#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <unistd.h>
+#include <errno.h>
#ifdef __TIZEN__
#include <dlog.h>
_LOGE("Undefined db initialize mode!");
return PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE;
}
+
_LOGD("DB PATH = %s", db_path);
+
+ if (access(db_path, F_OK) == -1 && errno == ENOENT)
+ return PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY;
+
int ret = sqlite3_open_v2(db_path, db, db_mode, NULL);
if (ret != SQLITE_OK) {
_LOGE("[DB_FAIL] Can't open database %s : %s", db_path, sqlite3_errmsg(*db));
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
if (ret != SQLITE_OK) {
- LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
+ _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
__finalize_db(db, stmt, sql);
return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
}
/* Check black list */
int uid = getuid();
ret = privilege_db_manager_check_black_list(uid, package_type, privilege_list);
- if (ret > 0) {
- _LOGE("[PRVMGR_ERR_USING_BANNED_PRIVILEGE] Application manifest contains banned privilege(s) declared by DPM");
+ if (ret == PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY) {
+ _LOGE("[FAIL TO CALL FUNCTION] black list policy db cannot be found");
+ } else if (ret > 0) {
*error_message = strdup("[PRVMGR_ERR_USING_BANNED_PRIVILEGE] Application manifest contains banned privilege(s) declared by the DPM");
return PRVMGR_ERR_USING_BANNED_PRIVILEGE;
}
/* Get valid privilege list */
ret = privilege_db_manager_get_privilege_list(api_version, package_type, &valid_privilege_list);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
- _LOGE("[FAIL TO CALL FUNCTION] privilege_db_manager_get_privilege_list()");
- *error_message = strdup("[PRVMGR_ERR_INTERNAL_ERROR] failed to get privilege list from DB");
+ if (ret == PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY) {
+ _LOGE("[FAIL TO CALL FUNCTION] privilege db cannot be found");
+ *error_message = strdup("[PRVMGR_ERR_INTERNAL_ERROR] privilege DB not found");
+ } else {
+ _LOGE("[FAIL TO CALL FUNCTION] privilege_db_manager_get_privilege_list()");
+ *error_message = strdup("[PRVMGR_ERR_INTERNAL_ERROR] failed to get privilege list from DB");
+ }
free(pkg_type);
return PRVMGR_ERR_INTERNAL_ERROR;
}
--- /dev/null
+CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
+SET(PACKAGE_NAME privilege-verifier)
+PROJECT(${PACKAGE_NAME})
+
+SET(PRIVILEGE_VERIFIER_SRCS
+ ${PACKAGE_NAME}.c
+ ${CMAKE_SOURCE_DIR}/capi/src/privilege_manager.c
+ ${CMAKE_SOURCE_DIR}/capi/src/privilege_db_manager.c
+)
+INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/capi/include)
+
+IF("${PROFILE_TYPE}" STREQUAL "WEARABLE")
+ ADD_DEFINITIONS("-DPROFILE_TYPE_WEARABLE")
+ELSEIF("${PROFILE_TYPE}" STREQUAL "MOBILE")
+ ADD_DEFINITIONS("-DPROFILE_TYPE_MOBILE")
+ELSEIF("${PROFILE_TYPE}" STREQUAL "TV")
+ ADD_DEFINITIONS("-DPROFILE_TYPE_TV")
+ENDIF()
+
+INCLUDE(FindPkgConfig)
+pkg_check_modules(${PACKAGE_NAME} REQUIRED glib-2.0 sqlite3)
+FOREACH(flag ${${PACKAGE_NAME}_CFLAGS})
+ SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
+ENDFOREACH(flag)
+
+SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fPIE -fvisibility=hidden -static-libgcc -static-libstdc++")
+
+ADD_DEFINITIONS(-DPRIVILEGE_INFO_CORE_DB_PATH="core_privilege_info.db")
+ADD_DEFINITIONS(-DPRIVILEGE_INFO_WRT_DB_PATH="wrt_privilege_info.db")
+ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_CORE_DB_PATH="core_privilege_mapping.db")
+ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_WRT_DB_PATH="wrt_privilege_mapping.db")
+ADD_DEFINITIONS(-DPRIVILEGE_POLICY_DB_PATH="policy.db")
+
+SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}")
+
+ADD_EXECUTABLE(${PACKAGE_NAME} ${PRIVILEGE_VERIFIER_SRCS})
+TARGET_LINK_LIBRARIES(${PACKAGE_NAME} ${${PACKAGE_NAME}_LDFLAGS})
+
+INSTALL(TARGETS ${PACKAGE_NAME} DESTINATION /usr/bin)
+
--- /dev/null
+/*
+ * Copyright(c)2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0(the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <string.h>
+#include <libgen.h>
+#include <limits.h>
+#include "privilege_manager.h"
+
+static int quiet_mode;
+#define PRINT(msg, arg...) if (!quiet_mode) printf(msg, ##arg);
+#define HELP_MSG PRINT(usage, basename(argv[0]));
+
+#define TOOL_VERSION "1.0.0"
+#define DATE "2016.07.26"
+
+static const char usage[] =
+ "Usage: %s [options] <path>\n"
+ "options:\n"
+ " -v --version output version information and exit\n"
+ " -h --help output usage information and exit\n"
+ " -a --api-version set api-version\n"
+ " -k --package-type set package type, wgt/tpk, Must call twice seperately for hybrid case\n"
+ " -c --certificate-level set certificate level, public/partner/platform, default is public\n"
+ " -p --privileges privilege list\n"
+ " -q --quiet quiet mode\n"
+;
+
+static int __get_package_type_value(char* package_type_name)
+{
+ if (!strcmp(package_type_name, "wgt") || !strcmp(package_type_name, "WGT"))
+ return PRVMGR_PACKAGE_TYPE_WRT;
+ else if (!strcmp(package_type_name, "tpk") || !strcmp(package_type_name, "TPK"))
+ return PRVMGR_PACKAGE_TYPE_CORE;
+ return PRVMGR_PACKAGE_TYPE_MAX;
+}
+
+static int __get_visibility_value(char* visibility_name)
+{
+ if (!strcmp(visibility_name, "public") || !strcmp(visibility_name, "PUBLIC"))
+ return PRVMGR_PACKAGE_VISIBILITY_PUBLIC;
+ else if (!strcmp(visibility_name, "partner") || !strcmp(visibility_name, "PATNER"))
+ return PRVMGR_PACKAGE_VISIBILITY_PARTNER;
+ else if (!strcmp(visibility_name, "platform") || !strcmp(visibility_name, "PLATFORM"))
+ return PRVMGR_PACKAGE_VISIBILITY_PLATFORM;
+ return -1;
+}
+
+int main(int argc, char* argv[])
+{
+ static const char shortoptions[] = "vha::k::c::n::p::q";
+ static struct option options[] = {
+ {"version", no_argument, 0, 'v'},
+ {"help", no_argument, 0, 'h'},
+ {"api-version", required_argument, 0, 'a'},
+ {"package-type", required_argument, 0, 'k'},
+ {"certificate-level", required_argument, 0, 'c'},
+ {"privileges", required_argument, 0, 'p'},
+ {"quiet", no_argument, 0, 'q'},
+ {NULL, 0, 0, 0}
+ };
+
+ char* api_version = NULL;
+ char* package_type_name = NULL;
+ char* visibility_name = NULL;
+ GList* privilege_list = NULL;
+ int c;
+ char* error_message = NULL;
+
+ if (argc == 1) {
+ HELP_MSG;
+ exit(1);
+ }
+
+ while ((c = getopt_long(argc, argv, shortoptions, options, NULL)) != -1) {
+ switch (c) {
+ case 'a': api_version = optarg; break;
+ case 'k': package_type_name = optarg; break;
+ case 'c': visibility_name = optarg; break;
+ case 'p':
+ for (optind--; optind < argc && *argv[optind] != '-'; optind++)
+ privilege_list = g_list_append(privilege_list, argv[optind]);
+ break;
+ case 'v':
+ printf("%s version %s (%s) \n", basename(argv[0]), TOOL_VERSION, DATE);
+ exit(0);
+ case 'h':
+ HELP_MSG;
+ exit(0);
+ case 'q':
+ quiet_mode = 1;
+ break;
+ default:
+ HELP_MSG;
+ exit(1);
+ }
+ }
+
+ if (api_version == NULL) {
+ PRINT("api-version option is missed\n");
+ HELP_MSG;
+ exit(1);
+ } else if (package_type_name == NULL) {
+ PRINT("package-type option is missed.\n");
+ HELP_MSG;
+ exit(1);
+ } else if (visibility_name == NULL) {
+ PRINT("certificate-level option is missed.\nset default level : public\n");
+ visibility_name = "public";
+ }
+
+ privilege_manager_package_type_e package_type = __get_package_type_value(package_type_name);
+ if (package_type == PRVMGR_PACKAGE_TYPE_MAX) {
+ PRINT("unrecognized package-type '%s'\n", package_type_name);
+ HELP_MSG;
+ exit(1);
+ }
+
+ privilege_manager_visibility_e visibility = __get_visibility_value(visibility_name);
+ if (visibility == (unsigned int)-1) {
+ PRINT("unrecognized certificate-level '%s'\n", visibility_name);
+ HELP_MSG;
+ exit(1);
+ }
+
+ privilege_manager_verify_privilege(api_version, package_type, privilege_list, visibility, &error_message);
+ if (error_message)
+ printf("%s\n", error_message);
+
+ return 0;
+}
projects / platform / core / security / privilege-checker.git / commitdiff