projects / platform / core / security / security-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2aa2851)
Prevent from saving empty license 66/129066/2
authorBartlomiej Grzelewski <b.grzelewski@samsung.com>
Fri, 12 May 2017 17:18:37 +0000 (19:18 +0200)
committerBartlomiej Grzelewski <b.grzelewski@samsung.com>
Mon, 15 May 2017 12:22:43 +0000 (14:22 +0200)
Change-Id: Ib89bf970c56d5f337a680334c432a1ec660e77bf

src/client/client-security-manager.cpp patch | blob | history
src/common/service_impl.cpp patch | blob | history

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index 10abfbb4b8dade465a5f48e239ca90932111eb94..d73a0ec6f57880d0f4647fe43ea234e181b91df6 100644 (file)
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -208,10 +208,18 @@ int security_manager_app_inst_req_add_app_defined_privilege(
         const app_defined_privilege_type type,
         const char *license)
 {
-    if (!p_req || !app_defined_privilege ||
-        type < SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED || type > SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED ||
-        (type == SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED && !license))
+    if (!p_req ||
+        !app_defined_privilege ||
+        type < SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED ||
+        type > SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED)
+    {
         return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+    }
+
+    // do not allow put empty license in database!
+    if (type == SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED && (!license || (0 == strlen(license)))) {
+        return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+    }
 
     p_req->appDefinedPrivileges.push_back(std::make_tuple(app_defined_privilege, static_cast<int>(type), license));
 
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index ad21e9ad48643d1b74fcafc7ee6fe9695b5544cf..36491f369956e22c5b53c752dff764eca9a186ea 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -95,6 +95,17 @@ private:
     PrivilegeDb &m_privilegeDb;
 };
 
+bool verifyAppDefinedPrivileges(const AppDefinedPrivilegesVector &privileges) {
+    // TODO check for collision with system privileges
+
+    // check if licenses are set for license-privileges
+    for (auto &e : privileges) {
+        if ((std::get<1>(e) == SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED) && std::get<2>(e).empty())
+            return false;
+    }
+    return true;
+}
+
 } // end of anonymous namespace
 
 ServiceImpl::ServiceImpl()
@@ -510,6 +521,8 @@ int ServiceImpl::appInstall(const Credentials &creds, app_inst_req &&req)
     try {
         std::vector<std::string> privilegeList;
         privilegeList.reserve(req.privileges.size());
+        if (!verifyAppDefinedPrivileges(req.appDefinedPrivileges))
+            return SECURITY_MANAGER_ERROR_INPUT_PARAM;
 
         for (auto &e : req.privileges)
             privilegeList.push_back(e.first);
Domain: Security / Access Control;