2 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
4 // Licensed under the Apache License, Version 2.0 (the License);
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
18 * @file FSec_PrivilegeManagerInfo.cpp
19 * @brief This is the implementation for the Privilege Information class.
22 #include <unique_ptr.h>
26 #include <FBaseSysLog.h>
27 #include <FBase_StringConverter.h>
28 #include <FBaseString.h>
29 #include <FAppPkg_PackageInfoImpl.h>
30 #include <FSecSecretKey.h>
31 #include <FSecCryptoAesCipher.h>
32 #include <FSecCryptoSha1Hmac.h>
33 #include <FSecCryptoSha1Hash.h>
34 #include <FBaseColArrayList.h>
35 #include <FBaseColHashMap.h>
36 #include <privilege_info.h>
38 #include "FSec_PrivilegeInfo.h"
40 using namespace Tizen::App;
41 using namespace Tizen::App::Package;
42 using namespace Tizen::Base;
43 using namespace Tizen::Base::Collection;
44 using namespace Tizen::Base::Utility;
45 using namespace Tizen::Security::Crypto;
46 using namespace Tizen::Text;
48 namespace Tizen { namespace Security
51 _PrivilegeInfo::_PrivilegeInfo(void)
53 memset(__bitwisePrivilege, 0, MAX_BITWISE_PRIV_SIZE);
58 _PrivilegeInfo::~_PrivilegeInfo(void)
60 __privilegeList.RemoveAll(true);
64 _PrivilegeInfo::Construct(const AppId& appId, const byte* pBitwisePrivilege, const ArrayList* pPrivilegeList)
68 SysTryReturnResult(NID_SEC, (pBitwisePrivilege != null), E_INVALID_ARG, "One of the argument is invalid.");
69 SysTryReturnResult(NID_SEC,
70 appId.GetLength() > 0 && appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG,
71 "One of the argument is invalid.");
73 // Set base length of privilege information to max
74 __bitwiseLength = MAX_BITWISE_PRIV_SIZE;
77 memcpy(__bitwisePrivilege, pBitwisePrivilege, __bitwiseLength);
80 std::unique_ptr<IEnumerator> pEnum(null);
81 r = __privilegeList.Construct(32, 0.75);
82 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
84 pEnum.reset(pPrivilegeList->GetEnumeratorN());
85 SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
87 while (pEnum->MoveNext() == E_SUCCESS)
89 int ret = PRVMGR_ERR_NONE;
90 char* pPrivilegeLevel = null;
91 std::unique_ptr<char[]> pPrivilegeId(null);
92 String* pTempString = static_cast< String* >(pEnum->GetCurrent());
94 pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(*pTempString));
95 SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
97 ret = privilege_info_get_external_privilege_level(static_cast<char*>(pPrivilegeId.get()), &pPrivilegeLevel);
98 SysTryReturnResult(NID_SEC, ret == PRVMGR_ERR_NONE, E_SYSTEM, "An unexpected system error occurred.");
100 __privilegeList.Add((new String(*pTempString)), (new String(pPrivilegeLevel)));
101 if (pPrivilegeLevel != null)
103 free(pPrivilegeLevel);
111 _PrivilegeInfo::Construct(const AppId& appId, const String& encryptedPrivileges, const String& checksum, const ArrayList* pPrivilegeList)
113 result r = E_SUCCESS;
114 byte* pDecrytpedBitwisePrivilege = null;
116 std::unique_ptr<ByteBuffer> pBitwisePrivilege(null);
117 _PackageInfoImpl infoImpl;
119 SysTryReturnResult(NID_SEC,
120 appId.GetLength() > 0 && appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG,
121 "One of the argument is invalid.");
122 SysTryReturnResult(NID_SEC, encryptedPrivileges.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
123 SysTryReturnResult(NID_SEC, checksum.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
125 pBitwisePrivilege.reset(StringUtil::DecodeBase64StringN(encryptedPrivileges));
126 SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
128 pDecrytpedBitwisePrivilege = const_cast <byte*>(pBitwisePrivilege->GetPointer());
129 SysTryReturnResult(NID_SEC, pDecrytpedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
131 r = VerifyIntegrity(appId, pDecrytpedBitwisePrivilege, checksum, pBitwisePrivilege->GetLimit());
132 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_INVALID_ARG, "The checksum is abnormal.");
134 // Set base length of privilege information
135 __bitwiseLength = pBitwisePrivilege->GetLimit();
137 memcpy(__bitwisePrivilege, pDecrytpedBitwisePrivilege, __bitwiseLength);
140 r = infoImpl.Construct(appId);
141 if (r == E_APP_NOT_INSTALLED)
143 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The package information does not exist.");
144 return E_DATA_NOT_FOUND;
146 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
148 __apiVisibility = infoImpl.GetApiVisibility();
149 SysTryReturnResult(NID_SEC, __apiVisibility >= 0, E_SYSTEM, "An unexpected system error occurred.");
151 std::unique_ptr<IEnumerator> pEnum(null);
152 r = __privilegeList.Construct(32, 0.75);
153 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
155 pEnum.reset(pPrivilegeList->GetEnumeratorN());
156 SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
158 while (pEnum->MoveNext() == E_SUCCESS)
160 int ret = PRVMGR_ERR_NONE;
161 char* pPrivilegeLevel = null;
162 std::unique_ptr<char[]> pPrivilegeId(null);
163 String* pTempString = static_cast< String* >(pEnum->GetCurrent());
165 pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(*pTempString));
166 SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
168 ret = privilege_info_get_external_privilege_level(static_cast<char*>(pPrivilegeId.get()), &pPrivilegeLevel);
169 SysTryReturnResult(NID_SEC, ret == PRVMGR_ERR_NONE, E_SYSTEM, "An unexpected system error occurred.");
171 __privilegeList.Add((new String(*pTempString)), (new String(pPrivilegeLevel)));
172 if (pPrivilegeLevel != null)
174 free(pPrivilegeLevel);
182 _PrivilegeInfo::Construct(const AppId& appId, const String& encryptedPrivileges, const String& checksum, const String& encryptedVisibiliity, const String& visibilityChecksum, const ArrayList* pPrivilegeList)
184 result r = E_SUCCESS;
185 byte* pDecrytpedBitwisePrivilege = null;
189 std::unique_ptr<ISecretKey> pKey(null);
190 std::unique_ptr<ByteBuffer> pEncryptedBitwisePrivilege(null);
191 std::unique_ptr<ByteBuffer> pBitwisePrivilege(null);
192 std::unique_ptr<ByteBuffer> pEncryptedVisibility(null);
193 std::unique_ptr<ByteBuffer> pVisibility(null);
195 _PackageInfoImpl infoImpl;
196 const byte ivector[_IV_LEN] =
198 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F,
199 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B
202 SysTryReturnResult(NID_SEC,
203 appId.GetLength() > 0 && appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG,
204 "One of the argument is invalid.");
205 SysTryReturnResult(NID_SEC, encryptedPrivileges.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
206 SysTryReturnResult(NID_SEC, checksum.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
208 pEncryptedBitwisePrivilege.reset(StringUtil::DecodeBase64StringN(encryptedPrivileges));
209 SysTryReturnResult(NID_SEC, pEncryptedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
211 pEncryptedVisibility.reset(StringUtil::DecodeBase64StringN(encryptedVisibiliity));
212 SysTryReturnResult(NID_SEC, pEncryptedVisibility != null, E_SYSTEM, "An unexpected system error occurred.");
214 r = ivByte.Construct(_IV_LEN);
215 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
217 r = ivByte.SetArray(ivector, 0, _IV_LEN);
218 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
221 r = cipherDec.Construct(L"CBC/128/PKCS7PADDING", CIPHER_DECRYPT);
222 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
224 pKey.reset(GetDeviceUniqueKeyN());
225 SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
227 r = cipherDec.SetKey(*pKey.get());
228 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
230 r = cipherDec.SetInitialVector(ivByte);
231 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
233 pBitwisePrivilege.reset(cipherDec.DecryptN(*pEncryptedBitwisePrivilege.get()));
234 SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
236 pVisibility.reset(cipherDec.DecryptN(*pEncryptedVisibility.get()));
237 SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
239 pDecrytpedBitwisePrivilege = const_cast <byte*>(pBitwisePrivilege->GetPointer());
240 SysTryReturnResult(NID_SEC, pDecrytpedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
242 visibility = static_cast<int>(*(pVisibility->GetPointer()));
244 r = VerifyIntegrity(appId, pDecrytpedBitwisePrivilege, checksum, pBitwisePrivilege->GetLimit(), visibility, visibilityChecksum);
245 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_INVALID_ARG, "The checksum is abnormal.");
247 // Set base length of privilege information
248 __bitwiseLength = pBitwisePrivilege->GetLimit();
250 memcpy(__bitwisePrivilege, pDecrytpedBitwisePrivilege, __bitwiseLength);
253 __apiVisibility = visibility;
255 std::unique_ptr<IEnumerator> pEnum(null);
256 r = __privilegeList.Construct(32, 0.75);
257 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
259 pEnum.reset(pPrivilegeList->GetEnumeratorN());
260 SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
262 while (pEnum->MoveNext() == E_SUCCESS)
264 int ret = PRVMGR_ERR_NONE;
265 char* pPrivilegeLevel = null;
266 std::unique_ptr<char[]> pPrivilegeId(null);
267 String* pTempString = static_cast< String* >(pEnum->GetCurrent());
269 pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(*pTempString));
270 SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
272 ret = privilege_info_get_external_privilege_level(static_cast<char*>(pPrivilegeId.get()), &pPrivilegeLevel);
273 SysTryReturnResult(NID_SEC, ret == PRVMGR_ERR_NONE, E_SYSTEM, "An unexpected system error occurred.");
275 __privilegeList.Add((new String(*pTempString)), (new String(pPrivilegeLevel)));
276 if (pPrivilegeLevel != null)
278 free(pPrivilegeLevel);
287 _PrivilegeInfo::CloneN(void) const
289 _PrivilegeInfo* pPrivilegeInfo = null;
290 result r = E_SUCCESS;
294 pPrivilegeInfo = new (std::nothrow) _PrivilegeInfo();
295 SysTryReturn(NID_SEC, pPrivilegeInfo != null, null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");
297 pPrivilegeInfo->__bitwiseLength = this->__bitwiseLength;
299 pPrivilegeInfo->__appId.Clear();
300 pPrivilegeInfo->__appId.Append(this->__appId);
301 memcpy(pPrivilegeInfo->__bitwisePrivilege, this->__bitwisePrivilege, pPrivilegeInfo->__bitwiseLength);
303 std::unique_ptr<IMapEnumerator> pEnum(null);
304 pEnum.reset(this->__privilegeList.GetMapEnumeratorN());
305 SysTryCatch(NID_SEC, pEnum != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
307 r = pPrivilegeInfo->__privilegeList.Construct(32, 0.75);
308 SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
310 while (pEnum->MoveNext() == E_SUCCESS)
312 String* pTempString = static_cast< String* >(pEnum->GetKey());
313 String* pTempLevel = static_cast< String* >(pEnum->GetValue());
314 pPrivilegeInfo->__privilegeList.Add((new String(*pTempString)), (new String(*pTempLevel)));
317 pPrivilegeInfo->__apiVisibility = this->__apiVisibility;
318 return pPrivilegeInfo;
324 delete pPrivilegeInfo;
329 _PrivilegeInfo::Construct(const _PrivilegeInfo& privilegeInfo)
331 result r = E_SUCCESS;
333 SysTryReturnResult(NID_SEC, privilegeInfo.__appId.GetLength() > 0 && privilegeInfo.__appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG, "The argument is invalid.");
335 __bitwiseLength = privilegeInfo.__bitwiseLength;
337 __appId = privilegeInfo.__appId;
338 memcpy(__bitwisePrivilege, privilegeInfo.__bitwisePrivilege, __bitwiseLength);
340 __apiVisibility = privilegeInfo.__apiVisibility;
342 std::unique_ptr<IMapEnumerator> pEnum(null);
343 pEnum.reset(privilegeInfo.__privilegeList.GetMapEnumeratorN());
344 SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
346 r = __privilegeList.Construct(32, 0.75);
347 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
349 while (pEnum->MoveNext() == E_SUCCESS)
351 String* pTempString = static_cast< String* >(pEnum->GetKey());
352 String* pTempLevel = static_cast< String* >(pEnum->GetValue());
353 __privilegeList.Add((new String(*pTempString)), (new String(*pTempLevel)));
360 _PrivilegeInfo::GetAppId(void) const
366 _PrivilegeInfo::GetBitwisePrivilegeN(byte*& pBitwisePrivilege) const
368 byte* pReturn = null;
369 result r = E_SUCCESS;
371 pReturn = (byte*) malloc(sizeof(byte) * MAX_BITWISE_PRIV_SIZE);
372 SysTryReturnResult(NID_SEC, pReturn != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
373 memcpy(pReturn, __bitwisePrivilege, MAX_BITWISE_PRIV_SIZE);
375 pBitwisePrivilege = pReturn;
381 _PrivilegeInfo::GetEncryptedBitwise(String& encryptedPrivileges) const
383 result r = E_SUCCESS;
385 std::unique_ptr<ISecretKey> pKey(null);
386 std::unique_ptr<ByteBuffer> pEncryptedBitwisePrivilege(null);
387 std::unique_ptr<ByteBuffer> pBitwisePrivilege(null);
389 const byte ivector[_IV_LEN] = { 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B};
391 pBitwisePrivilege.reset(new (std::nothrow) ByteBuffer());
392 SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
394 r = pBitwisePrivilege->Construct(__bitwiseLength);
395 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
397 r = ivByte.Construct(_IV_LEN);
398 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
400 r = ivByte.SetArray(ivector, 0, _IV_LEN);
401 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
404 r = pBitwisePrivilege->SetArray(__bitwisePrivilege, 0, __bitwiseLength);
405 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
406 pBitwisePrivilege->Flip();
408 r = cipherEnc.Construct(L"CBC/128/PKCS7PADDING", CIPHER_ENCRYPT);
409 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
411 pKey.reset(GetDeviceUniqueKeyN());
412 SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
414 r = cipherEnc.SetKey(*(pKey.get()));
415 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
417 r = cipherEnc.SetInitialVector(ivByte);
418 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
420 pEncryptedBitwisePrivilege.reset(cipherEnc.EncryptN(*(pBitwisePrivilege.get())));
421 SysTryReturnResult(NID_SEC, pEncryptedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
423 r = StringUtil::EncodeToBase64String(*(pEncryptedBitwisePrivilege.get()), encryptedPrivileges);
424 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
430 _PrivilegeInfo::GetChecksum(String& checksum) const
432 result r = E_SUCCESS;
433 byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
437 std::unique_ptr<ISecretKey> pKey(null);
438 std::unique_ptr<IHmac> pHmac(null);
439 std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
440 std::unique_ptr<char[]> pAppId(null);
442 pAppId.reset(_StringConverter::CopyToCharArrayN(__appId));
443 SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
445 memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
446 memcpy(tempChecksumString + MAX_APP_ID_SIZE, __bitwisePrivilege, __bitwiseLength);
450 r = input.Construct(MAX_APP_ID_SIZE + __bitwiseLength);
451 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
453 r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + __bitwiseLength);
454 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
457 pHmac.reset(new (std::nothrow) Sha1Hmac());
458 SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
460 pKey.reset(GetDeviceUniqueKeyN());
461 SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
463 r = pHmac->SetKey(*(pKey.get()));
464 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
466 pChecksumByteBuffer.reset(pHmac->GetHmacN(input));
467 SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
469 r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), checksum);
470 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
476 _PrivilegeInfo::HasPrivilege(_Privilege privilege) const
479 int targetIndex = static_cast< int >(privilege) / _BITS_IN_BYTE;
480 byte privilegeBit = (byte) (static_cast< int >(privilege) % _BITS_IN_BYTE);
481 byte bitwiseTargetPrivilege = 0;
482 byte tempBitwisePrivilege = 0;
484 if (__apiVisibility != _API_VISIBILITY_NONE) // To be removed
486 if (visibilityLevelListTable[privilege] > __apiVisibility)
488 SysLog(NID_SEC, "Result : FALSE [Visibility]");
493 bitwiseTargetPrivilege = bitwiseTargetPrivilege | (1 << privilegeBit);
494 tempBitwisePrivilege = __bitwisePrivilege[targetIndex] & bitwiseTargetPrivilege;
496 if (bitwiseTargetPrivilege == tempBitwisePrivilege)
498 SysLog(NID_SEC, "Result : TRUE");
503 SysLogException(NID_SEC, E_PRIVILEGE_DENIED, "Result : FALSE [%ls, %ls]", __appId.GetPointer(), privilegeListTable[privilege].privilegeString);
510 _PrivilegeInfo::HasPrivilegeEx(_Privilege privilege) const
513 int targetIndex = static_cast< int >(privilege) / _BITS_IN_BYTE;
514 byte privilegeBit = (byte) (static_cast< int >(privilege) % _BITS_IN_BYTE);
515 byte bitwiseTargetPrivilege = 0;
516 byte tempBitwisePrivilege = 0;
518 if (__apiVisibility != _API_VISIBILITY_NONE) // To be removed
520 if (visibilityLevelListTable[privilege] > __apiVisibility)
526 bitwiseTargetPrivilege = bitwiseTargetPrivilege | (1 << privilegeBit);
527 tempBitwisePrivilege = __bitwisePrivilege[targetIndex] & bitwiseTargetPrivilege;
529 if (bitwiseTargetPrivilege == tempBitwisePrivilege)
531 SysLog(NID_SEC, "Result : TRUE");
539 _PrivilegeInfo::HasPrivilege(const String& privilege) const
542 bool validStringFlag = false;
543 int privilegeEnum = -1;
546 String privilegeURI = L"http://tizen.org/privilege/";
547 String privilegeSubString;
548 String privilegeSubStringURI;
549 privilege.SubString(0, privilegeURI.GetLength(), privilegeSubStringURI);
551 if (privilegeSubStringURI.Equals(privilegeURI, true))
553 privilege.SubString(privilegeURI.GetLength(), privilege.GetLength() - privilegeURI.GetLength(), privilegeSubString);
554 for (index = 0; index < _MAX_PRIVILEGE_ENUM; index++)
556 if (wcscmp(privilegeListTable[index].privilegeString, privilegeSubString.GetPointer()) == 0)
558 validStringFlag = true;
559 privilegeEnum = index;
567 ret = HasPrivilege(privilegeListTable[index].privilege);
571 ret = __privilegeList.ContainsKey(privilege);
574 if (__apiVisibility != _API_VISIBILITY_NONE) // To be removed
576 const String* pPrivilegeLevel = static_cast< const String* >(__privilegeList.GetValue(privilege));
577 SysTryReturn(NID_SEC, pPrivilegeLevel != null, E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
579 int privilegeLevel = GetPrivilegeLevel(*pPrivilegeLevel);
580 if (privilegeLevel > __apiVisibility)
582 SysLog(NID_SEC, "Result : FALSE [Visibility]");
587 SysLog(NID_SEC, "Result : TRUE");
591 SysLogException(NID_SEC, E_PRIVILEGE_DENIED, "Result : FALSE [%ls, %ls]", __appId.GetPointer(), privilege.GetPointer());
599 _PrivilegeInfo::VerifyIntegrity(const AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length)
601 result r = E_SUCCESS;
602 bool verifyResult = false;
603 byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
604 String base64EncodedChecksum;
606 std::unique_ptr<IHash> pHash(null);
607 std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
608 std::unique_ptr<char[]> pAppId(null);
610 SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of %ls is invalid.", appId.GetPointer());
612 pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
613 SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
615 memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
616 memcpy(tempChecksumString + MAX_APP_ID_SIZE, targetBitwisePrivilege, length);
620 r = input.Construct(MAX_APP_ID_SIZE + length);
621 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
623 r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + length);
624 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
627 pHash.reset(new (std::nothrow) Sha1Hash());
628 SysTryReturnResult(NID_SEC, pHash != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
630 pChecksumByteBuffer.reset(pHash->GetHashN(input));
631 SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
633 r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), base64EncodedChecksum);
634 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
636 verifyResult = storedChecksum.Equals(base64EncodedChecksum, true);
637 if (verifyResult != true)
646 _PrivilegeInfo::VerifyIntegrityEx(const AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length)
648 result r = E_SUCCESS;
649 bool verifyResult = false;
650 byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
651 String base64EncodedChecksum;
654 std::unique_ptr<IHmac> pHmac(null);
655 std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
656 std::unique_ptr<ISecretKey> pKey(null);
657 std::unique_ptr<char[]> pAppId(null);
659 SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of [%ls] is invalid.", appId.GetPointer());
661 pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
662 SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
664 memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
665 memcpy(tempChecksumString + MAX_APP_ID_SIZE, targetBitwisePrivilege, length);
669 r = input.Construct(MAX_APP_ID_SIZE + length);
670 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
672 r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + length);
673 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
676 pHmac.reset(new (std::nothrow) Sha1Hmac());
677 SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
679 pKey.reset(GetDeviceUniqueKeyN());
680 SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
682 r = pHmac->SetKey(*(pKey.get()));
683 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
685 pChecksumByteBuffer.reset(pHmac->GetHmacN(input));
686 SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
688 r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), base64EncodedChecksum);
689 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
691 verifyResult = storedChecksum.Equals(base64EncodedChecksum, true);
692 if (verifyResult != true)
701 _PrivilegeInfo::VerifyIntegrity(const AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length, int visibility, const Tizen::Base::String& storedVisibilityChecksum)
703 result r = E_SUCCESS;
704 bool verifyResult = false;
705 byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
706 byte tempVisibilityChecksumString[sizeof(int) + MAX_APP_ID_SIZE];
707 String base64EncodedChecksum;
708 String base64EncodedVisibilityChecksum;
711 ByteBuffer visibilityInput;
712 std::unique_ptr<IHmac> pHmac(null);
713 std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
714 std::unique_ptr<ByteBuffer> pVisibilityChecksumByteBuffer(null);
715 std::unique_ptr<ISecretKey> pKey(null);
716 std::unique_ptr<char[]> pAppId(null);
718 SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of [%ls] is invalid.", appId.GetPointer());
720 pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
721 SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
723 memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
724 memcpy(tempChecksumString + MAX_APP_ID_SIZE, targetBitwisePrivilege, length);
726 memcpy(tempVisibilityChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
727 memcpy(tempVisibilityChecksumString + MAX_APP_ID_SIZE, (byte*)(&visibility), sizeof(int));
731 r = input.Construct(MAX_APP_ID_SIZE + length);
732 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
734 r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + length);
735 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
738 r = visibilityInput.Construct(MAX_APP_ID_SIZE + sizeof(int));
739 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
741 r = visibilityInput.SetArray(tempVisibilityChecksumString, 0, MAX_APP_ID_SIZE + sizeof(int));
742 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
743 visibilityInput.Flip();
745 pHmac.reset(new (std::nothrow) Sha1Hmac());
746 SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
748 pKey.reset(GetDeviceUniqueKeyN());
749 SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
751 r = pHmac->SetKey(*(pKey.get()));
752 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
754 pChecksumByteBuffer.reset(pHmac->GetHmacN(input));
755 SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
757 r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), base64EncodedChecksum);
758 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
760 verifyResult = storedChecksum.Equals(base64EncodedChecksum, true);
761 if (verifyResult != true)
766 pVisibilityChecksumByteBuffer.reset(pHmac->GetHmacN(visibilityInput));
767 SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
769 r = StringUtil::EncodeToBase64String(*(pVisibilityChecksumByteBuffer.get()), base64EncodedVisibilityChecksum);
770 SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
772 verifyResult = storedVisibilityChecksum.Equals(base64EncodedVisibilityChecksum, true);
773 if (verifyResult != true)
782 _PrivilegeInfo::GetDeviceUniqueKeyN(void)
784 result r = E_SUCCESS;
785 ByteBuffer* pTempValue = null;
786 ISecretKey* pKey = null;
788 char uniqueInfo[_INFO_LEN] =
790 0x09, 0x25, 0x19, 0x87, 0xBF, 0x02, 0x14, 0x19,
791 0x88, 0xDD, 0x12, 0x30, 0x19, 0x86, 0xAD, 0xED
794 char* pUniqueKey = null;
795 pUniqueKey = GetDeviceUniqueKey(uniqueInfo, _INFO_LEN, _KEY_LEN);
796 SysTryCatch(NID_SEC, pUniqueKey != null, , E_SYSTEM, "[E_SYSTEM] Failed to generate the unique key.");
798 pTempValue = new (std::nothrow) ByteBuffer();
799 SysTryCatch(NID_SEC, pTempValue != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
801 r = pTempValue->Construct(_KEY_LEN);
802 SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
804 r = pTempValue->SetArray(reinterpret_cast <byte*>(pUniqueKey), 0, _KEY_LEN);
805 SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
809 pKey = new (std::nothrow) SecretKey();
810 SysTryCatch(NID_SEC, pKey != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
812 r = pKey->SetKey(*pTempValue);
813 SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
815 if (pUniqueKey != null)
824 if (pUniqueKey != null)
835 _PrivilegeInfo::GetPrivilegeLevel(const String& privilegeLevel)
837 if(privilegeLevel.Equals(String(L"platform"), true))
839 return _API_VISIBILITY_PLATFORM;
841 else if(privilegeLevel.Equals(String(L"partner"), true))
843 return _API_VISIBILITY_PARTNER;
846 return _API_VISIBILITY_PUBLIC;