#pkgsysconfdir = $(sysconfdir)
pkgsysconfdir = .
-
+#deffwdir = $(datadir)/af
+deffwdir = ./af
+defappdir = $(deffwdir)/applications
+deficondir = $(deffwdir)/icons
AM_CFLAGS = -Wall -Wno-pointer-sign
AM_CFLAGS += -ffunction-sections -fdata-sections
AM_CFLAGS += ${ZIP_CFLAGS} ${XML2_CFLAGS} ${OPENSSL_CFLAGS} ${XMLSEC_CFLAGS}
-
-
+AM_CFLAGS += -Isimulation
AM_CFLAGS += -DPKGSYSCONFDIR=\"$(pkgsysconfdir)\"
AM_CFLAGS += -DPREFIXPERMISSION=\"urn:agl-perm:\"
-AM_CFLAGS += -DICONDESTDIR=\"\"
-
+AM_CFLAGS += -DICONDESTDIR=\"$(deficondir)\"
+AM_CFLAGS += -DAPPDEFDIR=\"$(defappdir)\"
AM_LDFLAGS = -Wl,--gc-sections
#include <string.h>
#include <errno.h>
#include <assert.h>
+#include <syslog.h>
-#if 0
#include <security-manager.h>
-#else
-#include <stdio.h>
-#include <stdint.h>
-enum lib_retcode {
- SECURITY_MANAGER_SUCCESS,
- SECURITY_MANAGER_ERROR_INPUT_PARAM,
- SECURITY_MANAGER_ERROR_MEMORY,
- SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE,
- SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
- SECURITY_MANAGER_ERROR_ACCESS_DENIED
-};
-enum app_install_path_type {
- SECURITY_MANAGER_PATH_PUBLIC_RO,
- SECURITY_MANAGER_PATH_RO,
- SECURITY_MANAGER_PATH_RW
-};
-typedef void app_inst_req;
-static int diese = 0;
-#define security_manager_app_inst_req_free(r) \
- (printf("security_manager_app_inst_req_free(%p)\n",r),(void)0)
-
-#define security_manager_app_inst_req_new(pr) \
- (*(pr)=(void*)(intptr_t)(++diese), printf("security_manager_app_inst_req_new(%p)\n",*pr), SECURITY_MANAGER_SUCCESS)
-
-#define security_manager_app_inst_req_set_pkg_id(r,i) \
- (printf("security_manager_app_inst_req_set_pkg_id(%p,\"%s\")\n",r,i), SECURITY_MANAGER_SUCCESS)
-
-#define security_manager_app_inst_req_set_app_id(r,i) \
- (printf("security_manager_app_inst_req_set_app_id(%p,\"%s\")\n",r,i), SECURITY_MANAGER_SUCCESS)
-
-#define security_manager_app_inst_req_add_privilege(r,p) \
- (printf("security_manager_app_inst_req_add_privilege(%p,\"%s\")\n",r,p), SECURITY_MANAGER_SUCCESS)
-
-#define security_manager_app_inst_req_add_path(r,p,t) \
- (printf("security_manager_app_inst_req_add_path(%p,\"%s\",%d)\n",r,p,t), SECURITY_MANAGER_SUCCESS)
-
-#define security_manager_app_install(r) \
- (printf("security_manager_app_install(%p)\n",r), SECURITY_MANAGER_SUCCESS)
-
-#endif
#include "secmgr-wrap.h"
return -1;
}
-int secmgr_init(const char *pkgid, const char *appid)
+int secmgr_init(const char *id)
{
int rc;
assert(request == NULL);
rc = security_manager_app_inst_req_new(&request);
- if (rc == SECURITY_MANAGER_SUCCESS) {
- rc = security_manager_app_inst_req_set_pkg_id(request, pkgid);
- if (rc == SECURITY_MANAGER_SUCCESS)
- rc = security_manager_app_inst_req_set_app_id(request, appid);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_inst_req_new failed");
+ else {
+ rc = security_manager_app_inst_req_set_pkg_id(request, id);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_inst_req_set_pkg_id failed");
+ else {
+ rc = security_manager_app_inst_req_set_app_id(request, id);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_inst_req_set_app_id failed");
+ }
}
if (rc != SECURITY_MANAGER_SUCCESS)
secmgr_cancel();
int rc;
assert(request != NULL);
rc = security_manager_app_install(request);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_install failed");
+ security_manager_app_inst_req_free(request);
return retcode(rc);
}
int rc;
assert(request != NULL);
rc = security_manager_app_inst_req_add_privilege(request, permission);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_inst_add_privilege %s failed", permission);
return retcode(rc);
}
int rc;
assert(request != NULL);
rc = security_manager_app_inst_req_add_path(request, pathname, type);
+ if (rc != SECURITY_MANAGER_SUCCESS)
+ syslog(LOG_ERR, "security_manager_app_inst_add_path %s failed", pathname);
return retcode(rc);
}
limitations under the License.
*/
-int secmgr_init(const char *pkgid, const char *appid);
+int secmgr_init(const char *id);
void secmgr_cancel();
int secmgr_install();
int secmgr_permit(const char *permission);
int verbosity = 1;
-int verbose_scan_args(int argc, char **argv)
-{
- int i, r;
- for (i=r=0 ; i < argc ; i++) {
- if (!strcmp(argv[i], "-q"))
- verbosity = verbosity ? verbosity-1 : 0;
- else if (!strcmp(argv[i], "-v"))
- verbosity++;
- else
- argv[r++] = argv[i];
- }
- argv[r] = NULL;
- return r;
-}
-
-
extern int verbosity;
#define warning(...) do{if(verbosity)syslog(LOG_WARNING,__VA_ARGS__);}while(0)
+#define warning(...) do{if(verbosity)syslog(LOG_WARNING,__VA_ARGS__);}while(0)
#define notice(...) do{if(verbosity)syslog(LOG_NOTICE,__VA_ARGS__);}while(0)
#define info(...) do{if(verbosity)syslog(LOG_INFO,__VA_ARGS__);}while(0)
#define debug(...) do{if(verbosity>1)syslog(LOG_DEBUG,__VA_ARGS__);}while(0)
-extern int verbose_scan_args(int argc, char **argv);
if (f->type == type_file) {
flags = f->flags;
if (!(flags & (flag_signature | flag_referenced))) {
- syslog(LOG_ERR, "file not referenced in signature", f->name);
+ syslog(LOG_ERR, "file not referenced in signature: %s", f->name);
result = -1;
}
}
len = xmlSaveDoc(ctx, doc);
if (len < 0) {
syslog(LOG_ERR, "xmlSaveDoc to %s failed", fdesc->name);
- goto error2;
+ goto error4;
}
rc = 0;
#include <dirent.h>
#include <stdio.h>
#include <fcntl.h>
+#include <unistd.h>
#include "wgtpkg.h"
#include <syslog.h>
#include <string.h>
#include <ctype.h>
+#include <assert.h>
+#include <unistd.h>
#include "verbose.h"
#include "wgtpkg.h"
rc = snprintf(newdir, sizeof newdir, "%s/%s/%s", root, desc->id, desc->version);
if (rc >= sizeof newdir) {
- syslog(LOG_ERR, "path to long: %s/%s/%s", root, desc->id, desc->version);
+ syslog(LOG_ERR, "path to long in move_widget");
errno = EINVAL;
return -1;
}
return move_workdir(newdir, 1, force);
}
-static int install_security(struct wgt_info *ifo)
+static int install_icon(const struct wgt_desc *desc)
{
+ char link[PATH_MAX];
+ char target[PATH_MAX];
int rc;
- rc = secmgr_init(wgt_info_desc(ifo)->
+ rc = snprintf(link, sizeof link, "%s/%s@%s", ICONDESTDIR, desc->id, desc->version);
+ if (rc >= sizeof link) {
+ syslog(LOG_ERR, "link to long in install_icon");
+ errno = EINVAL;
+ return -1;
+ }
+
+ rc = snprintf(target, sizeof target, "%s/%s", workdir, desc->icons->src);
+ if (rc >= sizeof target) {
+ syslog(LOG_ERR, "target to long in install_icon");
+ errno = EINVAL;
+ return -1;
+ }
+
+ unlink(link);
+ rc = symlink(target, link);
+ if (rc)
+ syslog(LOG_ERR, "can't create link %s -> %s", link, target);
+ return rc;
+}
+
+static int install_security(const struct wgt_desc *desc)
+{
+ char path[PATH_MAX], *head;
+ const char *icon, *perm;
+ int rc, len, lic, lf;
+ unsigned int i, n;
+ struct filedesc *f;
+
+ rc = secmgr_init(desc->id);
+ if (rc)
+ goto error;
+
+ rc = secmgr_path_public_read_only(workdir);
+ if (rc)
+ goto error2;
+
+ /* instal the files */
+ head = stpcpy(path, workdir);
+ assert(sizeof path > (head - path));
+ len = (int)(sizeof path - (head - path));
+ if (!len) {
+ syslog(LOG_ERR, "root path too long in install_security");
+ errno = ENAMETOOLONG;
+ goto error2;
+ }
+ len--;
+ *head++ = '/';
+ icon = desc->icons->src;
+ lic = (int)strlen(icon);
+ n = file_count();
+ i = 0;
+ while(i < n) {
+ f = file_of_index(i++);
+ lf = (int)strlen(f->name);
+ if (lf >= len) {
+ syslog(LOG_ERR, "path too long in install_security");
+ errno = ENAMETOOLONG;
+ goto error2;
+ }
+ strcpy(head, f->name);
+ if (lf <= lic && !memcmp(f->name, icon, lf) && (!f->name[lf] || f->name[lf] == '/'))
+ rc = secmgr_path_public_read_only(path);
+ else
+ rc = secmgr_path_read_only(path);
+ if (rc)
+ goto error2;
+ }
+
+ /* install the permissions */
+ perm = first_usable_permission();
+ while(perm) {
+ rc = secmgr_permit(perm);
+ if (rc)
+ goto error2;
+ perm = next_usable_permission();
+ }
+
+ rc = secmgr_install();
+ return rc;
+error2:
+ secmgr_cancel();
+error:
+ return -1;
}
/* install the widget of the file */
notice("-- INSTALLING widget %s --", wgtfile);
/* workdir */
- if (make_workdir_base(root, "UNPACK", 0)) {
+ if (make_workdir_base(root, "TMP", 0)) {
syslog(LOG_ERR, "failed to create a working directory");
goto error1;
}
if (move_widget(root, desc, force))
goto error3;
-
+ if (install_icon(desc))
+ goto error3;
+
+ if (install_security(desc))
+ goto error3;
return;
static int nrpermissions = 0;
static struct permission *permissions = NULL;
+static int indexiter = 0;
/* check is the name has the correct prefix for permissions */
int is_standard_permission(const char *name)
return 0;
}
+/* iteration over granted and requested permissions */
+const char *first_usable_permission()
+{
+ indexiter = 0;
+ return next_usable_permission();
+}
+
+const char *next_usable_permission()
+{
+ while(indexiter < nrpermissions) {
+ struct permission *p = &permissions[indexiter++];
+ if (p->granted && p->requested)
+ return p->name;
+ }
+ return NULL;
+}
+
extern void grant_permission_list(const char *list);
extern int permission_exists(const char *name);
extern int request_permission(const char *name);
+extern const char *first_usable_permission();
+extern const char *next_usable_permission();
/**************************************************************/
/* from wgtpkg-workdir */
Code Review / src / app-framework-main.git / commitdiff