2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
19 * @file FSec_AccessController.cpp
20 * @brief This is the implementation for the _AccessController class.
23 #include <unique_ptr.h>
24 #include <FAppTypes.h>
25 #include <FAppApplication.h>
26 #include <FApp_AppInfo.h>
27 #include <FApp_AppManagerImpl.h>
28 #include <FAppPkg_PackageInfoImpl.h>
29 #include <FBaseSysLog.h>
30 #include <FBaseString.h>
31 #include <FBaseColArrayList.h>
33 #include <FIo_IpcClient.h>
34 #include "FSec_AccessController.h"
35 #include "FSec_PrivilegeManager.h"
36 #include "FSec_PrivilegeManagerMessage.h"
37 #include "FSec_PrivilegeInfo.h"
39 using namespace Tizen::App;
40 using namespace Tizen::App::Package;
41 using namespace Tizen::Base;
42 using namespace Tizen::Base::Collection;
43 using namespace Tizen::Io;
45 static _IpcClient ipcClient;
46 static bool isConstructed = false;
48 namespace Tizen { namespace Security
51 _PrivilegeManager* _AccessController::__pPrivilegeManager = null;
53 static std::unique_ptr<String> pEncryptedPrivileges(null);
54 static std::unique_ptr<String> pChecksum(null);
55 static std::unique_ptr<String> pEncryptedVisibility(null);
56 static std::unique_ptr<String> pVisibilityChecksum(null);
57 static std::unique_ptr<ArrayList> pPrivilegeList(null);
59 _AccessController::_AccessController(void)
64 _AccessController::~_AccessController(void)
66 if (pPrivilegeList != null)
68 pPrivilegeList->RemoveAll(true);
73 _AccessController::CheckSystemPrivilege(const PackageId& packageId, _Privilege privilege)
78 std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
80 _PackageInfoImpl infoImpl;
82 String webAppType(L"wgt");
84 SysTryReturnResult(NID_SEC, privilege < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
86 packageId.SubString(0, MAX_APP_ID_SIZE, subAppId);
88 r = infoImpl.Construct(subAppId);
89 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
91 appType = infoImpl.GetAppType();
92 if (appType.Equals(webAppType, true))
97 if (__pPrivilegeManager == null)
99 __pPrivilegeManager = _PrivilegeManager::GetInstance();
101 SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");
103 pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
110 else if (r == E_DATA_NOT_FOUND)
112 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
117 SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
121 ret = pPrivilegeInfo->HasPrivilege(privilege);
124 r = E_PRIVILEGE_DENIED;
132 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
134 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
135 pAppManagerImpl->TerminateApplications(packageId);
141 _AccessController::CheckSystemPrivilege(const PackageId& packageId, _Privilege privilege1, _Privilege privilege2)
143 result r = E_SUCCESS;
146 std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
148 _PackageInfoImpl infoImpl;
150 String webAppType(L"wgt");
152 SysTryReturnResult(NID_SEC, privilege1 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
153 SysTryReturnResult(NID_SEC, privilege2 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
155 packageId.SubString(0, MAX_APP_ID_SIZE, subAppId);
157 r = infoImpl.Construct(subAppId);
158 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
160 appType = infoImpl.GetAppType();
161 if (appType.Equals(webAppType, true))
166 if (__pPrivilegeManager == null)
168 __pPrivilegeManager = _PrivilegeManager::GetInstance();
170 SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");
172 pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
179 else if (r == E_DATA_NOT_FOUND)
181 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
186 SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
190 ret = pPrivilegeInfo->HasPrivilegeEx(privilege1);
193 ret = pPrivilegeInfo->HasPrivilege(privilege2);
196 r = E_PRIVILEGE_DENIED;
205 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
207 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
208 pAppManagerImpl->TerminateApplications(packageId);
214 _AccessController::CheckPrivilege(const PackageId& packageId, const String& privilege)
216 result r = E_SUCCESS;
219 std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
221 _PackageInfoImpl infoImpl;
223 String webAppType(L"wgt");
225 packageId.SubString(0, MAX_APP_ID_SIZE, subAppId);
227 r = infoImpl.Construct(subAppId);
228 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
230 appType = infoImpl.GetAppType();
231 if (appType.Equals(webAppType, true))
236 if (__pPrivilegeManager == null)
238 __pPrivilegeManager = _PrivilegeManager::GetInstance();
240 SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");
242 pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
249 else if (r == E_DATA_NOT_FOUND)
251 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
256 SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
260 ret = pPrivilegeInfo->HasPrivilege(privilege);
263 r = E_PRIVILEGE_DENIED;
271 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
273 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
274 pAppManagerImpl->TerminateApplications(packageId);
280 _AccessController::Initialize(void)
282 result r = E_SUCCESS;
283 result ipcResult = E_SUCCESS;
285 std::unique_ptr<IPC::Message> pCipherPrivilegeMessage(null);
286 std::unique_ptr<IPC::Message> pCipherVisibilityMessage(null);
288 r = ipcClient.Construct(L"osp.security.ipcserver.privilegemanager", null);
289 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "Failed to construct the instance of IPC.");
291 pEncryptedPrivileges.reset(new (std::nothrow) String());
292 SysTryReturnVoidResult(NID_SEC, pEncryptedPrivileges != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
294 pChecksum.reset(new (std::nothrow) String());
295 SysTryReturnVoidResult(NID_SEC, pChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
297 pPrivilegeList.reset(new ArrayList());
298 SysTryReturnVoidResult(NID_SEC, pPrivilegeList != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
300 pPrivilegeList->Construct();
302 pCipherPrivilegeMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieve(pEncryptedPrivileges.get(), pChecksum.get(), pPrivilegeList.get(), &r));
303 SysTryReturnVoidResult(NID_SEC, pCipherPrivilegeMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
305 ipcResult = ipcClient.SendRequest(pCipherPrivilegeMessage.get());
306 SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
307 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");
309 pEncryptedVisibility.reset(new (std::nothrow) String());
310 SysTryReturnVoidResult(NID_SEC, pEncryptedVisibility != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
312 pVisibilityChecksum.reset(new (std::nothrow) String());
313 SysTryReturnVoidResult(NID_SEC, pVisibilityChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
315 pCipherVisibilityMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieveEx(pEncryptedVisibility.get(), pVisibilityChecksum.get(), &r));
316 SysTryReturnVoidResult(NID_SEC, pCipherVisibilityMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
318 ipcResult = ipcClient.SendRequest(pCipherVisibilityMessage.get());
319 SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
320 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");
322 isConstructed = true;
328 _AccessController::CheckUserPrivilege(_Privilege privilege)
330 result r = E_SUCCESS;
331 static pthread_once_t onceBlock = PTHREAD_ONCE_INIT;
335 _PrivilegeInfo privilegeInfo;
339 SysTryReturnResult(NID_SEC, privilege < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
340 //SysAssertf(privilegeLevelListTable[privilege][_PRV_API_VER_2_0] == _PRV_LEVEL_USER, "System-level privilege is passed to CheckUserPrivilege.");
342 int appType = _AppInfo::GetAppType();
343 PackageId packageId = _AppInfo::GetPackageId();
344 packageId[0] = packageId[0];
346 if ((appType & _APP_TYPE_WEB_APP) != _APP_TYPE_WEB_APP)
348 if (isConstructed != true)
350 pthread_once(&onceBlock, Initialize);
354 if (r == E_DATA_NOT_FOUND)
356 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
361 onceBlock = PTHREAD_ONCE_INIT;
362 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
368 if ((pEncryptedPrivileges != null) && (pChecksum != null) && (pEncryptedVisibility != null) && (pVisibilityChecksum != null))
370 r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()), pPrivilegeList.get());
371 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred. %ls", packageId.GetPointer());
373 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
377 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
378 r = E_DATA_NOT_FOUND;
382 ret = privilegeInfo.HasPrivilege(privilege);
385 r = E_PRIVILEGE_DENIED;
394 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
396 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
397 pAppManagerImpl->TerminateApplications(packageId);
404 _AccessController::CheckUserPrivilege(_Privilege privilege1, _Privilege privilege2)
406 result r = E_SUCCESS;
407 static pthread_once_t onceBlock = PTHREAD_ONCE_INIT;
411 _PrivilegeInfo privilegeInfo;
415 SysTryReturnResult(NID_SEC, privilege1 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
416 SysTryReturnResult(NID_SEC, privilege2 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
417 //SysAssertf(privilegeLevelListTable[privilege][_PRV_API_VER_2_0] == _PRV_LEVEL_USER, "System-level privilege is passed to CheckUserPrivilege.");
419 int appType = _AppInfo::GetAppType();
420 PackageId packageId = _AppInfo::GetPackageId();
421 packageId[0] = packageId[0];
423 if ((appType & _APP_TYPE_WEB_APP) != _APP_TYPE_WEB_APP)
425 if (isConstructed != true)
427 pthread_once(&onceBlock, Initialize);
431 if (r == E_DATA_NOT_FOUND)
433 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
438 onceBlock = PTHREAD_ONCE_INIT;
439 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
445 if ((pEncryptedPrivileges != null) && (pChecksum != null) && (pEncryptedVisibility != null) && (pVisibilityChecksum != null))
447 r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()), pPrivilegeList.get());
448 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred. %ls", packageId.GetPointer());
450 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
454 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
455 r = E_DATA_NOT_FOUND;
459 ret = privilegeInfo.HasPrivilegeEx(privilege1);
462 ret = privilegeInfo.HasPrivilege(privilege2);
465 r = E_PRIVILEGE_DENIED;
475 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
477 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
478 pAppManagerImpl->TerminateApplications(packageId);
486 _AccessController::CheckPrivilege(const String& privilege)
488 result r = E_SUCCESS;
489 static pthread_once_t onceBlock = PTHREAD_ONCE_INIT;
493 _PrivilegeInfo privilegeInfo;
497 int appType = _AppInfo::GetAppType();
498 PackageId packageId = _AppInfo::GetPackageId();
499 packageId[0] = packageId[0];
501 if ((appType & _APP_TYPE_WEB_APP) != _APP_TYPE_WEB_APP)
503 if (isConstructed != true)
505 pthread_once(&onceBlock, Initialize);
509 if (r == E_DATA_NOT_FOUND)
511 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
516 onceBlock = PTHREAD_ONCE_INIT;
517 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
523 std::unique_ptr<IEnumerator> pEnum(null);
524 pEnum.reset(pPrivilegeList->GetEnumeratorN());
526 if ((pEncryptedPrivileges != null) && (pChecksum != null) && (pEncryptedVisibility != null) && (pVisibilityChecksum != null))
528 r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()), pPrivilegeList.get());
529 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred. %ls", packageId.GetPointer());
531 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
535 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
536 r = E_DATA_NOT_FOUND;
540 ret = privilegeInfo.HasPrivilege(privilege);
543 r = E_PRIVILEGE_DENIED;
552 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
554 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
555 pAppManagerImpl->TerminateApplications(packageId);