// // Open Service Platform // Copyright (c) 2012 Samsung Electronics Co., Ltd. // // Licensed under the Apache License, Version 2.0 (the License); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // /** * @file SignatureStep.cpp * @brief This is the implementation file for %SignatureStep class. */ #include #include #include "InstallationContext.h" #include "PrivilegeHandler.h" #include "SignatureHandler.h" #include "SignatureStep.h" using namespace Tizen::App; using namespace Tizen::Base; using namespace Tizen::Base::Collection; using namespace Tizen::Io; SignatureStep::SignatureStep(void) :__state(STATE_SIGNER_INIT) ,__pContext(null) ,__pSignatureManager(null) { } SignatureStep::~SignatureStep(void) { delete __pSignatureManager; } InstallerError SignatureStep::Run(InstallationContext* pContext) { InstallerError error = INSTALLER_ERROR_NONE; AppLog(" SignatureStep - START"); __pContext = pContext; if (__pContext->__isVerificationMode == false) { AppLog("no signature file[%ls]", __pContext->GetSignatureXmlPath().GetPointer()); return INSTALLER_ERROR_NONE; } while (true) { switch (__state) { case STATE_SIGNER_INIT: AppLog("[STATE_SIGNER_INIT]"); error = OnStateSignerInit(); break; case STATE_ROOT_CERT: AppLog("[STATE_ROOT_CERT]"); error = OnStateRootCert(); break; case STATE_CONTEXT_AUDIT: AppLog("[STATE_CONTEXT_AUDIT]"); error = OnStateContextAudit(); break; case STATE_DONE: AppLog("[STATE_DONE]"); error = OnStateDone(); break; default: break; } if (error != INSTALLER_ERROR_NONE) { break; } if (__state > STATE_DONE) { AppLog(" SignatureStep - END"); break; } } return error; } void SignatureStep::GoNextState(void) { __state++; } InstallerError SignatureStep::OnStateSignerInit(void) { InstallerError error = INSTALLER_ERROR_NONE; bool res = true; __pSignatureManager = new (std::nothrow) SignatureManager(); TryReturn(__pSignatureManager, INSTALLER_ERROR_OUT_OF_MEMORY, "__pSignatureManager is null."); res = __pSignatureManager->Construct(__pContext); TryReturn(res == true, INSTALLER_ERROR_INTERNAL_STATE, "Construct() failed"); res = __pSignatureManager->ValidateSignatures(); AppLog(" ## __pSignatureManager->ValidateSignatures() result = [%s]", res?"true":"false"); if (res == false) { fprintf(stderr, " ## __pSignatureManager->ValidateSignatures() result = [%s]\n", res?"true":"false"); if (InstallerUtil::IsSignatureVerificationEnabled() == true) { AppLog("_pSignatureManager->ValidateSignatures() is failed."); error = INSTALLER_ERROR_SIGNATURE_VERIFICATION_FAILED; __pContext->__rootCertType = ROOT_CERTIFICATE_NONE; __pContext->__pAuthorCertList->RemoveAll(); __pContext->__pDistributorCertList->RemoveAll(); __pContext->__pDistributorCertList2->RemoveAll(); } else { AppLog("ValidateSignatures() failed, but it's ok. [SignatureVerification is off.]"); } } GoNextState(); return error; } InstallerError SignatureStep::OnStateRootCert(void) { InstallerError error = INSTALLER_ERROR_NONE; result r = E_SUCCESS; String privileges; String hmacPrivileges; ArrayList stringPrivilegeList; stringPrivilegeList.Construct(); const ArrayList* pPrivilegeList = __pContext->GetPrivilegeList(); RootCertificateType certType = __pContext->__rootCertType; PackageId packageId = __pContext->__packageId; int apiVisibility = __pSignatureManager->GetApiVisibility(certType); if (__pContext->__isPreloaded == true) { __pContext->__privilegeLevel = PRIVILEGE_LEVEL_PLATFORM; } else { __pContext->__privilegeLevel = __pSignatureManager->GetPrivilegeLevel(apiVisibility); } AppLog("Package = [%ls], CertType = [%d], ApiVisibility = [%d], preloaded = [%d], privilege level = [%d]", packageId.GetPointer(), certType, apiVisibility, __pContext->__isPreloaded, __pContext->__privilegeLevel); if (pPrivilegeList != null) { r = PrivilegeHandler::GenerateCipherPrivilege(packageId, *pPrivilegeList, apiVisibility, privileges, hmacPrivileges, stringPrivilegeList); // TryCatch(r != E_ILLEGAL_ACCESS, error = INSTALLER_ERROR_PRIVILEGE_LEVEL_INVALID, "privMgr.GeneratePrivilegeString() failed. [PRIVILEGE_LEVEL_VIOLATION]"); if (r == E_ILLEGAL_ACCESS) { __pContext->__additionalErrorString = L"Thrown when unauthorized privileges are detected. [partner] or [platform] signing is required."; } TryCatch(!IsFailed(r), error = INSTALLER_ERROR_PRIVILEGE_INVALID, "privMgr.GeneratePrivilegeString() failed. [INVALID_PRIVILEGE]"); } __pContext->__privileges = privileges; __pContext->__hmacPrivileges = hmacPrivileges; __pContext->__certType = apiVisibility; __pContext->__pStringPrivilegeList = new ArrayList; __pContext->__pStringPrivilegeList->Construct(stringPrivilegeList); CATCH: GoNextState(); return error; } InstallerError SignatureStep::OnStateContextAudit(void) { InstallerError error = INSTALLER_ERROR_NONE; TryCatch(__pContext->__pAppDataList, error = INSTALLER_ERROR_NONE, "__pContext->__pAppDataList is null."); if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PLATFORM) { TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_NONE, "__pContext->__privilegeLevel is PRIVILEGE_LEVEL_PLATFORM."); } else if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PARTNER) { TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_NONE, "__pContext->__privilegeLevel is PRIVILEGE_LEVEL_PARTNER."); } else if (__pContext->__privilegeLevel == PRIVILEGE_LEVEL_PUBLIC) { int count = __pContext->__pAppDataList->GetCount(); result r = E_SUCCESS; for (int i = 0; i < count; i++) { AppData* pAppData = null; r = __pContext->__pAppDataList->GetAt(i, pAppData); TryCatch(!IsFailed(r), error = INSTALLER_ERROR_NONE, "pAppDataList->GetAt() is failed."); if (pAppData) { if ((pAppData->__type.Equals(L"UiApp", false) == true) && (pAppData->__main.Equals(L"True", false) == true)) { if (pAppData->__menuIconVisible == false) { AppLog("pAppData->__menuIconVisible[%d] does not be allowed in public privilege level", (int)pAppData->__menuIconVisible); pAppData->__menuIconVisible = true; } if (pAppData->__launchingHistoryVisible.Equals(L"False", false) == true) { AppLog("pAppData->__launchingHistoryVisible(%ls) does not be allowed in public privilege level", pAppData->__launchingHistoryVisible.GetPointer()); pAppData->__launchingHistoryVisible = L"True"; } } #if 0 if (pAppData->__isSubMode == true) { AppLog("pAppData->__isSubMode(%d) does not be allowed in public privilege level", pAppData->__isSubMode); pAppData->__isSubModeAllowed = false; } if (pAppData->__pFeatureList) { String autoStart = L"AutoRestart"; String* pValue = static_cast(pAppData->__pFeatureList->GetValue(autoStart)); if (pValue && (pValue->Equals("True", false) == true)) { AppLog("AutoRestart does not be allowed in public privilege level"); pAppData->__pFeatureList->Remove(autoStart); } String launchOnBoot = L"LaunchOnBoot"; pValue = static_cast(pAppData->__pFeatureList->GetValue(launchOnBoot)); if (pValue && (pValue->Equals("True", false) == true)) { AppLog("LaunchOnBoot does not be allowed in public privilege level"); pAppData->__pFeatureList->Remove(launchOnBoot); } } #endif } } } else { TryCatch(__pContext->__privilegeLevel, error = INSTALLER_ERROR_SIGNATURE_INVALID, "__pContext->__privilegeLevel is unknown."); } CATCH: GoNextState(); return error; } InstallerError SignatureStep::OnStateDone(void) { InstallerError error = INSTALLER_ERROR_NONE; GoNextState(); return error; }