--- /dev/null
+#
+# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+CMAKE_MINIMUM_REQUIRED(VERSION 2.8)
+
+PROJECT(dpm-application)
+
+IF(NOT DEFINED VERSION)
+ SET(VERSION "0.0.1")
+ENDIF(NOT DEFINED VERSION)
+
+INCLUDE(FindPkgConfig)
+
+IF(NOT CMAKE_BUILD_TYPE)
+ SET(CMAKE_BUILD_TYPE "DEBUG")
+ENDIF(NOT CMAKE_BUILD_TYPE)
+
+SET(DPM_API ${PROJECT_SOURCE_DIR}/api)
+SET(DPM_PLUGIN ${PROJECT_SOURCE_DIR}/plugin)
+
+IF("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU" AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.7)
+ SET(CXX_STD "c++0x")
+else()
+ SET(CXX_STD "c++11")
+endif()
+
+SET(COMPILE_BASE_FLAGS "-g -fPIC -Werror -Wall -Wl,--as-needed -Wl,--no-whole-archive")
+SET(CMAKE_C_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg")
+SET(CMAKE_CXX_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg -std=${CXX_STD} -fno-rtti")
+SET(CMAKE_C_FLAGS_DEBUG "${COMPILE_BASE_FLAGS} -O0 -ggdb")
+SET(CMAKE_CXX_FLAGS_DEBUG "${COMPILE_BASE_FLAGS} -O0 -ggdb -std=${CXX_STD} -fno-rtti")
+SET(CMAKE_C_FLAGS_RELEASE "${COMPILE_BASE_FLAGS} -O2 -DNDEBUG")
+SET(CMAKE_CXX_FLAGS_RELEASE "${COMPILE_BASE_FLAGS} -O2 -DNDEBUG -std=${CXX_STD} -fno-rtti")
+SET(CMAKE_C_FLAGS_CCOV "${COMPILE_BASE_FLAGS} -O0 --coverage")
+SET(CMAKE_CXX_FLAGS_CCOV "${COMPILE_BASE_FLAGS} -O0 --coverage -std=${CXX_STD} -fno-rtti")
+
+IF(NOT DEFINED LIB_INSTALL_DIR)
+ SET(LIB_INSTALL_DIR "${CMAKE_INSTALL_LIBDIR}")
+ENDIF(NOT DEFINED LIB_INSTALL_DIR)
+
+IF(NOT DEFINED INCLUDE_INSTALL_DIR)
+ SET(INCLUDE_INSTALL_DIR "${CMAKE_INSTALL_INCLUDEDIR}")
+ENDIF(NOT DEFINED INCLUDE_INSTALL_DIR)
+
+IF(NOT DEFINED CONF_INSTALL_DIR)
+ SET(CONF_INSTALL_DIR "${SYSCONF_INSTALL_DIR}/dpm")
+ENDIF(NOT DEFINED CONF_INSTALL_DIR)
+
+IF(NOT DEFINED DATA_INSTALL_DIR)
+ SET(DATA_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/share/dpm")
+ENDIF(NOT DEFINED DATA_INSTALL_DIR)
+
+IF(NOT DEFINED DB_INSTALL_DIR)
+ SET(DB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/dbspace")
+ENDIF(NOT DEFINED DB_INSTALL_DIR)
+
+IF(NOT DEFINED RUN_INSTALL_DIR)
+ SET(RUN_INSTALL_DIR "/var/run")
+ENDIF(NOT DEFINED RUN_INSTALL_DIR)
+
+IF(NOT DEFINED PAMD_INSTALL_DIR)
+ SET(PAMD_INSTALL_DIR "${SYSCONF_INSTALL_DIR}/pam.d")
+ENDIF(NOT DEFINED PAMD_INSTALL_DIR)
+
+IF(NOT DEFINED SYSTEMD_UNIT_INSTALL_DIR)
+ SET(SYSTEMD_UNIT_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/lib/systemd/system")
+ENDIF(NOT DEFINED SYSTEMD_UNIT_INSTALL_DIR)
+
+ADD_DEFINITIONS(-DUG_WAYLAND)
+
+ADD_SUBDIRECTORY(${DPM_PLUGIN})
+ADD_SUBDIRECTORY(${DPM_API})
--- /dev/null
+#
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+SET(TARGET ${PROJECT_NAME})
+SET(PC_FILE "${TARGET}.pc")
+
+SET(LIB_VERSION "${VERSION}")
+SET(LIB_SOVERSION "0")
+
+SET(API_SOURCES "application.cpp")
+SET(API_HEADERS "application.h")
+
+SET(DEPENDENCY klay
+ dpm-pil
+ capi-base-common
+ capi-system-info
+)
+
+PKG_CHECK_MODULES(API_DEPS REQUIRED ${DEPENDENCY})
+
+SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack")
+
+ADD_LIBRARY(${TARGET} SHARED ${API_SOURCES})
+
+SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS "-fvisibility=default")
+SET_TARGET_PROPERTIES(${TARGET} PROPERTIES SOVERSION ${LIB_SOVERSION})
+SET_TARGET_PROPERTIES(${TARGET} PROPERTIES VERSION ${LIB_VERSION})
+
+INCLUDE_DIRECTORIES(SYSTEM ${API_DEPS_INCLUDE_DIRS})
+TARGET_LINK_LIBRARIES(${TARGET} ${API_DEPS_LIBRARIES} pthread)
+
+CONFIGURE_FILE(${PC_FILE}.in ${CMAKE_BINARY_DIR}/${PC_FILE} @ONLY)
+
+INSTALL(FILES ${CMAKE_BINARY_DIR}/${PC_FILE} DESTINATION ${LIB_INSTALL_DIR}/pkgconfig)
+INSTALL(TARGETS ${TARGET} DESTINATION ${LIB_INSTALL_DIR} COMPONENT RuntimeLibraries)
+INSTALL(FILES ${API_HEADERS} DESTINATION ${INCLUDE_INSTALL_DIR}/dpm)
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include <tizen.h>
+#include <tizen_type.h>
+
+#include <dpm/pil/policy-client.h>
+
+#include "application.h"
+
+EXPORT_API int dpm_application_set_mode_restriction(device_policy_manager_h handle, int mode)
+{
+ RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(mode, DPM_ERROR_INVALID_PARAMETER);
+
+ DevicePolicyClient& client = GetDevicePolicyClient(handle);
+
+ try {
+ Status<int> status { -1 };
+ status = client.methodCall<int>("Application::setModeRestriction", mode);
+ return status.get();
+ } catch (...) {
+ return -1;
+ }
+}
+
+EXPORT_API int dpm_application_unset_mode_restriction(device_policy_manager_h handle, int mode)
+{
+ RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(mode, DPM_ERROR_INVALID_PARAMETER);
+
+ DevicePolicyClient& client = GetDevicePolicyClient(handle);
+
+ try {
+ Status<int> status { -1 };
+ status = client.methodCall<int>("Application::unsetModeRestriction", mode);
+ return status.get();
+ } catch (...) {
+ return -1;
+ }
+}
+
+EXPORT_API int dpm_application_get_mode_restriction(device_policy_manager_h handle, int *mode)
+{
+ RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(mode, DPM_ERROR_INVALID_PARAMETER);
+
+ DevicePolicyClient& client = GetDevicePolicyClient(handle);
+
+ try {
+ Status<int> status { 0 };
+ status = client.methodCall<int>("Application::getModeRestriction");
+ if (status.get() < 0) {
+ return -1;
+ }
+ *mode = status.get();
+ } catch (...) {
+ return -1;
+ }
+
+ return DPM_ERROR_NONE;
+}
+
+EXPORT_API int dpm_application_add_privilege_to_blacklist(device_policy_manager_h handle, int type, const char* privilege)
+{
+ RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(privilege, DPM_ERROR_INVALID_PARAMETER);
+
+ DevicePolicyClient& client = GetDevicePolicyClient(handle);
+
+ try {
+ Status<int> status { -1 };
+ status = client.methodCall<int>("Application::addPrivilegeToBlacklist", type, privilege);
+ return status.get();
+ } catch (...) {
+ return -1;
+ }
+}
+
+EXPORT_API int dpm_application_remove_privilege_from_blacklist(device_policy_manager_h handle, int type, const char* privilege)
+{
+ RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(privilege, DPM_ERROR_INVALID_PARAMETER);
+
+ DevicePolicyClient& client = GetDevicePolicyClient(handle);
+
+ try {
+ Status<int> status { -1 };
+ status = client.methodCall<int>("Application::removePrivilegeFromBlacklist", type, privilege);
+ return status.get();
+ } catch (...) {
+ return -1;
+ }
+}
+
+EXPORT_API int dpm_application_check_privilege_is_blacklisted(device_policy_manager_h handle, int type, const char* privilege, int *is_blacklisted)
+{
+ RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(privilege, DPM_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(is_blacklisted, DPM_ERROR_INVALID_PARAMETER);
+
+ DevicePolicyClient& client = GetDevicePolicyClient(handle);
+
+ try {
+ Status<int> status { 0 };
+ status = client.methodCall<int>("Application::checkPrivilegeIsBlacklisted", type, privilege);
+ if (status.get() < 0) {
+ return -1;
+ }
+
+ *is_blacklisted = status.get();
+ } catch (...) {
+ return -1;
+ }
+
+ return DPM_ERROR_NONE;
+}
+
+EXPORT_API int dpm_application_install_package(device_policy_manager_h handle, const char* pkgpath)
+{
+ RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(pkgpath, DPM_ERROR_INVALID_PARAMETER);
+
+ DevicePolicyClient& client = GetDevicePolicyClient(handle);
+
+ try {
+ Status<int> status { -1 };
+ status = client.methodCall<int>("Application::installPackage", pkgpath);
+ return status.get();
+ } catch (...) {
+ return -1;
+ }
+}
+
+EXPORT_API int dpm_application_uninstall_package(device_policy_manager_h handle, const char* pkgid)
+{
+ RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(pkgid, DPM_ERROR_INVALID_PARAMETER);
+
+ DevicePolicyClient& client = GetDevicePolicyClient(handle);
+
+ try {
+ Status<int> status { -1 };
+ status = client.methodCall<int>("Application::uninstallPackage", pkgid);
+ return status.get();
+ } catch (...) {
+ return -1;
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __CAPI_DPM_APPLICATION_POLICY_H__
+#define __CAPI_DPM_APPLICATION_POLICY_H__
+
+typedef void * device_policy_manager_h;
+
+/**
+ * @file application.h
+ * @brief This file provides APIs to control application functionality
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @addtogroup CAPI_DPM_APPLICATION_POLICY_MODULE
+ * @{
+ */
+
+/**
+ * @brief Enumeration for installation mode
+ * @since_tizen 3.0
+ */
+typedef enum {
+ DPM_PACKAGE_RESTRICTION_MODE_ALL = 0x0F, /**< All package restriction mode */
+ DPM_PACKAGE_RESTRICTION_MODE_INSTALL = 0x01, /**< Package install restriction */
+ DPM_PACKAGE_RESTRICTION_MODE_UNINSTALL = 0x02, /**< Package uninstall restriction */
+ DPM_PACKAGE_RESTRICTION_MODE_REINSTALL = 0x04, /**< Package reinstall restriction */
+ DPM_PACKAGE_RESTRICTION_MODE_MOVE = 0x08 /**< Package move restriction */
+} dpm_package_restriction_mode_e;
+
+/**
+ * @brief Restricts installation / uninstallation for all packages.
+ * @details Administrator can use this API to restrict package installation, uninstallation,
+ * reinstallation or move.
+ * @since_tizen 3.0
+ * @param[in] handle The device policy manager handle
+ * @param[in] mode The installation mode to be set, one of DPM_PACKAGE_INSTALLATION_MODE_ALLOW or
+ * DPM_PACKAGE_INSTALLATION_MODE_DISALLOW
+ * @return #DPM_ERROR_NONE on success, otherwise a negative value
+ * @retval #DPM_ERROR_NONE No error
+ * @retval #DPM_ERROR_TIMEOUT Time out
+ * @retval #DPM_ERROR_ACCESS_DENIED The application does not have
+ * the privilege to call this API
+ * @pre handle must be created by dpm_context_acquire_application_policy()
+ * @see dpm_application_unset_mode_restriction()
+ * @see dpm_application_get_mode_restriction()
+ */
+int dpm_application_set_mode_restriction(device_policy_manager_h handle, int mode);
+
+/**
+ * @brief Allows installation / uninstallation for all packages.
+ * @details If the mode is set to DPM_PACKAGE_INSTALLATION_MODE_DISALLOW,
+ * no application can be installed on the device.
+ * @since_tizen 3.0
+ * @param[in] handle The device policy manager handle
+ * @param[in] mode The installation mode to be set, one of DPM_PACKAGE_INSTALLATION_MODE_ALLOW or
+ * DPM_PACKAGE_INSTALLATION_MODE_DISALLOW
+ * @return #DPM_ERROR_NONE on success, otherwise a negative value
+ * @retval #DPM_ERROR_NONE No error
+ * @retval #DPM_ERROR_TIMEOUT Time out
+ * @retval #DPM_ERROR_ACCESS_DENIED The application does not have
+ * the privilege to call this API
+ * @pre handle must be created by dpm_context_acquire_application_policy()
+ * @see dpm_application_set_mode_restriction()
+ * @see dpm_application_get_mode_restriction()
+ */
+int dpm_application_unset_mode_restriction(device_policy_manager_h handle, int mode);
+
+/**
+ * @brief Gets the current restriction mode for all packages.
+ * @details The default mode is to allow any package to be installed.
+ * @since_tizen 3.0
+ * @param[in] handle The device policy manager handle
+ * @param[out] mode Current mode of operation, which is one of the following:
+ * #DPM_PACKAGE_INSTALLATION_MODE_ALLOW Package installation is allowed
+ * #DPM_PACKAGE_INSTALLATION_MODE_DISALLOW Package installation is not allowed
+ * @return #DPM_ERROR_NONE on success, otherwise a negative value
+ * @retval #DPM_ERROR_NONE Successful
+ * @retval #DPM_ERROR_TIMEOUT Time out
+ * @pre handle must be created by dpm_context_acquire_application_policy()
+ * @see dpm_application_set_mode_restriction()
+ * @see dpm_application_unset_mode_restriction()
+ * @see dpm_application_get_mode_restriction()
+ */
+int dpm_application_get_mode_restriction(device_policy_manager_h handle, int *mode);
+
+/**
+ * @brief Adds privilege to blacklist
+ * @details Administrator can use this API to disallow package installation
+ * which requires the privilege.
+ * @since_tizen 3.0
+ * @param[in] handle The application policy handle
+ * @param[in] type The package type
+ * @param[in] privilehe The privilege name to be blacklisted
+ * @return #DPM_ERROR_NONE on success, otherwise a negative value
+ * @retval #DPM_ERROR_NONE Successful
+ * @retval #DPM_ERROR_TIMEOUT Time out
+ * @retval #DPM_ERROR_ACCESS_DENIED The application does not have
+ * the privilege to call this API
+ * @pre handle must be created by dpm_context_acquire_application_policy()
+ * @see dpm_context_acquire_application_policy()
+ * @see dpm_context_release_application_policy()
+ * @see dpm_application_remove_privilege_from_blacklist()
+ * @see dpm_application_check_privilege_is_blacklisted()
+ */
+int dpm_application_add_privilege_to_blacklist(device_policy_manager_h handle, int type, const char* privilege);
+
+/**
+ * @brief Removes privilege from blacklist
+ * @details Administrator can use this API to remove privilege from blacklist.
+ * @since_tizen 3.0
+ * @param[in] handle The application policy handle
+ * @param[in] type The package type
+ * @param[in] privilege The privilege name which is removed from blacklist
+ * @return #DPM_ERROR_NONE on success, otherwise a negative value
+ * @retval #DPM_ERROR_NONE Successful
+ * @retval #DPM_ERROR_TIMEOUT Time out
+ * @retval #DPM_ERROR_ACCESS_DENIED The application does not have
+ * the privilege to call this API
+ * @pre handle must be created by dpm_context_acquire_application_policy()
+ * @see dpm_context_acquire_application_policy()
+ * @see dpm_context_release_application_policy()
+ * @see dpm_application_add_privilege_to_blacklist()
+ * @see dpm_application_check_privilege_is_blacklisted()
+ */
+int dpm_application_remove_privilege_from_blacklist(device_policy_manager_h handle, int type, const char* privilege);
+
+/**
+ * @brief Checks whether a privilege is added to blacklist
+ * @details Administrator can use this API to check whether the privilege is blacklisted.
+ * Once privilege is added to blacklist, the package which requires the privilege
+ * is prohibited to install on the device.
+ * @since_tizen 3.0
+ * @param[in] handle The application policy handle
+ * @param[in] type The package type
+ * @param[in] privilege The privilege name
+ * @param[out] is_blacklisted TRUE if the package installation is disabled, else FALSE
+ * @return #DPM_ERROR_NONE on success, otherwise a negative value
+ * @retval #DPM_ERROR_NONE Successful
+ * @retval #DPM_ERROR_TIMEOUT Time out
+ * @pre handle must be created by dpm_context_acquire_application_policy()
+ * @see dpm_context_acquire_application_policy()
+ * @see dpm_context_release_application_policy()
+ * @see dpm_application_add_privilege_to_blacklist()
+ * @see dpm_application_remove_privilege_from_blacklist()
+ */
+int dpm_application_check_privilege_is_blacklisted(device_policy_manager_h handle, int type, const char* privilege, int *is_blacklisted);
+
+int dpm_application_install_package(device_policy_manager_h handle, const char* pkgpath);
+int dpm_application_uninstall_package(device_policy_manager_h handle, const char* pkgid);
+/**
+ * @}
+ */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif //! __CAPI_APPLICATION_POLICY_H__
--- /dev/null
+# Package Information for pkg-config
+
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=@CMAKE_INSTALL_PREFIX@
+libdir=@LIB_INSTALL_DIR@
+includedir=@INCLUDE_INSTALL_DIR@
+
+Name: Application policy module
+Description: Application policy module for device policy manager
+Version: @VERSION@
+Libs: -L${libdir} -ldpm-application
+Cflags: -I${includedir}/dpm
+
--- /dev/null
+<manifest>
+ <request>
+ <domain name="_" />
+ </request>
+</manifest>
--- /dev/null
+Name: dpm-application
+Version: 1.0.1
+Release: 0
+License: Apache-2.0
+Source0: %{name}-%{version}.tar.gz
+Summary: Tizen Device Policy Manager Application Policy Module
+Group: Security/Other
+BuildRequires: gcc
+BuildRequires: cmake
+BuildRequires: gettext-tools
+BuildRequires: pkgconfig(klay)
+BuildRequires: pkgconfig(dpm-pil)
+BuildRequires: pkgconfig(security-privilege-manager)
+
+BuildRequires: pkgconfig(capi-system-info)
+BuildRequires: pkgconfig(capi-base-common)
+
+%description
+The dpm-application package provides a application policy module for device policy manager
+
+%files
+%manifest dpm-application.manifest
+%defattr(644,root,root,755)
+%attr(755,root,root) /opt/data/dpm/plugins/application
+%attr(755,root,root) %{_libdir}/libdpm-application.so.%{version}
+%{_libdir}/libdpm-application.so.0
+
+%prep
+%setup -q
+
+%build
+%{!?build_type:%define build_type "RELEASE"}
+
+%if %{build_type} == "DEBUG" || %{build_type} == "PROFILING" || %{build_type} == "CCOV"
+ CFLAGS="$CFLAGS -Wp,-U_FORTIFY_SOURCE"
+ CXXFLAGS="$CXXFLAGS -Wp,-U_FORTIFY_SOURCE"
+%endif
+
+%cmake . -DVERSION=%{version} \
+ -DCMAKE_BUILD_TYPE=%{build_type} \
+ -DSCRIPT_INSTALL_DIR=%{_scriptdir} \
+ -DSYSTEMD_UNIT_INSTALL_DIR=%{_unitdir} \
+ -DDATA_INSTALL_DIR=%{TZ_SYS_DATA}/dpm \
+ -DDB_INSTALL_DIR=%{TZ_SYS_DB} \
+ -DRUN_INSTALL_DIR=%{TZ_SYS_RUN} \
+ -DAPP_INSTALL_PREFIX="%{TZ_SYS_RO_APP}" \
+ -DAPP_SHARE_PACKAGES_DIR="%{TZ_SYS_RO_PACKAGES}" \
+
+make %{?jobs:-j%jobs}
+
+%install
+%make_install
+
+%clean
+rm -rf %{buildroot}
+
+%post
+
+%preun
+
+%postun
+
+## Devel Package ##############################################################
+%package -n libdpm-application-devel
+Summary: Libraries and header files for device policy client development
+Group: Development/Libraries
+Requires: device-policy-manager = %{version}-%{release}
+
+%description -n libdpm-application-devel
+The libdpm-application-devel package includes the libraries and header files necessary for
+developing the DPM client program.
+
+%files -n libdpm-application-devel
+%manifest dpm-application.manifest
+%defattr(644,root,root,755)
+%{_libdir}/libdpm-application.so
+%{_libdir}/pkgconfig/dpm-application.pc
+%{_includedir}/dpm
--- /dev/null
+#
+# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+SET(TARGET "dpm-plugin-application")
+
+SET(PLUGIN_SOURCES "application.cpp")
+
+SET(DEPENDENCY klay
+ dpm-pil
+ security-privilege-manager
+)
+
+PKG_CHECK_MODULES(PLUGIN_DEPS REQUIRED ${DEPENDENCY})
+
+SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack")
+
+ADD_LIBRARY(${TARGET} SHARED ${PLUGIN_SOURCES})
+SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS "-fvisibility=default")
+INCLUDE_DIRECTORIES(SYSTEM ${PLUGIN_DEPS_INCLUDE_DIRS})
+TARGET_LINK_LIBRARIES(${TARGET} ${PLUGIN_DEPS_LIBRARIES})
+
+INSTALL(FILES libdpm-plugin-application.so RENAME application DESTINATION /opt/data/dpm/plugins)
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <privilege_manager.h>
+#include <privilege_info.h>
+
+#include <iostream>
+
+#include <dpm/pil/policy-context.h>
+#include <dpm/pil/policy-model.h>
+#include <dpm/pil/policy-storage.h>
+
+#include <dpm/pil/packman.h>
+#include <dpm/pil/launchpad.h>
+
+class Application : public AbstractPolicyProvider {
+public:
+ int getModeRestriction();
+ int setModeRestriction(int mode);
+ int unsetModeRestriction(int mode);
+
+ int addPrivilegeToBlacklist(int, const std::string& privilege);
+ int removePrivilegeFromBlacklist(int, const std::string& privilege);
+ int checkPrivilegeIsBlacklisted(int, const std::string& privilege);
+
+ int installPackage(const std::string& pkgpath);
+ int uninstallPackage(const std::string& pkgid);
+};
+
+int Application::setModeRestriction(int mode)
+{
+ try {
+ PackageManager& packman = PackageManager::instance();
+ packman.setModeRestriction(mode, rmi::Service::getPeerUid());
+ } catch (runtime::Exception& e) {
+ ERROR("Failed to set mode restriction");
+ return -1;
+ }
+
+ return 0;
+}
+
+int Application::unsetModeRestriction(int mode)
+{
+ try {
+ PackageManager& packman = PackageManager::instance();
+ packman.unsetModeRestriction(mode, rmi::Service::getPeerUid());
+ } catch (runtime::Exception& e) {
+ ERROR("Failed to unset mode restriction");
+ return -1;
+ }
+
+ return 0;
+}
+
+int Application::getModeRestriction()
+{
+ try {
+ PackageManager& packman = PackageManager::instance();
+ return packman.getModeRestriction(rmi::Service::getPeerUid());
+ } catch (runtime::Exception& e) {
+ return -1;
+ }
+}
+
+int Application::installPackage(const std::string& pkgpath)
+{
+ try {
+ PackageManager& packman = PackageManager::instance();
+ packman.installPackage(pkgpath, rmi::Service::getPeerUid());
+ } catch (runtime::Exception& e) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int Application::uninstallPackage(const std::string& pkgid)
+{
+ try {
+ PackageManager& packman = PackageManager::instance();
+ packman.uninstallPackage(pkgid, rmi::Service::getPeerUid());
+ } catch (runtime::Exception& e) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int Application::addPrivilegeToBlacklist(int type, const std::string& privilege)
+{
+ GList* privilegeList = NULL;
+ privilegeList = g_list_append(privilegeList, const_cast<char*>(privilege.c_str()));
+
+ privilege_manager_package_type_e pkgType = type ? PRVMGR_PACKAGE_TYPE_CORE : PRVMGR_PACKAGE_TYPE_WRT;
+ int ret = privilege_manager_set_black_list(rmi::Service::getPeerUid(), pkgType, privilegeList);
+ g_list_free(privilegeList);
+ if (ret !=PRVMGR_ERR_NONE) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int Application::removePrivilegeFromBlacklist(int type, const std::string& privilege)
+{
+ GList* privilegeList = NULL;
+ privilegeList = g_list_append(privilegeList, const_cast<char*>(privilege.c_str()));
+
+ privilege_manager_package_type_e pkgType = type ? PRVMGR_PACKAGE_TYPE_CORE : PRVMGR_PACKAGE_TYPE_WRT;
+ int ret = privilege_manager_unset_black_list(rmi::Service::getPeerUid(), pkgType, privilegeList);
+ g_list_free(privilegeList);
+ if (ret != PRVMGR_ERR_NONE) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int Application::checkPrivilegeIsBlacklisted(int type, const std::string& privilege)
+{
+ GList* blacklist = NULL;
+
+ privilege_manager_package_type_e pkgType = type ? PRVMGR_PACKAGE_TYPE_CORE : PRVMGR_PACKAGE_TYPE_WRT;
+ int ret = privilege_info_get_black_list(rmi::Service::getPeerUid(), pkgType, &blacklist);
+ if (ret != PRVMGR_ERR_NONE) {
+ return -1;
+ }
+
+ for (GList* l = blacklist; l != NULL; l = l->next) {
+ char *name = (char *)l->data;
+ if (privilege == name) {
+ g_list_free(blacklist);
+ return true;
+ }
+ }
+ g_list_free(blacklist);
+ return false;
+}
+
+extern "C" {
+
+#define PRIVILEGE "http://tizen.org/privilege/dpm.application"
+
+AbstractPolicyProvider *PolicyFactory(PolicyControlContext& context)
+{
+ Application *policy = new Application();
+
+ context.expose(policy, "", (int)(Application::getModeRestriction)());
+ context.expose(policy, "", (int)(Application::setModeRestriction)(int));
+ context.expose(policy, "", (int)(Application::unsetModeRestriction)(int));
+
+ context.expose(policy, "", (int)(Application::addPrivilegeToBlacklist)(int, std::string));
+ context.expose(policy, "", (int)(Application::removePrivilegeFromBlacklist)(int, std::string));
+ context.expose(policy, "", (int)(Application::checkPrivilegeIsBlacklisted)(int, std::string));
+
+ context.expose(policy, "", (int)(Application::installPackage)(std::string));
+ context.expose(policy, "", (int)(Application::uninstallPackage)(std::string));
+
+ return policy;
+}
+
+}
projects / platform / core / security / dpm-application.git / commitdiff