LOG_INFO,__VA_ARGS__);}while(0) #define debug(...) do{if(verbosity>1)syslog(LOG_DEBUG,__VA_ARGS__);}while(0) -extern int verbose_scan_args(int argc, char **argv); diff --git a/src/wgtpkg-digsig.c b/src/wgtpkg-digsig.c index 80428fa..984127b 100644 --- a/src/wgtpkg-digsig.c +++ b/src/wgtpkg-digsig.c @@ -209,7 +209,7 @@ static int check_references(xmlNodePtr sinfo) if (f->type == type_file) { flags = f->flags; if (!(flags & (flag_signature | flag_referenced))) { - syslog(LOG_ERR, "file not referenced in signature", f->name); + syslog(LOG_ERR, "file not referenced in signature: %s", f->name); result = -1; } } @@ -385,7 +385,7 @@ int create_digsig(int index, const char *key, const char **certs) len = xmlSaveDoc(ctx, doc); if (len < 0) { syslog(LOG_ERR, "xmlSaveDoc to %s failed", fdesc->name); - goto error2; + goto error4; } rc = 0; diff --git a/src/wgtpkg-files.c b/src/wgtpkg-files.c index 8840fa9..16d94e2 100644 --- a/src/wgtpkg-files.c +++ b/src/wgtpkg-files.c @@ -22,6 +22,7 @@ #include #include #include +#include #include "wgtpkg.h" diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c index dc746c2..37a47ff 100644 --- a/src/wgtpkg-install.c +++ b/src/wgtpkg-install.c @@ -20,6 +20,8 @@ #include #include #include +#include +#include #include "verbose.h" #include "wgtpkg.h" @@ -110,7 +112,7 @@ static int move_widget(const char *root, const struct wgt_desc *desc, int force) rc = snprintf(newdir, sizeof newdir, "%s/%s/%s", root, desc->id, desc->version); if (rc >= sizeof newdir) { - syslog(LOG_ERR, "path to long: %s/%s/%s", root, desc->id, desc->version); + syslog(LOG_ERR, "path to long in move_widget"); errno = EINVAL; return -1; } @@ -118,11 +120,96 @@ static int move_widget(const char *root, const struct wgt_desc *desc, int force) return move_workdir(newdir, 1, force); } -static int install_security(struct wgt_info *ifo) +static int install_icon(const struct wgt_desc *desc) { + char link[PATH_MAX]; + char target[PATH_MAX]; int rc; - rc = secmgr_init(wgt_info_desc(ifo)-> + rc = snprintf(link, sizeof link, "%s/%s@%s", ICONDESTDIR, desc->id, desc->version); + if (rc >= sizeof link) { + syslog(LOG_ERR, "link to long in install_icon"); + errno = EINVAL; + return -1; + } + + rc = snprintf(target, sizeof target, "%s/%s", workdir, desc->icons->src); + if (rc >= sizeof target) { + syslog(LOG_ERR, "target to long in install_icon"); + errno = EINVAL; + return -1; + } + + unlink(link); + rc = symlink(target, link); + if (rc) + syslog(LOG_ERR, "can't create link %s -> %s", link, target); + return rc; +} + +static int install_security(const struct wgt_desc *desc) +{ + char path[PATH_MAX], *head; + const char *icon, *perm; + int rc, len, lic, lf; + unsigned int i, n; + struct filedesc *f; + + rc = secmgr_init(desc->id); + if (rc) + goto error; + + rc = secmgr_path_public_read_only(workdir); + if (rc) + goto error2; + + /* instal the files */ + head = stpcpy(path, workdir); + assert(sizeof path > (head - path)); + len = (int)(sizeof path - (head - path)); + if (!len) { + syslog(LOG_ERR, "root path too long in install_security"); + errno = ENAMETOOLONG; + goto error2; + } + len--; + *head++ = '/'; + icon = desc->icons->src; + lic = (int)strlen(icon); + n = file_count(); + i = 0; + while(i < n) { + f = file_of_index(i++); + lf = (int)strlen(f->name); + if (lf >= len) { + syslog(LOG_ERR, "path too long in install_security"); + errno = ENAMETOOLONG; + goto error2; + } + strcpy(head, f->name); + if (lf <= lic && !memcmp(f->name, icon, lf) && (!f->name[lf] || f->name[lf] == '/')) + rc = secmgr_path_public_read_only(path); + else + rc = secmgr_path_read_only(path); + if (rc) + goto error2; + } + + /* install the permissions */ + perm = first_usable_permission(); + while(perm) { + rc = secmgr_permit(perm); + if (rc) + goto error2; + perm = next_usable_permission(); + } + + rc = secmgr_install(); + return rc; +error2: + secmgr_cancel(); +error: + return -1; } /* install the widget of the file */ @@ -134,7 +221,7 @@ void install_widget(const char *wgtfile, const char *root, int force) notice("-- INSTALLING widget %s --", wgtfile); /* workdir */ - if (make_workdir_base(root, "UNPACK", 0)) { + if (make_workdir_base(root, "TMP", 0)) { syslog(LOG_ERR, "failed to create a working directory"); goto error1; } @@ -156,7 +243,11 @@ void install_widget(const char *wgtfile, const char *root, int force) if (move_widget(root, desc, force)) goto error3; - + if (install_icon(desc)) + goto error3; + + if (install_security(desc)) + goto error3; return; diff --git a/src/wgtpkg-permissions.c b/src/wgtpkg-permissions.c index 25758e4..e20cede 100644 --- a/src/wgtpkg-permissions.c +++ b/src/wgtpkg-permissions.c @@ -33,6 +33,7 @@ static const char prefix_of_permissions[] = PREFIXPERMISSION; static int nrpermissions = 0; static struct permission *permissions = NULL; +static int indexiter = 0; /* check is the name has the correct prefix for permissions */ int is_standard_permission(const char *name) @@ -130,3 +131,20 @@ int request_permission(const char *name) return 0; } +/* iteration over granted and requested permissions */ +const char *first_usable_permission() +{ + indexiter = 0; + return next_usable_permission(); +} + +const char *next_usable_permission() +{ + while(indexiter < nrpermissions) { + struct permission *p = &permissions[indexiter++]; + if (p->granted && p->requested) + return p->name; + } + return NULL; +} + diff --git a/src/wgtpkg.h b/src/wgtpkg.h index 95c2f37..52a78dc 100644 --- a/src/wgtpkg.h +++ b/src/wgtpkg.h @@ -102,6 +102,8 @@ extern void crop_permissions(unsigned level); extern void grant_permission_list(const char *list); extern int permission_exists(const char *name); extern int request_permission(const char *name); +extern const char *first_usable_permission(); +extern const char *next_usable_permission(); /**************************************************************/ /* from wgtpkg-workdir */ -- cgit 1.2.3-korg