2 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
4 // Licensed under the Apache License, Version 2.0 (the License);
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
18 * @file FSecAccessController.cpp
19 * @brief This is the implementation for the AccessController class.
22 #include <unique_ptr.h>
23 #include <FAppTypes.h>
24 #include <FAppApplication.h>
25 #include <FApp_AppInfo.h>
26 #include <FApp_AppManagerImpl.h>
27 #include <FAppPkg_PackageInfoImpl.h>
28 #include <FBaseSysLog.h>
29 #include <FBaseString.h>
30 #include <FBaseColArrayList.h>
32 #include <FIo_IpcClient.h>
33 #include <FSecAccessController.h>
34 #include <FSec_AccessController.h>
35 #include "FSec_AccessControlTypes.h"
36 #include "FSec_PrivilegeManager.h"
37 #include "FSec_PrivilegeManagerMessage.h"
38 #include "FSec_PrivilegeInfo.h"
41 using namespace Tizen::App;
42 using namespace Tizen::App::Package;
43 using namespace Tizen::Base;
44 using namespace Tizen::Base::Collection;
45 using namespace Tizen::Io;
47 static _IpcClient ipcClient;
48 static bool isConstructed = false;
49 static pthread_once_t onceBlock = PTHREAD_ONCE_INIT;
51 namespace Tizen { namespace Security
54 AccessController::AccessController(void)
59 AccessController::~AccessController(void)
64 static _PrivilegeInfo privilegeInfo;
68 AccessController::Initialize(void)
71 result ipcResult = E_SUCCESS;
73 std::unique_ptr<String> pEncryptedPrivileges(null);
74 std::unique_ptr<String> pChecksum(null);
75 std::unique_ptr<String> pEncryptedVisibility(null);
76 std::unique_ptr<String> pVisibilityChecksum(null);
78 std::unique_ptr<IPC::Message> pCipherPrivilegeMessage(null);
79 std::unique_ptr<IPC::Message> pCipherVisibilityMessage(null);
80 std::unique_ptr<ArrayList> pPrivilegeList(null);
82 r = ipcClient.Construct(L"osp.security.ipcserver.privilegemanager", null);
83 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "Failed to construct the instance of IPC.");
85 pEncryptedPrivileges.reset(new (std::nothrow) String());
86 SysTryReturnVoidResult(NID_SEC, pEncryptedPrivileges != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
88 pChecksum.reset(new (std::nothrow) String());
89 SysTryReturnVoidResult(NID_SEC, pChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
91 pPrivilegeList.reset(new ArrayList());
92 SysTryReturnVoidResult(NID_SEC, pPrivilegeList != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
94 pPrivilegeList->Construct();
96 pCipherPrivilegeMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieve(pEncryptedPrivileges.get(), pChecksum.get(), pPrivilegeList.get(), &r));
97 SysTryReturnVoidResult(NID_SEC, pCipherPrivilegeMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
99 ipcResult = ipcClient.SendRequest(pCipherPrivilegeMessage.get());
100 SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
101 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");
103 pEncryptedVisibility.reset(new (std::nothrow) String());
104 SysTryReturnVoidResult(NID_SEC, pEncryptedVisibility != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
106 pVisibilityChecksum.reset(new (std::nothrow) String());
107 SysTryReturnVoidResult(NID_SEC, pVisibilityChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
109 pCipherVisibilityMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieveEx(pEncryptedVisibility.get(), pVisibilityChecksum.get(), &r));
110 SysTryReturnVoidResult(NID_SEC, pCipherVisibilityMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
112 ipcResult = ipcClient.SendRequest(pCipherVisibilityMessage.get());
113 SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
114 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");
116 PackageId packageId = _AppInfo::GetPackageId();
117 packageId[0] = packageId[0];
119 r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()), pPrivilegeList.get());
120 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
122 pPrivilegeList->RemoveAll(true);
123 isConstructed = true;
128 AccessController::CheckPrivilege(int privilege)
130 result r = E_SUCCESS;
135 SysTryReturnResult(NID_SEC, privilege < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
139 pthread_once(&onceBlock, Initialize);
143 if (r == E_DATA_NOT_FOUND)
145 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
150 onceBlock = PTHREAD_ONCE_INIT;
151 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
157 if (privilegeInfo.GetAppId().IsEmpty())
159 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
160 r = E_DATA_NOT_FOUND;
165 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
168 ret = privilegeInfo.HasPrivilege(static_cast< _Privilege >(privilege));
171 r = E_PRIVILEGE_DENIED;
175 r = _AccessController::CheckPrivacy(privilegeInfo.GetAppId(), static_cast< _Privilege >(privilege));
176 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
182 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
187 AccessController::CheckPrivilege(const String& privilege)
189 result r = E_SUCCESS;
196 pthread_once(&onceBlock, Initialize);
200 if (r == E_DATA_NOT_FOUND)
202 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
207 onceBlock = PTHREAD_ONCE_INIT;
208 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
214 if (privilegeInfo.GetAppId().IsEmpty())
216 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
217 r = E_DATA_NOT_FOUND;
222 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
225 ret = privilegeInfo.HasPrivilege(privilege);
228 r = E_PRIVILEGE_DENIED;
232 r = _AccessController::CheckPrivacy(privilegeInfo.GetAppId(), privilege);
233 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
239 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
243 _PrivilegeManager* AccessController::__pPrivilegeManager = null;
246 AccessController::CheckPrivilege(const PackageId& packageId, const String& privilege)
248 result r = E_SUCCESS;
251 std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
253 _PackageInfoImpl infoImpl;
255 String webAppType(L"wgt");
256 String cAppType(L"rpm");
258 r = _AccessController::CheckUserPrivilege(_PRV_PRIVILEGEMANAGER_READ);
259 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_PRIVILEGE_DENIED, "The application does not have the privilege to call this method.");
261 packageId.SubString(0, MAX_APP_ID_SIZE, subAppId);
263 r = infoImpl.Construct(packageId);
264 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
266 appType = infoImpl.GetAppType();
267 if (appType.Equals(webAppType, true))
271 else if (appType.Equals(cAppType, true))
273 r = _AccessController::CheckPrivacy(packageId, privilege);
274 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
279 if (__pPrivilegeManager == null)
281 __pPrivilegeManager = _PrivilegeManager::GetInstance();
283 SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");
285 pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
292 else if (r == E_DATA_NOT_FOUND)
294 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
299 SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
303 ret = pPrivilegeInfo->HasPrivilege(privilege);
306 r = E_PRIVILEGE_DENIED;
310 r = _AccessController::CheckPrivacy(packageId, privilege);
311 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
317 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");