--- a/installationservices/swi/source/swis/server/installmachine.cpp Fri Mar 19 09:33:35 2010 +0200
+++ b/installationservices/swi/source/swis/server/installmachine.cpp Fri Apr 16 15:05:20 2010 +0300
@@ -1,5 +1,5 @@
/*
-* Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
+* Copyright (c) 2004-2010 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
@@ -51,7 +51,11 @@
#include <ocsp.h>
#include "secutils.h"
#include "sislauncherclient.h"
-
+#include "swicenrep.h"
+// Security settings.
+#include <x509certext.h>
+#include <pkixvalidationresult.h>
+#include <secsettings/secsettingsclient.h>
#ifdef SYMBIAN_UNIVERSAL_INSTALL_FRAMEWORK
#include "swi/sisversion.h"
#include "swi/nativecomponentinfo.h"
@@ -62,6 +66,9 @@
using namespace Swi;
using namespace Swi::Sis;
+_LIT(KExpressSignedOID, "1.2.826.0.1.1796587.1.1.2.1");
+_LIT(KCertifiedSignedOID, "1.2.826.0.1.1796587.1.1.2.2");
+_LIT(KCertifiedSignedWithVerisignOID, "1.2.826.0.1.1796587.1.1.2.3");
//
// TInstallState
@@ -493,6 +500,7 @@
}
case ESignatureSelfSigned:
+ {
iInstallMachine.SetTrust(ESisPackageCertificateChainNoTrustAnchor);
iInstallMachine.SetValidationStatus(EValidated);
@@ -501,11 +509,36 @@
if(iInstallMachine.IsInInfoMode())
break;
#endif
- if (!SecurityAlertL(ETrue))
- User::Leave(KErrCancel);
- break;
-
-
+
+ TBool allowSelfSigned(ETrue);
+
+ // Session to access Install Central Repository Server.
+ SecuritySettingsServer::RSecSettingsSession secSettingsSession;
+
+ // Connect to the Central Repository server.
+ User::LeaveIfError(secSettingsSession.Connect());
+
+ CleanupClosePushL(secSettingsSession);
+
+ // Read-in the values of the settings - KAllowSelfSignedInstallKey.
+ // These will retain the default values if any error occurs.
+
+ TRAPD(err, (allowSelfSigned = secSettingsSession.SettingValueL(KUidInstallationRepository , KAllowSelfSignedInstallKey)));
+
+ if( err == KErrNone || err == KErrSettingNotFound || err == KErrNotFound)
+ {
+ if (!allowSelfSigned || !SecurityAlertL(ETrue))
+ {
+ User::Leave(KErrCancel);
+ }
+ }
+ else
+ {
+ User::Leave(err);
+ }
+ CleanupStack::PopAndDestroy(&secSettingsSession);
+ break;
+ }
case ECertificateValidationError:
case ENoCertificate:
case ENoCodeSigningExtension:
@@ -636,24 +669,104 @@
if ((iInstallMachine.iCertificates.Count()) && iNeedOcsp)
{
- // We haven't done the planning phase so we need to use the default
- TAppInfo appInfo(iInstallMachine.iCurrentContentProvider->DefaultLanguageAppInfoL());
+ TInt checkOCSPForExpressSignedPkg = 1;
+ TInt checkOCSPForSelfSignedPkg = 1;
+ TInt checkOCSPForCertifiedSignedPkg = 1;
+ TInt checkOCSPForCertifiedWithVeriSignPkg = 1;
+
+ // Session to access Security Central Repository Server.
+ SecuritySettingsServer::RSecSettingsSession secSettingsSession;
- // Signal OCSP check starting
- CHandleCancellableInstallEvent* cmd = CHandleCancellableInstallEvent::NewLC(appInfo, EEventOcspCheckStart, 0, KNullDesC);
- iInstallMachine.UiHandler().ExecuteL(*cmd);
- CleanupStack::PopAndDestroy(cmd);
+ // Connect to the Security Central Repository server.
+ User::LeaveIfError(secSettingsSession.Connect());
+
+ CleanupClosePushL(secSettingsSession);
+
+ // Read-in the values of the settings from the Install Central Repository.
+ // These will retain the default values if any error occurs.
+ TRAPD(err, checkOCSPForExpressSignedPkg = secSettingsSession.SettingValueL(KUidInstallationRepository, KCheckOCSPForExpressedSignedPkgKey));
+ TRAP(err, checkOCSPForSelfSignedPkg = secSettingsSession.SettingValueL(KUidInstallationRepository, KCheckOCSPForSelfSignedPkgKey));
+ TRAP(err, checkOCSPForCertifiedSignedPkg = secSettingsSession.SettingValueL(KUidInstallationRepository, KCheckOCSPForCertifiedSignedPkgKey));
+ TRAP(err, checkOCSPForCertifiedWithVeriSignPkg = secSettingsSession.SettingValueL(KUidInstallationRepository, KCheckOCSPForCertifiedWithVeriSignPkgKey));
- // Start OCSP check.
- TBuf8<256> ocspUri(iInstallMachine.iInstallPrefs->RevocationServerUri());
- iInstallMachine.iSecurityManager->PerformOcspL(ocspUri, iInstallMachine.iIap,
- &iInstallMachine.iOcspMsg,iInstallMachine.iOcspOutcomes,
- iInstallMachine.iCertificates,iInstallMachine.iStatus);
+ CleanupStack::PopAndDestroy(&secSettingsSession);
- TTime time;
- time.UniversalTime();
- TSisTrustStatus& trustStatus = iInstallMachine.iController->TrustStatus();
- trustStatus.SetLastCheckDate(time);
+ TBool makeOcspCheck = (checkOCSPForExpressSignedPkg == 1) && (checkOCSPForSelfSignedPkg == 1) && (checkOCSPForCertifiedSignedPkg == 1) && (checkOCSPForCertifiedWithVeriSignPkg == 1);
+
+ //Find the OID of the certificate and make ocsp check based on settings retreived from cenrep
+ for (TInt i=0; i<iInstallMachine.iCertificates.Count(); ++i)
+ {
+ if(makeOcspCheck)//Could be true if set in the previous iCertificates.
+ {
+ break;
+ }
+ CX509Certificate* cert = iInstallMachine.iCertificates[i];
+ const CX509CertExtension* certExt = cert->Extension(KCertPolicies);
+ if (certExt == NULL)
+ {
+ makeOcspCheck = ETrue;
+ continue;
+ }
+ CX509CertPoliciesExt* policyExt = CX509CertPoliciesExt::NewLC(certExt->Data());
+ const CArrayPtrFlat<CX509CertPolicyInfo>& policies = policyExt->Policies();
+ if(policies.Count() == 0)
+ {
+ makeOcspCheck = ETrue;
+ }
+ for(TInt j=0; j<policies.Count(); ++j)
+ {
+ HBufC* oid = (policies[j])->Id().AllocLC();
+ if (oid->Compare(KExpressSignedOID) == 0)
+ {
+ makeOcspCheck = (checkOCSPForExpressSignedPkg==1);
+ }
+ else if(oid->Compare(KCertifiedSignedOID) == 0)
+ {
+ makeOcspCheck = (checkOCSPForCertifiedSignedPkg==1);
+ }
+ else if(oid->Compare(KCertifiedSignedWithVerisignOID) == 0)
+ {
+ makeOcspCheck = (checkOCSPForCertifiedWithVeriSignPkg==1);
+ }
+ else if(iInstallMachine.iSigValidationResult == ESignatureSelfSigned)
+ {
+ makeOcspCheck = (checkOCSPForSelfSignedPkg==1);
+ }
+ CleanupStack::PopAndDestroy(oid);
+ if(makeOcspCheck)
+ {
+ break;
+ }
+ }
+ CleanupStack::PopAndDestroy(policyExt);
+ }
+
+ if (makeOcspCheck)
+ {
+ // We haven't done the planning phase so we need to use the default
+ TAppInfo appInfo(iInstallMachine.iCurrentContentProvider->DefaultLanguageAppInfoL());
+
+ // Signal OCSP check starting
+ CHandleCancellableInstallEvent* cmd = CHandleCancellableInstallEvent::NewLC(appInfo, EEventOcspCheckStart, 0, KNullDesC);
+ iInstallMachine.UiHandler().ExecuteL(*cmd);
+ CleanupStack::PopAndDestroy(cmd);
+
+ // Start OCSP check.
+ TBuf8<256> ocspUri(iInstallMachine.iInstallPrefs->RevocationServerUri());
+ iInstallMachine.iSecurityManager->PerformOcspL(ocspUri, iInstallMachine.iIap,
+ &iInstallMachine.iOcspMsg,iInstallMachine.iOcspOutcomes,
+ iInstallMachine.iCertificates,iInstallMachine.iStatus);
+
+ TTime time;
+ time.UniversalTime();
+ TSisTrustStatus& trustStatus = iInstallMachine.iController->TrustStatus();
+ trustStatus.SetLastCheckDate(time);
+ }
+ else
+ {
+ iNeedOcsp = EFalse;
+ iInstallMachine.CompleteSelf();
+ }
}
else
{
@@ -905,11 +1018,6 @@
//contains any executable(.exe or .dll).
if (iInstallMachine.IsInInfoMode())
{
- TCapabilitySet userGrantableCaps;
- userGrantableCaps.SetEmpty();
- iInstallMachine.GetRequestedCapabilities(userGrantableCaps, filesToCapabilityCheck);
- iInstallMachine.SetUserGrantableCapabilities(userGrantableCaps);
-
Sis::CController& controller = const_cast <Sis::CController&>(iInstallMachine.iPlanner->CurrentController());
controller.SetHasExecutable(EFalse);
TInt noOfFiles = filesToCapabilityCheck.Count();
@@ -1187,24 +1295,43 @@
void CInstallMachine::PostJournalFinalizationL(TInt aError)
{
DEBUG_PRINTF(_L8("Install Machine - PostJournalFinalization"));
-
+
#ifdef SYMBIAN_UNIVERSAL_INSTALL_FRAMEWORK
// Do nothing in info mode
if(IsInInfoMode())
{
return;
- }
+ }
#endif
+
if (!iPlan)
{
return;
}
const RPointerArray<CSisRegistryFileDescription>& filesToRun = iPlan->FilesToRunAfterInstall();
-
- TInt numFiles = filesToRun.Count();
-
+ RSisLauncherSession launcher;
+ if (launcher.Connect() != KErrNone)
+ {
+ DEBUG_PRINTF(_L8("Install Machine - Failed to connect to SisLauncher"));
+ return;
+ }
+ CleanupClosePushL(launcher);
+
+#ifdef SYMBIAN_UNIVERSAL_INSTALL_FRAMEWORK
+ //Notify apparc for the the change in the Applications
+ RArray<TAppUpdateInfo> affectedApps;
+ iPlan->GetAffectedApps(affectedApps);
+ if (affectedApps.Count() > 0)
+ {
+ launcher.NotifyNewAppsL(affectedApps);
+ }
+ affectedApps.Close();
+#endif
+
+ TInt numFiles = filesToRun.Count();
if (aError != KErrNone || numFiles <= 0)
{
+ CleanupStack::PopAndDestroy(&launcher);
return;
}
@@ -1218,17 +1345,12 @@
return;
}
- DEBUG_PRINTF(_L8("Install Machine - Processing files to run after install"));
- RSisLauncherSession launcher;
+ DEBUG_PRINTF(_L8("Install Machine - Processing files to run after install"));
+
+#ifndef SYMBIAN_UNIVERSAL_INSTALL_FRAMEWORK
- if (launcher.Connect() != KErrNone)
- {
- DEBUG_PRINTF(_L8("Install Machine - Failed to connect to SisLauncher, continuing..."));
- return;
- }
- CleanupClosePushL(launcher);
launcher.NotifyNewAppsL(iPlan->AppArcRegFiles());
-
+#endif
if (iPlan->ContainsPlugins())
{
@@ -1561,17 +1683,19 @@
// Check if any of them are system capabilities. If so, bail out.
TCapabilitySet requiredExtraSysCaps(requestedCaps);
SecurityCheckUtil::RemoveUserCaps(requiredExtraSysCaps, *iSecurityManager);
- TAppInfo appInfo(iCurrentContentProvider->DefaultLanguageAppInfoL());
-
+
#ifdef SYMBIAN_UNIVERSAL_INSTALL_FRAMEWORK
// Report the error to the user only when machine not runs in info collection mode
if(IsInInfoMode())
{
- SetUserGrantableCapabilities(requestedCaps);
+ TCapabilitySet requiredUserCaps(requestedCaps);
+ requiredUserCaps.Remove(requiredExtraSysCaps);
+ SetUserGrantableCapabilities(requiredUserCaps);
return;
}
#endif
+ TAppInfo appInfo(iCurrentContentProvider->DefaultLanguageAppInfoL());
if (SecurityCheckUtil::NotEmpty(requiredExtraSysCaps)||(SecurityCheckUtil::NotEmpty(requestedCaps) && EFalse==iSecurityManager->SecurityPolicy().AllowGrantUserCaps()))
{
// Report error to the user. Include the list of capabilities that are left in requestedCaps.
@@ -1811,6 +1935,20 @@
//Setting the HasExecutable flag
aNativeComponentInfo->iHasExe = controller.HasExecutable();
+ //Setting the drive selection requird flag
+ aNativeComponentInfo->iIsDriveSelectionRequired = controller.DriveSelectionRequired();
+
+ //Populate ApplicationInfo, copy the app info from controller's iApplicationInfo to install machines's iApplicationInfo
+ RCPointerArray<CNativeComponentInfo::CNativeApplicationInfo> applications;
+ applications = const_cast<CController&>(aController).GetApplicationInfo();
+ for(TInt i = 0 ; i < applications.Count() ; i++)
+ {
+ CNativeComponentInfo::CNativeApplicationInfo* appInfo = NULL;
+ appInfo = CNativeComponentInfo::CNativeApplicationInfo::NewLC(applications[i]->AppUid(), applications[i]->Name(), applications[i]->GroupName(), applications[i]->IconFileName());
+ aNativeComponentInfo->iApplications.AppendL(appInfo);
+ CleanupStack::Pop(appInfo);
+ }
+
const RPointerArray<CController>& embeddedControllers = aController.InstallBlock().EmbeddedControllers();
TInt totalEmbeddedControllers = embeddedControllers.Count();
for (TInt controller = 0; controller < totalEmbeddedControllers; controller++)