2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
19 * @file FSec_AccessController.cpp
20 * @brief This is the implementation for the _AccessController class.
23 #include <unique_ptr.h>
24 #include <FAppTypes.h>
25 #include <FAppApplication.h>
26 #include <FApp_AppInfo.h>
27 #include <FApp_AppManagerImpl.h>
28 #include <FAppPkg_PackageInfoImpl.h>
29 #include <FBaseSysLog.h>
30 #include <FBaseString.h>
31 #include <FBaseColArrayList.h>
33 #include <FIo_IpcClient.h>
34 #include "FSec_AccessController.h"
35 #include "FSec_PrivilegeManager.h"
36 #include "FSec_PrivilegeManagerMessage.h"
37 #include "FSec_PrivilegeInfo.h"
39 using namespace Tizen::App;
40 using namespace Tizen::App::Package;
41 using namespace Tizen::Base;
42 using namespace Tizen::Base::Collection;
43 using namespace Tizen::Io;
45 static _IpcClient ipcClient;
46 static bool isConstructed = false;
48 namespace Tizen { namespace Security
51 _PrivilegeManager* _AccessController::__pPrivilegeManager = null;
53 _AccessController::_AccessController(void)
58 _AccessController::~_AccessController(void)
64 _AccessController::CheckSystemPrivilege(const AppId& appId, _Privilege privilege)
69 std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
71 _PackageInfoImpl infoImpl;
73 String webAppType(L"wgt");
75 SysLog(NID_SEC, "Enter.");
76 SysTryReturnResult(NID_SEC, privilege < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
78 appId.SubString(0, MAX_APP_ID_SIZE, subAppId);
80 r = infoImpl.Construct(subAppId);
81 if (r == E_APP_NOT_INSTALLED)
83 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The package information does not exist.");
88 appType = infoImpl.GetAppType();
90 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
92 if (appType.Equals(webAppType, true))
97 if (__pPrivilegeManager == null)
99 __pPrivilegeManager = _PrivilegeManager::GetInstance();
101 SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");
103 pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
110 else if (r == E_DATA_NOT_FOUND)
112 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
117 SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
121 ret = pPrivilegeInfo->HasPrivilege(privilege);
124 r = E_PRIVILEGE_DENIED;
128 SysLog(NID_SEC, "Exit.");
133 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
134 SysLog(NID_SEC, "Exit.");
136 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
137 pAppManagerImpl->TerminateApplications(appId);
142 static std::unique_ptr<String> pEncryptedPrivileges(null);
143 static std::unique_ptr<String> pChecksum(null);
144 static std::unique_ptr<String> pEncryptedVisibility(null);
145 static std::unique_ptr<String> pVisibilityChecksum(null);
148 _AccessController::Initialize(void)
150 result r = E_SUCCESS;
151 result ipcResult = E_SUCCESS;
153 std::unique_ptr<IPC::Message> pCipherPrivilegeMessage(null);
154 std::unique_ptr<IPC::Message> pCipherVisibilityMessage(null);
156 SysLog(NID_SEC, "Enter");
158 r = ipcClient.Construct(L"osp.security.ipcserver.privilegemanager", null);
159 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "Failed to construct the instance of IPC.");
161 pEncryptedPrivileges.reset(new (std::nothrow) String());
162 SysTryReturnVoidResult(NID_SEC, pEncryptedPrivileges != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
164 pChecksum.reset(new (std::nothrow) String());
165 SysTryReturnVoidResult(NID_SEC, pChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
167 pCipherPrivilegeMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieve(pEncryptedPrivileges.get(), pChecksum.get(), &r));
168 SysTryReturnVoidResult(NID_SEC, pCipherPrivilegeMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
170 ipcResult = ipcClient.SendRequest(pCipherPrivilegeMessage.get());
171 SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
172 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");
174 pEncryptedVisibility.reset(new (std::nothrow) String());
175 SysTryReturnVoidResult(NID_SEC, pEncryptedVisibility != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
177 pVisibilityChecksum.reset(new (std::nothrow) String());
178 SysTryReturnVoidResult(NID_SEC, pVisibilityChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
180 pCipherVisibilityMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieveEx(pEncryptedVisibility.get(), pVisibilityChecksum.get(), &r));
181 SysTryReturnVoidResult(NID_SEC, pCipherVisibilityMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
183 ipcResult = ipcClient.SendRequest(pCipherVisibilityMessage.get());
184 SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
185 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");
187 isConstructed = true;
189 SysLog(NID_SEC, "Exit");
194 _AccessController::CheckUserPrivilege(_Privilege privilege)
196 result r = E_SUCCESS;
197 static pthread_once_t onceBlock = PTHREAD_ONCE_INIT;
201 _AppType appType = _APP_TYPE_UI_APP;
202 _PrivilegeInfo privilegeInfo;
204 SysLog(NID_SEC, "Enter.");
207 SysTryReturnResult(NID_SEC, privilege < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
208 //SysAssertf(privilegeLevelListTable[privilege][_PRV_API_VER_2_0] == _PRV_LEVEL_USER, "System-level privilege is passed to CheckUserPrivilege.");
210 appType = _AppInfo::GetAppType();
211 const PackageId& packageId = _AppInfo::GetPackageId();
213 if ((appType & _APP_TYPE_WEB_APP) != _APP_TYPE_WEB_APP)
215 if (isConstructed != true)
217 pthread_once(&onceBlock, Initialize);
221 if (r == E_DATA_NOT_FOUND)
223 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
228 onceBlock = PTHREAD_ONCE_INIT;
229 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
235 if ((pEncryptedPrivileges != null) && (pChecksum != null) && (pEncryptedVisibility != null) && (pVisibilityChecksum != null))
237 r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()));
238 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred. %ls", packageId.GetPointer());
240 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
244 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
245 r = E_DATA_NOT_FOUND;
249 ret = privilegeInfo.HasPrivilege(privilege);
252 r = E_PRIVILEGE_DENIED;
257 SysLog(NID_SEC, "Exit.");
262 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
263 SysLog(NID_SEC, "Exit.");
265 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
266 pAppManagerImpl->TerminateApplications(packageId);