src/security/FSec_PrivilegeInfo.cpp

   1 //
   2 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
   3 //
   4 // Licensed under the Apache License, Version 2.0 (the License);
   5 // you may not use this file except in compliance with the License.
   6 // You may obtain a copy of the License at
   7 //
   8 //     http://www.apache.org/licenses/LICENSE-2.0
   9 //
  10 // Unless required by applicable law or agreed to in writing, software
  11 // distributed under the License is distributed on an "AS IS" BASIS,
  12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 // See the License for the specific language governing permissions and
  14 // limitations under the License.
  15 //
  16
  17 /**
  18  * @file                FSec_PrivilegeManagerInfo.cpp
  19  * @brief               This is the implementation for the Privilege Information class.
  20  */
  21
  22 #include <unique_ptr.h>
  23 #include <stdlib.h>
  24 #include <dukgen.h>
  25
  26 #include <FBaseSysLog.h>
  27 #include <FBase_StringConverter.h>
  28 #include <FBaseString.h>
  29 #include <FAppPkg_PackageInfoImpl.h>
  30 #include <FSecSecretKey.h>
  31 #include <FSecCryptoAesCipher.h>
  32 #include <FSecCryptoSha1Hmac.h>
  33 #include <FSecCryptoSha1Hash.h>
  34 #include <FBaseColArrayList.h>
  35 #include <FBaseColHashMap.h>
  36 #include <privilege_info.h>
  37
  38 #include "FSec_PrivilegeInfo.h"
  39
  40 using namespace Tizen::App;
  41 using namespace Tizen::App::Package;
  42 using namespace Tizen::Base;
  43 using namespace Tizen::Base::Collection;
  44 using namespace Tizen::Base::Utility;
  45 using namespace Tizen::Security::Crypto;
  46 using namespace Tizen::Text;
  47
  48 namespace Tizen { namespace Security
  49 {
  50
  51 _PrivilegeInfo::_PrivilegeInfo(void)
  52 {
  53         memset(__bitwisePrivilege, 0, MAX_BITWISE_PRIV_SIZE);
  54         __bitwiseLength = 0;
  55         __apiVisibility = 0;
  56 }
  57
  58 _PrivilegeInfo::~_PrivilegeInfo(void)
  59 {
  60         __privilegeList.RemoveAll(true);
  61 }
  62
  63 result
  64 _PrivilegeInfo::Construct(const AppId& appId, const byte* pBitwisePrivilege, const ArrayList* pPrivilegeList)
  65 {
  66         result r = E_SUCCESS;
  67
  68         SysTryReturnResult(NID_SEC, (pBitwisePrivilege != null), E_INVALID_ARG, "One of the argument is invalid.");
  69         SysTryReturnResult(NID_SEC,
  70                                           appId.GetLength() > 0 && appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG,
  71                                           "One of the argument is invalid.");
  72
  73         // Set base length of privilege information to max
  74         __bitwiseLength = MAX_BITWISE_PRIV_SIZE;
  75
  76         __appId = appId;
  77         memcpy(__bitwisePrivilege, pBitwisePrivilege, __bitwiseLength);
  78
  79
  80         std::unique_ptr<IEnumerator> pEnum(null);
  81         r = __privilegeList.Construct(32, 0.75);
  82         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
  83
  84         pEnum.reset(pPrivilegeList->GetEnumeratorN());
  85         SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
  86
  87         while (pEnum->MoveNext() == E_SUCCESS)
  88         {
  89                 int ret = PRVMGR_ERR_NONE;
  90                 char* pPrivilegeLevel = null;
  91                 std::unique_ptr<char[]> pPrivilegeId(null);
  92                 String* pTempString = static_cast< String* >(pEnum->GetCurrent());
  93
  94                 pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(*pTempString));
  95                 SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
  96
  97                 ret = privilege_info_get_external_privilege_level(static_cast<char*>(pPrivilegeId.get()), &pPrivilegeLevel);
  98                 SysTryReturnResult(NID_SEC, ret == PRVMGR_ERR_NONE, E_SYSTEM, "An unexpected system error occurred.");
  99
 100                 __privilegeList.Add((new String(*pTempString)), (new String(pPrivilegeLevel)));
 101                 if (pPrivilegeLevel != null)
 102                 {
 103                         free(pPrivilegeLevel);
 104                 }
 105         }
 106
 107         return r;
 108 }
 109
 110 result
 111 _PrivilegeInfo::Construct(const AppId& appId, const String& encryptedPrivileges, const String& checksum, const ArrayList* pPrivilegeList)
 112 {
 113         result r = E_SUCCESS;
 114         byte* pDecrytpedBitwisePrivilege = null;
 115
 116         std::unique_ptr<ByteBuffer> pBitwisePrivilege(null);
 117         _PackageInfoImpl infoImpl;
 118
 119         SysTryReturnResult(NID_SEC,
 120                                           appId.GetLength() > 0 && appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG,
 121                                           "One of the argument is invalid.");
 122         SysTryReturnResult(NID_SEC, encryptedPrivileges.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
 123         SysTryReturnResult(NID_SEC, checksum.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
 124
 125         pBitwisePrivilege.reset(StringUtil::DecodeBase64StringN(encryptedPrivileges));
 126         SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 127
 128         pDecrytpedBitwisePrivilege = const_cast <byte*>(pBitwisePrivilege->GetPointer());
 129         SysTryReturnResult(NID_SEC, pDecrytpedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 130
 131         r = VerifyIntegrity(appId, pDecrytpedBitwisePrivilege, checksum, pBitwisePrivilege->GetLimit());
 132         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_INVALID_ARG, "The checksum is abnormal.");
 133
 134         // Set base length of privilege information
 135         __bitwiseLength = pBitwisePrivilege->GetLimit();
 136
 137         memcpy(__bitwisePrivilege, pDecrytpedBitwisePrivilege, __bitwiseLength);
 138         __appId = appId;
 139
 140         r = infoImpl.Construct(appId);
 141         if (r == E_APP_NOT_INSTALLED)
 142         {
 143                 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The package information does not exist.");
 144                 return E_DATA_NOT_FOUND;
 145         }
 146         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 147
 148         __apiVisibility = infoImpl.GetApiVisibility();
 149         SysTryReturnResult(NID_SEC, __apiVisibility >= 0, E_SYSTEM, "An unexpected system error occurred.");
 150
 151         std::unique_ptr<IEnumerator> pEnum(null);
 152         r = __privilegeList.Construct(32, 0.75);
 153         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 154
 155         pEnum.reset(pPrivilegeList->GetEnumeratorN());
 156         SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
 157
 158         while (pEnum->MoveNext() == E_SUCCESS)
 159         {
 160                 int ret = PRVMGR_ERR_NONE;
 161                 char* pPrivilegeLevel = null;
 162                 std::unique_ptr<char[]> pPrivilegeId(null);
 163                 String* pTempString = static_cast< String* >(pEnum->GetCurrent());
 164
 165                 pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(*pTempString));
 166                 SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
 167
 168                 ret = privilege_info_get_external_privilege_level(static_cast<char*>(pPrivilegeId.get()), &pPrivilegeLevel);
 169                 SysTryReturnResult(NID_SEC, ret == PRVMGR_ERR_NONE, E_SYSTEM, "An unexpected system error occurred.");
 170
 171                 __privilegeList.Add((new String(*pTempString)), (new String(pPrivilegeLevel)));
 172                 if (pPrivilegeLevel != null)
 173                 {
 174                         free(pPrivilegeLevel);
 175                 }
 176         }
 177
 178         return r;
 179 }
 180
 181 result
 182 _PrivilegeInfo::Construct(const AppId& appId, const String& encryptedPrivileges, const String& checksum, const String& encryptedVisibiliity, const String& visibilityChecksum, const ArrayList* pPrivilegeList)
 183 {
 184         result r = E_SUCCESS;
 185         byte* pDecrytpedBitwisePrivilege = null;
 186         int visibility = 0;
 187
 188         ByteBuffer ivByte;
 189         std::unique_ptr<ISecretKey> pKey(null);
 190         std::unique_ptr<ByteBuffer> pEncryptedBitwisePrivilege(null);
 191         std::unique_ptr<ByteBuffer> pBitwisePrivilege(null);
 192         std::unique_ptr<ByteBuffer> pEncryptedVisibility(null);
 193         std::unique_ptr<ByteBuffer> pVisibility(null);
 194         AesCipher cipherDec;
 195         _PackageInfoImpl infoImpl;
 196         const byte ivector[_IV_LEN] =
 197         {
 198                 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F,
 199                 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B
 200         };
 201
 202         SysTryReturnResult(NID_SEC,
 203                                           appId.GetLength() > 0 && appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG,
 204                                           "One of the argument is invalid.");
 205         SysTryReturnResult(NID_SEC, encryptedPrivileges.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
 206         SysTryReturnResult(NID_SEC, checksum.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
 207
 208         pEncryptedBitwisePrivilege.reset(StringUtil::DecodeBase64StringN(encryptedPrivileges));
 209         SysTryReturnResult(NID_SEC, pEncryptedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 210
 211         pEncryptedVisibility.reset(StringUtil::DecodeBase64StringN(encryptedVisibiliity));
 212         SysTryReturnResult(NID_SEC, pEncryptedVisibility != null, E_SYSTEM, "An unexpected system error occurred.");
 213
 214         r = ivByte.Construct(_IV_LEN);
 215         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 216
 217         r = ivByte.SetArray(ivector, 0, _IV_LEN);
 218         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 219         ivByte.Flip();
 220
 221         r = cipherDec.Construct(L"CBC/128/PKCS7PADDING", CIPHER_DECRYPT);
 222         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 223
 224         pKey.reset(GetDeviceUniqueKeyN());
 225         SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
 226
 227         r = cipherDec.SetKey(*pKey.get());
 228         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 229
 230         r = cipherDec.SetInitialVector(ivByte);
 231         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 232
 233         pBitwisePrivilege.reset(cipherDec.DecryptN(*pEncryptedBitwisePrivilege.get()));
 234         SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 235
 236         pVisibility.reset(cipherDec.DecryptN(*pEncryptedVisibility.get()));
 237         SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 238
 239         pDecrytpedBitwisePrivilege = const_cast <byte*>(pBitwisePrivilege->GetPointer());
 240         SysTryReturnResult(NID_SEC, pDecrytpedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 241
 242         visibility = static_cast<int>(*(pVisibility->GetPointer()));
 243
 244         r = VerifyIntegrity(appId, pDecrytpedBitwisePrivilege, checksum, pBitwisePrivilege->GetLimit(), visibility, visibilityChecksum);
 245         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_INVALID_ARG, "The checksum is abnormal.");
 246
 247         // Set base length of privilege information
 248         __bitwiseLength = pBitwisePrivilege->GetLimit();
 249
 250         memcpy(__bitwisePrivilege, pDecrytpedBitwisePrivilege, __bitwiseLength);
 251         __appId = appId;
 252
 253         __apiVisibility = visibility;
 254
 255         std::unique_ptr<IEnumerator> pEnum(null);
 256         r = __privilegeList.Construct(32, 0.75);
 257         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 258
 259         pEnum.reset(pPrivilegeList->GetEnumeratorN());
 260         SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
 261
 262         while (pEnum->MoveNext() == E_SUCCESS)
 263         {
 264                 int ret = PRVMGR_ERR_NONE;
 265                 char* pPrivilegeLevel = null;
 266                 std::unique_ptr<char[]> pPrivilegeId(null);
 267                 String* pTempString = static_cast< String* >(pEnum->GetCurrent());
 268
 269                 pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(*pTempString));
 270                 SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
 271
 272                 ret = privilege_info_get_external_privilege_level(static_cast<char*>(pPrivilegeId.get()), &pPrivilegeLevel);
 273                 SysTryReturnResult(NID_SEC, ret == PRVMGR_ERR_NONE, E_SYSTEM, "An unexpected system error occurred.");
 274
 275                 __privilegeList.Add((new String(*pTempString)), (new String(pPrivilegeLevel)));
 276                 if (pPrivilegeLevel != null)
 277                 {
 278                         free(pPrivilegeLevel);
 279                 }
 280         }
 281
 282         return r;
 283 }
 284
 285
 286 _PrivilegeInfo*
 287 _PrivilegeInfo::CloneN(void) const
 288 {
 289         _PrivilegeInfo* pPrivilegeInfo = null;
 290         result r = E_SUCCESS;
 291
 292         ClearLastResult();
 293
 294         pPrivilegeInfo = new (std::nothrow) _PrivilegeInfo();
 295         SysTryReturn(NID_SEC, pPrivilegeInfo != null, null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");
 296
 297         pPrivilegeInfo->__bitwiseLength = this->__bitwiseLength;
 298
 299         pPrivilegeInfo->__appId.Clear();
 300         pPrivilegeInfo->__appId.Append(this->__appId);
 301         memcpy(pPrivilegeInfo->__bitwisePrivilege, this->__bitwisePrivilege, pPrivilegeInfo->__bitwiseLength);
 302
 303         std::unique_ptr<IMapEnumerator> pEnum(null);
 304         pEnum.reset(this->__privilegeList.GetMapEnumeratorN());
 305         SysTryCatch(NID_SEC, pEnum != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 306
 307         r = pPrivilegeInfo->__privilegeList.Construct(32, 0.75);
 308         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 309
 310         while (pEnum->MoveNext() == E_SUCCESS)
 311         {
 312                 String* pTempString = static_cast< String* >(pEnum->GetKey());
 313                 String* pTempLevel = static_cast< String* >(pEnum->GetValue());
 314                 pPrivilegeInfo->__privilegeList.Add((new String(*pTempString)), (new String(*pTempLevel)));
 315         }
 316
 317         pPrivilegeInfo->__apiVisibility = this->__apiVisibility;
 318         return pPrivilegeInfo;
 319
 320 CATCH:
 321
 322         SetLastResult(r);
 323
 324         delete pPrivilegeInfo;
 325         return null;
 326 }
 327
 328 result
 329 _PrivilegeInfo::Construct(const _PrivilegeInfo& privilegeInfo)
 330 {
 331         result r = E_SUCCESS;
 332
 333         SysTryReturnResult(NID_SEC, privilegeInfo.__appId.GetLength() > 0 && privilegeInfo.__appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG, "The argument is invalid.");
 334
 335         __bitwiseLength = privilegeInfo.__bitwiseLength;
 336
 337         __appId = privilegeInfo.__appId;
 338         memcpy(__bitwisePrivilege, privilegeInfo.__bitwisePrivilege, __bitwiseLength);
 339
 340         __apiVisibility = privilegeInfo.__apiVisibility;
 341
 342         std::unique_ptr<IMapEnumerator> pEnum(null);
 343         pEnum.reset(privilegeInfo.__privilegeList.GetMapEnumeratorN());
 344         SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
 345
 346         r = __privilegeList.Construct(32, 0.75);
 347         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 348
 349         while (pEnum->MoveNext() == E_SUCCESS)
 350         {
 351                 String* pTempString = static_cast< String* >(pEnum->GetKey());
 352                 String* pTempLevel = static_cast< String* >(pEnum->GetValue());
 353                 __privilegeList.Add((new String(*pTempString)), (new String(*pTempLevel)));
 354         }
 355
 356         return r;
 357 }
 358
 359 const String
 360 _PrivilegeInfo::GetAppId(void) const
 361 {
 362         return __appId;
 363 }
 364
 365 result
 366 _PrivilegeInfo::GetBitwisePrivilegeN(byte*& pBitwisePrivilege) const
 367 {
 368         byte* pReturn = null;
 369         result r = E_SUCCESS;
 370
 371         pReturn = (byte*) malloc(sizeof(byte) * MAX_BITWISE_PRIV_SIZE);
 372         SysTryReturnResult(NID_SEC, pReturn != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
 373         memcpy(pReturn, __bitwisePrivilege, MAX_BITWISE_PRIV_SIZE);
 374
 375         pBitwisePrivilege = pReturn;
 376
 377         return r;
 378 }
 379
 380 result
 381 _PrivilegeInfo::GetEncryptedBitwise(String& encryptedPrivileges) const
 382 {
 383         result r = E_SUCCESS;
 384         ByteBuffer ivByte;
 385         std::unique_ptr<ISecretKey> pKey(null);
 386         std::unique_ptr<ByteBuffer> pEncryptedBitwisePrivilege(null);
 387         std::unique_ptr<ByteBuffer> pBitwisePrivilege(null);
 388         AesCipher cipherEnc;
 389         const byte ivector[_IV_LEN] = { 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B};
 390
 391         pBitwisePrivilege.reset(new (std::nothrow) ByteBuffer());
 392         SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
 393
 394         r = pBitwisePrivilege->Construct(__bitwiseLength);
 395         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 396
 397         r = ivByte.Construct(_IV_LEN);
 398         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 399
 400         r = ivByte.SetArray(ivector, 0, _IV_LEN);
 401         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 402         ivByte.Flip();
 403
 404         r = pBitwisePrivilege->SetArray(__bitwisePrivilege, 0, __bitwiseLength);
 405         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 406         pBitwisePrivilege->Flip();
 407
 408         r = cipherEnc.Construct(L"CBC/128/PKCS7PADDING", CIPHER_ENCRYPT);
 409         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 410
 411         pKey.reset(GetDeviceUniqueKeyN());
 412         SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
 413
 414         r = cipherEnc.SetKey(*(pKey.get()));
 415         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 416
 417         r = cipherEnc.SetInitialVector(ivByte);
 418         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 419
 420         pEncryptedBitwisePrivilege.reset(cipherEnc.EncryptN(*(pBitwisePrivilege.get())));
 421         SysTryReturnResult(NID_SEC, pEncryptedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 422
 423         r = StringUtil::EncodeToBase64String(*(pEncryptedBitwisePrivilege.get()), encryptedPrivileges);
 424         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 425
 426         return r;
 427 }
 428
 429 result
 430 _PrivilegeInfo::GetChecksum(String& checksum) const
 431 {
 432         result r = E_SUCCESS;
 433         byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
 434
 435         ByteBuffer ivByte;
 436         ByteBuffer input;
 437         std::unique_ptr<ISecretKey> pKey(null);
 438         std::unique_ptr<IHmac> pHmac(null);
 439         std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
 440         std::unique_ptr<char[]> pAppId(null);
 441
 442         pAppId.reset(_StringConverter::CopyToCharArrayN(__appId));
 443         SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
 444
 445         memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
 446         memcpy(tempChecksumString + MAX_APP_ID_SIZE, __bitwisePrivilege, __bitwiseLength);
 447
 448         pAppId.reset(null);
 449
 450         r = input.Construct(MAX_APP_ID_SIZE + __bitwiseLength);
 451         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 452
 453         r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + __bitwiseLength);
 454         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 455         input.Flip();
 456
 457         pHmac.reset(new (std::nothrow) Sha1Hmac());
 458         SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
 459
 460         pKey.reset(GetDeviceUniqueKeyN());
 461         SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 462
 463         r = pHmac->SetKey(*(pKey.get()));
 464         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 465
 466         pChecksumByteBuffer.reset(pHmac->GetHmacN(input));
 467         SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 468
 469         r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), checksum);
 470         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 471
 472         return r;
 473 }
 474
 475 bool
 476 _PrivilegeInfo::HasPrivilege(_Privilege privilege) const
 477 {
 478         bool ret = false;
 479         int targetIndex = static_cast< int >(privilege) / _BITS_IN_BYTE;
 480         byte privilegeBit = (byte) (static_cast< int >(privilege) % _BITS_IN_BYTE);
 481         byte bitwiseTargetPrivilege = 0;
 482         byte tempBitwisePrivilege = 0;
 483
 484         if (__apiVisibility != _API_VISIBILITY_NONE) // To be removed
 485         {
 486                 if (visibilityLevelListTable[privilege] > __apiVisibility)
 487                 {
 488                         SysLog(NID_SEC, "Result : FALSE [Visibility]");
 489                         return ret;
 490                 }
 491         }
 492
 493         bitwiseTargetPrivilege = bitwiseTargetPrivilege | (1 << privilegeBit);
 494         tempBitwisePrivilege = __bitwisePrivilege[targetIndex] & bitwiseTargetPrivilege;
 495
 496         if (bitwiseTargetPrivilege == tempBitwisePrivilege)
 497         {
 498                 SysLog(NID_SEC, "Result : TRUE");
 499                 ret = true;
 500         }
 501         else
 502         {
 503                 SysLogException(NID_SEC, E_PRIVILEGE_DENIED, "Result : FALSE [%ls, %ls]", __appId.GetPointer(), privilegeListTable[privilege].privilegeString);
 504         }
 505
 506         return ret;
 507 }
 508
 509 bool
 510 _PrivilegeInfo::HasPrivilegeEx(_Privilege privilege) const
 511 {
 512         bool ret = false;
 513         int targetIndex = static_cast< int >(privilege) / _BITS_IN_BYTE;
 514         byte privilegeBit = (byte) (static_cast< int >(privilege) % _BITS_IN_BYTE);
 515         byte bitwiseTargetPrivilege = 0;
 516         byte tempBitwisePrivilege = 0;
 517
 518         if (__apiVisibility != _API_VISIBILITY_NONE) // To be removed
 519         {
 520                 if (visibilityLevelListTable[privilege] > __apiVisibility)
 521                 {
 522                         return ret;
 523                 }
 524         }
 525
 526         bitwiseTargetPrivilege = bitwiseTargetPrivilege | (1 << privilegeBit);
 527         tempBitwisePrivilege = __bitwisePrivilege[targetIndex] & bitwiseTargetPrivilege;
 528
 529         if (bitwiseTargetPrivilege == tempBitwisePrivilege)
 530         {
 531                 SysLog(NID_SEC, "Result : TRUE");
 532                 ret = true;
 533         }
 534
 535         return ret;
 536 }
 537
 538 bool
 539 _PrivilegeInfo::HasPrivilege(const String& privilege) const
 540 {
 541     bool ret = false;
 542     bool validStringFlag = false;
 543     int privilegeEnum = -1;
 544     int index = 0;
 545
 546         String privilegeURI = L"http://tizen.org/privilege/";
 547     String privilegeSubString;
 548     String privilegeSubStringURI;
 549     privilege.SubString(0, privilegeURI.GetLength(), privilegeSubStringURI);
 550
 551     if (privilegeSubStringURI.Equals(privilegeURI, true))
 552     {
 553         privilege.SubString(privilegeURI.GetLength(), privilege.GetLength() - privilegeURI.GetLength(), privilegeSubString);
 554         for (index = 0; index < _MAX_PRIVILEGE_ENUM; index++)
 555                 {
 556                         if (wcscmp(privilegeListTable[index].privilegeString, privilegeSubString.GetPointer()) == 0)
 557                         {
 558                                 validStringFlag = true;
 559                                 privilegeEnum = index;
 560                                 break;
 561                         }
 562                 }
 563     }
 564
 565     if (validStringFlag)
 566     {
 567         ret = HasPrivilege(privilegeListTable[index].privilege);
 568     }
 569     else
 570     {
 571                 ret = __privilegeList.ContainsKey(privilege);
 572         if (ret)
 573                 {
 574                 if (__apiVisibility != _API_VISIBILITY_NONE) // To be removed
 575                         {
 576                         const String* pPrivilegeLevel = static_cast< const String* >(__privilegeList.GetValue(privilege));
 577                         SysTryReturn(NID_SEC, pPrivilegeLevel != null, E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 578
 579                         int privilegeLevel = GetPrivilegeLevel(*pPrivilegeLevel);
 580                                 if (privilegeLevel > __apiVisibility)
 581                                 {
 582                                         SysLog(NID_SEC, "Result : FALSE [Visibility]");
 583                                         return false;
 584                                 }
 585                         }
 586
 587                         SysLog(NID_SEC, "Result : TRUE");
 588                 }
 589                 else
 590                 {
 591                         SysLogException(NID_SEC, E_PRIVILEGE_DENIED, "Result : FALSE [%ls, %ls]", __appId.GetPointer(), privilege.GetPointer());
 592                 }
 593     }
 594
 595         return ret;
 596 }
 597
 598 result
 599 _PrivilegeInfo::VerifyIntegrity(const AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length)
 600 {
 601         result r = E_SUCCESS;
 602         bool verifyResult = false;
 603         byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
 604         String base64EncodedChecksum;
 605         ByteBuffer input;
 606         std::unique_ptr<IHash> pHash(null);
 607         std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
 608         std::unique_ptr<char[]> pAppId(null);
 609
 610         SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of %ls is invalid.", appId.GetPointer());
 611
 612         pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
 613         SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
 614
 615         memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
 616         memcpy(tempChecksumString + MAX_APP_ID_SIZE, targetBitwisePrivilege, length);
 617
 618         pAppId.reset(null);
 619
 620         r = input.Construct(MAX_APP_ID_SIZE + length);
 621         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 622
 623         r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + length);
 624         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 625         input.Flip();
 626
 627         pHash.reset(new (std::nothrow) Sha1Hash());
 628         SysTryReturnResult(NID_SEC, pHash != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
 629
 630         pChecksumByteBuffer.reset(pHash->GetHashN(input));
 631         SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
 632
 633         r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), base64EncodedChecksum);
 634         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 635
 636         verifyResult = storedChecksum.Equals(base64EncodedChecksum, true);
 637         if (verifyResult != true)
 638         {
 639                 r = E_INVALID_ARG;
 640         }
 641
 642         return r;
 643 }
 644
 645 result
 646 _PrivilegeInfo::VerifyIntegrityEx(const AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length)
 647 {
 648         result r = E_SUCCESS;
 649         bool verifyResult = false;
 650         byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
 651         String base64EncodedChecksum;
 652         ByteBuffer ivByte;
 653         ByteBuffer input;
 654         std::unique_ptr<IHmac> pHmac(null);
 655         std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
 656         std::unique_ptr<ISecretKey> pKey(null);
 657         std::unique_ptr<char[]> pAppId(null);
 658
 659         SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of [%ls] is invalid.", appId.GetPointer());
 660
 661         pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
 662         SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
 663
 664         memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
 665         memcpy(tempChecksumString + MAX_APP_ID_SIZE, targetBitwisePrivilege, length);
 666
 667         pAppId.reset(null);
 668
 669         r = input.Construct(MAX_APP_ID_SIZE + length);
 670         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 671
 672         r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + length);
 673         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 674         input.Flip();
 675
 676         pHmac.reset(new (std::nothrow) Sha1Hmac());
 677         SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
 678
 679         pKey.reset(GetDeviceUniqueKeyN());
 680         SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
 681
 682         r = pHmac->SetKey(*(pKey.get()));
 683         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 684
 685         pChecksumByteBuffer.reset(pHmac->GetHmacN(input));
 686         SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
 687
 688         r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), base64EncodedChecksum);
 689         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 690
 691         verifyResult = storedChecksum.Equals(base64EncodedChecksum, true);
 692         if (verifyResult != true)
 693         {
 694                 r = E_INVALID_ARG;
 695         }
 696
 697         return r;
 698 }
 699
 700 result
 701 _PrivilegeInfo::VerifyIntegrity(const AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length, int visibility, const Tizen::Base::String& storedVisibilityChecksum)
 702 {
 703         result r = E_SUCCESS;
 704         bool verifyResult = false;
 705         byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
 706         byte tempVisibilityChecksumString[sizeof(int) + MAX_APP_ID_SIZE];
 707         String base64EncodedChecksum;
 708         String base64EncodedVisibilityChecksum;
 709         ByteBuffer ivByte;
 710         ByteBuffer input;
 711         ByteBuffer visibilityInput;
 712         std::unique_ptr<IHmac> pHmac(null);
 713         std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
 714         std::unique_ptr<ByteBuffer> pVisibilityChecksumByteBuffer(null);
 715         std::unique_ptr<ISecretKey> pKey(null);
 716         std::unique_ptr<char[]> pAppId(null);
 717
 718         SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of [%ls] is invalid.", appId.GetPointer());
 719
 720         pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
 721         SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
 722
 723         memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
 724         memcpy(tempChecksumString + MAX_APP_ID_SIZE, targetBitwisePrivilege, length);
 725
 726         memcpy(tempVisibilityChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
 727         memcpy(tempVisibilityChecksumString + MAX_APP_ID_SIZE, (byte*)(&visibility), sizeof(int));
 728
 729         pAppId.reset(null);
 730
 731         r = input.Construct(MAX_APP_ID_SIZE + length);
 732         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 733
 734         r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + length);
 735         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 736         input.Flip();
 737
 738         r = visibilityInput.Construct(MAX_APP_ID_SIZE + sizeof(int));
 739         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 740
 741         r = visibilityInput.SetArray(tempVisibilityChecksumString, 0, MAX_APP_ID_SIZE + sizeof(int));
 742         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 743         visibilityInput.Flip();
 744
 745         pHmac.reset(new (std::nothrow) Sha1Hmac());
 746         SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
 747
 748         pKey.reset(GetDeviceUniqueKeyN());
 749         SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
 750
 751         r = pHmac->SetKey(*(pKey.get()));
 752         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 753
 754         pChecksumByteBuffer.reset(pHmac->GetHmacN(input));
 755         SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
 756
 757         r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), base64EncodedChecksum);
 758         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 759
 760         verifyResult = storedChecksum.Equals(base64EncodedChecksum, true);
 761         if (verifyResult != true)
 762         {
 763                 r = E_INVALID_ARG;
 764         }
 765
 766         pVisibilityChecksumByteBuffer.reset(pHmac->GetHmacN(visibilityInput));
 767         SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
 768
 769         r = StringUtil::EncodeToBase64String(*(pVisibilityChecksumByteBuffer.get()), base64EncodedVisibilityChecksum);
 770         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 771
 772         verifyResult = storedVisibilityChecksum.Equals(base64EncodedVisibilityChecksum, true);
 773         if (verifyResult != true)
 774         {
 775                 r = E_INVALID_ARG;
 776         }
 777
 778         return r;
 779 }
 780
 781 ISecretKey*
 782 _PrivilegeInfo::GetDeviceUniqueKeyN(void)
 783 {
 784         result r = E_SUCCESS;
 785         ByteBuffer* pTempValue = null;
 786         ISecretKey* pKey = null;
 787
 788         char uniqueInfo[_INFO_LEN] =
 789         {
 790                 0x09, 0x25, 0x19, 0x87, 0xBF, 0x02, 0x14, 0x19,
 791                 0x88, 0xDD, 0x12, 0x30, 0x19, 0x86, 0xAD, 0xED
 792         };
 793
 794         char* pUniqueKey = null;
 795         pUniqueKey = GetDeviceUniqueKey(uniqueInfo, _INFO_LEN, _KEY_LEN);
 796         SysTryCatch(NID_SEC, pUniqueKey != null, , E_SYSTEM, "[E_SYSTEM] Failed to generate the unique key.");
 797
 798         pTempValue = new (std::nothrow) ByteBuffer();
 799         SysTryCatch(NID_SEC, pTempValue != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
 800
 801         r = pTempValue->Construct(_KEY_LEN);
 802         SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
 803
 804         r = pTempValue->SetArray(reinterpret_cast <byte*>(pUniqueKey), 0, _KEY_LEN);
 805         SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
 806
 807         pTempValue->Flip();
 808
 809         pKey = new (std::nothrow) SecretKey();
 810         SysTryCatch(NID_SEC, pKey != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
 811
 812         r = pKey->SetKey(*pTempValue);
 813         SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
 814
 815         if (pUniqueKey != null)
 816         {
 817                 free(pUniqueKey);
 818         }
 819         delete pTempValue;
 820
 821         return pKey;
 822
 823 CATCH:
 824         if (pUniqueKey != null)
 825         {
 826                 free(pUniqueKey);
 827         }
 828         delete pTempValue;
 829         delete pKey;
 830
 831         return null;
 832 }
 833
 834 int
 835 _PrivilegeInfo::GetPrivilegeLevel(const String& privilegeLevel)
 836 {
 837         if(privilegeLevel.Equals(String(L"platform"), true))
 838         {
 839                 return _API_VISIBILITY_PLATFORM;
 840         }
 841         else if(privilegeLevel.Equals(String(L"partner"), true))
 842         {
 843                 return _API_VISIBILITY_PARTNER;
 844         }
 845
 846         return _API_VISIBILITY_PUBLIC;
 847 }
 848
 849 }} //Tizen::Security