return std::vector<Privacy>(privaciesSet.begin(), privaciesSet.end());
}
-std::vector<Privilege> getPrivilegeMapping(AppInfo &appInfo, const std::string &appId, const Privilege &privilege) {
- ALOGD("Mapping privilege " << privilege);
+std::vector<Privilege> getCorePrivilegeMapping(AppInfo &appInfo, const std::string &appId, const Privilege &privilege) {
+ ALOGD("Mapping core privileges of privilege " << privilege);
uid_t uid = geteuid();
std::string version = appInfo.apiVersion(appId, uid);
std::string type = appInfo.type(appId, uid);
std::vector<std::string> privMappedVector;
for (GList *l = privMappedWrap.get(); l != NULL; l = l->next) {
std::string corePriv = static_cast<char*>(l->data);
- ALOGD("Privilege mapps to " << corePriv);
+ ALOGD("Privilege maps to " << corePriv);
+ privMappedVector.push_back(std::move(corePriv));
+ }
+
+ return privMappedVector;
+}
+
+std::vector<Privilege> getSamePrivacyPrivilegeMapping(const Privilege &privilege) {
+ ALOGD("Mapping same privacy privileges of privilege " << privilege);
+
+ GList *privMapped = nullptr;
+
+ int ret = privilege_info_get_same_privacy_grouped_privileges(privilege.c_str(), &privMapped);
+
+ if (ret != PRVMGR_ERR_NONE || !privMapped) {
+ ALOGE("Unable to get privacy mapping of privilege " << privilege << "; err: <" << ret << ">");
+ return {};
+ }
+
+ GListWrap privMappedWrap(privMapped);
+ std::vector<std::string> privMappedVector;
+ for (GList *l = privMappedWrap.get(); l != NULL; l = l->next) {
+ std::string corePriv = static_cast<char*>(l->data);
+ ALOGD("Privilege maps to " << corePriv);
privMappedVector.push_back(std::move(corePriv));
}
Policy PrivilegePolicy::calculatePolicy(AppInfo &appInfo) {
std::vector<Privilege> corePrivileges =
- PrivilegeInfo::getPrivilegeMapping(appInfo, m_appId, m_privilege);
+ PrivilegeInfo::getCorePrivilegeMapping(appInfo, m_appId, m_privilege);
if (corePrivileges.empty()) {
ALOGE("Privilege " << m_privilege << " doesn't map to any core privilege");
return "Deny";
return "Deny";
}
}
- std::vector<Privacy> privacies = PrivilegeInfo::getPrivilegesPrivacies(corePrivileges);
- if (privacies.empty()) {
- ALOGE("Privilege doesn't map to any privacy");
+
+ std::vector<Privilege> allMappedPrivs;
+ for (auto &corePriv : corePrivileges) {
+ std::vector<Privilege> someMappedPrivs = PrivilegeInfo::getSamePrivacyPrivilegeMapping(corePriv);
+ allMappedPrivs.insert(allMappedPrivs.end(), someMappedPrivs.begin(), someMappedPrivs.end());
+ }
+
+ auto policies = getAppPolicy(m_appId);
+ std::unordered_map<Privilege, Policy> privilegePolicy;
+
+ for (auto &policy : policies) {
+ privilegePolicy[policy.getPrivilege()] = policy.getLevel();
+ }
+
+ Policy policy = calculatePrivsPolicy(allMappedPrivs, privilegePolicy);
+
+ if (policy.empty()) {
+ ALOGD("Maps to some not privacy for application " << m_privilege);
return "Allow";
}
- return calculatePrivaciesPolicy(privacies);
+ return policy;
}
-Policy PrivilegePolicy::calculatePrivaciesPolicy(const std::vector<Privacy> &privacies) {
+std::vector<Privacy> PrivilegePolicy::calculateAskablePrivacies(AppInfo &appInfo) {
+ std::vector<Privilege> corePrivileges =
+ PrivilegeInfo::getCorePrivilegeMapping(appInfo, m_appId, m_privilege);
+
+ if (corePrivileges.empty()) {
+ ALOGE("Privilege " << m_privilege << " doesn't map to any core privilege");
+ return std::vector<Privacy>();
+ }
+
+ std::vector<Privacy> privacies = PrivilegeInfo::getPrivilegesPrivacies(corePrivileges);
+ if (privacies.empty()) {
+ ALOGE("Privilege doesn't map to any privacy");
+ return std::vector<Privacy>();
+ }
+
std::unordered_map<Privacy, std::vector<Privilege>> privacyPrivileges;
std::unordered_map<Privilege, Policy> privilegePolicy;
privilegePolicy[policy.getPrivilege()] = policy.getLevel();
}
- m_askablePrivacies.clear();
+ std::vector<Privacy> askablePrivacies;
Policy totalPolicy = "Allow";
for (auto &privacy : privacies) {
Policy policy = calculatePrivsPolicy(privacyPrivileges[privacy], privilegePolicy);
policy = "Allow";
}
if (policy == "Ask user") {
- m_askablePrivacies.push_back(privacy);
+ askablePrivacies.push_back(privacy);
}
if (!updateMinimal(policy, totalPolicy))
break;
}
if (totalPolicy == "Deny")
- m_askablePrivacies.clear();
+ askablePrivacies.clear();
- return totalPolicy;
+ return askablePrivacies;
}
}
projects / platform / core / security / askuser.git / commitdiff