2 // Open Service Platform
3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
5 // Licensed under the Apache License, Version 2.0 (the License);
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
9 // http://www.apache.org/licenses/LICENSE-2.0
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
19 * @file FSec_AccessController.cpp
20 * @brief This is the implementation for the _AccessController class.
23 #include <unique_ptr.h>
24 #include <FAppTypes.h>
25 #include <FAppApplication.h>
26 #include <FApp_AppInfo.h>
27 #include <FApp_AppManagerImpl.h>
28 #include <FAppPkg_PackageInfoImpl.h>
29 #include <FBaseSysLog.h>
30 #include <FBaseString.h>
31 #include <FBaseColArrayList.h>
32 #include <FBase_StringConverter.h>
34 #include <FIo_IpcClient.h>
35 #include <privacy_checker_client.h>
36 #include "FSec_AccessController.h"
37 #include "FSec_PrivilegeManager.h"
38 #include "FSec_PrivilegeManagerMessage.h"
39 #include "FSec_PrivilegeInfo.h"
42 using namespace Tizen::App;
43 using namespace Tizen::App::Package;
44 using namespace Tizen::Base;
45 using namespace Tizen::Base::Collection;
46 using namespace Tizen::Io;
48 static _IpcClient ipcClient;
49 static bool isConstructed = false;
51 namespace Tizen { namespace Security
54 _PrivilegeManager* _AccessController::__pPrivilegeManager = null;
56 static std::unique_ptr<String> pEncryptedPrivileges(null);
57 static std::unique_ptr<String> pChecksum(null);
58 static std::unique_ptr<String> pEncryptedVisibility(null);
59 static std::unique_ptr<String> pVisibilityChecksum(null);
60 static std::unique_ptr<ArrayList> pPrivilegeList(null);
62 _AccessController::_AccessController(void)
67 _AccessController::~_AccessController(void)
69 if (pPrivilegeList != null)
71 pPrivilegeList->RemoveAll(true);
76 _AccessController::CheckSystemPrivilege(const PackageId& packageId, _Privilege privilege)
81 std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
83 _PackageInfoImpl infoImpl;
85 String webAppType(L"wgt");
87 SysTryReturnResult(NID_SEC, privilege < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
89 packageId.SubString(0, MAX_APP_ID_SIZE, subAppId);
91 r = infoImpl.Construct(subAppId);
92 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
94 appType = infoImpl.GetAppType();
95 if (appType.Equals(webAppType, true))
100 if (__pPrivilegeManager == null)
102 __pPrivilegeManager = _PrivilegeManager::GetInstance();
104 SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");
106 pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
113 else if (r == E_DATA_NOT_FOUND)
115 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
120 SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
124 ret = pPrivilegeInfo->HasPrivilege(privilege);
127 r = E_PRIVILEGE_DENIED;
131 r = CheckPrivacy(packageId, privilege);
132 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
138 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
140 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
141 pAppManagerImpl->TerminateApplications(packageId);
147 _AccessController::CheckSystemPrivilege(const PackageId& packageId, _Privilege privilege1, _Privilege privilege2)
149 result r = E_SUCCESS;
152 std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
154 _PackageInfoImpl infoImpl;
156 String webAppType(L"wgt");
158 SysTryReturnResult(NID_SEC, privilege1 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
159 SysTryReturnResult(NID_SEC, privilege2 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
161 packageId.SubString(0, MAX_APP_ID_SIZE, subAppId);
163 r = infoImpl.Construct(subAppId);
164 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
166 appType = infoImpl.GetAppType();
167 if (appType.Equals(webAppType, true))
172 if (__pPrivilegeManager == null)
174 __pPrivilegeManager = _PrivilegeManager::GetInstance();
176 SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");
178 pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
185 else if (r == E_DATA_NOT_FOUND)
187 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
192 SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
196 ret = pPrivilegeInfo->HasPrivilegeEx(privilege1);
199 ret = pPrivilegeInfo->HasPrivilege(privilege2);
202 r = E_PRIVILEGE_DENIED;
207 r = CheckPrivacy(packageId, privilege2);
208 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
214 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
216 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
217 pAppManagerImpl->TerminateApplications(packageId);
223 _AccessController::CheckPrivilege(const PackageId& packageId, const String& privilege)
225 result r = E_SUCCESS;
228 std::unique_ptr<_PrivilegeInfo> pPrivilegeInfo(null);
230 _PackageInfoImpl infoImpl;
232 String webAppType(L"wgt");
234 packageId.SubString(0, MAX_APP_ID_SIZE, subAppId);
236 r = infoImpl.Construct(subAppId);
237 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
239 appType = infoImpl.GetAppType();
240 if (appType.Equals(webAppType, true))
245 if (__pPrivilegeManager == null)
247 __pPrivilegeManager = _PrivilegeManager::GetInstance();
249 SysTryReturnResult(NID_SEC, __pPrivilegeManager != null, E_SYSTEM, "An unexpected system error occurred.");
251 pPrivilegeInfo.reset(__pPrivilegeManager->RetrievePrivilegeInfoN(subAppId));
258 else if (r == E_DATA_NOT_FOUND)
260 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
265 SysLogException(NID_SEC, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
269 ret = pPrivilegeInfo->HasPrivilege(privilege);
272 r = E_PRIVILEGE_DENIED;
276 r = CheckPrivacy(packageId, privilege);
277 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
283 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
285 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
286 pAppManagerImpl->TerminateApplications(packageId);
292 _AccessController::Initialize(void)
294 result r = E_SUCCESS;
295 result ipcResult = E_SUCCESS;
297 std::unique_ptr<IPC::Message> pCipherPrivilegeMessage(null);
298 std::unique_ptr<IPC::Message> pCipherVisibilityMessage(null);
300 r = ipcClient.Construct(L"osp.security.ipcserver.privilegemanager", null);
301 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "Failed to construct the instance of IPC.");
303 pEncryptedPrivileges.reset(new (std::nothrow) String());
304 SysTryReturnVoidResult(NID_SEC, pEncryptedPrivileges != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
306 pChecksum.reset(new (std::nothrow) String());
307 SysTryReturnVoidResult(NID_SEC, pChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
309 pPrivilegeList.reset(new ArrayList());
310 SysTryReturnVoidResult(NID_SEC, pPrivilegeList != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
312 pPrivilegeList->Construct();
314 pCipherPrivilegeMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieve(pEncryptedPrivileges.get(), pChecksum.get(), pPrivilegeList.get(), &r));
315 SysTryReturnVoidResult(NID_SEC, pCipherPrivilegeMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
317 ipcResult = ipcClient.SendRequest(pCipherPrivilegeMessage.get());
318 SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
319 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");
321 pEncryptedVisibility.reset(new (std::nothrow) String());
322 SysTryReturnVoidResult(NID_SEC, pEncryptedVisibility != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
324 pVisibilityChecksum.reset(new (std::nothrow) String());
325 SysTryReturnVoidResult(NID_SEC, pVisibilityChecksum != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
327 pCipherVisibilityMessage.reset(new (std::nothrow) PrivilegeManagerMsg_retrieveEx(pEncryptedVisibility.get(), pVisibilityChecksum.get(), &r));
328 SysTryReturnVoidResult(NID_SEC, pCipherVisibilityMessage != null, E_OUT_OF_MEMORY, "The memory is insufficient.");
330 ipcResult = ipcClient.SendRequest(pCipherVisibilityMessage.get());
331 SysTryReturnVoidResult(NID_SEC, ipcResult == E_SUCCESS, E_SYSTEM, "Failed to send IPC message.");
332 SysTryReturnVoidResult(NID_SEC, r == E_SUCCESS, r, "Failed to retrieve privilege information");
334 isConstructed = true;
340 _AccessController::CheckUserPrivilege(_Privilege privilege)
342 result r = E_SUCCESS;
343 static pthread_once_t onceBlock = PTHREAD_ONCE_INIT;
347 _PrivilegeInfo privilegeInfo;
351 SysTryReturnResult(NID_SEC, privilege < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
352 //SysAssertf(privilegeLevelListTable[privilege][_PRV_API_VER_2_0] == _PRV_LEVEL_USER, "System-level privilege is passed to CheckUserPrivilege.");
354 int appType = _AppInfo::GetAppType();
355 PackageId packageId = _AppInfo::GetPackageId();
356 packageId[0] = packageId[0];
358 if ((appType & _APP_TYPE_WEB_APP) != _APP_TYPE_WEB_APP)
360 if (isConstructed != true)
362 pthread_once(&onceBlock, Initialize);
366 if (r == E_DATA_NOT_FOUND)
368 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
373 onceBlock = PTHREAD_ONCE_INIT;
374 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
380 if ((pEncryptedPrivileges != null) && (pChecksum != null) && (pEncryptedVisibility != null) && (pVisibilityChecksum != null))
382 r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()), pPrivilegeList.get());
383 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred. %ls", packageId.GetPointer());
385 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
389 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
390 r = E_DATA_NOT_FOUND;
394 ret = privilegeInfo.HasPrivilege(privilege);
397 r = E_PRIVILEGE_DENIED;
402 r = CheckPrivacy(packageId, privilege);
403 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
409 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
411 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
412 pAppManagerImpl->TerminateApplications(packageId);
419 _AccessController::CheckUserPrivilege(_Privilege privilege1, _Privilege privilege2)
421 result r = E_SUCCESS;
422 static pthread_once_t onceBlock = PTHREAD_ONCE_INIT;
426 _PrivilegeInfo privilegeInfo;
430 SysTryReturnResult(NID_SEC, privilege1 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
431 SysTryReturnResult(NID_SEC, privilege2 < _MAX_PRIVILEGE_ENUM, E_INVALID_ARG, "The privilege enumerator is invalid");
432 //SysAssertf(privilegeLevelListTable[privilege][_PRV_API_VER_2_0] == _PRV_LEVEL_USER, "System-level privilege is passed to CheckUserPrivilege.");
434 int appType = _AppInfo::GetAppType();
435 PackageId packageId = _AppInfo::GetPackageId();
436 packageId[0] = packageId[0];
438 if ((appType & _APP_TYPE_WEB_APP) != _APP_TYPE_WEB_APP)
440 if (isConstructed != true)
442 pthread_once(&onceBlock, Initialize);
446 if (r == E_DATA_NOT_FOUND)
448 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
453 onceBlock = PTHREAD_ONCE_INIT;
454 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
460 if ((pEncryptedPrivileges != null) && (pChecksum != null) && (pEncryptedVisibility != null) && (pVisibilityChecksum != null))
462 r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()), pPrivilegeList.get());
463 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred. %ls", packageId.GetPointer());
465 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
469 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
470 r = E_DATA_NOT_FOUND;
474 ret = privilegeInfo.HasPrivilegeEx(privilege1);
477 ret = privilegeInfo.HasPrivilege(privilege2);
480 r = E_PRIVILEGE_DENIED;
486 r = CheckPrivacy(packageId, privilege2);
487 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
493 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
495 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
496 pAppManagerImpl->TerminateApplications(packageId);
504 _AccessController::CheckPrivilege(const String& privilege)
506 result r = E_SUCCESS;
507 static pthread_once_t onceBlock = PTHREAD_ONCE_INIT;
511 _PrivilegeInfo privilegeInfo;
515 int appType = _AppInfo::GetAppType();
516 PackageId packageId = _AppInfo::GetPackageId();
517 packageId[0] = packageId[0];
519 if ((appType & _APP_TYPE_WEB_APP) != _APP_TYPE_WEB_APP)
521 if (isConstructed != true)
523 pthread_once(&onceBlock, Initialize);
527 if (r == E_DATA_NOT_FOUND)
529 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
534 onceBlock = PTHREAD_ONCE_INIT;
535 SysLogException(NID_SEC, r, "[%s] Propagated.", GetErrorMessage(r));
541 std::unique_ptr<IEnumerator> pEnum(null);
542 pEnum.reset(pPrivilegeList->GetEnumeratorN());
544 if ((pEncryptedPrivileges != null) && (pChecksum != null) && (pEncryptedVisibility != null) && (pVisibilityChecksum != null))
546 r = privilegeInfo.Construct(packageId, *(pEncryptedPrivileges.get()), *(pChecksum.get()), *(pEncryptedVisibility.get()), *(pVisibilityChecksum.get()), pPrivilegeList.get());
547 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred. %ls", packageId.GetPointer());
549 SysLog(NID_SEC, "%ls is in the cache [client]", privilegeInfo.GetAppId().GetPointer());
553 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
554 r = E_DATA_NOT_FOUND;
558 ret = privilegeInfo.HasPrivilege(privilege);
561 r = E_PRIVILEGE_DENIED;
567 r = CheckPrivacy(packageId, privilege);
568 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
574 SysLogException(NID_SEC, r, "[E_PRIVILEGE_DENIED] The application does not have the privilege to call this method.");
576 _AppManagerImpl* pAppManagerImpl = _AppManagerImpl::GetInstance();
577 pAppManagerImpl->TerminateApplications(packageId);
583 _AccessController::CheckPrivacy(const PackageId & packageId, _Privilege privilege)
585 result r = E_SUCCESS;
586 int ret = PRIV_MGR_ERROR_SUCCESS;
588 if (privacyListTable[privilege][_PRV_API_VER_2_0] != true)
593 std::unique_ptr<char[]> pPackageId(null);
594 pPackageId.reset(_StringConverter::CopyToCharArrayN(packageId));
595 SysTryReturnResult(NID_SEC, pPackageId != null, E_SYSTEM, "An unexpected system error occurred.");
597 std::unique_ptr<char[]> pPrivilegeId(null);
598 String privilegeId(L"http://tizen.org/privilege/");
599 privilegeId.Append(privilegeListTable[privilege].privilegeString);
601 pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(privilegeId));
602 SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
604 ret = privacy_checker_check_package_by_privilege(pPackageId.get(), pPrivilegeId.get());
605 if (ret != PRIV_MGR_ERROR_SUCCESS)
607 r = E_USER_NOT_CONSENTED;
608 SysLog(NID_SEC, "Result : FALSE [Privacy]");
615 _AccessController::CheckPrivacy(const PackageId & packageId, const String& privilege)
617 result r = E_SUCCESS;
618 int ret = PRIV_MGR_ERROR_SUCCESS;
620 std::unique_ptr<char[]> pPackageId(null);
621 pPackageId.reset(_StringConverter::CopyToCharArrayN(packageId));
622 SysTryReturnResult(NID_SEC, pPackageId != null, E_SYSTEM, "An unexpected system error occurred.");
624 std::unique_ptr<char[]> pPrivilegeId(null);
625 pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(privilege));
626 SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
628 ret = privacy_checker_check_package_by_privilege(pPackageId.get(), pPrivilegeId.get());
629 if (ret != PRIV_MGR_ERROR_SUCCESS)
631 r = E_USER_NOT_CONSENTED;
632 SysLog(NID_SEC, "Result : FALSE [Privacy]");