#include <string>
#include <dpl/db/sql_connection.h>
+#include <tzplatform_config.h>
#ifndef PRIVILEGE_DB_H_
#define PRIVILEGE_DB_H_
namespace SecurityManager {
-typedef std::vector<std::string> TPrivilegesList;
+const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
enum class QueryType {
EGetPkgPrivileges,
EAddAppPrivileges,
ERemoveAppPrivileges,
EPkgIdExists,
+ EGetPkgId,
+ EGetPrivilegeGroups,
};
class PrivilegeDb {
private:
SecurityManager::DB::SqlConnection *mSqlConnection;
const std::map<QueryType, const char * const > Queries = {
- { QueryType::EGetPkgPrivileges, "SELECT privilege_name FROM app_privilege_view WHERE pkg_name=?"},
- { QueryType::EAddApplication, "INSERT INTO app_pkg_view (app_name, pkg_name) VALUES (?, ?)" },
- { QueryType::ERemoveApplication, "DELETE FROM app_pkg_view WHERE app_name=? AND pkg_name=?" },
- { QueryType::EAddAppPrivileges, "INSERT INTO app_privilege_view (app_name, privilege_name) VALUES (?, ?)" },
- { QueryType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=?" },
- { QueryType::EPkgIdExists, "SELECT * FROM pkg WHERE name=?" }
+ { QueryType::EGetPkgPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE pkg_name=? AND uid=? ORDER BY privilege_name"},
+ { QueryType::EAddApplication, "INSERT INTO app_pkg_view (app_name, pkg_name, uid) VALUES (?, ?, ?)" },
+ { QueryType::ERemoveApplication, "DELETE FROM app_pkg_view WHERE app_name=? AND uid=?" },
+ { QueryType::EAddAppPrivileges, "INSERT INTO app_privilege_view (app_name, uid, privilege_name) VALUES (?, ?, ?)" },
+ { QueryType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=? AND uid=?" },
+ { QueryType::EPkgIdExists, "SELECT * FROM pkg WHERE name=?" },
+ { QueryType::EGetPkgId, " SELECT pkg_name FROM app_pkg_view WHERE app_name = ?" },
+ { QueryType::EGetPrivilegeGroups, " SELECT name FROM privilege_group_view WHERE privilege_name = ?" },
};
/**
* @exception DB::SqlConnection::Exception::IOError on problems with database access
*
*/
- PrivilegeDb(const std::string &path);
+ PrivilegeDb(const std::string &path = std::string(PRIVILEGE_DB_PATH));
+
~PrivilegeDb(void);
/**
void RollbackTransaction(void);
/**
+ * Return package id associated with a given application id
+ *
+ * @param appId - application identifier
+ * @param[out] pkgId - return application's pkgId
+ * @return true is application exists, false otherwise
+ * @exception DB::SqlConnection::Exception::InternalError on internal error
+ */
+ bool GetAppPkgId(const std::string &appId, std::string &pkgId);
+
+ /**
* Retrieve list of privileges assigned to a pkgId
*
* @param pkgId - package identifier
+ * @param uid - user identifier for whom privileges will be retrieved
* @param[out] currentPrivileges - list of current privileges assigned to pkgId
* @exception DB::SqlConnection::Exception::InternalError on internal error
*/
- void GetPkgPrivileges(const std::string &pkgId,
- TPrivilegesList ¤tPrivilege);
+ void GetPkgPrivileges(const std::string &pkgId, uid_t uid,
+ std::vector<std::string> ¤tPrivilege);
/**
* Add an application into the database
*
* @param appId - application identifier
* @param pkgId - package identifier
+ * @param uid - user identifier for whom application is going to be installed
* @param[out] pkgIdIsNew - return info if pkgId is new to the database
* @exception DB::SqlConnection::Exception::InternalError on internal error
*/
void AddApplication(const std::string &appId, const std::string &pkgId,
- bool &pkgIdIsNew);
+ uid_t uid, bool &pkgIdIsNew);
/**
* Remove an application from the database
*
* @param appId - application identifier
- * @param pkgId - package identifier
+ * @param uid - user identifier whose application is going to be uninstalled
* @param[out] pkgIdIsNoMore - return info if pkgId is in the database
* @exception DB::SqlConnection::Exception::InternalError on internal error
*/
- void RemoveApplication(const std::string &appId, const std::string &pkgId,
- bool &pkgIdIsNoMore);
+ void RemoveApplication(const std::string &appId, uid_t uid, bool &pkgIdIsNoMore);
/**
* Remove privileges assigned to application
*
* @param appId - application identifier
+ * @param uid - user identifier for whom privileges will be removed
* @exception DB::SqlConnection::Exception::InternalError on internal error
*/
- void RemoveAppPrivileges(const std::string &appId);
+ void RemoveAppPrivileges(const std::string &appId, uid_t uid);
/**
* Update privileges assigned to application
* To assure data integrity this method must be called inside db transaction.
*
* @param appId - application identifier
+ * @param uid - user identifier for whom privileges will be updated
* @param privileges - list of privileges to assign
* @exception DB::SqlConnection::Exception::InternalError on internal error
*/
- void UpdateAppPrivileges(const std::string &appId,
- const TPrivilegesList &privileges);
+ void UpdateAppPrivileges(const std::string &appId, uid_t uid,
+ const std::vector<std::string> &privileges);
+
+ /**
+ * Retrieve list of group ids assigned to a privilege
+ *
+ * @param privilege - privilege identifier
+ * @param[out] grp_names - list of group names assigned to the privilege
+ * @exception DB::SqlConnection::Exception::InternalError on internal error
+ */
+ void GetPrivilegeGroups(const std::string &privilege,
+ std::vector<std::string> &grp_names);
};