return -1;
});
}
+
+SECURITY_MANAGER_API
+int security_manager_identify_privilege_provider(const char *privilege, uid_t uid,
+ char **pkg_name, char **app_name)
+{
+ using namespace SecurityManager;
+ return try_catch([&]() -> int {
+ LogDebug(__PRETTY_FUNCTION__ << " called");
+
+ if (pkg_name == NULL && app_name == NULL) {
+ LogError("Both pkg_name and app_name are NULL");
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ }
+
+ ClientRequest request(SecurityModuleCall::GET_PRIVILEGE_PROVIDER);
+ if (request.send(std::string(privilege), uid).failed())
+ return request.getStatus();
+
+ std::pair<std::string, std::string> provider;
+ request.recv(provider);
+ std::string appNameString = provider.first;
+ std::string pkgNameString = provider.second;
+
+ if (appNameString.empty() || pkgNameString.empty()) {
+ LogError("Unexpected empty appName or pkgName");
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ if (app_name && !(*app_name = strdup(appNameString.c_str()))) {
+ LogError("Memory allocation in strdup failed.");
+ return SECURITY_MANAGER_ERROR_MEMORY;
+ }
+
+ if (pkg_name && !(*pkg_name = strdup(pkgNameString.c_str()))) {
+ LogError("Memory allocation in strdup failed.");
+ if (app_name) {
+ free(*app_name);
+ *app_name = NULL;
+ }
+ return SECURITY_MANAGER_ERROR_MEMORY;
+ }
+
+ return SECURITY_MANAGER_SUCCESS;
+ });
+}
\ No newline at end of file
GROUPS_FOR_UID,
LABEL_FOR_PROCESS,
SHM_APP_NAME,
+ GET_PRIVILEGE_PROVIDER,
NOOP = 0x90,
};
int shmAppName(const Credentials &creds,
const std::string &shmName,
const std::string &appName);
+
+ /**
+ * Retrieves the app_id/pkg_id associated with given privilege and uid.
+ *
+ * @param[in] privilege privilege name
+ * @param[in] uid user identifier
+ * @param[out] provider returned pair of app_id and pkg_id
+ *
+ * @return API return code, as defined in protocols.h
+ */
+ int getPrivilegeProvider(const std::string &privilege, uid_t uid,
+ std::pair<std::string, std::string> &provider);
+
private:
bool authenticate(const Credentials &creds, const std::string &privilege);
return SECURITY_MANAGER_SUCCESS;
}
+int ServiceImpl::getPrivilegeProvider(const std::string &privilege, uid_t uid,
+ std::pair<std::string, std::string> &provider)
+{
+ std::string appName, pkgName;
+ try {
+ m_privilegeDb.GetAppForAppDefinedPrivilege(std::make_pair(privilege, 0), uid, appName);
+ m_privilegeDb.GetAppPkgName(appName, pkgName);
+ if (appName.empty() || pkgName.empty()) {
+ LogWarning("Privilege " << privilege << " not found in database");
+ return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT;
+ } else {
+ LogDebug("Privilege: " << privilege << " provided by app: " << appName << ", pkg: " << pkgName);
+ }
+ } catch (const PrivilegeDb::Exception::Base &e) {
+ LogError("Error while getting appName or pkgName from database: " << e.DumpToString());
+ return SECURITY_MANAGER_ERROR_SERVER_ERROR;
+ }
+
+ provider = std::make_pair(appName, pkgName);
+ return SECURITY_MANAGER_SUCCESS;
+}
+
} /* namespace SecurityManager */
*/
int security_manager_shm_open(const char *name, int oflag, mode_t mode, const char *app_id);
+/**
+ * Get package and application id of an application which provides privilege
+ *
+ * On successful call pkg_id and app_id should be freed when caller is done with them.
+ * Both pkg_id and app_id are allocated with malloc() so they should be freed with free() function.
+ * Either app_id or pkg_id may be NULL. NULL-ed argument will be ignored.
+ * If both app_id and pkg_id are NULL then SECURITY_MANAGER_ERROR_INPUT_PARAM will be returned.
+ * When privilege/uid is incorrect or not related to any package, this function will
+ * return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT.
+ *
+ * \param[in] privilege Privilege name
+ * \param[in] uid User identifier
+ * \param[out] pkg_id Package id of the provider application
+ * \param[out] app_id Application id of the provider application
+ * \return API return code or error code
+ */
+int security_manager_identify_privilege_provider(const char *privilege, uid_t uid,
+ char **pkg_id, char **app_id);
+
#ifdef __cplusplus
}
#endif
* @param creds credentials of the requesting process
*/
void processShmAppName(MessageBuffer &recv, MessageBuffer &send, const Credentials &creds);
+
+ /**
+ * Process getting provider(app_id, pkg_id) of privilege
+ *
+ * @param buffer Raw received data buffer
+ * @param send Raw data buffer to be sent
+ */
+ void processGetPrivilegeProvider(MessageBuffer &buffer, MessageBuffer &send);
};
} // namespace SecurityManager
case SecurityModuleCall::SHM_APP_NAME:
processShmAppName(buffer, send, creds);
break;
+ case SecurityModuleCall::GET_PRIVILEGE_PROVIDER:
+ LogDebug("call_type: SecurityModuleCall::GET_PRIVILEGE_PROVIDER");
+ processGetPrivilegeProvider(buffer, send);
+ break;
default:
LogError("Invalid call: " << call_type_int);
Throw(ServiceException::InvalidAction);
Serialization::Serialize(send, ret);
}
+void Service::processGetPrivilegeProvider(MessageBuffer &buffer, MessageBuffer &send)
+{
+ int ret;
+ std::string privilege;
+ uid_t uid;
+ std::pair<std::string, std::string> provider;
+
+ Deserialization::Deserialize(buffer, privilege);
+ Deserialization::Deserialize(buffer, uid);
+ ret = serviceImpl.getPrivilegeProvider(privilege, uid, provider);
+ Serialization::Serialize(send, ret);
+ if (ret == SECURITY_MANAGER_SUCCESS)
+ Serialization::Serialize(send, provider);
+}
+
} // namespace SecurityManager
projects / platform / core / security / security-manager.git / commitdiff