X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fwgtpkg-install.c;h=dc746c283a7e2d8e26ed4eb16d8a30a575b2b857;hb=7e1027342a3cff95635ba2107f283321cf0efa08;hp=1d7959115bb2348e73eeac74e1f7533b777908e5;hpb=f3d64b7c741677cd28e2a11deed67196cd02b46a;p=src%2Fapp-framework-main.git diff --git a/src/wgtpkg-install.c b/src/wgtpkg-install.c index 1d79591..dc746c2 100644 --- a/src/wgtpkg-install.c +++ b/src/wgtpkg-install.c @@ -14,236 +14,123 @@ limitations under the License. */ -#define _BSD_SOURCE /* see readdir */ +#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include #include #include -#include +#include +#include #include "verbose.h" #include "wgtpkg.h" #include "wgt.h" #include "wgt-info.h" +#include "secmgr-wrap.h" -static const char appname[] = "wgtpkg-install"; -static const char *root; -static char **permissions = NULL; -static int force; - -static void install(const char *wgtfile); -static void add_permissions(const char *list); - -static void usage() +static int check_defined(const void *data, const char *name) { - printf( - "usage: %s [-f] [-q] [-v] [-p list] rootdir wgtfile...\n" - "\n" - " rootdir the root directory for installing\n" - " -p list a list of comma separated permissions to allow\n" - " -f force overwriting\n" - " -q quiet\n" - " -v verbose\n" - "\n", - appname - ); + if (data) + return 0; + syslog(LOG_ERR, "widget has no defined '%s' (temporary constraints)", name); + errno = EINVAL; + return -1; } -static struct option options[] = { - { "permissions", required_argument, NULL, 'p' }, - { "force", no_argument, NULL, 'f' }, - { "help", no_argument, NULL, 'h' }, - { "quiet", no_argument, NULL, 'q' }, - { "verbose", no_argument, NULL, 'v' }, - { NULL, 0, NULL, 0 } -}; - -/* install the widgets of the list */ -int main(int ac, char **av) +static int check_valid_string(const char *value, const char *name) { - int i; - char *wpath; - - openlog(appname, LOG_PERROR, LOG_AUTH); - - xmlsec_init(); - - force = 0; - for (;;) { - i = getopt_long(ac, av, "hfqvp:", options, NULL); - if (i < 0) - break; - switch (i) { - case 'f': - force = 1; - break; - case 'h': - usage(); - return 0; - case 'q': - if (verbosity) - verbosity--; - break; - case 'v': - verbosity++; - break; - case 'p': - add_permissions(optarg); - break; - case ':': - syslog(LOG_ERR, "missing argument value"); - return 1; - default: - syslog(LOG_ERR, "unrecognized option"); - return 1; - } - } - - ac -= optind; - if (ac < 2) { - syslog(LOG_ERR, "arguments are missing"); - return 1; - } + int pos; + char c; - /* canonic names for files */ - av += optind; - for (i = 0 ; av[i] != NULL ; i++) { - wpath = realpath(av[i], NULL); - if (wpath == NULL) { - syslog(LOG_ERR, "error while getting realpath of %dth widget: %s", i+1, av[i]); - return 1; + if (check_defined(value, name)) + return -1; + pos = 0; + c = value[pos]; + while(c) { + if (!isalnum(c) && !strchr(".-_", c)) { + syslog(LOG_ERR, "forbidden char %c in '%s' -> '%s' (temporary constraints)", c, name, value); + errno = EINVAL; + return -1; } - av[i] = wpath; + c = value[++pos]; } - root = *av++; - - /* install widgets */ - for ( ; *av ; av++) - install(*av); - return 0; } -static int has_permission(const char *name) +static int check_temporary_constraints(const struct wgt_desc *desc) { - char **p = permissions; - if (p) { - while(*p) { - if (0 == strcmp(*p, name)) - return 1; - p++; - } + int result = check_valid_string(desc->id, "id"); + result |= check_valid_string(desc->version, "version"); + result |= check_defined(desc->icons, "icon"); + result |= check_defined(desc->content_src, "content"); + if (result) + return result; + if (desc->icons->next) { + syslog(LOG_ERR, "widget has more than one icon defined (temporary constraints)"); + errno = EINVAL; + result = -1; } return 0; } -static void add_permissions(const char *list) +static int check_permissions(const char *name, int required) { - char **ps, *p; - const char *iter; - int n, on; - static const char separators[] = " \t\n\r,"; - - n = 0; - iter = list + strspn(list, separators); - while(*iter) { - n++; - iter += strcspn(iter, separators); - iter += strspn(iter, separators); - } - if (n == 0) - return; - - on = 0; - ps = permissions; - if (ps) - while(*ps++) - on++; - - ps = realloc(permissions, (1 + on + n) * sizeof * ps); - if (!ps) { - syslog(LOG_ERR, "Can't allocate memory for permissions"); - exit(1); - } - - permissions = ps; - ps[on] = NULL; - - iter = list + strspn(list, separators); - while(*iter) { - n = strcspn(iter, separators); - p = strndup(iter, n); - if (!p) { - syslog(LOG_ERR, "Can't allocate permission"); - exit(1); - } - if (has_permission(p)) - free(p); - else { - ps[on] = p; - ps[++on] = NULL; + if (permission_exists(name)) { + if (request_permission(name)) { + debug("granted permission: %s", name); + } else if (required) { + syslog(LOG_ERR, "ungranted permission required: %s", name); + errno = EPERM; + return 0; + } else { + notice("ungranted permission optional: %s", name); } - iter += n; - iter += strspn(iter, separators); } + return 1; } -static struct wgt *wgt_at_workdir() +static int check_widget(const struct wgt_desc *desc) { - int rc, wfd; - struct wgt *wgt; - - wfd = workdirfd(); - if (wfd < 0) - return NULL; - - wgt = wgt_create(); - if (!wgt) { - syslog(LOG_ERR, "failed to allocate wgt"); - close(wfd); - return NULL; + int result; + const struct wgt_desc_feature *feature; + + result = check_temporary_constraints(desc); + feature = desc->features; + while(feature) { + if (!check_permissions(feature->name, feature->required)) + result = -1; + feature = feature->next; } + return result; +} - rc = wgt_connectat(wgt, wfd, NULL); - if (rc) { - syslog(LOG_ERR, "failed to connect wgt to workdir"); - close(wfd); - wgt_unref(wgt); - return NULL; +static int move_widget(const char *root, const struct wgt_desc *desc, int force) +{ + char newdir[PATH_MAX]; + int rc; + + rc = snprintf(newdir, sizeof newdir, "%s/%s/%s", root, desc->id, desc->version); + if (rc >= sizeof newdir) { + syslog(LOG_ERR, "path to long: %s/%s/%s", root, desc->id, desc->version); + errno = EINVAL; + return -1; } - return wgt; + return move_workdir(newdir, 1, force); } - -static int check_and_place() +static int install_security(struct wgt_info *ifo) { - struct wgt *wgt; - struct wgt_info *ifo; - - wgt = wgt_at_workdir(); - if (!wgt) - return -1; + int rc; - ifo = wgt_info_get(wgt, 1, 1, 1); - if (!ifo) { - wgt_unref(wgt); - return -1; - } - wgt_info_dump(ifo, 1, ""); - wgt_info_unref(ifo); - wgt_unref(wgt); - return 0; + rc = secmgr_init(wgt_info_desc(ifo)-> } /* install the widget of the file */ -static void install(const char *wgtfile) +void install_widget(const char *wgtfile, const char *root, int force) { + struct wgt_info *ifo; + const struct wgt_desc *desc; + notice("-- INSTALLING widget %s --", wgtfile); /* workdir */ @@ -252,20 +139,30 @@ static void install(const char *wgtfile) goto error1; } - if (enter_workdir(0)) - goto error2; - if (zread(wgtfile, 0)) goto error2; if (check_all_signatures()) goto error2; - if (check_and_place()) + ifo = wgt_info_createat(workdirfd, NULL, 1, 1, 1); + if (!ifo) goto error2; + + desc = wgt_info_desc(ifo); + if (check_widget(desc)) + goto error3; + + if (move_widget(root, desc, force)) + goto error3; + + return; +error3: + wgt_info_unref(ifo); + error2: remove_workdir(); @@ -273,4 +170,3 @@ error1: return; } -