sync with tizen_2.0

[platform/framework/native/appfw.git] / src / security / FSec_AccessController.cpp

//
// Open Service Platform
// Copyright (c) 2012 Samsung Electronics Co., Ltd.
//
// Licensed under the Apache License, Version 2.0 (the License);
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//

/**
 * @file        FSec_AccessController.cpp
 * @brief       This is the implementation for the _AccessController class.
 */

#include <unique_ptr.h>
#include <FAppTypes.h>
#include <FAppApplication.h>
#include <FApp_AppInfo.h>
#include <FApp_AppManagerImpl.h>
#include <FAppPkg_PackageInfoImpl.h>
#include <FBaseSysLog.h>
#include <FBaseString.h>
#include <FBaseColArrayList.h>
#include <FIoFile.h>
#include <FIo_IpcClient.h>
#include "FSec_AccessController.h"
#include "FSec_PrivilegeManager.h"
#include "FSec_PrivilegeManagerMessage.h"
#include "FSec_PrivilegeInfo.h"

using namespace Tizen::App;
using namespace Tizen::App::Package;
using namespace Tizen::Base;
using namespace Tizen::Base::Collection;
using namespace Tizen::Io;

static _IpcClient ipcClient;
static bool isConstructed = false;

namespace Tizen { namespace Security
{

_PrivilegeManager* _AccessController::__pPrivilegeManager = null;

_AccessController::_AccessController(void)
{

}

_AccessController::~_AccessController(void)
{

}

result
_AccessController::CheckSystemPrivilege(const AppId& appId, _Privilege privilege)
{
        result r = E_SUCCESS;

        bool ret = false;
        std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
        String subAppId;
        _PackageInfoImpl infoImpl;
        String appType;
        String webAppType(L"wgt");

        SysLog(NID_SEC, "Enter.");
        SysTryReturnResult(NID_SEC, privilege < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");

        appId.SubString(0, MAX_APP_ID_SIZE, subAppId);

        r = infoImpl.Construct(subAppId);
        if (r == E_APP_NOT_INSTALLED)
        {
                SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The package information does not exist.");
                r = E_DATA_NOT_FOUND;
                goto CATCH;
        }

        appType = infoImpl.GetAppType();
        r = GetLastResult();
        SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");

        if (appType.Equals(webAppType, true))
        {
                return E_SUCCESS;
        }

        if (__pPrivilegeManager == null)
        {
                __pPrivilegeManager = _PrivilegeManager::GetInstance();
        }
        SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");

        pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
        r = GetLastResult();

        if (r == E_SUCCESS)
        {
                // nothing to do.
        }
        else if (r == E_DATA_NOT_FOUND)
        {
                SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
                goto CATCH;
        }
        else
        {
                SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
                return E_SYSTEM;
        }

        ret = pPrivilegeInfo->HasPrivilege(privilege);
        if (!ret)
        {
                r = E_PRIVILEGE_DENIED;
                goto CATCH;
        }

        SysLog(NID_SEC, "Exit.");
        return r;

CATCH:

        SysLogException(NID_SEC,  r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
        SysLog(NID_SEC, "Exit.");

        _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
        pAppManagerImpl->TerminateApplications(appId);

        return r;
}

static std::unique_ptr<String> pEncryptedPrivileges(null);
static std::unique_ptr<String> pChecksum(null);
static std::unique_ptr<String> pEncryptedVisibility(null);
static std::unique_ptr<String> pVisibilityChecksum(null);

void
_AccessController::Initialize(void)
{
        result r = E_SUCCESS;
        result ipcResult = E_SUCCESS;

        std::unique_ptr<IPC::Message> pCipherPrivilegeMessage(null);
        std::unique_ptr<IPC::Message> pCipherVisibilityMessage(null);

        SysLog(NID_SEC, "Enter");

        r = ipcClient.Construct(L"osp.security.ipcserver.privilegemanager", null);
        SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "Failed to construct the instance of IPC.");

        pEncryptedPrivileges.reset(new (std::nothrow) String());
        SysTryReturnVoidResult(NID_SEC, pEncryptedPrivileges != null, E_OUT_OF_MEMORY, "The memory is insufficient.");

        pChecksum.reset(new (std::nothrow) String());
        SysTryReturnVoidResult(NID_SEC, pChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");

        pCipherPrivilegeMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieve(pEncryptedPrivileges.get(), pChecksum.get(), &r));
        SysTryReturnVoidResult(NID_SEC, pCipherPrivilegeMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");

        ipcResult = ipcClient.SendRequest(pCipherPrivilegeMessage.get());
        SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
        SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");

        pEncryptedVisibility.reset(new (std::nothrow) String());
        SysTryReturnVoidResult(NID_SEC, pEncryptedVisibility != null, E_OUT_OF_MEMORY, "The memory is insufficient.");

        pVisibilityChecksum.reset(new (std::nothrow) String());
        SysTryReturnVoidResult(NID_SEC, pVisibilityChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");

        pCipherVisibilityMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieveEx(pEncryptedVisibility.get(), pVisibilityChecksum.get(), &r));
        SysTryReturnVoidResult(NID_SEC, pCipherVisibilityMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");

        ipcResult = ipcClient.SendRequest(pCipherVisibilityMessage.get());
        SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
        SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");

        isConstructed = true;

    SysLog(NID_SEC, "Exit");
        return;
}

result
_AccessController::CheckUserPrivilege(_Privilege privilege)
{
        result r = E_SUCCESS;
        static pthread_once_t onceBlock = PTHREAD_ONCE_INIT;

        bool ret = false;

        _AppType appType = _APP_TYPE_UI_APP;
        _PrivilegeInfo privilegeInfo;

        SysLog(NID_SEC, "Enter.");
        ClearLastResult();

        SysTryReturnResult(NID_SEC, privilege < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
        //SysAssertf(privilegeLevelListTable[privilege][_PRV_API_VER_2_0] == _PRV_LEVEL_USER, "System-level privilege is passed to CheckUserPrivilege.");

        appType = _AppInfo::GetAppType();
        const PackageId& packageId = _AppInfo::GetPackageId();

        if ((appType & _APP_TYPE_WEB_APP) != _APP_TYPE_WEB_APP)
        {
            if (isConstructed != true)
            {
                pthread_once(&onceBlock, Initialize);
                r = GetLastResult();
                if (IsFailed(r))
                {
                        if (r == E_DATA_NOT_FOUND)
                        {
                                SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
                                goto CATCH;
                        }
                        else
                        {
                                onceBlock = PTHREAD_ONCE_INIT;
                                        SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
                        }
                                return r;
                }
            }

                if ((pEncryptedPrivileges != null) && (pChecksum != null) && (pEncryptedVisibility != null) && (pVisibilityChecksum != null))
                {
                        r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()));
                        SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred. %ls", packageId.GetPointer());

                        SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
                }
                else
                {
                        SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
                        r =  E_DATA_NOT_FOUND;
                        goto CATCH;
                }

                ret = privilegeInfo.HasPrivilege(privilege);
                if (!ret)
                {
                        r = E_PRIVILEGE_DENIED;
                        goto CATCH;
                }
        }

        SysLog(NID_SEC, "Exit.");
        return r;

CATCH:

        SysLogException(NID_SEC,  r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
        SysLog(NID_SEC, "Exit.");

        _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
        pAppManagerImpl->TerminateApplications(packageId);

        return r;

}

}} //Tizen::Security