//
-// Open Service Platform
// Copyright (c) 2012 Samsung Electronics Co., Ltd.
//
// Licensed under the Apache License, Version 2.0 (the License);
#include <unique_ptr.h>
#include <stdlib.h>
+#include <dukgen.h>
+
#include <FBaseSysLog.h>
#include <FBase_StringConverter.h>
#include <FBaseString.h>
#include <FAppPkg_PackageInfoImpl.h>
+#include <FSecSecretKey.h>
#include <FSecCryptoAesCipher.h>
#include <FSecCryptoSha1Hmac.h>
#include <FSecCryptoSha1Hash.h>
+#include <FBaseColArrayList.h>
+#include <FBaseColHashMap.h>
+#include <privilege_info.h>
-#include "FSec_DeviceKeyGenerator.h"
#include "FSec_PrivilegeInfo.h"
using namespace Tizen::App;
using namespace Tizen::App::Package;
using namespace Tizen::Base;
+using namespace Tizen::Base::Collection;
using namespace Tizen::Base::Utility;
using namespace Tizen::Security::Crypto;
using namespace Tizen::Text;
_PrivilegeInfo::~_PrivilegeInfo(void)
{
-
+ __privilegeList.RemoveAll(true);
}
result
-_PrivilegeInfo::Construct(const AppId& appId, const byte* pBitwisePrivilege)
+_PrivilegeInfo::Construct(const AppId& appId, const byte* pBitwisePrivilege, const ArrayList* pPrivilegeList)
{
result r = E_SUCCESS;
__appId = appId;
memcpy(__bitwisePrivilege, pBitwisePrivilege, __bitwiseLength);
+
+ std::unique_ptr<IEnumerator> pEnum(null);
+ r = __privilegeList.Construct(32, 0.75);
+ SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
+
+ pEnum.reset(pPrivilegeList->GetEnumeratorN());
+ SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
+
+ while (pEnum->MoveNext() == E_SUCCESS)
+ {
+ int ret = PRVMGR_ERR_NONE;
+ char* pPrivilegeLevel = null;
+ std::unique_ptr<char[]> pPrivilegeId(null);
+ String* pTempString = static_cast< String* >(pEnum->GetCurrent());
+
+ pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(*pTempString));
+ SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
+
+ ret = privilege_info_get_external_privilege_level(static_cast<char*>(pPrivilegeId.get()), &pPrivilegeLevel);
+ SysTryReturnResult(NID_SEC, ret == PRVMGR_ERR_NONE, E_SYSTEM, "An unexpected system error occurred.");
+
+ __privilegeList.Add((new String(*pTempString)), (new String(pPrivilegeLevel)));
+ if (pPrivilegeLevel != null)
+ {
+ free(pPrivilegeLevel);
+ }
+ }
+
return r;
}
result
-_PrivilegeInfo::Construct(const AppId& appId, const String& encryptedPrivileges, const String& checksum)
+_PrivilegeInfo::Construct(const AppId& appId, const String& encryptedPrivileges, const String& checksum, const ArrayList* pPrivilegeList)
{
result r = E_SUCCESS;
byte* pDecrytpedBitwisePrivilege = null;
std::unique_ptr<ByteBuffer> pBitwisePrivilege(null);
_PackageInfoImpl infoImpl;
- SysLog(NID_SEC, "Enter.");
-
SysTryReturnResult(NID_SEC,
appId.GetLength() > 0 && appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG,
"One of the argument is invalid.");
__apiVisibility = infoImpl.GetApiVisibility();
SysTryReturnResult(NID_SEC, __apiVisibility >= 0, E_SYSTEM, "An unexpected system error occurred.");
- SysLog(NID_SEC, "Exit.");
+ std::unique_ptr<IEnumerator> pEnum(null);
+ r = __privilegeList.Construct(32, 0.75);
+ SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
+
+ pEnum.reset(pPrivilegeList->GetEnumeratorN());
+ SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
+
+ while (pEnum->MoveNext() == E_SUCCESS)
+ {
+ int ret = PRVMGR_ERR_NONE;
+ char* pPrivilegeLevel = null;
+ std::unique_ptr<char[]> pPrivilegeId(null);
+ String* pTempString = static_cast< String* >(pEnum->GetCurrent());
+
+ pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(*pTempString));
+ SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
+
+ ret = privilege_info_get_external_privilege_level(static_cast<char*>(pPrivilegeId.get()), &pPrivilegeLevel);
+ SysTryReturnResult(NID_SEC, ret == PRVMGR_ERR_NONE, E_SYSTEM, "An unexpected system error occurred.");
+
+ __privilegeList.Add((new String(*pTempString)), (new String(pPrivilegeLevel)));
+ if (pPrivilegeLevel != null)
+ {
+ free(pPrivilegeLevel);
+ }
+ }
+
return r;
}
result
-_PrivilegeInfo::Construct(const AppId& appId, const String& encryptedPrivileges, const String& checksum, const String& encryptedVisibiliity, const String& visibilityChecksum)
+_PrivilegeInfo::Construct(const AppId& appId, const String& encryptedPrivileges, const String& checksum, const String& encryptedVisibiliity, const String& visibilityChecksum, const ArrayList* pPrivilegeList)
{
result r = E_SUCCESS;
byte* pDecrytpedBitwisePrivilege = null;
0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B
};
- SysLog(NID_SEC, "Enter.");
-
SysTryReturnResult(NID_SEC,
appId.GetLength() > 0 && appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG,
"One of the argument is invalid.");
r = cipherDec.Construct(L"CBC/128/PKCS7PADDING", CIPHER_DECRYPT);
SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
- pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN));
+ pKey.reset(GetDeviceUniqueKeyN());
SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
r = cipherDec.SetKey(*pKey.get());
__apiVisibility = visibility;
- SysLog(NID_SEC, "Exit.");
+ std::unique_ptr<IEnumerator> pEnum(null);
+ r = __privilegeList.Construct(32, 0.75);
+ SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
+
+ pEnum.reset(pPrivilegeList->GetEnumeratorN());
+ SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
+
+ while (pEnum->MoveNext() == E_SUCCESS)
+ {
+ int ret = PRVMGR_ERR_NONE;
+ char* pPrivilegeLevel = null;
+ std::unique_ptr<char[]> pPrivilegeId(null);
+ String* pTempString = static_cast< String* >(pEnum->GetCurrent());
+
+ pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(*pTempString));
+ SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
+
+ ret = privilege_info_get_external_privilege_level(static_cast<char*>(pPrivilegeId.get()), &pPrivilegeLevel);
+ SysTryReturnResult(NID_SEC, ret == PRVMGR_ERR_NONE, E_SYSTEM, "An unexpected system error occurred.");
+
+ __privilegeList.Add((new String(*pTempString)), (new String(pPrivilegeLevel)));
+ if (pPrivilegeLevel != null)
+ {
+ free(pPrivilegeLevel);
+ }
+ }
+
return r;
}
+
_PrivilegeInfo*
_PrivilegeInfo::CloneN(void) const
{
_PrivilegeInfo* pPrivilegeInfo = null;
+ result r = E_SUCCESS;
ClearLastResult();
pPrivilegeInfo->__appId.Append(this->__appId);
memcpy(pPrivilegeInfo->__bitwisePrivilege, this->__bitwisePrivilege, pPrivilegeInfo->__bitwiseLength);
+ std::unique_ptr<IMapEnumerator> pEnum(null);
+ pEnum.reset(this->__privilegeList.GetMapEnumeratorN());
+ SysTryCatch(NID_SEC, pEnum != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = pPrivilegeInfo->__privilegeList.Construct(32, 0.75);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ while (pEnum->MoveNext() == E_SUCCESS)
+ {
+ String* pTempString = static_cast< String* >(pEnum->GetKey());
+ String* pTempLevel = static_cast< String* >(pEnum->GetValue());
+ pPrivilegeInfo->__privilegeList.Add((new String(*pTempString)), (new String(*pTempLevel)));
+ }
+
+ pPrivilegeInfo->__apiVisibility = this->__apiVisibility;
return pPrivilegeInfo;
+
+CATCH:
+
+ SetLastResult(r);
+
+ delete pPrivilegeInfo;
+ return null;
}
result
__apiVisibility = privilegeInfo.__apiVisibility;
+ std::unique_ptr<IMapEnumerator> pEnum(null);
+ pEnum.reset(privilegeInfo.__privilegeList.GetMapEnumeratorN());
+ SysTryReturnResult(NID_SEC, pEnum != null, E_SYSTEM, "An unexpected system error occurred.");
+
+ r = __privilegeList.Construct(32, 0.75);
+ SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
+
+ while (pEnum->MoveNext() == E_SUCCESS)
+ {
+ String* pTempString = static_cast< String* >(pEnum->GetKey());
+ String* pTempLevel = static_cast< String* >(pEnum->GetValue());
+ __privilegeList.Add((new String(*pTempString)), (new String(*pTempLevel)));
+ }
+
return r;
}
byte* pReturn = null;
result r = E_SUCCESS;
- SysLog(NID_SEC, "Enter.");
-
pReturn = (byte*) malloc(sizeof(byte) * MAX_BITWISE_PRIV_SIZE);
SysTryReturnResult(NID_SEC, pReturn != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
memcpy(pReturn, __bitwisePrivilege, MAX_BITWISE_PRIV_SIZE);
pBitwisePrivilege = pReturn;
- SysLog(NID_SEC, "Exit.");
return r;
}
AesCipher cipherEnc;
const byte ivector[_IV_LEN] = { 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B};
- SysLog(NID_SEC, "Enter.");
-
pBitwisePrivilege.reset(new (std::nothrow) ByteBuffer());
SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
r = cipherEnc.Construct(L"CBC/128/PKCS7PADDING", CIPHER_ENCRYPT);
SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
- pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN));
+ pKey.reset(GetDeviceUniqueKeyN());
SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
r = cipherEnc.SetKey(*(pKey.get()));
r = StringUtil::EncodeToBase64String(*(pEncryptedBitwisePrivilege.get()), encryptedPrivileges);
SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
- SysLog(NID_SEC, "Exit.");
return r;
}
std::unique_ptr<ISecretKey> pKey(null);
std::unique_ptr<IHmac> pHmac(null);
std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
- std::unique_ptr<char> pAppId(null);
+ std::unique_ptr<char[]> pAppId(null);
pAppId.reset(_StringConverter::CopyToCharArrayN(__appId));
SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
pHmac.reset(new (std::nothrow) Sha1Hmac());
SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
- pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN));
+ pKey.reset(GetDeviceUniqueKeyN());
SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
r = pHmac->SetKey(*(pKey.get()));
byte bitwiseTargetPrivilege = 0;
byte tempBitwisePrivilege = 0;
- if (__apiVisibility != _API_VISIBILITY_NONE) // To be removed
+ if (visibilityLevelListTable[privilege] > __apiVisibility)
{
- if (visibilityLevelListTable[privilege][_PRV_API_VER_2_0] > __apiVisibility)
- {
- SysLog(NID_SEC, "Result : FALSE [Visibility]");
- return ret;
- }
+ SysLog(NID_SEC, "Result : FALSE [Visibility]");
+ return ret;
}
bitwiseTargetPrivilege = bitwiseTargetPrivilege | (1 << privilegeBit);
return ret;
}
+bool
+_PrivilegeInfo::HasPrivilegeEx(_Privilege privilege) const
+{
+ bool ret = false;
+ int targetIndex = static_cast< int >(privilege) / _BITS_IN_BYTE;
+ byte privilegeBit = (byte) (static_cast< int >(privilege) % _BITS_IN_BYTE);
+ byte bitwiseTargetPrivilege = 0;
+ byte tempBitwisePrivilege = 0;
+
+ if (visibilityLevelListTable[privilege] > __apiVisibility)
+ {
+ return ret;
+ }
+
+ bitwiseTargetPrivilege = bitwiseTargetPrivilege | (1 << privilegeBit);
+ tempBitwisePrivilege = __bitwisePrivilege[targetIndex] & bitwiseTargetPrivilege;
+
+ if (bitwiseTargetPrivilege == tempBitwisePrivilege)
+ {
+ SysLog(NID_SEC, "Result : TRUE");
+ ret = true;
+ }
+
+ return ret;
+}
+
+bool
+_PrivilegeInfo::HasPrivilege(const String& privilege) const
+{
+ bool ret = false;
+ bool validStringFlag = false;
+ int privilegeEnum = -1;
+ int index = 0;
+
+ String privilegeURI = L"http://tizen.org/privilege/";
+ String privilegeSubString;
+ String privilegeSubStringURI;
+ privilege.SubString(0, privilegeURI.GetLength(), privilegeSubStringURI);
+
+ if (privilegeSubStringURI.Equals(privilegeURI, true))
+ {
+ privilege.SubString(privilegeURI.GetLength(), privilege.GetLength() - privilegeURI.GetLength(), privilegeSubString);
+ for (index = 0; index < _MAX_PRIVILEGE_ENUM; index++)
+ {
+ if (wcscmp(privilegeListTable[index].privilegeString, privilegeSubString.GetPointer()) == 0)
+ {
+ validStringFlag = true;
+ privilegeEnum = index;
+ break;
+ }
+ }
+ }
+
+ if (validStringFlag)
+ {
+ ret = HasPrivilege(privilegeListTable[index].privilege);
+ }
+ else
+ {
+ ret = __privilegeList.ContainsKey(privilege);
+ if (ret)
+ {
+ const String* pPrivilegeLevel = static_cast< const String* >(__privilegeList.GetValue(privilege));
+ SysTryReturn(NID_SEC, pPrivilegeLevel != null, E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ int privilegeLevel = GetPrivilegeLevel(*pPrivilegeLevel);
+ if (privilegeLevel > __apiVisibility)
+ {
+ SysLog(NID_SEC, "Result : FALSE [Visibility]");
+ return false;
+ }
+
+ SysLog(NID_SEC, "Result : TRUE");
+ }
+ else
+ {
+ SysLogException(NID_SEC, E_PRIVILEGE_DENIED, "Result : FALSE [%ls, %ls]", __appId.GetPointer(), privilege.GetPointer());
+ }
+ }
+
+ return ret;
+}
+
result
_PrivilegeInfo::VerifyIntegrity(const AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length)
{
ByteBuffer input;
std::unique_ptr<IHash> pHash(null);
std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
- std::unique_ptr<char> pAppId(null);
-
- SysLog(NID_SEC, "Enter.");
+ std::unique_ptr<char[]> pAppId(null);
SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of %ls is invalid.", appId.GetPointer());
r = E_INVALID_ARG;
}
- SysLog(NID_SEC, "Exit.");
return r;
}
std::unique_ptr<IHmac> pHmac(null);
std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
std::unique_ptr<ISecretKey> pKey(null);
- std::unique_ptr<char> pAppId(null);
+ std::unique_ptr<char[]> pAppId(null);
- SysLog(NID_SEC, "Enter.");
SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of [%ls] is invalid.", appId.GetPointer());
pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
pHmac.reset(new (std::nothrow) Sha1Hmac());
SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
- pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN));
+ pKey.reset(GetDeviceUniqueKeyN());
SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
r = pHmac->SetKey(*(pKey.get()));
r = E_INVALID_ARG;
}
- SysLog(NID_SEC, "Exit.");
return r;
}
std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
std::unique_ptr<ByteBuffer> pVisibilityChecksumByteBuffer(null);
std::unique_ptr<ISecretKey> pKey(null);
- std::unique_ptr<char> pAppId(null);
+ std::unique_ptr<char[]> pAppId(null);
- SysLog(NID_SEC, "Enter.");
SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of [%ls] is invalid.", appId.GetPointer());
pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
pHmac.reset(new (std::nothrow) Sha1Hmac());
SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
- pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN));
+ pKey.reset(GetDeviceUniqueKeyN());
SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
r = pHmac->SetKey(*(pKey.get()));
r = E_INVALID_ARG;
}
- SysLog(NID_SEC, "Exit.");
return r;
}
+ISecretKey*
+_PrivilegeInfo::GetDeviceUniqueKeyN(void)
+{
+ result r = E_SUCCESS;
+ ByteBuffer* pTempValue = null;
+ ISecretKey* pKey = null;
+
+ char uniqueInfo[_INFO_LEN] =
+ {
+ 0x09, 0x25, 0x19, 0x87, 0xBF, 0x02, 0x14, 0x19,
+ 0x88, 0xDD, 0x12, 0x30, 0x19, 0x86, 0xAD, 0xED
+ };
+
+ char* pUniqueKey = null;
+ pUniqueKey = GetDeviceUniqueKey(uniqueInfo, _INFO_LEN, _KEY_LEN);
+ SysTryCatch(NID_SEC, pUniqueKey != null, , E_SYSTEM, "[E_SYSTEM] Failed to generate the unique key.");
+
+ pTempValue = new (std::nothrow) ByteBuffer();
+ SysTryCatch(NID_SEC, pTempValue != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
+
+ r = pTempValue->Construct(_KEY_LEN);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
+
+ r = pTempValue->SetArray(reinterpret_cast <byte*>(pUniqueKey), 0, _KEY_LEN);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
+
+ pTempValue->Flip();
+
+ pKey = new (std::nothrow) SecretKey();
+ SysTryCatch(NID_SEC, pKey != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
+
+ r = pKey->SetKey(*pTempValue);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
+
+ if (pUniqueKey != null)
+ {
+ free(pUniqueKey);
+ }
+ delete pTempValue;
+
+ return pKey;
+
+CATCH:
+ if (pUniqueKey != null)
+ {
+ free(pUniqueKey);
+ }
+ delete pTempValue;
+ delete pKey;
+
+ return null;
+}
+
+int
+_PrivilegeInfo::GetPrivilegeLevel(const String& privilegeLevel)
+{
+ if(privilegeLevel.Equals(String(L"platform"), true))
+ {
+ return _API_VISIBILITY_PLATFORM;
+ }
+ else if(privilegeLevel.Equals(String(L"partner"), true))
+ {
+ return _API_VISIBILITY_PARTNER;
+ }
+
+ return _API_VISIBILITY_PUBLIC;
+}
+
}} //Tizen::Security