+static int install_exec_flag(const struct wgt_desc *desc)
+{
+ int i;
+
+ if (desc->content_type) {
+ i = sizeof exec_type_strings / sizeof *exec_type_strings;
+ while (i) {
+ if (!strcasecmp(desc->content_type, exec_type_strings[--i]))
+ return fchmodat(workdirfd, desc->content_src, 0755, 0);
+ }
+ }
+ return 0;
+}
+
+static int install_security(const struct wgt_desc *desc)
+{
+ char path[PATH_MAX], *head;
+ const char *icon, *perm;
+ int rc;
+ unsigned int i, n, len, lic, lf;
+ struct filedesc *f;
+
+ rc = secmgr_init(desc->id);
+ if (rc)
+ goto error;
+
+ rc = secmgr_path_public_read_only(workdir);
+ if (rc)
+ goto error2;
+
+ /* instal the files */
+ head = stpcpy(path, workdir);
+ assert(head < path + sizeof path);
+ len = (unsigned)((path + sizeof path) - head);
+ if (!len) {
+ ERROR("root path too long in install_security");
+ errno = ENAMETOOLONG;
+ goto error2;
+ }
+ len--;
+ *head++ = '/';
+ icon = desc->icons->src;
+ lic = (unsigned)strlen(icon);
+ n = file_count();
+ i = 0;
+ while(i < n) {
+ f = file_of_index(i++);
+ lf = (unsigned)strlen(f->name);
+ if (lf >= len) {
+ ERROR("path too long in install_security");
+ errno = ENAMETOOLONG;
+ goto error2;
+ }
+ strcpy(head, f->name);
+ if (lf <= lic && !memcmp(f->name, icon, lf) && (!f->name[lf] || f->name[lf] == '/'))
+ rc = secmgr_path_public_read_only(path);
+ else
+ rc = secmgr_path_read_only(path);
+ if (rc)
+ goto error2;
+ }
+
+ /* install the permissions */
+ perm = first_usable_permission();
+ while(perm) {
+ rc = secmgr_permit(perm);
+ INFO("permitting %s %s", perm, rc ? "FAILED!" : "success");
+ if (rc)
+ goto error2;
+ perm = next_usable_permission();
+ }
+
+ rc = secmgr_install();
+ return rc;
+error2:
+ secmgr_cancel();
+error:
+ return -1;
+}
+