+static int install_exec_flag(const struct wgt_desc *desc)
+{
+ return for_all_content(desc, set_exec_flag);
+}
+
+static int install_file_properties(const struct wgt_desc *desc)
+{
+ int rc, rc2;
+ struct wgt_desc_feature *feat;
+ struct wgt_desc_param *param;
+
+ rc = 0;
+ feat = desc->features;
+ while (feat) {
+ if (!strcmp(feat->name, FWK_PREFIX"widget:file-properties")) {
+ param = feat->params;
+ while (param) {
+ if (!strcmp(param->value, "executable")) {
+ rc2 = fchmodat(workdirfd, param->name, 0755, 0);
+ if (rc2 < 0)
+ ERROR("can't make executable the file %s: %m", param->name);
+ } else {
+ ERROR("unknown file property %s for %s", param->value, param->name);
+ errno = EINVAL;
+ rc2 = -1;
+ }
+ if (rc2 < 0 && !rc)
+ rc = rc2;
+ param = param->next;
+ }
+ }
+ feat = feat->next;
+ }
+ return rc;
+}
+
+static int install_security(const struct wgt_desc *desc)
+{
+ char path[PATH_MAX], *head;
+ const char *icon, *perm;
+ int rc;
+ unsigned int i, n, len, lic, lf;
+ struct filedesc *f;
+
+ rc = secmgr_init(desc->id);
+ if (rc)
+ goto error;
+
+ rc = secmgr_path_public_read_only(workdir);
+ if (rc)
+ goto error2;
+
+ /* instal the files */
+ head = stpcpy(path, workdir);
+ assert(head < path + sizeof path);
+ len = (unsigned)((path + sizeof path) - head);
+ if (!len) {
+ ERROR("root path too long in install_security");
+ errno = ENAMETOOLONG;
+ goto error2;
+ }
+ len--;
+ *head++ = '/';
+ icon = desc->icons ? desc->icons->src : NULL;
+ lic = (unsigned)(icon ? strlen(icon) : 0);
+ n = file_count();
+ i = 0;
+ while(i < n) {
+ f = file_of_index(i++);
+ lf = (unsigned)strlen(f->name);
+ if (lf >= len) {
+ ERROR("path too long in install_security");
+ errno = ENAMETOOLONG;
+ goto error2;
+ }
+ strcpy(head, f->name);
+ if (lf <= lic && icon && !memcmp(f->name, icon, lf) && (!f->name[lf] || f->name[lf] == '/'))
+ rc = secmgr_path_public_read_only(path);
+ else
+ rc = secmgr_path_read_only(path);
+ if (rc)
+ goto error2;
+ }
+
+ /* install the permissions */
+ perm = first_usable_permission();
+ while(perm) {
+ rc = secmgr_permit(perm);
+ INFO("permitting %s %s", perm, rc ? "FAILED!" : "success");
+ if (rc)
+ goto error2;
+ perm = next_usable_permission();
+ }
+
+ /* install default permissions */
+ n = (unsigned int)(sizeof default_permissions / sizeof *default_permissions);
+ for (i = 0 ; i < n ; i++) {
+ perm = default_permissions[i];
+ rc = secmgr_permit(perm);
+ INFO("permitting %s %s", perm, rc ? "FAILED!" : "success");
+ if (rc)
+ goto error2;
+ }
+
+ rc = secmgr_install();
+ return rc;
+error2:
+ secmgr_cancel();
+error:
+ return -1;
+}
+