2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
18 * @file PrivilegeHandler.cpp
19 * @brief This is the implementation for the PrivilegeHandler class.
24 #include <FBaseString.h>
26 #include <FSecCryptoAesCipher.h>
27 #include <FSecCryptoSha1Hash.h>
28 #include <FBase_StringConverter.h>
29 #include <FBaseInternalTypes.h>
30 #include <FSec_AccessControlTypes.h>
31 #include <FSec_DeviceKeyGenerator.h>
34 #include "InstallerDefs.h"
35 #include "PrivilegeHandler.h"
36 #include "InstallerUtil.h"
38 using namespace Tizen::App;
39 using namespace Tizen::Base;
40 using namespace Tizen::Base::Collection;
41 using namespace Tizen::Base::Utility;
42 using namespace Tizen::Security;
43 using namespace Tizen::Security::Crypto;
44 using namespace Tizen::Text;
45 using namespace Tizen::Io;
49 PrivilegeHandler::PickExternalPrivilege(const IList& fullPrivilegeList, IList& normalPrivilegeList, IList& externalPrivilegeList)
53 String externalPrivilege;
54 ArrayList privilegeList;
56 r = file.Construct(EXTERNAL_PRIVILEGE_FILE_NAME, "r");
57 TryReturnResultTag(OSP_INSTALLER, r == E_SUCCESS, r, r, "[%s] Propagating.", GetErrorMessage(r));
59 privilegeList.Construct();
61 while (file.Read(externalPrivilege) == E_SUCCESS)
63 externalPrivilege.Remove(externalPrivilege.GetLength()-1, 1);
64 privilegeList.Add(new String(externalPrivilege));
67 IEnumerator* pEnum = fullPrivilegeList.GetEnumeratorN();
69 while(pEnum->MoveNext() == E_SUCCESS)
71 String* tempString = static_cast<String*>(pEnum->GetCurrent());
73 if (privilegeList.Contains(*tempString))
75 externalPrivilegeList.Add(new String(*tempString));
79 normalPrivilegeList.Add(new String(*tempString));
84 privilegeList.RemoveAll(true);
89 PrivilegeHandler::GenerateCipherPrivilege(const AppId& appId, const IList& privilegeList, String& encryptedPrivileges, String& checksum, IList& stringPrivilegeList)
92 byte* pBitwisePrivilege = null;
94 ArrayList normalPrivilegeList;
96 encryptedPrivileges.Clear();
98 normalPrivilegeList.Construct();
100 count = privilegeList.GetCount();
106 r = PickExternalPrivilege(privilegeList, normalPrivilegeList, stringPrivilegeList);
107 TryReturnResultTag(OSP_INSTALLER, r == E_SUCCESS, r, r, "[%s] Propagating.", GetErrorMessage(r));
109 pBitwisePrivilege = PackPrivilegeN(normalPrivilegeList);
110 TryReturnResultTag(OSP_INSTALLER, pBitwisePrivilege != null, GetLastResult(), GetLastResult(), "[%s] Propagating.", GetErrorMessage(GetLastResult()));
112 r = GetEncryptedBitwise(pBitwisePrivilege, encryptedPrivileges);
113 TryCatchTag(OSP_INSTALLER, r == E_SUCCESS, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
115 r = GetChecksum(appId, pBitwisePrivilege, checksum);
116 TryCatchTag(OSP_INSTALLER, r == E_SUCCESS, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
122 if (pBitwisePrivilege)
124 free(pBitwisePrivilege);
127 normalPrivilegeList.RemoveAll(true);
132 PrivilegeHandler::GenerateCipherPrivilege(const AppId& appId, const IList& privilegeList, int visibilityLevel, String& encryptedPrivileges, String& checksum, IList& stringPrivilegeList)
134 result r = E_SUCCESS;
135 byte* pBitwisePrivilege = null;
137 ArrayList normalPrivilegeList;
139 encryptedPrivileges.Clear();
141 normalPrivilegeList.Construct();
143 count = privilegeList.GetCount();
149 r = PickExternalPrivilege(privilegeList, normalPrivilegeList, stringPrivilegeList);
150 TryReturnResultTag(OSP_INSTALLER, r == E_SUCCESS, r, r, "[%s] Propagating.", GetErrorMessage(r));
152 r = PackPrivilegeN(normalPrivilegeList, visibilityLevel, &pBitwisePrivilege);
153 TryReturnResultTag(OSP_INSTALLER, r == E_SUCCESS, r, r, "[%s] Propagating.", GetErrorMessage(r));
155 r = GetEncryptedBitwise(pBitwisePrivilege, encryptedPrivileges);
156 TryCatchTag(OSP_INSTALLER, r == E_SUCCESS, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
158 r = GetChecksum(appId, pBitwisePrivilege, checksum);
159 TryCatchTag(OSP_INSTALLER, r == E_SUCCESS, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
165 if (pBitwisePrivilege)
167 free(pBitwisePrivilege);
170 normalPrivilegeList.RemoveAll(true);
175 PrivilegeHandler::PackPrivilegeN(const IList& privilegeList)
177 result r = E_SUCCESS;
179 int privilegeEnum = 0;
181 bool validStringFlag = false;
182 bool resultFlag = true;
183 byte privilegeBit = 0;
184 byte* pResult = null;
185 byte* pBitwisePrivilege = null;
186 IEnumerator* pEnum = null;
190 pResult = (byte*) malloc(sizeof(byte) * MAX_BITWISE_PRIV_SIZE);
191 TryReturnResultTag(OSP_INSTALLER, pResult != null, null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");
193 memset(pResult, 0, MAX_BITWISE_PRIV_SIZE);
195 pEnum = privilegeList.GetEnumeratorN();
196 TryCatch(pEnum != null, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
198 while (pEnum->MoveNext() == E_SUCCESS)
200 validStringFlag = false;
201 String privilegeURI = L"http://tizen.org/privilege/";
203 String* pTempString = (String*) pEnum->GetCurrent();
205 if ((pTempString->GetLength()) < (privilegeURI.GetLength()))
207 AppLogExceptionTag(OSP_INSTALLER, "[E_INVALID_ARG] Invalid privilege string (Length error): [%ls]", pTempString->GetPointer());
213 pTempString->SubString(0, privilegeURI.GetLength(), uriString);
215 if (!(uriString.Equals(privilegeURI, true)))
217 AppLogExceptionTag(OSP_INSTALLER, "[E_INVALID_ARG] Invalid privilege string (URI error): [%ls]", pTempString->GetPointer());
222 String privilegeString;
223 pTempString->SubString(privilegeURI.GetLength(), pTempString->GetLength()-privilegeURI.GetLength(), privilegeString);
225 for (index = 0; index < _MAX_PRIVILEGE_ENUM; index++)
227 if (wcscmp(privilegeListTable[index].privilegeString, privilegeString.GetPointer()) == 0)
229 validStringFlag = true;
230 privilegeEnum = static_cast< int >(privilegeListTable[index].privilege);
232 position = privilegeEnum / _BITS_IN_BYTE;
233 privilegeBit = (byte) (privilegeEnum % _BITS_IN_BYTE);
234 pResult[position] = pResult[position] | (1 << privilegeBit);
239 if (validStringFlag == false)
241 AppLogExceptionTag(OSP_INSTALLER, "[E_INVALID_ARG] Invalid privilege string: [%ls]", pTempString->GetPointer());
246 TryCatchTag(OSP_INSTALLER, resultFlag == true, r = E_INVALID_ARG, "[E_INVALID_ARG] One of privilege string is invalid.");
248 pBitwisePrivilege = pResult;
252 return pBitwisePrivilege;
265 PrivilegeHandler::PackPrivilegeN(const IList& privilegeList, int visibilityLevel, byte** ppBitwisePrivilege)
267 result r = E_SUCCESS;
269 int privilegeEnum = 0;
271 bool validStringFlag = false;
272 bool validLevelFlag = true;
273 bool resultFlag = true;
274 bool resultLevelFlag = true;
275 byte privilegeBit = 0;
276 byte* pResult = null;
277 IEnumerator* pEnum = null;
281 pResult = (byte*) malloc(sizeof(byte) * MAX_BITWISE_PRIV_SIZE);
282 TryReturnResultTag(OSP_INSTALLER, pResult != null, E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");
284 memset(pResult, 0, MAX_BITWISE_PRIV_SIZE);
286 pEnum = privilegeList.GetEnumeratorN();
287 TryCatchTag(OSP_INSTALLER, pEnum != null, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
289 while (pEnum->MoveNext() == E_SUCCESS)
291 validStringFlag = false;
292 validLevelFlag = true;
294 String privilegeURI = L"http://tizen.org/privilege/";
296 String* pTempString = (String*) pEnum->GetCurrent();
298 if ((pTempString->GetLength()) < (privilegeURI.GetLength()))
300 AppLogExceptionTag(OSP_INSTALLER, "[E_INVALID_ARG] Invalid privilege string (Length error): [%ls]", pTempString->GetPointer());
306 pTempString->SubString(0, privilegeURI.GetLength(), uriString);
308 if (!(uriString.Equals(privilegeURI, true)))
310 AppLogExceptionTag(OSP_INSTALLER, "[E_INVALID_ARG] Invalid privilege string (URI error): [%ls]", pTempString->GetPointer());
315 String privilegeString;
316 pTempString->SubString(privilegeURI.GetLength(), pTempString->GetLength()-privilegeURI.GetLength(), privilegeString);
318 for (index = 0; index < _MAX_PRIVILEGE_ENUM; index++)
320 if (wcscmp(privilegeListTable[index].privilegeString, privilegeString.GetPointer()) == 0)
322 validStringFlag = true;
323 privilegeEnum = static_cast< int >(privilegeListTable[index].privilege);
325 if (visibilityLevel != _API_VISIBILITY_NONE)
327 if (visibilityLevelListTable[privilegeEnum][_PRV_API_VER_2_0] > visibilityLevel)
329 validLevelFlag = false;
334 position = privilegeEnum / _BITS_IN_BYTE;
335 privilegeBit = (byte) (privilegeEnum % _BITS_IN_BYTE);
336 pResult[position] = pResult[position] | (1 << privilegeBit);
341 if (validStringFlag == false)
343 AppLogExceptionTag(OSP_INSTALLER, "[E_INVALID_ARG] Invalid privilege string: [%ls]", pTempString->GetPointer());
347 if (validLevelFlag == false)
349 AppLogExceptionTag(OSP_INSTALLER, "[E_ILLEGAL_ACCESS] The application does not have the privilege level to register [%ls]", pTempString->GetPointer());
350 resultLevelFlag = false;
354 TryCatchTag(OSP_INSTALLER, resultLevelFlag == true, r = E_ILLEGAL_ACCESS, "[E_ILLEGAL_ACCESS] Unauthorized privileges are detected.");
355 TryCatchTag(OSP_INSTALLER, resultFlag == true, r = E_INVALID_ARG, "[E_INVALID_ARG] Unsupported privilege strings are detected.");
357 *ppBitwisePrivilege = pResult;
373 PrivilegeHandler::GetEncryptedBitwise(byte* pBitwisePrivilege, String& encryptedPrivileges)
375 result r = E_SUCCESS;
376 ByteBuffer* pTempBitwisePrivilege = null;
378 pTempBitwisePrivilege = new (std::nothrow) ByteBuffer();
379 TryReturnResultTag(OSP_INSTALLER, pTempBitwisePrivilege != null, E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
381 r = pTempBitwisePrivilege->Construct(MAX_BITWISE_PRIV_SIZE);
382 TryCatchTag(OSP_INSTALLER, r == E_SUCCESS, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
384 r = pTempBitwisePrivilege->SetArray(pBitwisePrivilege, 0, MAX_BITWISE_PRIV_SIZE);
385 TryCatchTag(OSP_INSTALLER, r == E_SUCCESS, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
386 pTempBitwisePrivilege->Flip();
388 r = StringUtil::EncodeToBase64String(*pTempBitwisePrivilege, encryptedPrivileges);
389 TryCatchTag(OSP_INSTALLER, r == E_SUCCESS, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
395 delete pTempBitwisePrivilege;
401 PrivilegeHandler::GetChecksum(AppId appId, byte* pBitwisePrivilege, String& checksum)
403 result r = E_SUCCESS;
404 byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
408 ByteBuffer* pChecksumByteBuffer = null;
411 pAppId = (char*) _StringConverter::CopyToCharArrayN(appId);
412 TryCatchTag(OSP_INSTALLER, pAppId != null, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
414 memcpy(tempChecksumString, pAppId, MAX_APP_ID_SIZE);
415 memcpy(tempChecksumString + MAX_APP_ID_SIZE, pBitwisePrivilege, MAX_BITWISE_PRIV_SIZE);
420 r = input.Construct(MAX_APP_ID_SIZE + MAX_BITWISE_PRIV_SIZE);
421 TryCatchTag(OSP_INSTALLER, r == E_SUCCESS, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
423 r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + MAX_BITWISE_PRIV_SIZE);
424 TryCatchTag(OSP_INSTALLER, r == E_SUCCESS, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
427 pHash = new (std::nothrow) Sha1Hash();
428 TryCatchTag(OSP_INSTALLER, pHash != null, r = E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
430 pChecksumByteBuffer = pHash->GetHashN(input);
431 TryCatchTag(OSP_INSTALLER, pChecksumByteBuffer != null, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
433 r = StringUtil::EncodeToBase64String(*pChecksumByteBuffer, checksum);
434 TryCatchTag(OSP_INSTALLER, r == E_SUCCESS, r = E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
441 delete pChecksumByteBuffer;