src/server/security/FSec_PrivilegeManagerServer.cpp

   1 //
   2 // Open Service Platform
   3 // Copyright (c) 2013 Samsung Electronics Co., Ltd.
   4 //
   5 // Licensed under the Apache License, Version 2.0 (the License);
   6 // you may not use this file except in compliance with the License.
   7 // You may obtain a copy of the License at
   8 //
   9 //     http://www.apache.org/licenses/LICENSE-2.0
  10 //
  11 // Unless required by applicable law or agreed to in writing, software
  12 // distributed under the License is distributed on an "AS IS" BASIS,
  13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 // See the License for the specific language governing permissions and
  15 // limitations under the License.
  16 //
  17
  18 /**
  19  * @file                FSec_PrivilegeManagerServer.cpp
  20  * @brief               This is the implementation for the _PrivilegeManagerServer class.
  21  */
  22
  23 #include <stdlib.h>
  24 #include <pthread.h>
  25 #include <unique_ptr.h>
  26 #include <FAppPkg_PackageInfoImpl.h>
  27 #include <FAppPkg_PackageManagerImpl.h>
  28 #include <FBaseString.h>
  29 #include <FBaseSysLog.h>
  30 #include <FSec_AccessControlTypes.h>
  31 #include <FSec_PrivilegeManager.h>
  32 #include <FSecCryptoAesCipher.h>
  33 #include <FSecCryptoSha1Hmac.h>
  34 #include <FBase_StringConverter.h>
  35 #include <FBaseInternalTypes.h>
  36 #include <FSec_DeviceKeyGenerator.h>
  37 #include "FSec_PrivilegeManagerServer.h"
  38
  39 using namespace Tizen::App;
  40 using namespace Tizen::App::Package;
  41 using namespace Tizen::Base;
  42 using namespace Tizen::Base::Utility;
  43 using namespace Tizen::Base::Collection;
  44 using namespace Tizen::Io;
  45 using namespace Tizen::Security;
  46 using namespace Tizen::Security::Crypto;
  47
  48 namespace Tizen { namespace Security
  49 {
  50
  51 _PrivilegeManagerServer::_PrivilegeManagerServer(void)
  52 {
  53         return;
  54 }
  55
  56 _PrivilegeManagerServer::~_PrivilegeManagerServer(void)
  57 {
  58         return;
  59 }
  60
  61 result
  62 _PrivilegeManagerServer::RetrievePrivilege(const AppId& appId, String* pEncryptedBitwise, String* pHmac, ArrayList*& pPrivilegeList)
  63 {
  64         result r = E_SUCCESS;
  65         String encryptedBitwise;
  66         String hmac;
  67         ArrayList* pPrivilegeStringList = null;
  68
  69         r = _PrivilegeManager::RetrieveCipherPrivilegeExN(appId, encryptedBitwise, hmac, pPrivilegeStringList);
  70         SysTryReturnResult(NID_SEC, r == E_SUCCESS, r, "Propagating.");
  71
  72         pEncryptedBitwise->Append(encryptedBitwise);
  73         pHmac->Append(hmac);
  74
  75         if (pPrivilegeStringList != null)
  76         {
  77                 IEnumerator* pEnum = null;
  78                 pEnum = pPrivilegeStringList->GetEnumeratorN();
  79                 while (pEnum->MoveNext() == E_SUCCESS)
  80                 {
  81                         String* tempString = static_cast<String*>(pEnum->GetCurrent());
  82                         pPrivilegeList->Add(new String(*tempString));
  83                 }
  84
  85                 delete pEnum;
  86
  87                 pPrivilegeStringList->RemoveAll(true);
  88                 delete pPrivilegeStringList;
  89         }
  90
  91         return r;
  92 }
  93
  94
  95 result
  96 _PrivilegeManagerServer::GenerateVisibilityString(AppId appId, String* pEncryptedVisibility, String* pHmac)
  97 {
  98         _PackageInfoImpl infoImpl;
  99         result r = E_SUCCESS;
 100         int visibility = 0;
 101
 102         String encryptedVisibility;
 103         String checksum;
 104
 105         r = infoImpl.Construct(appId);
 106         if (r == E_PKG_NOT_INSTALLED)
 107         {
 108                 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
 109                 return E_DATA_NOT_FOUND;
 110         }
 111         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 112
 113         visibility = infoImpl.GetApiVisibility();
 114         SysTryReturnResult(NID_SEC, visibility >= 0, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 115
 116         r = GetEncryptedVisibility(visibility, encryptedVisibility);
 117         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 118
 119         r = GetChecksum(appId, visibility, checksum);
 120         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 121
 122         pEncryptedVisibility->Append(encryptedVisibility);
 123         pHmac->Append(checksum);
 124
 125         return r;
 126 }
 127
 128 result
 129 _PrivilegeManagerServer::GetEncryptedVisibility(int visibility, String& encryptedVisibility)
 130 {
 131         result r = E_SUCCESS;
 132         ISecretKey* pKey = null;
 133         ByteBuffer ivByte;
 134         ByteBuffer* pEncryptedVisibility = null;
 135         ByteBuffer* pTempVisibility = null;
 136         AesCipher cipherEnc;
 137         const byte ivector[_IV_LEN] = { 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B};
 138
 139         pTempVisibility = new (std::nothrow) ByteBuffer();
 140         SysTryReturnResult(NID_SEC, pTempVisibility != null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
 141
 142         r = pTempVisibility->Construct(sizeof(int));
 143         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 144
 145         r = ivByte.Construct(_IV_LEN);
 146         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 147
 148         r = ivByte.SetArray(ivector, 0, _IV_LEN);
 149         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 150         ivByte.Flip();
 151
 152         r = pTempVisibility->SetArray((byte*)(&visibility), 0, sizeof(int));
 153         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 154         pTempVisibility->Flip();
 155
 156         r = cipherEnc.Construct(L"CBC/128/PKCS7PADDING", CIPHER_ENCRYPT);
 157         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 158
 159         pKey = _DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN);
 160         SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 161
 162         r = cipherEnc.SetKey(*pKey);
 163         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 164
 165         r = cipherEnc.SetInitialVector(ivByte);
 166         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 167
 168         pEncryptedVisibility = cipherEnc.EncryptN(*pTempVisibility);
 169         SysTryCatch(NID_SEC, pTempVisibility != null, r = E_SYSTEM, E_SYSTEM,
 170                            "[E_SYSTEM] An unexpected system error occurred.");
 171
 172         r = StringUtil::EncodeToBase64String(*pEncryptedVisibility, encryptedVisibility);
 173         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 174
 175         // fall through
 176
 177 CATCH:
 178
 179         delete pTempVisibility;
 180         delete pKey;
 181         delete pEncryptedVisibility;
 182
 183         return r;
 184 }
 185
 186 result
 187 _PrivilegeManagerServer::GetChecksum(AppId appId, int visibility, String& checksum)
 188 {
 189         result r = E_SUCCESS;
 190         byte tempChecksumString[sizeof(int) + MAX_APP_ID_SIZE];
 191
 192         ISecretKey* pKey = null;
 193         ByteBuffer ivByte;
 194         ByteBuffer input;
 195         IHmac* pHmac = null;
 196         ByteBuffer* pChecksumByteBuffer = null;
 197         char* pAppId = null;
 198
 199         pAppId = (char*) _StringConverter::CopyToCharArrayN(appId);
 200         SysTryCatch(NID_SEC, pAppId != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 201
 202         memcpy(tempChecksumString, pAppId, MAX_APP_ID_SIZE);
 203         memcpy(tempChecksumString + MAX_APP_ID_SIZE, (byte*)(&visibility), sizeof(int));
 204
 205         delete[] pAppId;
 206         pAppId = null;
 207
 208         r = input.Construct(MAX_APP_ID_SIZE + sizeof(int));
 209         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 210
 211         r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + sizeof(int));
 212         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 213         input.Flip();
 214
 215         pHmac = new (std::nothrow) Sha1Hmac();
 216         SysTryCatch(NID_SEC, pHmac != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
 217
 218         pKey = _DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN);
 219         SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 220
 221         r = pHmac->SetKey(*pKey);
 222         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 223
 224         pChecksumByteBuffer = pHmac->GetHmacN(input);
 225         SysTryCatch(NID_SEC, pChecksumByteBuffer != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 226
 227         r = StringUtil::EncodeToBase64String(*pChecksumByteBuffer, checksum);
 228         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 229
 230         // fall through
 231
 232 CATCH:
 233
 234         delete pKey;
 235         delete pHmac;
 236         delete pChecksumByteBuffer;
 237
 238         return r;
 239 }
 240
 241
 242 }} //Tizen::Security