3 PATH=/bin:/usr/bin:/sbin:/usr/sbin
5 TZ_SYS_RO_SHARE=`tzplatform-get TZ_SYS_RO_SHARE | cut -d= -f2`
6 SCRIPT_DIR=$(readlink -f "$0" | xargs dirname)
7 PRIVILEGE_DB_DIR="$TZ_SYS_RO_SHARE/privilege-manager/"
8 PRIVILEGE_DB=$PRIVILEGE_DB_DIR".privilege.db"
9 PRIVILEGE_DB_BKUP=$PRIVILEGE_DB_DIR".privilege.db.bkup"
10 SECURITY_MANAGER_POLICY_DIR="$TZ_SYS_RO_SHARE/security-manager/policy/"
11 SECURITY_MANAGER_POLICY_FILE_PRE="usertype-"
12 SECURITY_MANAGER_POLICY_FILE_POST=".profile"
13 SECURITY_MANAGER_GROUP_MAPPING_FILE=$SECURITY_MANAGER_POLICY_DIR"privilege-group.list"
15 PRIVILEGE_INFO_CSV="$PRIVILEGE_DB_DIR""privilege_info.csv"
16 PRIVILEGE_MAPPING_CSV="$PRIVILEGE_DB_DIR""privilege_mapping.csv"
17 PRIVACY_WHITELIST_CSV="$PRIVILEGE_DB_DIR""privacy_whitelist.csv"
18 PRIVILEGE_GROUP_MAPPING_LIST="$PRIVILEGE_DB_DIR""privilege-group.list"
20 SECURITY_MANAGER_DB=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
26 cp $PRIVILEGE_DB $PRIVILEGE_DB_BKUP
30 echo "[ERROR] backup failed. Exit status $rst"
34 function restoreBackup {
37 while [ $rst -ne 0 ] && [ $trial_num -lt 10 ]
39 cp $PRIVILEGE_DB_BKUP $PRIVILEGE_DB
46 echo "[ERROR] restoreBackup failed. Exit status $rst"
54 function checkUpdateResult {
55 local integritycheckresult=`sqlite3 $PRIVILEGE_DB "pragma integrity_check"`
56 if [ "$integritycheckresult" == "ok" ]; then
59 echo "[ERROR] Update failed. Restore backup."
64 function join { local IFS="$1 "; shift; echo "$*"; }
69 echo -e "There was an error in command-line options:
70 No option specified, use '-h' or '--help' to print help message"
76 privilege-db-update <update-option> [parameters]
79 Starred[*] parameters must be given.
81 Do all possible update with update-option a or all. (* No parameter required *)
82 Prepare files containing update information at /usr/share/privilege-manager/
83 with file name privilege_info.csv, privilege_mapping.csv, privacy_whitelist.csv and privilege-group.list
85 Add new privilege information with update-option i or info.
87 For bulk update, prepare .csv file with following columns:
88 package_type,privilege_level,documented,privilege_name,privacy_name,privilege_display,privilege_description,privilege_group
89 If the privilege is not a privacy privilege then left privacy_name field as blank. All other fields must be filled.
90 [*]-f, --file Bulk file path.
92 [*]-p, --privilege Privilege name.
93 [*]-t, --packagetype Whether the privilege is for core, wrt, or metadata.
94 -P, --privacy Privacy group which the given privilege is included in.
95 Don't give this parameter for NOT privacy privilege.
96 [*]-l, --level Privilege level.
97 [*]-d, --display DID of privilege's display name.
98 [*]-D, --description DID of privilege's description.
99 -s, --documented Whether privilege is added to SDK resources or not.
100 [*]-g, --group Privilege group.
102 Add new privilege mapping information with update-option m or mapping.
104 For bulk update, prepare .csv file with following columns:
105 package_type,privilege_name,from_api_version,to_api_version,mapped_privilege_name
106 All field must be filled.
107 [*]-f, --file Bulk file path.
108 [*]-u, --usertype User type. Use '*' to update all usertypes.
109 Single privilege mapping
110 [*]-p, --privilege Privilege name.
111 [*]-F, --from api-version from (privilege mappinge {api-version from} <= {api-version}).
112 [*]-T, --to api-version to (privilege mappinge {api-version} < {api-version to}).
113 [*]-t, --packagetype Whether the privilege is for core or wrt.
114 [*]-m, --mappedprivilege Mapped privilege name.
115 [*]-u, --usertype User type. Use '*' to update all usertypes.
117 Replace privacy whitelist with update-option w or whitelist. It wipes the existing whitelist and updates it with the given privacy whitelist file.
118 For update, prepare .csv file with following columns:
119 package_id,cert_level,privacy_option,settable
120 All field must be filled.
121 [*] <filepath> Give .csv file path as parameter.
123 Add new privilege-gid mapping with update-option g or group.
125 For bulk update, prepare file with following format:
126 <privilege name> <group name>
127 ex) http://tizen.org/privilege/camera priv_camera
128 http://tizen.org/privilege/email priv_email
129 [*] <filepath> Bulk file path.
131 [*] <privilege name> Give privilege name as parameter
132 [*] <group name> Give group name as parameter
135 privilege-db-update all
136 privilege-db-update info --file '/tmp/privilege_info.csv'
137 privilege-db-update i -p 'http://tizen.org/privilege/new.privilege' -t 'core' -d 'IDS_DISPLAY_NAME' -D 'IDS_DESCRIPTION' -g 'IDS_TPLATFORM_BODY_PERSONAL_INFORMATION_ABB' -s 'yes' -l 'partner'
138 privilege-db-update mapping --file '/tmp/privilege_mapping.csv' -u admin
139 privilege-db-update m --packagetype 'core' --privilege 'http://tizen.org/privilege/privilege.name' --from '2.3.1' --to '9.9' --mappedprivilege 'http://tizen.org/privilege/mapped.privilege.name' --usertype admin,system,security
140 privilege-db-update w '/tmp/privacy_whitelist.csv'
141 privilege-db-update whitelist '/tmp/privacy_whitelist.csv'
142 privilege-db-update g '/tmp/privilege-group-mapping.list'
143 privilege-db-update gid 'http://tizen.org/privilege/privilegename' 'priv_groupname'
145 elif [ "$1" == "privacy" ]; then
146 privacy_list=`sqlite3 $PRIVILEGE_DB "select distinct privacy_name from privacy_info"`
147 echo -e "Privacy name should be one of the followings:\n$privacy_list"
148 elif [ "$1" == "packagetype" ]; then
149 echo -e "Package type should be one of the followings: core, wrt, metadata"
150 elif [ "$1" == "level" ]; then
151 echo -e "Privilege level should be one of the followings: public, partner, platform"
152 elif [ "$1" == "group" ]; then
153 echo -e "Group should be one of the followings:
154 IDS_TPLATFORM_BODY_HARDWARE_CONTROLS_ABB
155 IDS_TPLATFORM_OPT_LOCATION_T_LBS
156 IDS_TPLATFORM_BODY_NETWORK_CONNECTIONS_ABB
157 IDS_TPLATFORM_BODY_PAID_SERVICES_ABB
158 IDS_TPLATFORM_BODY_PERSONAL_INFORMATION_ABB
159 IDS_TPLATFORM_BODY_SYSTEM_SETTINGS_ABB
160 IDS_TPLATFORM_BODY_OTHER_PRIVILEGES_ABB"
161 elif [ "$1" == "documented" ]; then
162 echo -e "Documented should be 'yes' or 'no'.\nIf the value is not written then the default value is 'yes'"
163 elif [ "$1" == "usertype" ]; then
164 local usertypelist=$(join , $(ls $SECURITY_MANAGER_POLICY_DIR | grep usertype | cut -d '-' -f2 | cut -d '.' -f1))
165 echo -e "Use '*' to update all usertypes.\nOr choose valid usertypes from followings: $usertypelist
167 --usertype admin,security,guest"
173 function policy_load {
174 find "$SECURITY_MANAGER_POLICY_DIR" -name "usertype-*.profile" |
177 bucket="`echo $file | sed -r 's|.*/usertype-(.*).profile$|USER_TYPE_\1|' | tr '[:lower:]' '[:upper:]'`"
180 while read app privilege
182 user="*" # Match any user id
183 policy="0xFFFF" # ALLOW (FIXME: cyad should parse policy names, not numeric values)
184 printf '%s;%s;%s;%s;%s;\n' "$bucket" "$user" "$app" "$privilege" "$policy"
186 cyad --set-policy --bulk=-
191 function gid_mapping {
194 echo "DELETE FROM privilege_group;"
195 grep -v '^#' "$SECURITY_MANAGER_GROUP_MAPPING_FILE" |
196 while read privilege group
198 echo "INSERT INTO privilege_group (privilege_name, group_name) VALUES ('$privilege', '$group');"
201 ) | sqlite3 "$SECURITY_MANAGER_DB"
204 function add_privilege_info {
205 local mode bulkfile privilege level level_id display description group group_id packagetype packagetype_id
206 local privacy="N/A" is_privacy=0 documented="yes"
207 local input=(`echo "$@"`)
209 for ((x=1; x<${#input[@]}; x=x+2));
211 if [ "${input[x]}" == "-f" ] || [ "${input[x]}" == "--file" ]
213 if [ "$mode" == "single" ]
215 echo "[ERROR] Do not use -p,--privilege with -f,--file"
218 if [ -r ${input[$((x+1))]} ] && [ -f ${input[$((x+1))]} ]
220 bulkfile=${input[$((x+1))]}
221 elif [ -r $SCRIPT_DIR"/${input[$((x+1))]}" ] && [ -f $SCRIPT_DIR"/${input[$((x+1))]}" ]
223 bulkfile=$SCRIPT_DIR"/${input[$((x+1))]}"
225 if [ "$bulkfile" == "" ]; then
226 echo "[ERROR] file(${input[$((x+1))]}) not exist or unreadable!!!"
230 elif [ "${input[x]}" == "-p" ] || [ "${input[x]}" == "--privilege" ]
232 if [ "$mode" == "bulk" ]
234 echo "[ERROR] Do not use -p,--privilege with -f,--file"
237 privilege=${input[$((x+1))]}
239 elif [ "${input[x]}" == "-P" ] || [ "${input[x]}" == "--privacy" ]
241 privacy_exist=`sqlite3 $PRIVILEGE_DB "select exists(select 1 from privacy_info where privacy_name='${input[$((x+1))]}')"`
242 if [ "$privacy_exist" != "1" ]; then
243 echo "[ERROR] privacy ${input[$((x+1))]} not exist!"
246 privacy=${input[$((x+1))]}
248 elif [ "${input[x]}" == "-l" ] || [ "${input[x]}" == "--level" ]
250 level=${input[$((x+1))]}
251 if [ "$level" == "public" ]; then
253 elif [ "$level" == "partner" ]; then
255 elif [ "$level" == "platform" ]; then
258 echo "[ERROR] wrong privilege level"
261 elif [ "${input[x]}" == "-d" ] || [ "${input[x]}" == "--display" ]
263 display=${input[$((x+1))]}
264 elif [ "${input[x]}" == "-D" ] || [ "${input[x]}" == "--description" ]
266 description=${input[$((x+1))]}
267 elif [ "${input[x]}" == "-s" ] || [ "${input[x]}" == "--documented" ]
269 if [ "${input[$((x+1))]}" != "yes" ] && [ "${input[$((x+1))]}" != "no" ]
271 printUsage "documented"
273 documented=${input[$((x+1))]}
274 elif [ "${input[x]}" == "-g" ] || [ "${input[x]}" == "--group" ]
276 if [ "${input[$((x+1))]}" == "IDS_TPLATFORM_BODY_HARDWARE_CONTROLS_ABB" ]; then
278 elif [ "${input[$((x+1))]}" == "IDS_TPLATFORM_OPT_LOCATION_T_LBS" ]; then
280 elif [ "${input[$((x+1))]}" == "IDS_TPLATFORM_BODY_NETWORK_CONNECTIONS_ABB" ]; then
282 elif [ "${input[$((x+1))]}" == "IDS_TPLATFORM_BODY_PAID_SERVICES_ABB" ]; then
284 elif [ "${input[$((x+1))]}" == "IDS_TPLATFORM_BODY_PERSONAL_INFORMATION_ABB" ]; then
286 elif [ "${input[$((x+1))]}" == "IDS_TPLATFORM_BODY_SYSTEM_SETTINGS_ABB" ]; then
288 elif [ "${input[$((x+1))]}" == "IDS_TPLATFORM_BODY_OTHER_PRIVILEGES_ABB" ]; then
291 echo "[ERROR] wrong group"
294 group=${input[$((x+1))]}
295 elif [ "${input[x]}" == "-t" ] || [ "${input[x]}" == "--packagetype" ]
297 packagetype=${input[$((x+1))]}
298 if [ "$packagetype" == "core" ]; then
300 elif [ "$packagetype" == "wrt" ]; then
302 elif [ "$packagetype" == "metadata" ]; then
305 echo "[ERROR] wrong packagetype"
306 printUsage "packagetype"
313 if [ "$mode" == "bulk" ]
315 bulk_add_privilege_info $bulkfile
316 elif [ "$mode" == "single" ]
318 if [ "$privilege" == "" ]; then
319 echo "[ERROR] privilege required"
321 elif [ "$packagetype" == "" ]; then
322 echo "[ERROR] packagetype required"
323 printUsage "packagetype"
324 elif [ "$display" == "" ] || [ "$description" == "" ]
326 echo "[ERROR] display and description required"
328 elif [ "$group" == "" ]
330 echo "[ERROR] group required"
332 elif [ "$level" == "" ]
334 echo "[ERROR] privilege level required"
338 echo -e "Add privilege\n\nPackage type: $packagetype\nLevel: $level\nPrivilege: $privilege\nPrivacy: $privacy\nDisplay name: $display\nDescription: $description\nGroup: $group\nDocumented: $documented"
342 sqlite3 $PRIVILEGE_DB "insert into privilege_info (
343 package_type_id, package_type, privilege_level_id, privilege_level, documented, privilege_name,
344 is_privacy, privacy_name, privilege_display, privilege_description, privilege_group_id, privilege_group)
345 values ($packagetype_id, '$packagetype', $level_id, '$level', '$documented', '$privilege',
346 '$is_privacy', '$privacy', '$display', '$description', $group_id, '$group')"
354 function bulk_add_privilege_info {
356 sed -e "s/#//g" $1 > "$PRIVILEGE_DB_DIR/tmp.csv"
359 sqlite3 -csv -separator "," $PRIVILEGE_DB ".import "$PRIVILEGE_DB_DIR/tmp.csv" tmp"
361 # check if there's missing column
362 cols=`sqlite3 $PRIVILEGE_DB "PRAGMA table_info(tmp)" | tr '[:upper:]' '[:lower:]' | cut -d "|" -f2`
367 if [ "$i" == "package_type" ]; then
369 elif [ "$i" == "privilege_name" ]; then
371 elif [ "$i" == "privilege_display" ]; then
373 elif [ "$i" == "privilege_description" ]; then
375 elif [ "$i" == "privilege_group" ]; then
377 elif [ "$i" == "privacy_name" ]; then
379 elif [ "$i" == "documented" ]; then
381 elif [ "$i" == "privilege_level" ]; then
386 if [ $check_cols_num -ne 0 ]; then
387 # missing column exists
388 echo "[ERROR] There's missing column field in the given csv file: $1"
389 rm "$PRIVILEGE_DB_DIR/tmp.csv"
394 sqlite3 $PRIVILEGE_DB "
395 insert into privilege_info (package_type_id, package_type, privilege_level_id, privilege_level, documented, privilege_name, is_privacy, privacy_name, privilege_display, privilege_description, privilege_group_id, privilege_group)
400 when 'metadata' then 2 end),
402 (case privilege_level
404 when 'partner' then 1
405 when 'platform' then 2 end),
409 case when package_type='core' and privacy_name != '' then 1 else 0 end,
410 case when package_type='core' and privacy_name != '' then privacy_name else 'N/A' end,
412 privilege_description,
413 (case privilege_group
414 when 'IDS_TPLATFORM_BODY_HARDWARE_CONTROLS_ABB' then 0
415 when 'IDS_TPLATFORM_OPT_LOCATION_T_LBS' then 1
416 when 'IDS_TPLATFORM_BODY_NETWORK_CONNECTIONS_ABB' then 2
417 when 'IDS_TPLATFORM_BODY_PAID_SERVICES_ABB' then 3
418 when 'IDS_TPLATFORM_BODY_PERSONAL_INFORMATION_ABB' then 4
419 when 'IDS_TPLATFORM_BODY_SYSTEM_SETTINGS_ABB' then 5
420 when 'IDS_TPLATFORM_BODY_OTHER_PRIVILEGES_ABB' then 6 end),
423 sqlite3 $PRIVILEGE_DB "drop table tmp"
424 rm "$PRIVILEGE_DB_DIR/tmp.csv"
429 function add_privilege_mapping {
430 local mode bulkfile privilege mapped_privilege package_type version_from version_to usertype
433 # Get all input parameters
434 for ((x=1; x<${#input[@]}; x=x+2));
436 if [ "${input[x]}" == "-f" ] || [ "${input[x]}" == "--file" ]
438 if [ "$mode" == "single" ]
440 echo "[ERROR] Do not use -p,--privilege with -f,--file"
443 if [ -r ${input[$((x+1))]} ] && [ -f ${input[$((x+1))]} ]
445 bulkfile=${input[$((x+1))]}
446 elif [ -r $SCRIPT_DIR"/${input[$((x+1))]}" ] && [ -f $SCRIPT_DIR"/${input[$((x+1))]}" ]
448 bulkfile=$SCRIPT_DIR"/${input[$((x+1))]}"
450 if [ "$bulkfile" == "" ]; then
451 echo "[ERROR] file(${input[$((x+1))]}) not exist or unreadable!!!"
455 elif [ "${input[x]}" == "-u" ] || [ "${input[x]}" == "--usertype" ]
457 usertype="${input[$((x+1))]}"
458 if [ "$usertype" != "*" ]
460 IFS=',' read -r -a usertypes <<< "$usertype"
461 for userbucket in "${usertypes[@]}"
463 check_userbucket=`find $SECURITY_MANAGER_POLICY_DIR -name "$SECURITY_MANAGER_POLICY_FILE_PRE$userbucket$SECURITY_MANAGER_POLICY_FILE_POST"`
464 if [ "$check_userbucket" == "" ]; then
465 echo "[ERROR] usertype $userbucket not exist!"
466 printUsage "usertype"
470 usertype=$(join , $(ls $SECURITY_MANAGER_POLICY_DIR | grep usertype | cut -d '-' -f2 | cut -d '.' -f1))
472 elif [ "${input[x]}" == "-p" ] || [ "${input[x]}" == "--privilege" ]
474 if [ "$mode" == "bulk" ]
476 echo "[ERROR] Do not use -p,--privilege with -f,--file"
480 privilege=${input[$((x+1))]}
481 elif [ "${input[x]}" == "-F" ] || [ "${input[x]}" == "--from" ]
483 version_from=${input[$((x+1))]}
484 elif [ "${input[x]}" == "-T" ] || [ "${input[x]}" == "--to" ]
486 version_to=${input[$((x+1))]}
487 elif [ "${input[x]}" == "-t" ] || [ "${input[x]}" == "--packagetype" ]
489 packagetype=${input[$((x+1))]}
490 if [ "$packagetype" == "core" ]; then
492 elif [ "$packagetype" == "wrt" ]; then
495 echo "[ERROR] wrong packagetype"
496 printUsage "packagetype"
498 elif [ "${input[x]}" == "-m" ] || [ "${input[x]}" == "--mappedprivilege" ]
500 mapped_privilege=${input[$((x+1))]}
504 if [ "$usertype" == "" ]; then
505 echo "[ERROR] usertype required"
506 printUsage "usertype"
509 if [ "$mode" == "bulk" ]; then
510 bulk_add_privilege_mapping $bulkfile $usertype
511 elif [ "$mode" == "single" ]; then
512 if [ "$privilege" == "" ]; then
513 echo "[ERROR] privilege required"
515 elif [ "$version_from" == "" ] || [ "$version_to" == "" ]
517 echo "[ERROR] api-version from/to required"
519 elif [ "$mapped_privilege" == "" ]; then
520 echo "[ERROR] mapped privilege required"
522 elif [ "$packagetype" == "" ]; then
523 echo "[ERROR] packagetype required"
529 sqlite3 $PRIVILEGE_DB "insert into
530 privilege_mapping (package_type_id, package_type, privilege_name, from_api_version, to_api_version, mapped_privilege_name)
531 values ($packagetype_id, '$packagetype', '$privilege', '$version_from', '$version_to', '$mapped_privilege')"
535 IFS=',' read -r -a usertypes <<< "$usertype"
537 local userbucket_update=0
538 for userbucket in "${usertypes[@]}"
540 userbucket_path="$SECURITY_MANAGER_POLICY_DIR$SECURITY_MANAGER_POLICY_FILE_PRE$userbucket$SECURITY_MANAGER_POLICY_FILE_POST"
541 if [ -a "$userbucket_path" ]; then
542 check_userbucket=`grep -rn "$mapped_privilege$" $userbucket_path | wc -l`
544 if [ $check_userbucket -eq 0 ]; then
545 echo "* $mapped_privilege" >> $userbucket_path
546 ((userbucket_update++))
550 if [ $userbucket_update -gt 0 ]; then
551 if [ "$UPDATE_ALL" == "false" ]; then
562 function bulk_add_privilege_mapping {
563 sed -e "s/#//g" $1 > "$PRIVILEGE_DB_DIR/tmp.csv"
566 sqlite3 -csv -separator "," $PRIVILEGE_DB ".import "$PRIVILEGE_DB_DIR/tmp.csv" tmp"
568 cols=`sqlite3 $PRIVILEGE_DB "PRAGMA table_info(tmp)" | tr '[:upper:]' '[:lower:]' | cut -d "|" -f2`
574 if [ "$i" == "package_type" ]; then
576 elif [ "$i" == "privilege_name" ]; then
578 elif [ "$i" == "from_api_version" ]; then
580 elif [ "$i" == "to_api_version" ]; then
582 elif [ "$i" == "mapped_privilege_name" ]; then
586 if [ $check_cols_num -ne 0 ]; then
587 echo "[ERROR] There's missing column field in the given csv file: $1"
588 rm "$PRIVILEGE_DB_DIR/tmp.csv"
593 sqlite3 $PRIVILEGE_DB "
594 insert into privilege_mapping (package_type_id, package_type, privilege_name, from_api_version, to_api_version, mapped_privilege_name)
598 when 'core' then 1 end),
603 mapped_privilege_name
605 IFS=$'\r\n' read -r -a privileges <<< `sqlite3 $PRIVILEGE_DB "select distinct mapped_privilege_name from tmp"`
606 sqlite3 $PRIVILEGE_DB "drop table tmp"
607 rm "$PRIVILEGE_DB_DIR/tmp.csv"
611 IFS=',' read -r -a usertypes <<< "$2"
613 local userbucket_update=0
614 for userbucket in "${usertypes[@]}"
616 userbucket_path="$SECURITY_MANAGER_POLICY_DIR$SECURITY_MANAGER_POLICY_FILE_PRE$userbucket$SECURITY_MANAGER_POLICY_FILE_POST"
617 for privilege in $privileges
619 local check_userbucket=`grep -rn "$privilege$" $userbucket_path | wc -l`
620 if [ $check_userbucket -eq 0 ]; then
621 echo "* $privilege" >> $userbucket_path
622 ((userbucket_update++))
627 if [ $userbucket_update -gt 0 ]; then
628 if [ "$UPDATE_ALL" == "false" ]; then
636 function add_privacy_whitelist {
637 if [ $# -lt 2 ]; then
641 if [ -r $2 ] && [ -f $2 ]
644 elif [ -r $SCRIPT_DIR"/$2" ] && [ -f $SCRIPT_DIR"/$2" ]
646 bulkfile=$SCRIPT_DIR"/$2"
648 if [ "$bulkfile" == "" ]; then
649 echo "[ERROR] file($2) not exist or unreadable!!!"
653 sed -e "s/#//g" $bulkfile > "$PRIVILEGE_DB_DIR/tmp.csv"
657 sqlite3 -csv -separator "," $PRIVILEGE_DB ".import "$PRIVILEGE_DB_DIR/tmp.csv" tmp"
659 cols=`sqlite3 $PRIVILEGE_DB "PRAGMA table_info(tmp)" | tr '[:upper:]' '[:lower:]' | cut -d "|" -f2`
665 if [ "$i" == "package_id" ]; then
667 elif [ "$i" == "privacy_option" ]; then
669 elif [ "$i" == "settable" ]; then
671 elif [ "$i" == "cert_level" ]; then
675 sqlite3 $PRIVILEGE_DB "drop table tmp"
676 rm "$PRIVILEGE_DB_DIR/tmp.csv"
677 if [ $check_cols_num -ne 0 ]; then
678 echo "[ERROR] There's missing column field in the given csv file: $2"
679 rm $PRIVILEGE_DB_BKUP
683 local privacy_info_list=`sqlite3 $PRIVILEGE_DB "select distinct privacy_id, privacy_name from privacy_info"`
684 for i in $privacy_info_list
686 PRIVACY_ID=`echo $i | cut -d "|" -f1`
687 PRIVACY_NAME=`echo $i | cut -d "|" -f2`
688 PRIVACY_NAME_ONLY=`echo $PRIVACY_NAME | cut -d "/" -f5`
689 declare ${PRIVACY_NAME_ONLY}=$((PRIVACY_ID))
692 PRIVACY_NUM=$((PRIVACY_ID++))
694 #Wipe existing whitelist and insert new privacy whitelist to avoid conflicts
695 sqlite3 $PRIVILEGE_DB "delete from privacy_whitelist"
696 for i in `cat $bulkfile`
698 temp=`echo $i | awk '/^#/'`
699 if [ ! "$temp" = "" ]
703 PKG_ID=`echo $i | cut -d "," -f1`
704 CERT_LEVEL=`echo $i | cut -d "," -f2`
705 if [ "$CERT_LEVEL" = "platform" ]; then
707 elif [ "$CERT_LEVEL" = "partner" ]; then
712 PRIVACY_OPTION=`echo $i | cut -d "," -f3`
713 IFS='-+ ' read -r -a array <<< $PRIVACY_OPTION
716 while [ $((TEMP)) -lt $((PRIVACY_ID)) ]
718 option_array[$((TEMP++))]=0
721 for element in "${array[@]}"
723 if [ "$element" = "*" ]; then
725 while [ $((TEMP)) -lt $PRIVACY_ID ]
727 option_array[$((TEMP++))]=1
730 if [ "${option_array[${element}]}" = "1" ]; then
731 option_array[${element}]=0
733 option_array[${element}]=1
737 SETTABLE=`echo $i | cut -d "," -f4`
738 # privacy option string
740 PRIVACY_OPTION_STRING=""
741 while [ $((TEMP)) -lt $((PRIVACY_ID)) ]
743 PRIVACY_OPTION_STRING="$PRIVACY_OPTION_STRING""${option_array[$((TEMP++))]}"
745 #echo "insert into privacy_whitelist(pkg_id, cert_level, privacy_option, settable) values ('$PKG_ID', $CERT_LEVEL_ID, '$PRIVACY_OPTION_STRING', '$SETTABLE')"
746 sqlite3 $PRIVILEGE_DB "insert into privacy_whitelist(pkg_id, cert_level, privacy_option, settable) values ('$PKG_ID', $CERT_LEVEL_ID, '$PRIVACY_OPTION_STRING', '$SETTABLE')"
751 function add_gid_mapping {
754 elif [ $# -eq 2 ]; then
756 if [ -r $2 ] && [ -f $2 ]
759 elif [ -r $SCRIPT_DIR"/$2" ] && [ -f $SCRIPT_DIR"/$2" ]
761 bulkfile="$SCRIPT_DIR/$2"
763 if [ "$bulkfile" == "" ]
765 echo "[ERROR] file($2) not exist or unreadable"
768 while IFS='' read -r line || [[ -n "$line" ]]; do
769 local check_gid_mapping=`grep -rn "$line$" $SECURITY_MANAGER_GROUP_MAPPING_FILE | wc -l`
770 if [ $check_gid_mapping -eq 0 ]; then
771 echo "$line" >> $SECURITY_MANAGER_GROUP_MAPPING_FILE
775 elif [ $# -eq 3 ]; then
776 local check_gid_mapping=`grep -rn "$2 $3$" $SECURITY_MANAGER_GROUP_MAPPING_FILE | wc -l`
777 if [ $check_gid_mapping -eq 0 ]; then
778 echo "$2 $3" >> $SECURITY_MANAGER_GROUP_MAPPING_FILE
783 if [ "$UPDATE_ALL" == "false" ]; then
790 #======================================================================
791 # [00] Check parameter
792 #======================================================================
796 if [ ! -w $PRIVILEGE_DB ]
798 echo "[ERROR] DB not writable!!"
802 if [ ! -e /usr/bin/security-manager-policy-reload ]
804 echo "[ERROR] security-manager-policy-reload not exist!"
808 if [ $param_count -lt 1 ]; then
810 elif [ "$1" == "a" ] || [ "$1" == "all" ]
813 if [ -r $PRIVILEGE_INFO_CSV ]; then
814 bulk_add_privilege_info $PRIVILEGE_INFO_CSV
816 if [ -r $PRIVILEGE_MAPPING_CSV ]; then
817 bulk_add_privilege_mapping $PRIVILEGE_MAPPING_CSV '*'
819 if [ -r $PRIVACY_WHITELIST_CSV ]; then
820 add_privacy_whitelist w $PRIVACY_WHITELIST_CSV
822 if [ -r $PRIVILEGE_GROUP_MAPPING_LIST ]; then
823 add_gid_mapping g $PRIVILEGE_GROUP_MAPPING_LIST
825 if [ "$UPDATE_POLICY" == "true" ]
830 elif [ "$1" == "-h" ] || [ "$1" == "--help" ]
833 elif [ "$1" == "i" ] || [ "$1" == "info" ]
835 add_privilege_info $@
836 elif [ "$1" == "m" ] || [ "$1" == "mapping" ]
838 add_privilege_mapping "$@"
839 elif [ "$1" == "w" ] || [ "$1" == "whitelist" ]
841 add_privacy_whitelist $@
842 elif [ "$1" == "g" ] || [ "$1" == "gid" ]