2 * Copyright(c) 2013-2020 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0(the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "privilege_db_manager.h"
18 #include "privilege_private.h"
19 #include "privilege_manager_types.h"
30 #include <tzplatform_config.h>
31 #define GLOBAL_USER tzplatform_getuid(TZ_SYS_GLOBALAPP_USER)
34 #define LOG_TAG "PRIVILEGE_DB_MANAGER"
35 #define _LOGE(fmt, arg...) LOGE(fmt, ##arg)
36 #define _LOGD(fmt, arg...) LOGD(fmt, ##arg)
37 #define _LOGW(fmt, arg...) LOGW(fmt, ##arg)
38 #define _LOGI(fmt, arg...) LOGI(fmt, ##arg)
41 #define _LOGE(fmt, arg...)
42 #define _LOGD(fmt, arg...)
43 #define _LOGW(fmt, arg...)
44 #define _LOGI(fmt, arg...)
48 #define STORAGE_PRIVACY "http://tizen.org/privacy/storage"
50 #define MAX_RETRY_CNT 10 // max 0.5s
51 #define USLEEP_TIME (50 * 1000) // 0.05s
53 #include <iniparser.h>
54 privilege_profile_type_e get_priv_profile()
56 static privilege_profile_type_e saved = 0xff;
58 if (__builtin_expect(saved == 0xff, 0)) {
59 dictionary *dic = iniparser_load(INI_PATH);
62 /* if there is no .ini file, let's assume it's mobile (the default as recommended by Yunjin Lee) */
63 saved = PRIVILEGE_PROFILE_TYPE_MOBILE;
67 const char* val = iniparser_getstring(dic, INI_KEYWORD_PROFILE, NULL);
73 saved = PRIVILEGE_PROFILE_TYPE_MOBILE;
77 saved = PRIVILEGE_PROFILE_TYPE_WEARABLE;
81 saved = PRIVILEGE_PROFILE_TYPE_TV;
85 saved = PRIVILEGE_PROFILE_TYPE_IOT;
87 default: // common or ivi or unknown ==> Mobile as the default recommended by Yunjin Lee
88 saved = PRIVILEGE_PROFILE_TYPE_MOBILE;
91 saved = PRIVILEGE_PROFILE_TYPE_MOBILE;
93 iniparser_freedict(dic);
98 #define TryReturn(condition, expr, returnValue, ...) \
100 _LOGE(__VA_ARGS__); \
102 return returnValue; \
105 #define TRY_INIT_DB(type, db) { \
106 int ret = __initialize_db(type, db); \
107 if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) { \
112 #define TRY_PREPARE_STMT(db, sql, stmt) { \
113 int ret = __prepare_stmt(db, sql, stmt); \
114 if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) { \
115 __finalize_db(db, *stmt, sql); \
120 #define TRY_BEGIN_TRANSACTION(db) { \
121 if (__begin_transaction(db) != PRIVILEGE_DB_MANAGER_ERR_NONE) { \
122 __finalize_db(db, NULL, NULL); \
123 return PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL; \
127 #define TRY_FINISH_TRANSACTION(result, db, stmt, sql) { \
128 int ret_val = __finish_transaction(result, db); \
129 __finalize_db(db, stmt, sql); \
133 #define SAFE_FREE(var) { if ((var) != NULL) {free(var); var = NULL; } }
134 #define SAFE_SQLITE_FREE(sql) { if ((sql) != NULL) {sqlite3_free(sql); sql = NULL; } }
135 #define SAFE_SQLITE_FINALIZE(stmt) { if ((stmt) != NULL) {sqlite3_finalize(stmt); stmt = NULL; } }
136 #define SAFE_G_LIST_FREE_FULL(list, func) { if ((list) != NULL) {g_list_free_full(list, func); list = NULL; } }
138 static const char* __get_policy_table(privilege_manager_policy_type_e policy_type)
140 switch (policy_type) {
141 case (PRVMGR_POLICY_TYPE_PREVENT):
142 return "prevent_list";
143 case (PRVMGR_POLICY_TYPE_DISABLE):
145 return "disable_list";
149 static int __initialize_db(privilege_db_type_e type, sqlite3 ** db)
151 char *db_path = NULL;
152 int db_mode = SQLITE_OPEN_READONLY;
155 case PRIVILEGE_DB_TYPE_INFO:
156 db_path = PRIVILEGE_DB_PATH;
158 case PRIVILEGE_DB_TYPE_POLICY_RW:
159 db_mode = SQLITE_OPEN_READWRITE;
160 __attribute__ ((fallthrough));
161 case PRIVILEGE_DB_TYPE_POLICY_RO:
162 db_path = PRIVILEGE_POLICY_DB_PATH;
164 case PRIVILEGE_DB_TYPE_PRIVACY_RW:
165 db_mode = SQLITE_OPEN_READWRITE;
166 __attribute__ ((fallthrough));
167 case PRIVILEGE_DB_TYPE_PRIVACY_RO:
168 db_path = PRIVILEGE_PRIVACY_DB_PATH;
171 _LOGE("Undefined db initialize mode!");
172 return PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE;
175 if (access(db_path, F_OK) == -1 && errno == ENOENT)
176 return PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY;
178 int ret = sqlite3_open_v2(db_path, db, db_mode, NULL);
179 if (ret != SQLITE_OK) {
180 _LOGE("[DB_FAIL] Can't open database %s : %s", db_path, sqlite3_errmsg(*db));
182 return PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL;
185 _LOGE("[DB_FAIL] Can't open database %s : db handle is NULL", db_path);
186 return PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL;
189 return PRIVILEGE_DB_MANAGER_ERR_NONE;
192 static void __finalize_db(sqlite3 *db, sqlite3_stmt *stmt, char* sql)
194 SAFE_SQLITE_FINALIZE(stmt);
195 SAFE_SQLITE_FREE(sql);
198 sqlite3_close_v2(db);
201 static int __prepare_stmt(sqlite3 *db, char* sql, sqlite3_stmt **stmt)
203 TryReturn(sql != NULL, , PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "query is NULL");
205 if (sqlite3_prepare_v2(db, sql, strlen(sql), stmt, NULL) != SQLITE_OK) {
206 _LOGE("sqlite3_prepare_v2() failed. ret %d[%s]", sqlite3_errcode(db), sqlite3_errmsg(db));
207 return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
210 return PRIVILEGE_DB_MANAGER_ERR_NONE;
213 static int __finish_transaction(int result, sqlite3 *db)
215 if (result != PRIVILEGE_DB_MANAGER_ERR_NONE) {
216 _LOGE("DB update failed. Try ROLLBACK TRANSACTION.");
217 if (sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL) != SQLITE_OK) {
218 _LOGE("[DB_FAIL] sqlite3_exec for 'ROLLBACK TRANSACTION' failed. ret %d[%s]", sqlite3_errcode(db), sqlite3_errmsg(db));
221 if (sqlite3_exec(db, "COMMIT TRANSACTION", NULL, NULL, NULL) != SQLITE_OK) {
222 _LOGE("[DB_FAIL] sqlite3_exec for 'COMMIT TRANSACTION' failed. ret %d[%s]", sqlite3_errcode(db), sqlite3_errmsg(db));
223 return PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
229 static int __begin_transaction(sqlite3 *db)
234 while (ret != SQLITE_OK) {
235 ret = sqlite3_exec(db, "BEGIN IMMEDIATE TRANSACTION", NULL, NULL, NULL);
236 if (ret != SQLITE_OK) {
237 _LOGE("sqlite3_exec() for BEGIN IMMEDIATE TRANSACTION failed. ret %d[%s]", sqlite3_errcode(db), sqlite3_errmsg(db));
238 if (ret == SQLITE_BUSY || ret == SQLITE_LOCKED) {
239 if (retry_cnt < MAX_RETRY_CNT) {
243 _LOGE("Exceed MAX_RETRY_CNT. BEGIN IMMEDIATE TRANSACTION failed.");
244 return PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
247 return PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
251 return PRIVILEGE_DB_MANAGER_ERR_NONE;
254 static int __make_privilege_list_str(GList *privilege_list, char** privilege_list_str)
256 char* temp_privilege_list_str = NULL;
257 for (GList* l = privilege_list; l != NULL; l = l->next) {
258 char *privilege_name = (char *)l->data;
259 if (temp_privilege_list_str == NULL) {
260 temp_privilege_list_str = sqlite3_mprintf("'%q'", privilege_name);
262 char* temp = sqlite3_mprintf("%s, '%q'", temp_privilege_list_str, privilege_name);
263 SAFE_SQLITE_FREE(temp_privilege_list_str);
264 temp_privilege_list_str = temp;
266 if (temp_privilege_list_str == NULL)
269 *privilege_list_str = temp_privilege_list_str;
273 static void __get_db_error(int *ret)
275 _LOGE("[PRIVILEGE_DB_MANAGER_ERR_DB_FAIL] %s", sqlite3_errstr(*ret));
278 *ret = PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL;
280 case SQLITE_CONSTRAINT:
281 *ret = PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL;
284 *ret = PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL;
287 *ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
291 void privilege_db_manager_list_free(GList* list)
293 SAFE_G_LIST_FREE_FULL(list, free);
296 int privilege_db_manager_check_black_list(uid_t uid, privilege_manager_package_type_e package_type, GList* privilege_list)
299 sqlite3_stmt *stmt = NULL;
303 TRY_INIT_DB(PRIVILEGE_DB_TYPE_POLICY_RO, &db);
305 char *privilege_list_str = NULL;
306 TryReturn(__make_privilege_list_str(privilege_list, &privilege_list_str) == 0 && privilege_list_str != NULL, sqlite3_close(db), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] making privilege_list_str for where in query is failed.");
308 char *sql = sqlite3_mprintf("select count(distinct privilege_name) from prevent_list where privilege_name in(%s)and (uid=%d or uid=%d) and package_type=%d", privilege_list_str, uid, GLOBAL_USER, package_type);
309 SAFE_SQLITE_FREE(privilege_list_str);
311 TRY_PREPARE_STMT(db, sql, &stmt);
313 if (sqlite3_step(stmt) == SQLITE_ROW)
314 count = sqlite3_column_int(stmt, 0);
316 __finalize_db(db, stmt, sql);
321 static void __free_privilege_level_info(privilege_level_info_s* p)
323 SAFE_FREE(p->privilege_name);
327 static void __free_privilege_level_info_list(gpointer privilege_level_info_list)
329 __free_privilege_level_info((privilege_level_info_s*)privilege_level_info_list);
332 void free_privilege_level_info_list(GList* row_list)
334 SAFE_G_LIST_FREE_FULL(row_list, __free_privilege_level_info_list);
337 static privilege_level_info_s* __new_privilege_level_info(const char* privilege, int privilege_level_id)
339 privilege_level_info_s *p = (privilege_level_info_s*)malloc(sizeof(privilege_level_info_s));
340 TryReturn(p != NULL, , NULL, "malloc() of privilege_level_info_s failed.");
342 p->privilege_name = g_strdup(privilege);
343 p->privilege_level_id = privilege_level_id;
348 int privilege_db_manager_get_privilege_level_info_list(privilege_manager_package_type_e package_type, GList ** privilege_list)
351 sqlite3_stmt *stmt = NULL;
353 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
355 char *sql = sqlite3_mprintf("select privilege_name, privilege_level_id from privilege_info where package_type_id=%d", package_type);
357 TRY_PREPARE_STMT(db, sql, &stmt);
359 GList *temp_privilege_list = NULL;
360 while (sqlite3_step(stmt) == SQLITE_ROW) {
361 privilege_level_info_s *p = __new_privilege_level_info((const char*)sqlite3_column_text(stmt, 0), sqlite3_column_int(stmt, 1));
362 TryReturn(p != NULL, free_privilege_level_info_list(temp_privilege_list); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] __new_privilege_level_info() failed.");
363 temp_privilege_list = g_list_append(temp_privilege_list, p);
366 *privilege_list = temp_privilege_list;
368 __finalize_db(db, stmt, sql);
370 return PRIVILEGE_DB_MANAGER_ERR_NONE;
373 int privilege_db_manager_get_mapped_privilege_list(const char *api_version, privilege_manager_package_type_e package_type, GList * privilege_list, GList ** mapped_privilege_list)
376 sqlite3_stmt *stmt = NULL;
378 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
380 char *privilege_list_str = NULL;
381 TryReturn(__make_privilege_list_str(privilege_list, &privilege_list_str) == 0 && privilege_list_str != NULL, sqlite3_close(db), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] making privilege_list_str for where in query is failed.");
383 char *sql = sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where package_type_id=%d and privilege_name in(%s) and from_api_version<=%Q and to_api_version>%Q", package_type, privilege_list_str, api_version, api_version, package_type);
384 SAFE_SQLITE_FREE(privilege_list_str);
386 TRY_PREPARE_STMT(db, sql, &stmt);
388 GList *temp_privilege_list = NULL;
389 while (sqlite3_step(stmt) == SQLITE_ROW) {
390 char *privilege_name = g_strdup((char *)sqlite3_column_text(stmt, 0));
391 temp_privilege_list = g_list_append(temp_privilege_list, privilege_name);
394 *mapped_privilege_list = temp_privilege_list;
396 __finalize_db(db, stmt, sql);
398 return PRIVILEGE_DB_MANAGER_ERR_NONE;
401 int privilege_db_manager_get_privacy_display(const char *privacy_name, char **privacy_display)
404 sqlite3_stmt *stmt = NULL;
405 int ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
407 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
409 char *sql = sqlite3_mprintf("select privacy_display from privacy_info where privacy_name=%Q", privacy_name);
411 TRY_PREPARE_STMT(db, sql, &stmt);
413 if (sqlite3_step(stmt) == SQLITE_ROW) {
414 *privacy_display = g_strdup((char*)sqlite3_column_text(stmt, 0));
416 ret = PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
419 __finalize_db(db, stmt, sql);
424 int privilege_db_manager_get_privilege_display(privilege_manager_package_type_e package_type, const char *privilege_name, __attribute__((unused)) const char *api_version, char **privilege_display)
427 sqlite3_stmt *stmt = NULL;
428 int ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
430 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
432 char *sql = sqlite3_mprintf("select privilege_display from privilege_info where package_type_id=%d and privilege_name=%Q", package_type, privilege_name);
434 TRY_PREPARE_STMT(db, sql, &stmt);
436 if (sqlite3_step(stmt) == SQLITE_ROW) {
437 *privilege_display = g_strdup((char *)sqlite3_column_text(stmt, 0));
439 ret = PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
442 __finalize_db(db, stmt, sql);
447 int privilege_db_manager_get_privilege_description(privilege_manager_package_type_e package_type, const char *privilege_name, __attribute__((unused)) const char *api_version, char **privilege_description)
450 sqlite3_stmt *stmt = NULL;
451 int ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
453 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
455 char *sql = sqlite3_mprintf("select privilege_description from privilege_info where package_type_id=%d and privilege_name=%Q", package_type, privilege_name);
457 TRY_PREPARE_STMT(db, sql, &stmt);
459 if (sqlite3_step(stmt) == SQLITE_ROW) {
460 *privilege_description = g_strdup((char *)sqlite3_column_text(stmt, 0));
462 ret = PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
465 __finalize_db(db, stmt, sql);
470 int privilege_db_manager_get_privilege_group_id(privilege_manager_package_type_e package_type, const char *privilege_name, __attribute__((unused)) const char *api_version, int *privilege_group_id)
473 sqlite3_stmt *stmt = NULL;
474 int ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
476 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
478 char *sql = sqlite3_mprintf("select privilege_group_id from privilege_info where package_type_id=%d and privilege_name=%Q",
479 package_type, privilege_name);
481 TRY_PREPARE_STMT(db, sql, &stmt);
483 if (sqlite3_step(stmt) == SQLITE_ROW) {
484 *privilege_group_id = (int)sqlite3_column_int(stmt, 0);
486 ret = PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
489 __finalize_db(db, stmt, sql);
494 int privilege_db_manager_is(char type, const char* privilege)
497 sqlite3_stmt *stmt = NULL;
499 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
504 sql = sqlite3_mprintf("select privilege_name from privilege_mapping where mapped_privilege_name=%Q", privilege);
507 sql = sqlite3_mprintf("select is_privacy from privilege_info where privilege_name=%Q and package_type='core'", privilege);
510 sql = sqlite3_mprintf("select distinct (case when exists(select * from privilege_info where privilege_name=%Q) then 0 else 1 end) from privilege_mapping where mapped_privilege_name=%Q", privilege, privilege);
513 _LOGE("Undefined type for privilege_db_manager_is()");
514 __finalize_db(db, stmt, sql);
515 return PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE;
518 TRY_PREPARE_STMT(db, sql, &stmt);
520 int ret = sqlite3_step(stmt);
521 if (ret == SQLITE_ROW) {
528 ret = sqlite3_column_int(stmt, 0);
531 } else if (ret == SQLITE_DONE) {
532 _LOGD("[PRIVILEGE_DB_MANAGER] NO DATA TO READ. %s is invalid privilege.", privilege);
538 __finalize_db(db, stmt, sql);
543 // TODO: change it to get package's privacy option only.
544 int privilege_db_manager_is_privacy_white_list(const char* pkgid, const char* privilege)
547 sqlite3_stmt *stmt = NULL;
550 int ret = privilege_db_manager_get_privacy_id_by_privilege(privilege, &privacy_id);
551 TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE, , ret, "[PRIVILEGE_DB_MANAGER] privilege_db_manager_get_privacy_id_by_privilege failed");
553 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
555 char *sql = sqlite3_mprintf("select privacy_option from privacy_whitelist where pkg_id=%Q", pkgid);
557 TRY_PREPARE_STMT(db, sql, &stmt);
560 while (sqlite3_step(stmt) == SQLITE_ROW) {
561 char* privacy_option = (char *)sqlite3_column_text(stmt, 0);
562 if (privacy_option[privacy_id] == '1') {
568 __finalize_db(db, stmt, sql);
573 // TODO: make it to get package's privacy option and settable info only.
574 int privilege_db_manager_is_user_settable(const char* pkgid, const char* privacy_name)
577 sqlite3_stmt *stmt = NULL;
580 int ret = privilege_db_manager_get_privacy_id(privacy_name, &privacy_id);
581 TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE, , ret, "[PRIVILEGE_DB_MANAGER] privilege_db_manager_get_privacy_id failed");
583 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
585 char *sql = sqlite3_mprintf("select privacy_option, settable from privacy_whitelist where pkg_id=%Q", pkgid);
587 TRY_PREPARE_STMT(db, sql, &stmt);
590 while (sqlite3_step(stmt) == SQLITE_ROW) {
591 char* privacy_option = (char *)sqlite3_column_text(stmt, 0);
592 int settable_flag = (int)sqlite3_column_int(stmt, 1);
593 if (privacy_option[privacy_id] == '1' && settable_flag == 1) {
595 } else if (privacy_option[privacy_id] == '1' && settable_flag == 0) {
601 __finalize_db(db, stmt, sql);
606 int privilege_db_manager_is_disabled_privilege(uid_t uid, const char* privilege)
609 sqlite3_stmt *stmt = NULL;
611 TRY_INIT_DB(PRIVILEGE_DB_TYPE_POLICY_RO, &db);
613 char *sql = sqlite3_mprintf("select * from disable_list where privilege_name=%Q and (uid=%d or uid=%d)", privilege, uid, GLOBAL_USER);
615 TRY_PREPARE_STMT(db, sql, &stmt);
618 if (sqlite3_step(stmt) == SQLITE_ROW)
621 __finalize_db(db, stmt, sql);
625 int privilege_db_manager_get_privacy_list(GList **privacy_list)
628 sqlite3_stmt *stmt = NULL;
630 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
632 char *sql = sqlite3_mprintf("select DISTINCT privacy_name from privilege_info where is_privacy=1 and package_type='core' order by privacy_name");
634 TRY_PREPARE_STMT(db, sql, &stmt);
636 GList* temp_privacy_list = NULL;
637 while (sqlite3_step(stmt) == SQLITE_ROW) {
638 char *privacy_name = g_strdup((char *)sqlite3_column_text(stmt, 0));
639 temp_privacy_list = g_list_append(temp_privacy_list, privacy_name);
642 *privacy_list = temp_privacy_list;
644 __finalize_db(db, stmt, sql);
646 return PRIVILEGE_DB_MANAGER_ERR_NONE;
649 int privilege_db_manager_get_privilege_list_by_privacy(const char* privacy, GList **privilege_list)
652 sqlite3_stmt *stmt = NULL;
654 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
656 char *sql = sqlite3_mprintf("select distinct privilege_name from privilege_info where is_privacy=1 and privacy_name=%Q", privacy);
658 TRY_PREPARE_STMT(db, sql, &stmt);
660 GList* temp_privilege_list = NULL;
661 while (sqlite3_step(stmt) == SQLITE_ROW) {
662 char *privilege_name = g_strdup((char *)sqlite3_column_text(stmt, 0));
663 temp_privilege_list = g_list_append(temp_privilege_list, privilege_name);
666 __finalize_db(db, stmt, sql);
668 *privilege_list = temp_privilege_list;
670 return PRIVILEGE_DB_MANAGER_ERR_NONE;
673 int privilege_db_manager_get_privacy_by_privilege(const char* privilege, char** privacy_name)
676 sqlite3_stmt *stmt = NULL;
677 int ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
679 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
681 char *sql = sqlite3_mprintf("select privacy_name from privilege_info where privilege_name=%Q and package_type='core'", privilege);
683 TRY_PREPARE_STMT(db, sql, &stmt);
685 if (sqlite3_step(stmt) == SQLITE_ROW) {
686 *privacy_name = g_strdup((char*)sqlite3_column_text(stmt, 0));
688 ret = PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
691 __finalize_db(db, stmt, sql);
696 int privilege_db_manager_get_same_privacy_grouped_privileges(const char* privilege, GList** privilege_list)
699 sqlite3_stmt *stmt = NULL;
701 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
703 char *sql = sqlite3_mprintf("select distinct privilege_name from privilege_info where privacy_name=(select distinct privacy_name from privilege_info where privilege_name=%Q and is_privacy=1)", privilege);
705 TRY_PREPARE_STMT(db, sql, &stmt);
707 GList* temp_privilege_list = NULL;
708 while (sqlite3_step(stmt) == SQLITE_ROW) {
709 char *privilege_name = g_strdup((char *)sqlite3_column_text(stmt, 0));
710 temp_privilege_list = g_list_append(temp_privilege_list, privilege_name);
713 __finalize_db(db, stmt, sql);
715 if (temp_privilege_list == NULL)
716 return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
718 *privilege_list = temp_privilege_list;
720 return PRIVILEGE_DB_MANAGER_ERR_NONE;
723 int privilege_db_manager_get_privacy_id_by_privilege(const char* privilege, int *privacy_id)
726 sqlite3_stmt *stmt = NULL;
728 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
730 char *sql = sqlite3_mprintf("select privacy_id from privacy_info where privacy_name=(select privacy_name from privilege_info where privilege_name=%Q and package_type='core')", privilege);
732 TRY_PREPARE_STMT(db, sql, &stmt);
734 int ret = sqlite3_step(stmt);
735 if (ret == SQLITE_ROW) {
736 *privacy_id = (int)sqlite3_column_int(stmt, 0);
737 ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
739 ret = PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
742 __finalize_db(db, stmt, sql);
747 int privilege_db_manager_get_privacy_id(const char* privacy, int *privacy_id)
750 sqlite3_stmt *stmt = NULL;
753 TRY_INIT_DB(PRIVILEGE_DB_TYPE_INFO, &db);
755 char *sql = sqlite3_mprintf("select privacy_id from privacy_info where privacy_name=%Q", privacy);
758 TRY_PREPARE_STMT(db, sql, &stmt);
760 int ret = sqlite3_step(stmt);
761 if (ret == SQLITE_ROW) {
762 *privacy_id = (int)sqlite3_column_int(stmt, 0);
763 ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
765 _LOGD("privacy %s not exist", privacy);
766 ret = PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
769 __finalize_db(db, stmt, sql);
774 int privilege_db_manager_get_black_list(privilege_manager_policy_type_e policy_type, int uid, privilege_manager_package_type_e package_type, GList **privilege_list)
777 sqlite3_stmt *stmt = NULL;
779 TRY_INIT_DB(PRIVILEGE_DB_TYPE_POLICY_RO, &db);
782 if (policy_type == PRVMGR_POLICY_TYPE_DISABLE)
783 sql = sqlite3_mprintf("select privilege_name from %Q where (uid=%d or uid=%d)", __get_policy_table(policy_type), uid, GLOBAL_USER);
784 else if (policy_type == PRVMGR_POLICY_TYPE_PREVENT)
785 sql = sqlite3_mprintf("select privilege_name from %Q where uid=%d and package_type=%d", __get_policy_table(policy_type), uid, package_type);
787 TRY_PREPARE_STMT(db, sql, &stmt);
789 GList *temp_privilege_list = NULL;
790 while (sqlite3_step(stmt) == SQLITE_ROW) {
791 char *privilege_name = g_strdup((char *)sqlite3_column_text(stmt, 0));
792 temp_privilege_list = g_list_append(temp_privilege_list, privilege_name);
795 *privilege_list = temp_privilege_list;
797 __finalize_db(db, stmt, sql);
799 return PRIVILEGE_DB_MANAGER_ERR_NONE;
802 int privilege_db_manager_set_black_list(int uid, privilege_manager_package_type_e package_type, GList *privilege_list)
805 sqlite3_stmt *stmt = NULL;
808 int ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
810 TRY_INIT_DB(PRIVILEGE_DB_TYPE_POLICY_RW, &db);
812 TRY_BEGIN_TRANSACTION(db);
814 for (GList *l = privilege_list; l != NULL; l = l->next) {
815 char *privilege_name = (char *)l->data;
816 sql = sqlite3_mprintf("insert or ignore into prevent_list (uid, package_type, privilege_name) values (%d, %d, %Q)", uid, package_type, privilege_name);
818 if (__prepare_stmt(db, sql, &stmt) != PRIVILEGE_DB_MANAGER_ERR_NONE) {
819 ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
823 if (sqlite3_step(stmt) != SQLITE_DONE) {
824 _LOGE("sqlite3_step() failed. [%s]", sqlite3_errmsg(db));
825 ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
828 SAFE_SQLITE_FINALIZE(stmt);
829 SAFE_SQLITE_FREE(sql);
832 TRY_FINISH_TRANSACTION(ret, db, stmt, sql);
835 int privilege_db_manager_unset_black_list(int uid, privilege_manager_package_type_e package_type, GList *privilege_list)
838 sqlite3_stmt *stmt = NULL;
839 int ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
842 TRY_INIT_DB(PRIVILEGE_DB_TYPE_POLICY_RW, &db);
844 TRY_BEGIN_TRANSACTION(db);
846 for (GList *l = privilege_list; l != NULL; l = l->next) {
847 char *privilege_name = (char *)l->data;
848 sql = sqlite3_mprintf("delete from prevent_list where uid=%d and package_type=%d and privilege_name=%Q", uid, package_type, privilege_name);
850 if (__prepare_stmt(db, sql, &stmt) != PRIVILEGE_DB_MANAGER_ERR_NONE) {
851 ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
855 if (sqlite3_step(stmt) != SQLITE_DONE) {
856 _LOGE("sqlite3_step() failed. [%s]", sqlite3_errmsg(db));
857 ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
861 SAFE_SQLITE_FINALIZE(stmt);
862 SAFE_SQLITE_FREE(sql);
865 TRY_FINISH_TRANSACTION(ret, db, stmt, sql);
868 //TODO: Do insert only. DO NOT determine whether to insert or not in here.
869 int privilege_db_manager_set_package_privacy_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list)
872 sqlite3_stmt *stmt = NULL;
875 int ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
877 TRY_INIT_DB(PRIVILEGE_DB_TYPE_PRIVACY_RW, &db);
879 GList* mapped_privilege_list = NULL;
880 ret = privilege_db_manager_get_mapped_privilege_list(api_version, package_type, privilege_list, &mapped_privilege_list);
881 TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE && mapped_privilege_list != NULL, __finalize_db(db, stmt, NULL), PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL, "[DB_FAIL] privilege_db_manager_get_mapped_privilege_list failed");
883 TRY_BEGIN_TRANSACTION(db);
886 for (l = mapped_privilege_list; l != NULL; l = l->next) {
887 char *privilege_name = (char *)l->data;
888 if (strstr(privilege_name, "/internal/") == NULL) {
889 char * privacy_name = NULL;
890 ret = privilege_db_manager_get_privacy_by_privilege(privilege_name, &privacy_name);
891 if (ret == PRIVILEGE_DB_MANAGER_ERR_NONE && strstr(privacy_name, "N/A") == NULL && privilege_db_manager_is_user_settable(pkgid, privacy_name) == 1) {
892 sql = sqlite3_mprintf("insert or ignore into privacy_package (uid, pkg_id, privacy_name, privilege_name, api_version, is_critical) values (%d, %Q, %Q, %Q, %Q, 0)", uid, pkgid, privacy_name, privilege_name, api_version);
894 if (__prepare_stmt(db, sql, &stmt) != PRIVILEGE_DB_MANAGER_ERR_NONE) {
895 ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
899 if (sqlite3_step(stmt) != SQLITE_DONE) {
900 _LOGE("sqlite3_step() failed. [%s]", sqlite3_errmsg(db));
901 ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
905 SAFE_SQLITE_FREE(sql);
906 SAFE_SQLITE_FINALIZE(stmt);
908 SAFE_FREE(privacy_name);
911 SAFE_G_LIST_FREE_FULL(mapped_privilege_list, free);
913 TRY_FINISH_TRANSACTION(ret, db, stmt, sql);
916 int privilege_db_manager_unset_package_privilege_info(const uid_t uid, const char* pkgid)
919 sqlite3_stmt *stmt = NULL;
921 TRY_INIT_DB(PRIVILEGE_DB_TYPE_PRIVACY_RW, &db);
923 char* sql = sql = sqlite3_mprintf("delete from privacy_package where pkg_id = %Q and uid = %d", pkgid, uid);
925 TRY_PREPARE_STMT(db, sql, &stmt);
928 int ret = sqlite3_step(stmt);
929 if (ret != SQLITE_DONE)
930 __get_db_error(&ret);
932 ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
934 __finalize_db(db, stmt, sql);
939 int privilege_db_manager_is_privacy_requestable(const uid_t uid, const char* pkgid, const char* privilege, privilege_manager_package_type_e pkg_type, bool* is_privacy_requestable)
942 sqlite3_stmt *stmt = NULL;
945 TRY_INIT_DB(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db);
948 if (g_privilege_profile_type == PRIVILEGE_PROFILE_TYPE_WEARABLE || pkg_type == PRVMGR_PACKAGE_TYPE_CORE) {
949 sql = sqlite3_mprintf("select (case when api_version < 4 then 0 else 1 end) from privacy_package where (uid=%d or uid=%d) and pkg_id=%Q and privilege_name=%Q", uid, GLOBAL_USER, pkgid, privilege);
951 sql = sqlite3_mprintf("select (case when api_version < 4 or (api_version < 5 and privacy_name=%Q) then 0 else 1 end) from privacy_package where (uid=%d or uid=%d) and pkg_id=%Q and privilege_name=%Q", STORAGE_PRIVACY, uid, GLOBAL_USER, pkgid, privilege);
954 TRY_PREPARE_STMT(db, sql, &stmt);
956 ret = sqlite3_step(stmt);
957 if (ret == SQLITE_ROW) {
958 if (sqlite3_column_int(stmt, 0))
959 *is_privacy_requestable = true;
961 *is_privacy_requestable = false;
962 ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
963 } else if (ret == SQLITE_DONE) {
964 ret = PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
966 _LOGE("sqlite3_step() failed. et %d[%s]", ret, sqlite3_errmsg(db));
967 //TODO: add error value for internal error
970 __finalize_db(db, stmt, sql);
975 int privilege_db_manager_get_all_privacy_package_list(const uid_t uid, GList** package_list)
978 sqlite3_stmt *stmt = NULL;
980 TRY_INIT_DB(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db);
981 char *sql = sqlite3_mprintf("select distinct pkg_id from privacy_package where (uid=%d or uid=%d)", uid, GLOBAL_USER);
983 TRY_PREPARE_STMT(db, sql, &stmt);
985 GList* temp_package_list = NULL;
986 while (sqlite3_step(stmt) == SQLITE_ROW) {
987 char *pkgid = g_strdup((char *)sqlite3_column_text(stmt, 0));
988 temp_package_list = g_list_append(temp_package_list, pkgid);
991 __finalize_db(db, stmt, sql);
993 *package_list = temp_package_list;
994 if (temp_package_list == NULL)
995 return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
997 return PRIVILEGE_DB_MANAGER_ERR_NONE;
1000 int privilege_db_manager_get_privacy_list_by_pkgid(const uid_t uid, const char* pkgid, GList** privacy_list)
1003 sqlite3_stmt *stmt = NULL;
1005 TRY_INIT_DB(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db);
1007 char *sql = sqlite3_mprintf("select distinct privacy_name from privacy_package where (uid=%d or uid=%d) and pkg_id=%Q", uid, GLOBAL_USER, pkgid);
1009 TRY_PREPARE_STMT(db, sql, &stmt);
1011 GList* temp_privacy_list = NULL;
1012 while (sqlite3_step(stmt) == SQLITE_ROW) {
1013 char *privacy_name = g_strdup((char *)sqlite3_column_text(stmt, 0));
1014 temp_privacy_list = g_list_append(temp_privacy_list, privacy_name);
1017 __finalize_db(db, stmt, sql);
1019 *privacy_list = temp_privacy_list;
1020 if (temp_privacy_list == NULL)
1021 return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
1023 return PRIVILEGE_DB_MANAGER_ERR_NONE;
1026 int privilege_db_manager_get_package_list_by_privacy(const uid_t uid, const char* privacy, GList** package_list)
1029 sqlite3_stmt *stmt = NULL;
1031 TRY_INIT_DB(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db);
1033 char *sql = sqlite3_mprintf("select distinct pkg_id from privacy_package where (uid=%d or uid=%d) and privacy_name=%Q", uid, GLOBAL_USER, privacy);
1035 TRY_PREPARE_STMT(db, sql, &stmt);
1037 GList* temp_package_list = NULL;
1038 while (sqlite3_step(stmt) == SQLITE_ROW) {
1039 char *pkgid = g_strdup((char *)sqlite3_column_text(stmt, 0));
1040 temp_package_list = g_list_append(temp_package_list, pkgid);
1043 __finalize_db(db, stmt, sql);
1045 *package_list = temp_package_list;
1046 if (temp_package_list == NULL)
1047 return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
1049 return PRIVILEGE_DB_MANAGER_ERR_NONE;
1052 int privilege_db_manager_get_privilege_list_by_pkgid_and_privacy(const uid_t uid, const char* pkgid, const char* privacy, GList** privilege_list)
1055 sqlite3_stmt *stmt = NULL;
1057 TRY_INIT_DB(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db);
1059 char *sql = sqlite3_mprintf("select distinct privilege_name from privacy_package where (uid=%d or uid=%d) and pkg_id=%Q and privacy_name=%Q", uid, GLOBAL_USER, pkgid, privacy);
1061 TRY_PREPARE_STMT(db, sql, &stmt);
1063 GList* temp_privilege_list = NULL;
1064 while (sqlite3_step(stmt) == SQLITE_ROW) {
1065 char *privilege_name = g_strdup((char *)sqlite3_column_text(stmt, 0));
1066 temp_privilege_list = g_list_append(temp_privilege_list, privilege_name);
1069 __finalize_db(db, stmt, sql);
1071 *privilege_list = temp_privilege_list;
1072 if (temp_privilege_list == NULL)
1073 return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
1075 return PRIVILEGE_DB_MANAGER_ERR_NONE;
projects / platform / core / security / privilege-checker.git / blob