2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
19 * @file FSec_AccessController.cpp
20 * @brief This is the implementation for the _AccessController class.
23 #include <unique_ptr.h>
24 #include <FAppTypes.h>
25 #include <FAppApplication.h>
26 #include <FApp_AppInfo.h>
27 #include <FApp_AppManagerImpl.h>
28 #include <FAppPkg_PackageInfoImpl.h>
29 #include <FBaseSysLog.h>
30 #include <FBaseString.h>
31 #include <FBaseColArrayList.h>
32 #include <FBase_StringConverter.h>
34 #include <FIo_IpcClient.h>
35 #include <privacy_checker_client.h>
36 #include "FSec_AccessController.h"
37 #include "FSec_PrivilegeManager.h"
38 #include "FSec_PrivilegeManagerMessage.h"
39 #include "FSec_PrivilegeInfo.h"
41 using namespace Tizen::App;
42 using namespace Tizen::App::Package;
43 using namespace Tizen::Base;
44 using namespace Tizen::Base::Collection;
45 using namespace Tizen::Io;
47 static _IpcClient ipcClient;
48 static bool isConstructed = false;
49 static pthread_once_t onceBlock = PTHREAD_ONCE_INIT;
51 namespace Tizen { namespace Security
54 _PrivilegeManager* _AccessController::__pPrivilegeManager = null;
56 static std::unique_ptr<String> pEncryptedPrivileges(null);
57 static std::unique_ptr<String> pChecksum(null);
58 static std::unique_ptr<String> pEncryptedVisibility(null);
59 static std::unique_ptr<String> pVisibilityChecksum(null);
60 static std::unique_ptr<ArrayList> pPrivilegeList(null);
62 _AccessController::_AccessController(void)
67 _AccessController::~_AccessController(void)
69 if (pPrivilegeList != null)
71 pPrivilegeList->RemoveAll(true);
76 _AccessController::CheckSystemPrivilege(const PackageId& packageId, _Privilege privilege)
81 std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
83 _PackageInfoImpl infoImpl;
85 String webAppType(L"wgt");
87 SysTryReturnResult(NID_SEC, privilege < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
89 packageId.SubString(0, MAX_APP_ID_SIZE, subAppId);
91 r = infoImpl.Construct(subAppId);
92 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
94 appType = infoImpl.GetAppType();
95 if (appType.Equals(webAppType, true))
100 if (__pPrivilegeManager == null)
102 __pPrivilegeManager = _PrivilegeManager::GetInstance();
104 SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");
106 pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
113 else if (r == E_DATA_NOT_FOUND)
115 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
120 SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
124 ret = pPrivilegeInfo->HasPrivilege(privilege);
127 r = E_PRIVILEGE_DENIED;
131 r = CheckPrivacy(packageId, privilege);
132 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
138 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
140 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
141 pAppManagerImpl->TerminateApplications(packageId);
147 _AccessController::CheckSystemPrivilege(const PackageId& packageId, _Privilege privilege1, _Privilege privilege2)
149 result r = E_SUCCESS;
152 std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
154 _PackageInfoImpl infoImpl;
156 String webAppType(L"wgt");
158 SysTryReturnResult(NID_SEC, privilege1 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
159 SysTryReturnResult(NID_SEC, privilege2 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
161 packageId.SubString(0, MAX_APP_ID_SIZE, subAppId);
163 r = infoImpl.Construct(subAppId);
164 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
166 appType = infoImpl.GetAppType();
167 if (appType.Equals(webAppType, true))
172 if (__pPrivilegeManager == null)
174 __pPrivilegeManager = _PrivilegeManager::GetInstance();
176 SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");
178 pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
185 else if (r == E_DATA_NOT_FOUND)
187 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
192 SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
196 ret = pPrivilegeInfo->HasPrivilegeEx(privilege1);
199 ret = pPrivilegeInfo->HasPrivilege(privilege2);
202 r = E_PRIVILEGE_DENIED;
207 r = CheckPrivacy(packageId, privilege2);
208 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
214 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
216 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
217 pAppManagerImpl->TerminateApplications(packageId);
223 _AccessController::CheckPrivilege(const PackageId& packageId, const String& privilege)
225 result r = E_SUCCESS;
228 std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
230 _PackageInfoImpl infoImpl;
232 String webAppType(L"wgt");
234 packageId.SubString(0, MAX_APP_ID_SIZE, subAppId);
236 r = infoImpl.Construct(subAppId);
237 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
239 appType = infoImpl.GetAppType();
240 if (appType.Equals(webAppType, true))
245 if (__pPrivilegeManager == null)
247 __pPrivilegeManager = _PrivilegeManager::GetInstance();
249 SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");
251 pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
258 else if (r == E_DATA_NOT_FOUND)
260 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
265 SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
269 ret = pPrivilegeInfo->HasPrivilege(privilege);
272 r = E_PRIVILEGE_DENIED;
276 r = CheckPrivacy(packageId, privilege);
277 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
283 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
285 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
286 pAppManagerImpl->TerminateApplications(packageId);
292 _AccessController::Initialize(void)
294 result r = E_SUCCESS;
295 result ipcResult = E_SUCCESS;
297 std::unique_ptr<IPC::Message> pCipherPrivilegeMessage(null);
298 std::unique_ptr<IPC::Message> pCipherVisibilityMessage(null);
300 r = ipcClient.Construct(L"osp.security.ipcserver.privilegemanager", null);
301 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "Failed to construct the instance of IPC.");
303 pEncryptedPrivileges.reset(new (std::nothrow) String());
304 SysTryReturnVoidResult(NID_SEC, pEncryptedPrivileges != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
306 pChecksum.reset(new (std::nothrow) String());
307 SysTryReturnVoidResult(NID_SEC, pChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
309 pPrivilegeList.reset(new ArrayList());
310 SysTryReturnVoidResult(NID_SEC, pPrivilegeList != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
312 pPrivilegeList->Construct();
314 pCipherPrivilegeMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieve(pEncryptedPrivileges.get(), pChecksum.get(), pPrivilegeList.get(), &r));
315 SysTryReturnVoidResult(NID_SEC, pCipherPrivilegeMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
317 ipcResult = ipcClient.SendRequest(pCipherPrivilegeMessage.get());
318 SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
319 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");
321 pEncryptedVisibility.reset(new (std::nothrow) String());
322 SysTryReturnVoidResult(NID_SEC, pEncryptedVisibility != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
324 pVisibilityChecksum.reset(new (std::nothrow) String());
325 SysTryReturnVoidResult(NID_SEC, pVisibilityChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
327 pCipherVisibilityMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieveEx(pEncryptedVisibility.get(), pVisibilityChecksum.get(), &r));
328 SysTryReturnVoidResult(NID_SEC, pCipherVisibilityMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
330 ipcResult = ipcClient.SendRequest(pCipherVisibilityMessage.get());
331 SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
332 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");
334 isConstructed = true;
340 _AccessController::CheckUserPrivilege(_Privilege privilege)
342 result r = E_SUCCESS;
345 _PrivilegeInfo privilegeInfo;
349 SysTryReturnResult(NID_SEC, privilege < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
350 //SysAssertf(privilegeLevelListTable[privilege][_PRV_API_VER_2_0] == _PRV_LEVEL_USER, "System-level privilege is passed to CheckUserPrivilege.");
352 int appType = _AppInfo::GetAppType();
353 PackageId packageId = _AppInfo::GetPackageId();
354 packageId[0] = packageId[0];
356 if ((appType & _APP_TYPE_WEB_APP) != _APP_TYPE_WEB_APP)
358 if (isConstructed != true)
360 pthread_once(&onceBlock, Initialize);
364 if (r == E_DATA_NOT_FOUND)
366 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
371 onceBlock = PTHREAD_ONCE_INIT;
372 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
378 if ((pEncryptedPrivileges != null) && (pChecksum != null) && (pEncryptedVisibility != null) && (pVisibilityChecksum != null))
380 r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()), pPrivilegeList.get());
381 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred. %ls", packageId.GetPointer());
383 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
387 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
388 r = E_DATA_NOT_FOUND;
392 ret = privilegeInfo.HasPrivilege(privilege);
395 r = E_PRIVILEGE_DENIED;
400 r = CheckPrivacy(packageId, privilege);
401 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
407 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
409 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
410 pAppManagerImpl->TerminateApplications(packageId);
417 _AccessController::CheckUserPrivilege(_Privilege privilege1, _Privilege privilege2)
419 result r = E_SUCCESS;
422 _PrivilegeInfo privilegeInfo;
426 SysTryReturnResult(NID_SEC, privilege1 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
427 SysTryReturnResult(NID_SEC, privilege2 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
428 //SysAssertf(privilegeLevelListTable[privilege][_PRV_API_VER_2_0] == _PRV_LEVEL_USER, "System-level privilege is passed to CheckUserPrivilege.");
430 int appType = _AppInfo::GetAppType();
431 PackageId packageId = _AppInfo::GetPackageId();
432 packageId[0] = packageId[0];
434 if ((appType & _APP_TYPE_WEB_APP) != _APP_TYPE_WEB_APP)
436 if (isConstructed != true)
438 pthread_once(&onceBlock, Initialize);
442 if (r == E_DATA_NOT_FOUND)
444 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
449 onceBlock = PTHREAD_ONCE_INIT;
450 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
456 if ((pEncryptedPrivileges != null) && (pChecksum != null) && (pEncryptedVisibility != null) && (pVisibilityChecksum != null))
458 r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()), pPrivilegeList.get());
459 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred. %ls", packageId.GetPointer());
461 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
465 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
466 r = E_DATA_NOT_FOUND;
470 ret = privilegeInfo.HasPrivilegeEx(privilege1);
473 ret = privilegeInfo.HasPrivilege(privilege2);
476 r = E_PRIVILEGE_DENIED;
482 r = CheckPrivacy(packageId, privilege2);
483 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
489 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
491 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
492 pAppManagerImpl->TerminateApplications(packageId);
500 _AccessController::CheckPrivilege(const String& privilege)
502 result r = E_SUCCESS;
505 _PrivilegeInfo privilegeInfo;
509 int appType = _AppInfo::GetAppType();
510 PackageId packageId = _AppInfo::GetPackageId();
511 packageId[0] = packageId[0];
513 if ((appType & _APP_TYPE_WEB_APP) != _APP_TYPE_WEB_APP)
515 if (isConstructed != true)
517 pthread_once(&onceBlock, Initialize);
521 if (r == E_DATA_NOT_FOUND)
523 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
528 onceBlock = PTHREAD_ONCE_INIT;
529 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
535 std::unique_ptr<IEnumerator> pEnum(null);
536 pEnum.reset(pPrivilegeList->GetEnumeratorN());
538 if ((pEncryptedPrivileges != null) && (pChecksum != null) && (pEncryptedVisibility != null) && (pVisibilityChecksum != null))
540 r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()), pPrivilegeList.get());
541 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred. %ls", packageId.GetPointer());
543 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
547 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
548 r = E_DATA_NOT_FOUND;
552 ret = privilegeInfo.HasPrivilege(privilege);
555 r = E_PRIVILEGE_DENIED;
561 r = CheckPrivacy(packageId, privilege);
562 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
568 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
570 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
571 pAppManagerImpl->TerminateApplications(packageId);
577 _AccessController::CheckPrivacy(const PackageId & packageId, _Privilege privilege)
579 result r = E_SUCCESS;
580 int ret = PRIV_MGR_ERROR_SUCCESS;
582 if (privacyListTable[privilege][_PRV_API_VER_2_0] != true)
587 std::unique_ptr<char[]> pPackageId(null);
588 pPackageId.reset(_StringConverter::CopyToCharArrayN(packageId));
589 SysTryReturnResult(NID_SEC, pPackageId != null, E_SYSTEM, "An unexpected system error occurred.");
591 std::unique_ptr<char[]> pPrivilegeId(null);
592 String privilegeId(L"http://tizen.org/privilege/");
593 privilegeId.Append(privilegeListTable[privilege].privilegeString);
595 pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(privilegeId));
596 SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
598 ret = privacy_checker_check_package_by_privilege(pPackageId.get(), pPrivilegeId.get());
599 if (ret != PRIV_MGR_ERROR_SUCCESS)
601 r = E_USER_NOT_CONSENTED;
602 SysLog(NID_SEC, "Result : FALSE [Privacy]");
609 _AccessController::CheckPrivacy(const PackageId & packageId, const String& privilege)
611 result r = E_SUCCESS;
612 int ret = PRIV_MGR_ERROR_SUCCESS;
614 std::unique_ptr<char[]> pPackageId(null);
615 pPackageId.reset(_StringConverter::CopyToCharArrayN(packageId));
616 SysTryReturnResult(NID_SEC, pPackageId != null, E_SYSTEM, "An unexpected system error occurred.");
618 std::unique_ptr<char[]> pPrivilegeId(null);
619 pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(privilege));
620 SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
622 ret = privacy_checker_check_package_by_privilege(pPackageId.get(), pPrivilegeId.get());
623 if (ret != PRIV_MGR_ERROR_SUCCESS)
625 r = E_USER_NOT_CONSENTED;
626 SysLog(NID_SEC, "Result : FALSE [Privacy]");