+static int check_one_content(const char *src, const char *type)
+{
+ int rc;
+ struct stat s;
+ int fhtdocs, serr;
+
+ if (!src) {
+ ERROR("a content src is missing");
+ errno = EINVAL;
+ rc = -1;
+ } else {
+ /* TODO: when dealing with HTML and languages, the check should
+ * include i18n path search of widgets */
+ rc = fstatat(workdirfd, src, &s, AT_NO_AUTOMOUNT|AT_SYMLINK_NOFOLLOW);
+ if (rc < 0) {
+ serr = errno;
+ fhtdocs = openat(workdirfd, "htdocs", O_DIRECTORY|O_PATH);
+ if (fhtdocs >= 0) {
+ rc = fstatat(fhtdocs, src, &s, AT_NO_AUTOMOUNT|AT_SYMLINK_NOFOLLOW);
+ serr = errno;
+ close(fhtdocs);
+ }
+ errno = serr;
+ }
+ if (rc < 0)
+ ERROR("can't get info on content %s: %m", src);
+ else if (!S_ISREG(s.st_mode)) {
+ ERROR("content %s isn't a regular file", src);
+ errno = EINVAL;
+ rc = -1;
+ }
+ }
+ return rc;
+}
+
+static int check_content(const struct wgt_desc *desc)
+{
+ return for_all_content(desc, check_one_content);
+}
+
+static int check_widget(const struct wgt_desc *desc)
+{
+ int result;
+
+ result = check_temporary_constraints(desc);
+ if (result >= 0)
+ result = check_permissions(desc);
+ if (result >= 0)
+ result = check_content(desc);
+ return result;
+}
+
+static int get_target_directory(char target[PATH_MAX], const char *root, const struct wgt_desc *desc)
+{
+ int rc;
+
+ rc = snprintf(target, PATH_MAX, "%s/%s/%s", root, desc->id, desc->ver);
+ if (rc < PATH_MAX)
+ rc = 0;
+ else {
+ ERROR("path too long");
+ errno = EINVAL;
+ rc = -1;
+ }
+ return rc;
+}
+
+static int move_widget_to(const char *destdir, int force)
+{
+ return move_workdir(destdir, 1, force);
+}
+
+static int install_icon(const struct wgt_desc *desc)
+{
+ char link[PATH_MAX];
+ char target[PATH_MAX];
+ int rc;
+
+ if (!desc->icons)
+ return 0;
+
+ create_directory(FWK_ICON_DIR, 0755, 1);
+ rc = snprintf(link, sizeof link, "%s/%s", FWK_ICON_DIR, desc->idaver);
+ if (rc >= (int)sizeof link) {
+ ERROR("link too long in install_icon");
+ errno = EINVAL;
+ return -1;
+ }
+
+ rc = snprintf(target, sizeof target, "%s/%s", workdir, desc->icons->src);
+ if (rc >= (int)sizeof target) {
+ ERROR("target too long in install_icon");
+ errno = EINVAL;
+ return -1;
+ }
+
+ unlink(link);
+ rc = symlink(target, link);
+ if (rc)
+ ERROR("can't create link %s -> %s", link, target);
+ return rc;
+}
+
+static int install_exec_flag(const struct wgt_desc *desc)
+{
+ return for_all_content(desc, set_exec_flag);
+}
+
+static int install_file_properties(const struct wgt_desc *desc)
+{
+ int rc, rc2;
+ struct wgt_desc_feature *feat;
+ struct wgt_desc_param *param;
+
+ rc = 0;
+ feat = desc->features;
+ while (feat) {
+ if (!strcmp(feat->name, "urn:AGL:widget:file-properties")) {
+ param = feat->params;
+ while (param) {
+ if (!strcmp(param->value, "executable")) {
+ rc2 = fchmodat(workdirfd, param->name, 0755, 0);
+ if (rc2 < 0)
+ ERROR("can't make executable the file %s: %m", param->name);
+ } else {
+ ERROR("unknown file property %s for %s", param->value, param->name);
+ errno = EINVAL;
+ rc2 = -1;
+ }
+ if (rc2 < 0 && !rc)
+ rc = rc2;
+ param = param->next;
+ }
+ }
+ feat = feat->next;
+ }
+ return rc;
+}
+
+static int install_security(const struct wgt_desc *desc)
+{
+ char path[PATH_MAX], *head;
+ const char *icon, *perm;
+ int rc;
+ unsigned int i, n, len, lic, lf;
+ struct filedesc *f;
+
+ rc = secmgr_init(desc->id);
+ if (rc)
+ goto error;
+
+ rc = secmgr_path_public_read_only(workdir);
+ if (rc)
+ goto error2;
+
+ /* instal the files */
+ head = stpcpy(path, workdir);
+ assert(head < path + sizeof path);
+ len = (unsigned)((path + sizeof path) - head);
+ if (!len) {
+ ERROR("root path too long in install_security");
+ errno = ENAMETOOLONG;
+ goto error2;
+ }
+ len--;
+ *head++ = '/';
+ icon = desc->icons ? desc->icons->src : NULL;
+ lic = (unsigned)(icon ? strlen(icon) : 0);
+ n = file_count();
+ i = 0;
+ while(i < n) {
+ f = file_of_index(i++);
+ lf = (unsigned)strlen(f->name);
+ if (lf >= len) {
+ ERROR("path too long in install_security");
+ errno = ENAMETOOLONG;
+ goto error2;
+ }
+ strcpy(head, f->name);
+ if (lf <= lic && icon && !memcmp(f->name, icon, lf) && (!f->name[lf] || f->name[lf] == '/'))
+ rc = secmgr_path_public_read_only(path);
+ else
+ rc = secmgr_path_read_only(path);
+ if (rc)
+ goto error2;
+ }
+
+ /* install the permissions */
+ perm = first_usable_permission();
+ while(perm) {
+ rc = secmgr_permit(perm);
+ INFO("permitting %s %s", perm, rc ? "FAILED!" : "success");
+ if (rc)
+ goto error2;
+ perm = next_usable_permission();
+ }
+
+ rc = secmgr_install();
+ return rc;
+error2:
+ secmgr_cancel();
+error:
+ return -1;
+}
+
+/* install the widget of the file */
+struct wgt_info *install_widget(const char *wgtfile, const char *root, int force)
+{
+ struct wgt_info *ifo;
+ const struct wgt_desc *desc;
+ char installdir[PATH_MAX];
+ int port;
+ struct unitconf uconf;
+
+ NOTICE("-- INSTALLING widget %s to %s --", wgtfile, root);
+
+ /* workdir */
+ create_directory(root, 0755, 1);
+ if (make_workdir(root, "TMP", 0)) {
+ ERROR("failed to create a working directory");
+ goto error1;
+ }
+
+ if (zread(wgtfile, 0))
+ goto error2;
+
+ if (check_all_signatures(DEFAULT_ALLOW_NO_SIGNATURE))
+ goto error2;
+
+ ifo = wgt_info_createat(workdirfd, NULL, 1, 1, 1);
+ if (!ifo)
+ goto error2;
+
+ reset_requested_permissions();
+ desc = wgt_info_desc(ifo);
+ if (check_widget(desc))
+ goto error3;
+
+ if (get_target_directory(installdir, root, desc))
+ goto error3;
+
+ if (access(installdir, F_OK) == 0) {
+ if (!force) {
+ ERROR("widget already installed");
+ errno = EEXIST;
+ goto error3;
+ }
+ if (uninstall_widget(desc->idaver, root))
+ goto error3;
+ }
+
+ if (move_widget_to(installdir, force))
+ goto error3;
+
+ if (install_icon(desc))
+ goto error3;
+
+ if (install_security(desc))
+ goto error4;
+
+ if (install_exec_flag(desc))
+ goto error4;
+
+ if (install_file_properties(desc))
+ goto error4;
+
+ port = get_port();
+ if (port < 0)
+ goto error4;
+
+ uconf.installdir = installdir;
+ uconf.icondir = FWK_ICON_DIR;
+ uconf.port = port;
+ if (unit_install(ifo, &uconf))
+ goto error4;
+
+ file_reset();
+ return ifo;
+
+error4:
+ /* TODO: cleanup */
+
+error3:
+ wgt_info_unref(ifo);
+
+error2:
+ remove_workdir();
+
+error1:
+ file_reset();
+ return NULL;
+}
+