#include <app_manager.h>
#include <cynara-client.h>
#include <pkgmgr-info.h>
+#include <privilege_manager.h>
#include <unistd.h>
#endif // BUILDFLAG(IS_TIZEN)
return true;
}
+bool GetPrivilegeMapping(const std::string& privilege_name,
+ const std::string& api_version,
+ std::vector<std::string>* privilege_mapping) {
+ if (!privilege_mapping)
+ return false;
+ char* local_privilege_name = strdup(privilege_name.c_str());
+ GList* privilege_list = nullptr;
+ privilege_list = g_list_append(privilege_list, local_privilege_name);
+
+ auto g_list_deleter = [](GList* p) {
+ [[maybe_unused]] auto data_deleter = [](gpointer data, gpointer user_data) {
+ char* char_data = static_cast<char*>(data);
+ free(char_data);
+ };
+ p = g_list_first(p);
+ g_list_foreach(p, data_deleter, nullptr);
+ g_list_free(p);
+ };
+
+ auto privilege_list_holder = std::unique_ptr<GList, decltype(g_list_deleter)>{
+ privilege_list, g_list_deleter};
+
+ GList* mapped_privilege_list = nullptr;
+ int ret = privilege_manager_get_mapped_privilege_list(
+ api_version.c_str(), PRVMGR_PACKAGE_TYPE_WRT, privilege_list_holder.get(),
+ &mapped_privilege_list);
+
+ auto mapped_list_holder = std::unique_ptr<GList, decltype(g_list_deleter)>{
+ mapped_privilege_list, g_list_deleter};
+ if (ret != PRVMGR_ERR_NONE) {
+ LOG(ERROR) << "Mapping returned with code: " << ret;
+ return false;
+ }
+
+ // If privilege was successfully resolved but returned empty list, we always
+ // return false for security reasons.
+ guint size = g_list_length(mapped_list_holder.get());
+ if (!size) {
+ LOG(WARNING) << "No mapping for privilege " << privilege_name.c_str();
+ return false;
+ }
+ GList* element = g_list_first(mapped_list_holder.get());
+ while (element) {
+ char* privilege = static_cast<char*>(element->data);
+ privilege_mapping->emplace_back(privilege);
+ element = g_list_next(element);
+ }
+ return true;
+}
} // namespace
#endif // BUILDFLAG(IS_TIZEN)
<< "Can`t resolve properly privilege mapping!";
return false;
}
-
- ret = cynara_check(p_cynara, smack_label.c_str(), "", uid.c_str(),
- privilege_name.c_str());
- if (ret != CYNARA_API_ACCESS_ALLOWED) {
+ // Resolve privileges for their requested api_version on currently running
+ // Tizen version.
+ std::vector<std::string> privilege_mapping;
+ if (!GetPrivilegeMapping(privilege_name, api_version, &privilege_mapping)) {
LOG(ERROR) << "Failed to acquire mapping for privilege: "
<< privilege_name.c_str();
return false;
}
+
+ for (const auto& str : privilege_mapping) {
+ ret = cynara_check(p_cynara, smack_label.c_str(), "", uid.c_str(),
+ str.c_str());
+ if (ret != CYNARA_API_ACCESS_ALLOWED) {
+ return false;
+ }
+ }
return true;
#else // BUILDFLAG(IS_TIZEN)
ALLOW_UNUSED_LOCAL(privilege_name);