return !strcmp(entry->d_name, "WRT.smack");
}
-int wrt_partner_filter(const struct dirent *entry)
-{
- return !strcmp(entry->d_name, "WRT_partner.smack");
-}
-
-int wrt_platform_filter(const struct dirent *entry)
-{
- return !strcmp(entry->d_name, "WRT_platform.smack");
-}
-
int wrt_family_filter(const struct dirent *entry)
{
return has_prefix(entry->d_name, "WRT_") &&
- !has_prefix(entry->d_name, "WRT_partner") &&
- !has_prefix(entry->d_name, "WRT_platform") &&
has_smack_ext(entry->d_name);
}
return !strcmp(entry->d_name, "OSP.smack");
}
-int osp_partner_filter(const struct dirent *entry)
-{
- return !strcmp(entry->d_name, "OSP_partner.smack");
-}
-
-int osp_platform_filter(const struct dirent *entry)
-{
- return !strcmp(entry->d_name, "OSP_platform.smack");
-}
int osp_family_filter(const struct dirent *entry)
{
return has_prefix(entry->d_name, "OSP_") &&
- !has_prefix(entry->d_name, "OSP_partner") &&
- !has_prefix(entry->d_name, "OSP_platform") &&
has_smack_ext(entry->d_name);
}
has_smack_ext(entry->d_name);
}
-int additional_rules_filter(const struct dirent *entry)
-{
- return !strcmp(entry->d_name, "ADDITIONAL_RULES.smack");;
-}
-
void load_rules_from_file(const char *s_rules_file_path,
const char *s_permission_name,
const app_type_t app_type)
if(perm_begin()) return;
// Load rules specific to permission's types:
- load_pemission_type_rules(wrt_filter, "WRT", PERM_APP_TYPE_WRT, s_dir);
- load_pemission_type_rules(wrt_partner_filter, "WRT_partner", PERM_APP_TYPE_WRT_PARTNER, s_dir);
- load_pemission_type_rules(wrt_platform_filter, "WRT_platform", PERM_APP_TYPE_WRT_PLATFORM, s_dir);
- load_pemission_type_rules(osp_filter, "OSP", PERM_APP_TYPE_OSP, s_dir);
- load_pemission_type_rules(osp_partner_filter, "OSP_partner" , PERM_APP_TYPE_OSP_PARTNER, s_dir);
- load_pemission_type_rules(osp_platform_filter, "OSP_platform", PERM_APP_TYPE_OSP_PLATFORM, s_dir);
- load_pemission_type_rules(efl_filter, "EFL", PERM_APP_TYPE_EFL, s_dir);
+ load_pemission_type_rules(wrt_filter, "WRT", APP_TYPE_WGT, s_dir);
+ load_pemission_type_rules(osp_filter, "OSP", APP_TYPE_OSP, s_dir);
+ load_pemission_type_rules(efl_filter, "EFL", APP_TYPE_EFL, s_dir);
// Load rules for each permission type:
- load_permission_family(wrt_family_filter, "WRT_", PERM_APP_TYPE_WRT, s_dir);
- load_permission_family(osp_family_filter, "OSP_", PERM_APP_TYPE_OSP, s_dir);
- load_permission_family(efl_family_filter, "EFL_", PERM_APP_TYPE_EFL, s_dir);
+ load_permission_family(wrt_family_filter, "WRT_", APP_TYPE_WGT, s_dir);
+ load_permission_family(osp_family_filter, "OSP_", APP_TYPE_OSP, s_dir);
+ load_permission_family(efl_family_filter, "EFL_", APP_TYPE_EFL, s_dir);
perm_end();
// Load as the right type of permission
if(wrt_family_filter(&file)) {
s_permission_name = get_permission_name(s_file_name, "WRT_");
- load_rules_from_file(s_file_path, s_permission_name, PERM_APP_TYPE_WRT);
+ load_rules_from_file(s_file_path, s_permission_name, APP_TYPE_WGT);
} else if(osp_family_filter(&file)) {
s_permission_name = get_permission_name(s_file_name, "OSP_");
- load_rules_from_file(s_file_path, s_permission_name, PERM_APP_TYPE_OSP);
+ load_rules_from_file(s_file_path, s_permission_name, APP_TYPE_OSP);
} else if(efl_family_filter(&file)) {
s_permission_name = get_permission_name(s_file_name, "EFL_");
- load_rules_from_file(s_file_path, s_permission_name, PERM_APP_TYPE_EFL);
+ load_rules_from_file(s_file_path, s_permission_name, APP_TYPE_EFL);
} else {
API_FEATURE_LOADER_LOG("Unknown api-feature type: %s\n", s_file_path);
s_name_pattern);
}
-void load_additional_rules(const char *const s_rules_file_path)
-{
- FILE *p_file = NULL;
- char *s_rule = NULL;
- char **rules_array = NULL;
- size_t i_num_rules = 0;
- size_t i = 0;
- int ret;
- vector_t rules_vector;
-
- API_FEATURE_LOADER_LOG("Loading additional rules from file...\n");
-
- p_file = fopen(s_rules_file_path, "r");
- if(!p_file) goto finish;
-
-
- vector_init(rules_vector);
- while(getline(&s_rule, &i, p_file) > 0) {
- vector_push_back_ptr(rules_vector, s_rule);
- API_FEATURE_LOADER_LOG("Loading rule: %s", s_rule);
- ++i_num_rules;
- s_rule = NULL;
- }
- vector_push_back_ptr(rules_vector, NULL);
-
- rules_array = vector_finish(rules_vector);
-
- ret = perm_add_additional_rules((const char **)rules_array);
- if(ret != PC_OPERATION_SUCCESS)
- API_FEATURE_LOADER_LOG("Error %d\n", ret);
-
-finish:
- if(p_file != NULL) fclose(p_file);
- if(rules_array != NULL) {
- for(i = 0; i < i_num_rules; ++i) {
- free(rules_array[i]);
- }
- vector_free(rules_vector);
- }
-
- API_FEATURE_LOADER_LOG("Done.\n");
-}
-
int main(int argc, char *argv[])
{
int c;
bool b_load_from_dir = false;
const char *s_dir_name = NULL;
- bool b_load_additional_rules = false;
- const char *s_additional_rules_file_name = NULL;
-
static struct option long_options[] = {
{"verbose", no_argument, &i_verbose_flag__, 1},
{"file", required_argument, 0, 'f'},
{"dir", required_argument, 0, 'd'},
{"help", no_argument, 0, 'h'},
{"version", no_argument, 0, 'v'},
- {"rules", required_argument, 0, 'r'},
{0, 0, 0, 0}
};
s_dir_name = optarg;
break;
- case 'r':
- b_load_additional_rules = true;
- s_additional_rules_file_name = optarg;
- break;
-
case 'h':
printf("Api feature loader v." API_FEATURE_LOADER_VERSION "\n\n");
printf(" Options:\n");
printf(" -d,--dir=path load api-features from the directory\n");
printf(" -f,--file=file_name load api-feature from the file\n");
printf(" -h,--help print this help\n");
- printf(" -r,--rules load additional rules from the file\n");
printf(" --verbose verbose output\n");
printf(" -v,--version show applcation version\n");
}
// Run task
- if(b_load_additional_rules)
- load_additional_rules(s_additional_rules_file_name);
if(b_load_from_dir)
load_from_dir(s_dir_name);
if(b_load_from_file)
load_from_file(s_file_name);
- if(!b_load_additional_rules &&
- !b_load_from_dir &&
+ if(!b_load_from_dir &&
!b_load_from_file)
load_from_dir(API_FEATURES_DIR);
typedef enum {
- PERM_APP_TYPE_WRT,
- PERM_APP_TYPE_OSP,
- PERM_APP_TYPE_OTHER,
- PERM_APP_TYPE_WRT_PARTNER,
- PERM_APP_TYPE_WRT_PLATFORM,
- PERM_APP_TYPE_OSP_PARTNER,
- PERM_APP_TYPE_OSP_PLATFORM,
- PERM_APP_TYPE_EFL,
+ APP_TYPE_WGT,
+ APP_TYPE_OSP,
+ APP_TYPE_EFL,
+ APP_TYPE_OTHER,
} app_type_t;
typedef enum {
- PERM_APP_PATH_PRIVATE,
- PERM_APP_PATH_GROUP,
- PERM_APP_PATH_PUBLIC,
- PERM_APP_PATH_SETTINGS,
- PERM_APP_PATH_NPRUNTIME,
- PERM_APP_PATH_ANY_LABEL,
+ APP_PATH_PRIVATE,
+ APP_PATH_GROUP_RW,
+ APP_PATH_PUBLIC_RO,
+ APP_PATH_SETTINGS_RW,
+ APP_PATH_ANY_LABEL,
} app_path_type_t;
-typedef struct perm_app_status {
- char *app_id;
- bool is_enabled;
- bool is_permanent;
-} perm_app_status_t;
-
-
-// TODO: after all projects change their code delete these defines
-// Historical in app_type_t
-#define PERM_APP_TYPE_WGT PERM_APP_TYPE_WRT
-#define PERM_APP_TYPE_WGT_PARTNER PERM_APP_TYPE_WRT_PARTNER
-#define PERM_APP_TYPE_WGT_PLATFORM PERM_APP_TYPE_WRT_PLATFORM
-
-
-#define APP_TYPE_WGT PERM_APP_TYPE_WRT
-#define APP_TYPE_OSP PERM_APP_TYPE_OSP
-#define APP_TYPE_OTHER PERM_APP_TYPE_OTHER
-#define APP_TYPE_WGT_PARTNER PERM_APP_TYPE_WRT_PARTNER
-#define APP_TYPE_WGT_PLATFORM PERM_APP_TYPE_WRT_PLATFORM
-#define APP_TYPE_OSP_PARTNER PERM_APP_TYPE_OSP_PARTNER
-#define APP_TYPE_OSP_PLATFORM PERM_APP_TYPE_OSP_PLATFORM
-#define APP_TYPE_EFL PERM_APP_TYPE_EFL
-
-// Historical names in app_path_type_t
-#define APP_PATH_PRIVATE PERM_APP_PATH_PRIVATE
-#define APP_PATH_GROUP PERM_APP_PATH_GROUP
-#define APP_PATH_PUBLIC PERM_APP_PATH_PUBLIC
-#define APP_PATH_SETTINGS PERM_APP_PATH_SETTINGS
-#define APP_PATH_ANY_LABEL PERM_APP_PATH_ANY_LABEL
-#define APP_PATH_GROUP_RW APP_PATH_GROUP
-#define APP_PATH_PUBLIC_RO APP_PATH_PUBLIC
-#define APP_PATH_SETTINGS_RW APP_PATH_SETTINGS
-
-
-
/* APIs - used by applications */
int control_privilege(void) DEPRECATED;
int set_privilege(const char* pkg_name) DEPRECATED;
/**
- * Gets smack label of a process, based on its pid.
- *
- * @param pid pid of process
- * @param smack_label label of process
- * @return PC_OPERATION_SUCCESS on success PC_ERR_* on error.
- */
-int get_smack_label_from_process(pid_t pid, char *smack_label);
-
-/**
- * Checks if process with pid has access to object.
- * This function checks if subject has access to object via smack_have_access() function.
- * If YES then returns access granted. In NO then function checks if process with pid has
- * CAP_MAC_OVERRIDE capability. If YES then returns access granted.
- * If NO then returns access denied.
- *
- * @param pid pid of process
- * @param object label of object to access
- * @param access_type smack access type.
- * @return 0 (no access) or 1 (access) or -1 (error)
- */
-int smack_pid_have_access(pid_t pid,
- const char *object,
- const char *access_type);
-
-/**
* Set DAC and SMACK privileges for application.
- * This function is meant to be called by the application launcher just before
+ * This function is meant to be call by the application launcher just before
* it launches an application. It will setup DAC and SMACK privileges based
* on app type and accesses.
* It must be called with root privileges, which will be dropped in the function.
*
- * @param name package name
- * @param type application type (currently distinguished types:
- * "wgt", "wgt_partner", "wgt_platform",
- * "tpk", "osp", "osp_partner", "osp_platform",
- * "rpm", "efl")
- * @param path file system path to the binary
- * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ * @param name package name
+ * @param type application type (currently distinguished types:
+ * "wgt",
+ * "tpk", "osp",
+ * "rpm", "efl")
+ *
+ * @param path file system path to the binary
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
*/
int perm_app_set_privilege(const char* name, const char* type, const char* path);
int set_app_privilege(const char* name, const char* type, const char* path) DEPRECATED;
int app_add_volatile_permissions(const char* app_id, const char** perm_list) DEPRECATED;
/**
- * Grants SMACK permissions to an application, based on permissions list. It is
- * intended to be called during that application installation. The permissions
- * will be persistent. It must be called by privileged user and within database
- * transaction started with perm_begin() and finished with perm_end().
- *
- * @param pkg_id application identifier
- * @param app_type application type
- * @param perm_list array of permission names, last element must be NULL
- * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
- */
-int perm_app_setup_permissions(const char* pkg_id, app_type_t app_type,
- const char** perm_list);
-
-/**
- * Grants SMACK permissions to an application, based on permissions list. It was
- * intended to be called during that application installation. Permissions
- * granted as volatile will not be present after system boot. It must be called
- * by privileged user and within database transaction started with perm_begin()
- * and finished with perm_end().
- * In new code please call perm_app_setup_permissions during your application
- * installation instead of this function.
+ * Grant SMACK permissions based on permissions list.
+ * It is intended to be called during app installation.
+ * It will construct SMACK rules based on permissions list, grant them
+ * and store it in a database, so they will be automatically granted on
+ * system boot, when persistent mode is enabled.
+ * It must be called by privileged user.
*
* @param pkg_id application identifier
* @param app_type application type
/**
* Removes previously granted SMACK permissions based on permissions list.
* It will remove given permissions from an application, leaving other granted
- * permissions untouched. Results will be persistent. It must be called by
- * privileged user and within database transaction started with perm_begin()
- * and finished with perm_end().
+ * permissions untouched. Results will be persistent.
+ * It must be called by privileged user.
*
* @param pkg_id application identifier
* @param app_type application type
/**
* Removes all application's permissions, rules and directories registered in
- * the database. It must be called by privileged user and within database
- * transaction started with perm_begin() and finished with perm_end().
+ * the database. It must be called by privileged user.
*
* @param pkg_id application identifier
* @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
/**
* Removes all application's permissions which are not persistent. It must be
- * called by privileged user and within database transaction started with
- * perm_begin() and finished with perm_end().
+ * called by privileged user.
*
* @param pkg_id application identifier
* @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
int app_reset_permissions(const char* pkg_id) DEPRECATED;
/**
- * Checks if an application has the privilege that is specified by the name.
- * It must be called by privileged user.
- *
- * @param pkg_id application identifier
- * @param app_type application type
- * @param permission_name permission name
- * @param is_enabled buffer for return value
- * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
- */
-int perm_app_has_permission(const char *pkg_id,
- app_type_t app_type,
- const char *permission_name,
- bool *is_enabled);
-
-/**
- * Get the list of the permissions for given application type
- * Caller is responsible for freeing allocated memory.
- * *ppp_permissions is a pointer to an array consisting of char pointers,
- * terminated with NULL pointer. Memory allocated with each
- * of these pointer except for the last one (NULL) should be freed,
- * followed by freeing *ppp_permissions itself.
- *
- * @param ppp_permissions list of all permissions
- * @param app_type application type
- * @return PC_OPERATION_SUCCESS on success,
- * PC_ERR_* on error
- */
-int perm_get_permissions(char ***ppp_permissions, app_type_t app_type);
-
-/**
- * Get the list of the applications of given type with particular permission.
- * Caller is responsible for freeing allocated memory
- * using perm_free_apps_list()
- *
- * @param pp_apps list of application's statuses
- * @param pi_apps_number number of found application
- * @param app_type application type
- * @param s_permission_name permission name
- * @return PC_OPERATION_SUCCESS on success,
- * PC_ERR_* on error
- */
-int perm_get_apps_with_permission(perm_app_status_t **pp_apps,
- size_t *pi_apps_number,
- app_type_t app_type,
- const char *s_permission_name);
-
-/**
- * Free the list of the applications allocated with
- * perm_get_apps_with_permission().
- *
- * @param pp_apps list of application's statuses
- * @param i_apps_number number of applications on the list
- */
-void perm_free_apps_list(perm_app_status_t *pp_apps,
- size_t i_apps_number);
-
-/**
- * Get permissions for the specified app.
- *
- * In case of success caller is responsible for freeing memory allocated by it.
- * Each cell in *ppp_perm_list except for the last (NULL) should be freed, followed by freeing
- * *ppp_perm_list itself.
- *
- * In case of error an error code is returned and, provided that ppp_perm_list is not NULL,
- * *ppp_perm_list is set to NULL.
- *
- * @param pkg_id application identifier
- * @param app_type application type
- * @param ppp_perm_list buffer for return value
- * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
- */
-int perm_app_get_permissions(const char *pkg_id, app_type_t app_type, char ***ppp_perm_list);
-
-/**
* Recursively set SMACK access labels for an application directory
* and execute labels for executable files.
* This function should be called once during app installation.
* - APP_PATH_PRIVATE: label with app's label, set access label on everything
* and execute label on executable files and symlinks to executable files
*
- * - APP_PATH_GROUP: label with given shared_label, set access label on
+ * - APP_PATH_GROUP_RW: label with given shared_label, set access label on
* everything and enable transmute on directories. Also give pkg_id full access
* to the shared label.
*
- * - APP_PATH_PUBLIC: label with autogenerated label, set access label on
+ * - APP_PATH_PUBLIC_RO: label with autogenerated label, set access label on
* everything and enable transmute on directories. Give full access to the label to
- * pkg_id and RX access to all other applications.
+ * pkg_id and RX access to all other apps.
*
- * - APP_PATH_SETTINGS: label with autogenerated label, set access label on
+ * - APP_PATH_SETTINGS_RW: label with autogenerated label, set access label on
* everything and enable transmute on directories. Give full access to the label to
- * pkg_id and RWX access to all appsetting applications.
- *
- * - PERM_APP_PATH_NPRUNTIME: label executable file or symlink to an exec given in path param
- * with label "<pkg_id>.npruntime". Set execute label on it.
- * Give pkg_id RW access to new created label and give new label RXAT access to pkg_id.
- *
- * - APP_PATH_ANY_LABEL: label with given shared_label. Set access label on
- * everything and execute label on executable files and symlinks to
- * executable files.
+ * pkg_id and RWX access to all appsetting apps.
*
- * This function should be called during application installation. Results will
- * be persistent on the file system. It must be called by privileged user and
- * within database transaction started with perm_begin() and finished with
- * perm_end().
+ * This function should be called during app installation.
+ * Results will be persistent on the file system.
+ * It must be called by privileged user.
*
* @param pkg_id application identifier
* @param path file or directory path
int app_setup_path(const char* pkg_id, const char* path, app_path_type_t app_path_type, ...) DEPRECATED;
/**
- * Get paths of the specified type for the given application.
- *
- * Provided type must be one of PERM_APP_PATH_GROUP, PERM_APP_PATH_PUBLIC, PERM_APP_PATH_SETTINGS,
- * PERM_APP_PATH_NPRUNTIME, as other types are not stored in the database.
- *
- * In case of success caller is responsible for freeing memory allocated by it.
- * Each cell in *ppp_paths except for the last (NULL) should be freed, followed by freeing
- * *ppp_paths itself.
- *
- * In case of error an error code is returned and, provided that ppp_paths is not NULL,
- * *ppp_paths is set to NULL.
- *
- * @param pkg_id application identifier
- * @param app_path_type type of path
- * @param ppp_paths buffer for return value
- * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
- */
-int perm_app_get_paths(const char* pkg_id, app_path_type_t app_path_type, char*** ppp_paths);
-
-/**
- * Remove path and all rules associated with it from the database.
- *
- * This does not remove data from the filesystem.
- *
- * @param pkg_id application identifier
- * @param path path to remove
- * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
- */
-int perm_app_remove_path(const char* pkg_id, const char *path);
-
-/**
* Make two applications "friends", by giving them both full permissions on
* each other.
* Results will be persistent on the file system. Must be called after
int app_add_friend(const char* pkg_id1, const char* pkg_id2) DEPRECATED;
/**
+ * Modify SMACK rules to give access from (subject)customer_label to (object)
+ * provider_label.
+ * Note: This function will do nothing if subject has already rwxat access to
+ * object. You can revoke this modyfication by calling app_rovoke_access.
+ *
+ * @param subject - label of client application
+ * @param object - label of provider application
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int app_give_access(const char* subject, const char* object, const char* permission);
+
+/**
+ * Revoke access granted by app_give_access. This function will not remove
+ * accesses that were granted before app_give_access call.
+ *
+ * @param subject - label of client application
+ * @param object - label of provider application
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int app_revoke_access(const char* subject, const char* object);
+
+/**
* Adds new feature to the database. It must be called by privileged user and
* within database transaction started with perm_begin() and finished with
* perm_end().
int perm_rollback(void);
/**
- * Adds additional rules to the database. The rules can use wild-cards and labels.
- * It must be called within database transaction started with perm_begin() and
- * finished with perm_end().
- *
- * @param set_smack_rule_set an array of rules, NULL terminated
- * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
- */
-int perm_add_additional_rules(const char** set_smack_rule_set);
-
-/**
* Get message connected to error code.
*
* @param errnum error code
/**
- * Adds all label names from additional rules to modified labels.
- * Used when additional rules are inserted into the database.
- *
- * @ingroup RDB internal functions
- *
- * @param p_db pointer to a SQLite3 database object
- * @return PC_OPERATION_SUCCESS on success, error code otherwise
- */
-int add_modified_additional_rules_internal(sqlite3 *p_db);
-
-
-/**
* Adds label names of the application's folders to the modified labels.
* Used during removing application.
*
*/
int add_modified_apps_path_internal(sqlite3 *p_db, const char *const s_app_label_name);
-/**
- * Adds path label's name to the modified labels.
- * Used during removing path.
- *
- * @ingroup RDB internal functions
- *
- * @param p_db pointer to a SQLite3 database object
- * @param s_path the path
- * @return PC_OPERATION_SUCCESS on success, error code otherwise
- */
-int add_modified_paths_label_internal(sqlite3 *p_db, const char *const s_path);
/**
* Open a connection with the database and perform an initialization.
const char *const s_access_reverse,
const char *const s_type);
-/**
- * Remove path for the specified application and delete it's label if it's no longer used.
- *
- * @param p_db pointer to a SQLite3 database object
- * @param s_owner_label_name owner application
- * @param s_path the path
- * @return PC_OPERATION_SUCCESS on success, error code otherwise
- */
-int remove_path_internal(sqlite3 *p_db,
- const char *const s_owner_label_name,
- const char *const s_path);
-
-
-/**
- * Get number of paths of the specified type for the given application.
- *
- * @param p_db pointer to a SQLite3 database object
- * @param s_app_label_name application's label name
- * @param s_app_path_type_name name of the path type to get
- * @param p_num_paths buffer for the return value
- * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
- */
-int get_app_paths_count_internal(sqlite3 *p_db,
- const char *const s_app_label_name,
- const char *const s_app_path_type_name,
- int *const p_num_paths);
-
-
-/**
- * Get paths of the specified type for the given application.
- *
- * @ingroup RDB API functions
- *
- * @param p_db pointer to a SQLite3 database object
- * @param s_app_label_name application's label name
- * @param s_app_path_type_name name of the path type to get
- * @param i_num_paths number of paths
- * @param ppp_paths buffer for return value
- * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
- */
-int get_app_paths_internal(sqlite3 *p_db,
- const char *const s_app_label_name,
- const char *const s_app_path_type_name,
- const int i_num_paths,
- char ***ppp_paths);
-
/**
* Add a permission with a given name and of a give type
const char *const *const pp_smack_rules);
-/**
- * Check if an app has a permission that is specified by the name.
- *
- * @ingroup RDB internal functions
- *
- * @param p_db pointer to a SQLite3 database object
- * @param i_app_id application id
- * @param s_permission_name permission name
- * @param s_permission_type_name permission type name
- * @param p_is_enabled buffer for return value
- * @return PC_OPERATION_SUCCESS on success, error code otherwise
- */
-int check_app_has_permission_internal(sqlite3 *p_db,
- const char *const s_app_label_name,
- const char *const s_permission_name,
- const char *const s_permission_type_name,
- bool *const p_is_enabled);
-
-/**
- * Get number of the permissions for given application type.
- *
- * @ingroup RDB internal functions
- *
- * @param p_db pointer to a SQLite3 database object
- * @param pi_permission_number number of found permissions
- * @param s_permission_type_name permission's type
- * @return PC_OPERATION_SUCCESS on success,
- * PC_ERR_* on error
- */
-int get_permission_number(sqlite3 *p_db,
- size_t *pi_permission_number,
- const char *const s_permission_type_name);
-
-/**
- * Get the list of the permissions for given application type.
- *
- * @ingroup RDB internal functions
- *
- * @param p_db pointer to a SQLite3 database object
- * @param ppp_permissions list of all permissions
- * @param i_permission_number number of found permissions
- * @param s_permission_type_name permission's type
-
- * @return PC_OPERATION_SUCCESS on success,
- * PC_ERR_* on error
- */
-int get_permissions_internal(sqlite3 *p_db,
- char ***ppp_permissions,
- size_t i_permission_number,
- const char *const s_permission_type_name);
-
-/**
- * Get number of apps for given app type with given permission.
- *
- * @ingroup RDB internal functions
- *
- * @param p_db pointer to a SQLite3 database object
- * @param pi_apps_number number of found apps
- * @param s_permission_type_name permission's type
- * @param s_permission_name permission's name
- * @return PC_OPERATION_SUCCESS on success,
- * PC_ERR_* on error
- */
-int get_apps_number(sqlite3 *p_db,
- size_t *pi_apps_number,
- const char *const s_permission_type_name,
- const char *const s_permission_name);
-
-/**
- * Get the list of the applications's statuses of given type with particular permission.
- *
- * @ingroup RDB internal functions
- *
- * @param p_db pointer to a SQLite3 database object
- * @param pp_apps list of application's statuses
- * @param i_apps_number number of found applicationa
- * @param s_permission_type_name permission's type
- * @param s_permission_name permission's name
- * @return PC_OPERATION_SUCCESS on success,
- * PC_ERR_* on error
- */
-int get_apps_with_permission_internal(sqlite3 *p_db,
- perm_app_status_t **pp_apps,
- size_t i_apps_number,
- const char *const s_permission_type_name,
- const char *const s_permission_name);
-
-/**
- * Get number of permission of a certain type for the specified app.
- *
- * @param p_db pointer to a SQLite3 database object
- * @param s_app_label_name application label's name
- * @param s_permission_type_name permission type's name
- * @param p_num_permissions buffer for return value
- * @return PC_OPERATION_SUCCESS on success, error code otherwise
- */
-int get_app_permissions_number_internal(sqlite3 *p_db,
- const char *const s_app_label_name,
- const char *const s_permission_type_name,
- int *const p_num_permissions);
-
-/**
- * Get permissions for the specified app.
- *
- * @param p_db pointer to a SQLite3 database object
- * @param s_app_label_name application label's name
- * @param s_permission_type_name permission type's name
- * @param i_num_permissions number of permissions of the specified type
- * @param ppp_perm_list buffer for return value
- * @return PC_OPERATION_SUCCESS on success, error code otherwise
- */
-int get_app_permissions_internal(sqlite3 *p_db,
- const char *const s_app_label_name,
- const char *const s_permission_type_name,
- const int i_num_permissions,
- char ***ppp_perm_list);
-
/**
* Gets the internal app id of an application with a given name.
*/
int update_smack_rules(sqlite3 *p_db);
-
-/**
- * Add additional rules to the database.
- *
- * @ingroup RDB internal functions
- *
- * @param p_db pointer to a SQLite3 database object
- * @param pp_smack_rules a list of smack rules
- * @return PC_OPERATION_SUCCESS on success, error code otherwise
- */
-int add_additional_rules_internal(sqlite3 *p_db,
- const char *const *const pp_smack_rules);
-
#endif // _RULES_DB_INTERNALS_H_
/**
- * Get paths of the specified type for the given application.
- *
- * @ingroup RDB API functions
- *
- * @param s_app_label_name application's label name
- * @param s_app_path_type_name name of the path type to get
- * @param ppp_paths buffer for return value
- * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
- */
-int rdb_get_app_paths(const char *const s_app_label_name,
- const char *const s_app_path_type_name,
- char ***ppp_paths);
-
-
-/**
- * Remove path and all rules associated with it from the database.
- *
- * @ingroup RDB API functions
- *
- * @param s_owner_label_name owner application's label name
- * @param s_path the path
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-int rdb_remove_path(const char *const s_owner_label_name,
- const char *const s_path);
-
-
-/**
* Add permission with the given name and type and add smack rules.
*
* @ingroup RDB API functions
*/
int rdb_reset_app_permissions(const char *const s_app_label_name);
-/**
- * Add the additional rules to the database. Erase the previous rules.
- *
- * @ingroup RDB API functions
- *
- * @param pp_smack_rules NULL terminated table of rules
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-int rdb_add_additional_rules(const char *const *const pp_smack_rules);
-
-
-/**
- * Check if app has the privilege that is specified by the name.
- *
- * @ingroup RDB API functions
- *
- * @param s_app_label_name application's label name
- * @param s_permission_type_name permission's type name
- * @param s_permission_name permission name
- * @param p_is_enabled buffer for return value
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-int rdb_app_has_permission(const char *const s_app_label_name,
- const char *const s_permission_type_name,
- const char *const s_permission_name,
- bool *const p_is_enabled);
-
-/**
- * Get permissions for the specified app.
- *
- * @ingroup RDB API functions
- *
- * @param s_app_label_name application label's name
- * @param s_permission_type_name permission type's name
- * @param ppp_perm_list buffer for return value
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
- */
-int rdb_app_get_permissions(const char *const s_app_label_name,
- const char *const s_permission_type_name,
- char ***ppp_perm_list);
-
-/**
- * Get the list of the permissions for given application type.
- *
- * @ingroup RDB API functions
- *
- * @param ppp_permissions buffer for all of the found permissions
- * @param s_permission_type_name permission's type
- * @return PC_OPERATION_SUCCESS on success,
- * PC_ERR_* on error
- */
-int rdb_get_permissions(char ***ppp_permissions, const char *const s_permission_type_name);
-
-/**
- * Get the list of apps for given app type with given permission.
- *
- * @ingroup RDB API functions
- *
- * @param pp_apps list of application's statuses
- * @param pi_apps_number number of found apps
- * @param s_permission_type_name permission's type
- * @param s_permission_name permission's name
- * @return PC_OPERATION_SUCCESS on success,
- * PC_ERR_* on error
- */
-int rdb_get_apps_with_permission(perm_app_status_t **pp_apps,
- size_t *pi_apps_number,
- const char *const s_permission_type_name,
- const char *const s_permission_name);
#endif /*_RULES_DB_H_*/
!strcmp(s_label, "~ALL_APPS_WITH_SAME_PERMISSION~") ||
!strcmp(s_label, "~PUBLIC_PATH~") ||
!strcmp(s_label, "~GROUP_PATH~") ||
- !strcmp(s_label, "~SETTINGS_PATH~") ||
- !strcmp(s_label, "~NPRUNTIME_PATH~");
+ !strcmp(s_label, "~SETTINGS_PATH~");
}
__func__, app_type);
switch (app_type) {
- case PERM_APP_TYPE_WRT:
+ case APP_TYPE_WGT:
C_LOGD("App type = WRT");
return "WRT";
- case PERM_APP_TYPE_OSP:
+ case APP_TYPE_OSP:
C_LOGD("App type = OSP");
return "OSP";
- case PERM_APP_TYPE_WRT_PARTNER:
- C_LOGD("App type = WRT_partner");
- return "WRT_partner";
- case PERM_APP_TYPE_WRT_PLATFORM:
- C_LOGD("App type = WRT_platform");
- return "WRT_platform";
- case PERM_APP_TYPE_OSP_PARTNER:
- C_LOGD("App type = OSP_partner");
- return "OSP_partner";
- case PERM_APP_TYPE_OSP_PLATFORM:
- C_LOGD("App type = OSP_platform");
- return "OSP_platform";
- case PERM_APP_TYPE_EFL:
+ case APP_TYPE_EFL:
C_LOGD("App type = EFL");
return "EFL";
default:
__func__, app_type);
switch (app_type) {
- case PERM_APP_TYPE_WRT:
- case PERM_APP_TYPE_WRT_PARTNER:
- case PERM_APP_TYPE_WRT_PLATFORM:
+ case APP_TYPE_WGT:
C_LOGD("App type group name = WRT");
return "WRT";
- case PERM_APP_TYPE_OSP:
- case PERM_APP_TYPE_OSP_PARTNER:
- case PERM_APP_TYPE_OSP_PLATFORM:
+ case APP_TYPE_OSP:
C_LOGD("App type group name = OST");
return "OSP";
- case PERM_APP_TYPE_EFL:
+ case APP_TYPE_EFL:
C_LOGD("App type = EFL");
return "EFL";
default:
SECURE_C_LOGD("Entering function %s. Params: app_path_type=%d", __func__, app_path_type);
switch(app_path_type) {
- case PERM_APP_PATH_GROUP:
+ case APP_PATH_GROUP_RW:
return "GROUP_PATH";
- case PERM_APP_PATH_PUBLIC:
+ case APP_PATH_PUBLIC_RO:
return "PUBLIC_PATH";
- case PERM_APP_PATH_SETTINGS:
+ case APP_PATH_SETTINGS_RW:
return "SETTINGS_PATH";
- case PERM_APP_PATH_NPRUNTIME:
- return "NPRUNTIME_PATH";
- case PERM_APP_PATH_PRIVATE:
- case PERM_APP_PATH_ANY_LABEL:
+ case APP_PATH_PRIVATE:
+ case APP_PATH_ANY_LABEL:
default:
// App path type not stored in the database, return NULL;
return NULL;
}
}
-/**
- * TODO: this function should be moved to libsmack in open-source.
- */
-API int get_smack_label_from_process(pid_t pid, char *smack_label)
-{
- SECURE_C_LOGD("Entering function: %s. Params: pid=%i", __func__, pid);
-
- int ret;
- int fd AUTO_CLOSE;
- int PATH_MAX_LEN = 64;
- char path[PATH_MAX_LEN + 1];
-
- if (pid < 0) {
- C_LOGE("invalid param pid.");
- ret = PC_ERR_INVALID_PARAM;
- goto out;
- }
-
- if(smack_label == NULL) {
- C_LOGE("Invalid param smack_label (NULL).");
- ret = PC_ERR_INVALID_PARAM;
- goto out;
- }
-
- bzero(smack_label, SMACK_LABEL_LEN + 1);
- if (!have_smack()) { // If no smack just return success with empty label
- C_LOGD("No SMACK. Returning empty label");
- ret = PC_OPERATION_SUCCESS;
- goto out;
- }
-
- bzero(path, PATH_MAX_LEN + 1);
- snprintf(path, PATH_MAX_LEN, "/proc/%d/attr/current", pid);
- fd = open(path, O_RDONLY);
- if (fd < 0) {
- SECURE_C_LOGE("Cannot open file %s (errno: %s)", path, strerror(errno));
- ret = PC_ERR_FILE_OPERATION;
- goto out;
- }
-
- ret = read(fd, smack_label, SMACK_LABEL_LEN);
- if (ret < 0) {
- SECURE_C_LOGE("Cannot read from file %s", path);
- ret = PC_ERR_FILE_OPERATION;
- goto out;
- }
-
- SECURE_C_LOGD("smack_label=%s", smack_label);
-
- ret = PC_OPERATION_SUCCESS;
-
-out:
- return ret;
-}
-
-API int smack_pid_have_access(pid_t pid,
- const char* object,
- const char *access_type)
-{
- SECURE_C_LOGD("Entering function: %s. Params: pid=%i, object=%s, access_type=%s",
- __func__, pid, object, access_type);
-
- int ret;
- char pid_subject_label[SMACK_LABEL_LEN + 1];
- cap_t cap;
- cap_flag_value_t cap_v;
-
- if (!have_smack()) {
- C_LOGD("No SMACK. Return access granted");
- return 1;
- }
-
- if (pid < 0) {
- C_LOGE("Invalid pid.");
- return -1;
- }
-
- if(object == NULL) {
- C_LOGE("Invalid object param.");
- return -1;
- }
-
- if(access_type == NULL) {
- C_LOGE("Invalid access_type param");
- return -1;
- }
-
- //get SMACK label of process
- ret = get_smack_label_from_process(pid, pid_subject_label);
- if (PC_OPERATION_SUCCESS != ret) {
- SECURE_C_LOGE("get_smack_label_from_process %d failed: %d", pid, ret);
- return -1;
- }
- SECURE_C_LOGD("pid %d has label: %s", pid, pid_subject_label);
-
- // do not call smack_have_access() if label is empty
- if (pid_subject_label[0] != '\0') {
- ret = smack_have_access(pid_subject_label, object, access_type);
- if ( -1 == ret) {
- C_LOGE("smack_have_access failed.");
- return -1;
- }
- if ( 1 == ret ) { // smack_have_access return 1 (access granted)
- C_LOGD("smack_have_access returned 1 (access granted)");
- return 1;
- }
- }
-
- // smack_have_access returned 0 (access denied). Now CAP_MAC_OVERRIDE should be checked
- C_LOGD("smack_have_access returned 0 (access denied)");
- cap = cap_get_pid(pid);
- if (cap == NULL) {
- C_LOGE("cap_get_pid failed");
- return -1;
- }
- ret = cap_get_flag(cap, CAP_MAC_OVERRIDE, CAP_EFFECTIVE, &cap_v);
- if (0 != ret) {
- C_LOGE("cap_get_flag failed");
- return -1;
- }
-
- if (cap_v == CAP_SET) {
- C_LOGD("pid %d has CAP_MAC_OVERRIDE", pid);
- return 1;
-
- } else {
- C_LOGD("pid %d doesn't have CAP_MAC_OVERRIDE", pid);
- return 0;
- }
-}
-
-
-
static int get_user_groups(uid_t user_id, int *nbgroup, gid_t **groups_list)
{
gid_t *groups = NULL;
int ret;
*smack_label = NULL;
- if (type == PERM_APP_TYPE_WRT
- || type == PERM_APP_TYPE_WRT_PARTNER
- || type == PERM_APP_TYPE_WRT_PLATFORM) {
+ if (type == APP_TYPE_WGT) {
ret = smack_lgetlabel(path, smack_label, SMACK_LABEL_EXEC);
} else {
ret = smack_getlabel(path, smack_label, SMACK_LABEL_EXEC);
if (is_widget(path)) {
if (!strcmp(type, "wgt")) {
C_LOGD("PKG_TYPE_WRT");
- return PERM_APP_TYPE_WRT; /* good */
- } else if (!strcmp(type, "wgt_partner")) {
- C_LOGD("PKG_TYPE_WRT_PARTNER");
- return PERM_APP_TYPE_WRT_PARTNER; /* good */
- } else if (!strcmp(type, "wgt_platform")) {
- C_LOGD("PKG_TYPE_WRT_PLATFORM");
- return PERM_APP_TYPE_WRT_PLATFORM; /* good */
+ return APP_TYPE_WGT; /* good */
}
-
} else {
if (!strcmp(type, "osp") || !strcmp(type, "tpk")) {
C_LOGD("PKG_TYPE_OSP");
- return PERM_APP_TYPE_OSP; /* good */
- } else if (!strcmp(type, "osp_partner")) {
- C_LOGD("PKG_TYPE_OSP_PARTNER");
- return PERM_APP_TYPE_OSP_PARTNER; /* good */
- } else if (!strcmp(type, "osp_platform")) {
- C_LOGD("PKG_TYPE_OSP_PLATFORM");
- return PERM_APP_TYPE_OSP_PLATFORM; /* good */
+ return APP_TYPE_OSP; /* good */
} else if (!strcmp(type, "efl") || !strcmp(type, "rpm")) {
C_LOGD("PKG_TYPE_EFL");
- return PERM_APP_TYPE_EFL; /* good */
+ return APP_TYPE_EFL; /* good */
}
}
return perm_app_enable_permissions(app_id, APP_TYPE_OTHER, perm_list, false);
}
-API int perm_app_setup_permissions(const char* pkg_id, app_type_t app_type,
- const char** perm_list)
-{
- SECURE_C_LOGD("Entering function: %s. Params: pkg_id=%s, app_type=%d",
- __func__, pkg_id, app_type);
- return perm_app_enable_permissions(pkg_id, app_type, perm_list, true);
-}
-
API int app_enable_permissions(const char* pkg_id, app_type_t app_type, const char** perm_list, bool persistent)//deprecated
{
SECURE_C_LOGD("Entering function: %s. Params: pkg_id=%s, app_type=%d, persistent=%d",
return PC_OPERATION_SUCCESS;
}
-API int perm_app_has_permission(const char *pkg_id,
- app_type_t app_type,
- const char *permission_name,
- bool *is_enabled)
-{
- SECURE_C_LOGD("Entering function: %s. Params: pkg_id=%s, app_type=%d, permission_name=%s",
- __func__, pkg_id, app_type, permission_name);
-
- const char *app_group = app_type_group_name(app_type);
-
- if (app_group == NULL) {
- C_LOGE("Unknown param app type.");
- return PC_ERR_INVALID_PARAM;
- }
-
- if (!smack_label_is_valid(pkg_id)) {
- C_LOGE("Invalid param app_id.");
- return PC_ERR_INVALID_PARAM;
- }
-
- if (permission_name == NULL) {
- C_LOGE("Invalid param permission_name (NULL).");
- return PC_ERR_INVALID_PARAM;
- }
-
- if (is_enabled == NULL) {
- C_LOGE("Invalid param is_enabled (NULL).");
- return PC_ERR_INVALID_PARAM;
- }
-
- return rdb_app_has_permission(pkg_id, app_group, permission_name, is_enabled);
-}
-
-API int perm_app_get_permissions(const char *pkg_id, app_type_t app_type, char ***ppp_perm_list)
-{
- SECURE_C_LOGD("Entering function: %s. Params: pkg_id=%s, app_type=%d", __func__, pkg_id,
- app_type);
-
- const char *app_group = app_type_group_name(app_type);
- int ret;
-
- if (ppp_perm_list == NULL) {
- C_LOGE("Invalid param ppp_perm_list (NULL).");
- return PC_ERR_INVALID_PARAM;
- }
- // Set the given pointer to NULL in case of future failure.
- *ppp_perm_list = NULL;
-
- if (app_group == NULL) {
- C_LOGE("Unknown param app type.");
- return PC_ERR_INVALID_PARAM;
- }
-
- if (!smack_label_is_valid(pkg_id)) {
- C_LOGE("Invalid param app_id.");
- return PC_ERR_INVALID_PARAM;
- }
-
- ret = rdb_app_get_permissions(pkg_id, app_group, ppp_perm_list);
- if (ret != PC_OPERATION_SUCCESS) {
- C_LOGE("RDB rdb_app_get_permissions failed with: %d", ret);
- return ret;
- }
-
- return PC_OPERATION_SUCCESS;
-}
-
-API int perm_get_permissions(char ***ppp_permissions, app_type_t app_type)
-{
- SECURE_C_LOGD("Entering function: %s. Params: app_type=%d",
- __func__, app_type);
- int ret;
-
- if(ppp_permissions == NULL) {
- C_LOGE("Invalid ppp_permissions (NULL).");
- return PC_ERR_INVALID_PARAM;
- }
- // Set the given pointer to NULL in case of future failure
- *ppp_permissions = NULL;
-
- const char *s_permission_type_name = app_type_group_name(app_type);
-
- if(s_permission_type_name == NULL) {
- C_LOGE("Unknown param app type.");
- return PC_ERR_INVALID_PARAM;
- }
-
- ret = rdb_get_permissions(ppp_permissions, s_permission_type_name);
-
- if(ret != PC_OPERATION_SUCCESS) {
- C_LOGE("RDB %s failed with: %d", __func__, ret);
- return ret;
- }
-
- return PC_OPERATION_SUCCESS;
-}
-
-API int perm_get_apps_with_permission(perm_app_status_t **pp_apps,
- size_t *pi_apps_number,
- app_type_t app_type,
- const char *s_permission_name)
-{
- SECURE_C_LOGD("Entering function: %s. Params: \
- app_type=%d, s_permission_name=%s",
- __func__, app_type, s_permission_name);
- int ret;
-
- if(pp_apps == NULL) {
- C_LOGE("Invalid ppp_permissions (NULL).");
- return PC_ERR_INVALID_PARAM;
- }
- // Set the given pointer to NULL in case of future failure
- *pp_apps = NULL;
-
- if(pi_apps_number == NULL) {
- C_LOGE("Invalid pi_apps_number (NULL).");
- return PC_ERR_INVALID_PARAM;
- }
-
- if(s_permission_name == NULL) {
- C_LOGE("Invalid s_permission_name (NULL).");
- return PC_ERR_INVALID_PARAM;
- }
-
- const char *s_permission_type_name = app_type_group_name(app_type);
-
- if(s_permission_type_name == NULL) {
- C_LOGE("Unknown param app type.");
- return PC_ERR_INVALID_PARAM;
- }
-
- ret = rdb_get_apps_with_permission(pp_apps,
- pi_apps_number,
- s_permission_type_name,
- s_permission_name);
-
- if(ret != PC_OPERATION_SUCCESS) {
- C_LOGE("RDB %s failed with: %d", __func__, ret);
- return ret;
- }
-
- return PC_OPERATION_SUCCESS;
-}
-
-API void perm_free_apps_list(perm_app_status_t *pp_apps,
- size_t i_apps_number)
-{
- SECURE_C_LOGD("Entering function: %s. Params: i_apps_number=%d",
- __func__, i_apps_number);
-
- size_t i;
- if(pp_apps != NULL) {
- for(i = 0; i < i_apps_number; ++i) {
- free(pp_apps[i].app_id);
- }
- free(pp_apps);
- }
-}
-
API int app_label_dir(const char* label, const char* path)//deprecated
{
SECURE_C_LOGD("Entering function: %s. Params: label=%s, path=%s",
return ret;
}
-
API int app_label_shared_dir(const char* app_label, const char* shared_label, const char* path)//deprecated
{
SECURE_C_LOGD("Entering function: %s. Params: app_label=%s, shared_label=%s, path=%s",
C_LOGD("app_path_type is APP_PATH_PRIVATE.");
return app_label_dir(pkg_id, path);
- case APP_PATH_GROUP: {
+ case APP_PATH_GROUP_RW: {
C_LOGD("app_path_type is APP_PATH_GROUP.");
int ret;
const char *shared_label;
return PC_OPERATION_SUCCESS;
}
- case APP_PATH_PUBLIC: {
+ case APP_PATH_PUBLIC_RO: {
C_LOGD("app_path_type is APP_PATH_PUBLIC.");
const char *label;
int ret;
return PC_OPERATION_SUCCESS;
}
- case APP_PATH_SETTINGS: {
+ case APP_PATH_SETTINGS_RW: {
C_LOGD("app_path_type is APP_PATH_SETTINGS.");
const char *label;
int ret;
return PC_OPERATION_SUCCESS;
}
- case PERM_APP_PATH_NPRUNTIME: {
- C_LOGD("app_path_type is PERM_APP_PATH_NPRUNTIME.");
- char label[SMACK_LABEL_LEN + 1];
- int ret;
-
- // Create label:
- if ((strlen(pkg_id) + strlen(".npruntime")) > SMACK_LABEL_LEN) {
- C_LOGE("cannot create npruntime label, pkg_id is too long.");
- return PC_ERR_INVALID_PARAM;
- }
- ret = sprintf(label, "%s.npruntime", pkg_id);
- if (ret <= 0) {
- C_LOGE("creating npruntime label failed.");
- return PC_ERR_INVALID_OPERATION;
- }
- C_LOGD("Generated npruntime label '%s' for path %s", label, path);
-
- // Label executable/symlink
- ret = set_exec_label(label, path);
- if (ret != PC_OPERATION_SUCCESS) {
- C_LOGE("cannot set executable label '%s' for path %s.", label, path);
- return ret;
- }
-
- // Add the path to the database:
- ret = rdb_add_path(pkg_id, label, path, "rw", "rxat", "NPRUNTIME_PATH");
- if (ret != PC_OPERATION_SUCCESS) {
- C_LOGE("RDB rdb_add_path failed with: %d", ret);
- return ret;
- }
-
- return PC_OPERATION_SUCCESS;
- }
-
case APP_PATH_ANY_LABEL: {
C_LOGD("app_path_type is APP_PATH_ANY_LABEL.");
const char *label = NULL;
return ret;
}
-
API int perm_app_setup_path(const char* pkg_id, const char* path, app_path_type_t app_path_type, ...)
{
SECURE_C_LOGD("Entering function: %s. Params: pkg_id=%s, path=%s, app_path_type=%d",
return ret;
}
-API int perm_app_get_paths(const char* pkg_id, app_path_type_t app_path_type, char*** ppp_paths)
-{
- SECURE_C_LOGD("Entering function: %s. Params: pkg_id=%s, app_path_type=%d", __func__,
- pkg_id, app_path_type);
-
- const char *path_type_name = app_path_type_name(app_path_type);
- int ret;
-
- if (ppp_paths == NULL) {
- C_LOGE("Invalid param ppp_paths (NULL).");
- return PC_ERR_INVALID_PARAM;
- }
- // Set the given pointer to NULL in case of future failure.
- *ppp_paths = NULL;
-
- if (path_type_name == NULL) {
- C_LOGE("Unknown or invalid param app_path_type.");
- return PC_ERR_INVALID_PARAM;
- }
-
- if (!smack_label_is_valid(pkg_id)) {
- C_LOGE("Invalid param app_id.");
- return PC_ERR_INVALID_PARAM;
- }
-
- ret = rdb_get_app_paths(pkg_id, path_type_name, ppp_paths);
- if (ret != PC_OPERATION_SUCCESS) {
- C_LOGE("RDB rdb_app_get_paths failed with: %d", ret);
- return ret;
- }
-
- return PC_OPERATION_SUCCESS;
-}
-
-API int perm_app_remove_path(const char* pkg_id, const char *path)
-{
- SECURE_C_LOGD("Entering function: %s. Params: pkg_id=%s, path=%s", __func__, pkg_id, path);
-
- int ret;
-
- if (path == NULL) {
- C_LOGE("Invalid param path (NULL).");
- return PC_ERR_INVALID_PARAM;
- }
-
- if (!smack_label_is_valid(pkg_id)) {
- C_LOGE("Invalid param app_id.");
- return PC_ERR_INVALID_PARAM;
- }
-
- ret = rdb_remove_path(pkg_id, path);
- if (ret != PC_OPERATION_SUCCESS) {
- C_LOGE("RDB rdb_remove_path failed with %d", ret);
- return ret;
- }
-
- return PC_OPERATION_SUCCESS;
-}
-
API int app_add_friend(const char* pkg_id1, const char* pkg_id2)//deprecated
{
SECURE_C_LOGD("Entering function: %s. Params: pkg_id1=%s, pkg_id2=%s",
return PC_ERR_INVALID_OPERATION;
}
-API int perm_add_additional_rules(const char** smack_rules){
- SECURE_C_LOGD("Entering function: %s.", __func__);
- int ret;
- if (!smack_rules){
- C_LOGE("smack_rules is NULL");
- return PC_ERR_INVALID_PARAM;
- }
-
- ret = rdb_add_additional_rules(smack_rules);
- if (ret != PC_OPERATION_SUCCESS) {
- C_LOGE("RDB rdb_add_additional_rules failed with: %d", ret);
- return ret;
- }
-
- return PC_OPERATION_SUCCESS;
-}
-
API const char* perm_strerror(int errnum)
{
switch (errnum) {
return "Unknown error";
}
}
+
+int app_give_access(const char* subject UNUSED, const char* object UNUSED, const char* permission UNUSED) {
+
+ return PC_ERR_INVALID_OPERATION;
+}
+
+int app_revoke_access(const char* subject UNUSED, const char* object UNUSED) {
+ return PC_ERR_INVALID_OPERATION;
+}
}
-int add_modified_additional_rules_internal(sqlite3 *p_db)
-{
- if(sqlite3_exec(p_db,"INSERT OR IGNORE INTO modified_label(name) \
- SELECT label_name \
- FROM label_app_path_type_rule_view",
- 0, 0, 0) != SQLITE_OK) {
- C_LOGE("RDB: Error during marking labels as modified: %s", sqlite3_errmsg(p_db));
- return PC_ERR_DB_OPERATION;
- }
- return PC_OPERATION_SUCCESS;
-}
-
-
int add_modified_apps_path_internal(sqlite3 *p_db,
const char *const s_app_label_name)
{
return ret;
}
-int add_modified_paths_label_internal(sqlite3 *p_db, const char *const s_path)
-{
- int ret = PC_OPERATION_SUCCESS;
- sqlite3_stmt *p_stmt = NULL;
-
- ret = prepare_stmt(p_db, &p_stmt,
- "INSERT OR IGNORE INTO modified_label(name) \
- SELECT path_view.path_label_name \
- FROM path_view \
- WHERE path_view.path = %Q",
- s_path);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = step_and_convert_returned_value(p_stmt);
-finish:
- if(sqlite3_finalize(p_stmt) < 0)
- C_LOGE("RDB: Error during finalizing statement: %s", sqlite3_errmsg(p_db));
-
- return ret;
-}
/**
* Function called when the target database is busy.
return ret;
}
-int get_app_paths_count_internal(sqlite3 *p_db,
- const char *const s_app_label_name,
- const char *const s_app_path_type_name,
- int *const p_num_paths)
-{
- RDB_LOG_ENTRY_PARAM("%s %s", s_app_label_name, s_app_path_type_name);
-
- int ret;
- int sql_ret;
- sqlite3_stmt *p_stmt = NULL;
-
- ret = prepare_stmt(p_db, &p_stmt,
- "SELECT COUNT(path) \
- FROM path_view \
- WHERE owner_app_label_name = %Q AND \
- path_type_name = %Q",
- s_app_label_name, s_app_path_type_name);
- if (ret != PC_OPERATION_SUCCESS) goto finish;
-
- sql_ret = sqlite3_step(p_stmt);
- if (sql_ret == SQLITE_ROW) {
- ret = PC_OPERATION_SUCCESS;
- *p_num_paths = sqlite3_column_int(p_stmt, RDB_FIRST_COLUMN);
- } else if(sql_ret == SQLITE_BUSY) {
- //base locked in exclusive mode for too long
- C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
- ret = PC_ERR_DB_CONNECTION;
- } else {
- C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
- ret = PC_ERR_DB_QUERY_STEP;
- }
-
-finish:
- if (sqlite3_finalize(p_stmt) != SQLITE_OK) {
- C_LOGE("RDB: Error during finalizing statement: %s", sqlite3_errmsg(p_db));
- }
-
- return ret;
-}
-
-int get_app_paths_internal(sqlite3 *p_db,
- const char *const s_app_label_name,
- const char *const s_app_path_type_name,
- const int i_num_paths,
- char ***ppp_paths)
-{
- RDB_LOG_ENTRY_PARAM("%s %s %d", s_app_label_name, s_app_path_type_name, i_num_paths);
-
- int ret;
- int sql_ret = SQLITE_DONE;
- int allocated_paths = 0;
- int i;
- sqlite3_stmt *p_stmt = NULL;
-
- // Allocate an array for paths (+1 for NULL pointer terminating *ppp_paths).
- *ppp_paths = (char **) malloc(sizeof **ppp_paths * (i_num_paths + 1));
-
- if (*ppp_paths == NULL) {
- C_LOGE("Cannot allocate memory");
- return PC_ERR_MEM_OPERATION;
- }
-
- ret = prepare_stmt(p_db, &p_stmt,
- "SELECT path \
- FROM path_view \
- WHERE owner_app_label_name = %Q AND \
- path_type_name = %Q",
- s_app_label_name, s_app_path_type_name);
- if (ret != PC_OPERATION_SUCCESS) goto finish;
-
- for (i = 0; i < i_num_paths; ++i) {
- if ((sql_ret = sqlite3_step(p_stmt)) != SQLITE_ROW) break;
-
- (*ppp_paths)[i] = strdup((const char *) sqlite3_column_text(p_stmt,
- RDB_FIRST_COLUMN));
-
- if ((*ppp_paths)[i] == NULL) {
- ret = PC_ERR_MEM_OPERATION;
- goto finish;
- }
-
- ++allocated_paths;
- }
- (*ppp_paths)[allocated_paths] = NULL;
-
- if (allocated_paths == i_num_paths) {
- ret = PC_OPERATION_SUCCESS;
- } else if (sql_ret == SQLITE_BUSY) {
- //base locked in exclusive mode for too long
- C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
- ret = PC_ERR_DB_CONNECTION;
- } else {
- C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
- ret = PC_ERR_DB_QUERY_STEP;
- }
-
-finish:
- if (ret != PC_OPERATION_SUCCESS) {
- for(i = 0; i < allocated_paths; ++i) {
- free((*ppp_paths)[i]);
- }
-
- free(*ppp_paths);
- *ppp_paths = NULL;
- }
-
- if (sqlite3_finalize(p_stmt) != SQLITE_OK) {
- C_LOGE("RDB: Error during finalizing statement: %s", sqlite3_errmsg(p_db));
- }
-
- return ret;
-}
-
-
-int remove_path_internal(sqlite3 *p_db,
- const char *const s_owner_label_name,
- const char *const s_path)
-{
- int ret;
- sqlite3_stmt *p_stmt = NULL;
-
- ret = prepare_stmt(p_db, &p_stmt,
- "DELETE FROM path_removal_view \
- WHERE owner_app_label_name = %Q AND \
- path = %Q",
- s_owner_label_name, s_path);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = step_and_convert_returned_value(p_stmt);
-finish:
- if(sqlite3_finalize(p_stmt) < 0)
- C_LOGE("RDB: Error during finalizing statement: %s", sqlite3_errmsg(p_db));
- return ret;
-}
-
int add_permission_internal(sqlite3 *p_db,
const char *const s_permission_name,
return ret;
}
-static int add_label_app_path_type_rule(sqlite3_stmt *p_stmt,
- const char *const s_label_name,
- const char *const s_path_type_name,
- const char *const s_access,
- const int i_is_reverse)
-{
- int ret = PC_OPERATION_SUCCESS;
-
- if(sqlite3_bind_text(p_stmt, 1, s_label_name, RDB_AUTO_DETERM_SIZE, 0) ||
- sqlite3_bind_text(p_stmt, 2, s_path_type_name, RDB_AUTO_DETERM_SIZE, 0) ||
- sqlite3_bind_text(p_stmt, 3, s_access, RDB_AUTO_DETERM_SIZE, 0) ||
- sqlite3_bind_int(p_stmt, 4, i_is_reverse)) {
- C_LOGE("RDB: Error during binding to statement: %s",
- sqlite3_errmsg(sqlite3_db_handle(p_stmt)));
- ret = PC_ERR_DB_QUERY_BIND;
- goto finish;
- }
-
- ret = step_and_convert_returned_value(p_stmt);
-
-finish:
- reset_and_unbind_stmt(p_stmt);
- return ret;
-}
-
-
-int add_additional_rules_internal(sqlite3 *p_db, const char *const *const pp_smack_rules)
-{
- RDB_LOG_ENTRY;
- int ret = PC_OPERATION_SUCCESS;
- size_t i;
- char s_subject[SMACK_LABEL_LEN + 1];
- char s_object[SMACK_LABEL_LEN + 1];
- char s_access[ACC_LEN + 1];
- sqlite3_stmt *p_label_to_app_path_type_stmt = NULL;
- int is_reverse = 0;
- char *ps_subject, *ps_object;
-
- // Clear the label_app_path_type_rule table
- if(sqlite3_exec(p_db, "DELETE FROM label_app_path_type_rule_view;", 0, 0, 0) != SQLITE_OK) {
- C_LOGE("RDB: Error during clearing additional rules: %s", sqlite3_errmsg(p_db));
- ret = PC_ERR_DB_OPERATION;
- goto finish;
- }
-
- ret = prepare_stmts_for_bind(p_db, &p_label_to_app_path_type_stmt,
- "INSERT INTO label_app_path_type_rule_view( \
- label_name, app_path_type_name, access, is_reverse) \
- VALUES(?,?,?,?)");
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- // Add rules to the database
- for(i = 0; pp_smack_rules[i] != NULL ; ++i) {
-
- // Ignore empty lines
- if(strspn(pp_smack_rules[i], " \t\n") == strlen(pp_smack_rules[i]))
- continue;
-
- // Tokenize
- ret = tokenize_rule(pp_smack_rules[i], s_subject , s_object, s_access);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- if(is_wildcard(s_subject)) {
- ps_subject = s_object;
- ps_object = s_subject;
- is_reverse = 1;
- } else {
- ps_subject = s_subject;
- ps_object = s_object;
- is_reverse = 0;
- }
-
- // Check validity
- if(!smack_label_is_valid(ps_subject)) {
- C_LOGE("Subject is not a valid label");
- ret = PC_ERR_INVALID_PARAM;
- goto finish;
- }
-
- // Add access to paths
- if(!strcmp(ps_object, "~PUBLIC_PATH~")) {
- ret = add_label_app_path_type_rule(p_label_to_app_path_type_stmt,
- ps_subject,
- "PUBLIC_PATH",
- s_access,
- is_reverse);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- } else if(!strcmp(ps_object, "~GROUP_PATH~")) {
- ret = add_label_app_path_type_rule(p_label_to_app_path_type_stmt,
- ps_subject,
- "GROUP_PATH",
- s_access,
- is_reverse);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- } else if(!strcmp(ps_object, "~SETTINGS_PATH~")) {
- ret = add_label_app_path_type_rule(p_label_to_app_path_type_stmt,
- ps_subject,
- "SETTINGS_PATH",
- s_access,
- is_reverse);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
- } else if(!strcmp(ps_object, "~NPRUNTIME_PATH~")) {
- ret = add_label_app_path_type_rule(p_label_to_app_path_type_stmt,
- ps_subject,
- "NPRUNTIME_PATH",
- s_access,
- is_reverse);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
- }
- }
-
-finish:
- if(p_label_to_app_path_type_stmt &&
- sqlite3_finalize(p_label_to_app_path_type_stmt) != SQLITE_OK)
- C_LOGE("RDB: Error during finalizing statement: %s",
- sqlite3_errmsg(p_db));
- return ret;
-}
-
-int check_app_has_permission_internal(sqlite3 *p_db,
- const char *const s_app_label_name,
- const char *const s_permission_name,
- const char *const s_permission_type_name,
- bool *const p_is_enabled)
-{
- RDB_LOG_ENTRY_PARAM("%s %s %s", s_app_label_name,
- s_permission_name, s_permission_type_name);
-
- int ret = PC_ERR_DB_OPERATION;
- sqlite3_stmt *p_stmt = NULL;
-
- ret = prepare_stmt(p_db, &p_stmt,
- "SELECT is_enabled \
- FROM app_permission_view \
- WHERE app_name = %Q AND \
- name = %Q AND \
- type_name = %Q \
- LIMIT 1",
- s_app_label_name, s_permission_name, s_permission_type_name);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = sqlite3_step(p_stmt);
- if(ret == SQLITE_ROW) {
- ret = PC_OPERATION_SUCCESS;
- //store the result
- *p_is_enabled = (bool)sqlite3_column_int(p_stmt, RDB_FIRST_COLUMN);
- } else if(ret == SQLITE_DONE) {
- //no entry == permission not assigned
- C_LOGD("RDB: Permission: %s of type: %s is not assigned to app: %s",
- s_permission_name, s_permission_type_name, s_app_label_name);
- ret = PC_OPERATION_SUCCESS;
- *p_is_enabled = false;
- } else if(ret == SQLITE_BUSY) {
- //base locked in exclusive mode for too long
- C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
- ret = PC_ERR_DB_CONNECTION;
- } else {
- C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
- ret = PC_ERR_DB_QUERY_STEP;
- }
-
-finish:
- if(sqlite3_finalize(p_stmt) != SQLITE_OK)
- C_LOGE("RDB: Error during finalizing statement: %s",
- sqlite3_errmsg(p_db));
- return ret;
-}
-
-
-int get_app_permissions_number_internal(sqlite3 *p_db, const char *const s_app_label_name,
- const char *const s_permission_type_name,
- int *const p_num_permissions)
-{
- RDB_LOG_ENTRY_PARAM("%s %s", s_app_label_name, s_permission_type_name);
-
- int ret;
- int sql_ret;
- sqlite3_stmt *p_stmt = NULL;
-
- ret = prepare_stmt(p_db, &p_stmt,
- "SELECT COUNT(name) \
- FROM app_permission_view \
- WHERE app_name = %Q AND \
- is_enabled = 1 AND \
- type_name = %Q",
- s_app_label_name, s_permission_type_name);
- if (ret != PC_OPERATION_SUCCESS) goto finish;
-
- sql_ret = sqlite3_step(p_stmt);
- if (sql_ret == SQLITE_ROW) {
- ret = PC_OPERATION_SUCCESS;
- *p_num_permissions = sqlite3_column_int(p_stmt, RDB_FIRST_COLUMN);
- } else if(sql_ret == SQLITE_BUSY) {
- //base locked in exclusive mode for too long
- C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
- ret = PC_ERR_DB_CONNECTION;
- } else {
- C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
- ret = PC_ERR_DB_QUERY_STEP;
- }
-
-finish:
- if (sqlite3_finalize(p_stmt) != SQLITE_OK) {
- C_LOGE("RDB: Error during finalizing statement: %s", sqlite3_errmsg(p_db));
- }
-
- return ret;
-}
-
-int get_app_permissions_internal(sqlite3 *p_db,
- const char *const s_app_label_name,
- const char *const s_permission_type_name,
- const int i_num_permissions,
- char ***ppp_perm_list)
-{
- RDB_LOG_ENTRY_PARAM("%s %s %d", s_app_label_name, s_permission_type_name,
- i_num_permissions);
-
- int ret;
- int sql_ret = SQLITE_DONE;
- int allocated_permissions = 0;
- int i;
- sqlite3_stmt *p_stmt = NULL;
-
- // Allocate an array for permissions (+1 for NULL pointer terminating *ppp_perm_list).
- *ppp_perm_list = (char **) malloc(sizeof **ppp_perm_list * (i_num_permissions + 1));
- if (*ppp_perm_list == NULL) {
- C_LOGE("Cannot allocate memory");
- return PC_ERR_MEM_OPERATION;
- }
-
- // Get the permissions themselves.
- ret = prepare_stmt(p_db, &p_stmt,
- "SELECT name \
- FROM app_permission_view \
- WHERE app_name = %Q AND \
- is_enabled = 1 AND \
- type_name = %Q",
- s_app_label_name, s_permission_type_name);
- if (ret != PC_OPERATION_SUCCESS) goto finish;
-
- for (i = 0; i < i_num_permissions; ++i) {
- if ((sql_ret = sqlite3_step(p_stmt)) != SQLITE_ROW) break;
-
- (*ppp_perm_list)[i] = strdup((const char *) sqlite3_column_text(p_stmt,
- RDB_FIRST_COLUMN));
-
- if ((*ppp_perm_list)[i] == NULL) {
- ret = PC_ERR_MEM_OPERATION;
- goto finish;
- }
-
- ++allocated_permissions;
- }
- (*ppp_perm_list)[allocated_permissions] = NULL;
-
- if (allocated_permissions == i_num_permissions) {
- ret = PC_OPERATION_SUCCESS;
- } else if (sql_ret == SQLITE_BUSY) {
- C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
- ret = PC_ERR_DB_CONNECTION;
- } else {
- C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
- ret = PC_ERR_DB_QUERY_STEP;
- }
-
-finish:
- if (ret != PC_OPERATION_SUCCESS) {
- for (i = 0; i < allocated_permissions; ++i) {
- free((*ppp_perm_list)[i]);
- }
- free(*ppp_perm_list);
- *ppp_perm_list = NULL;
- }
-
- if (sqlite3_finalize(p_stmt) != SQLITE_OK) {
- C_LOGE("RDB: Error during finalizing statement: %s", sqlite3_errmsg(p_db));
- }
-
- return ret;
-}
-
-int get_permission_number(sqlite3 *p_db,
- size_t *pi_permission_number,
- const char *const s_permission_type_name)
-{
- RDB_LOG_ENTRY_PARAM("%s", s_permission_type_name);
-
- int ret_db = SQLITE_ERROR;
- int ret = PC_ERR_DB_OPERATION;
- sqlite3_stmt *p_stmt = NULL;
-
- ret = prepare_stmt(p_db, &p_stmt,
- "SELECT COUNT(name) \
- FROM permission_view \
- WHERE type_name = %Q AND \
- name != %Q",
- s_permission_type_name,
- s_permission_type_name);
-
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret_db = sqlite3_step(p_stmt);
-
- if(ret_db == SQLITE_ROW) {
- *pi_permission_number = (size_t)sqlite3_column_int(p_stmt, RDB_FIRST_COLUMN);
- ret = PC_OPERATION_SUCCESS;
- } else if(ret_db == SQLITE_DONE) {
- // no return value - something went wrong
- C_LOGD("RDB: Not able to determine number of rows");
- ret = PC_ERR_DB_OPERATION;
- } else if(ret_db == SQLITE_BUSY) {
- //base locked in exclusive mode for too long
- C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
- ret = PC_ERR_DB_CONNECTION;
- } else {
- C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
- ret = PC_ERR_DB_QUERY_STEP;
- }
-
-finish:
- if(sqlite3_finalize(p_stmt) != SQLITE_OK)
- C_LOGE("RDB: Error during finalizing statement: %s",
- sqlite3_errmsg(p_db));
-
- return ret;
-}
-
-int get_permissions_internal(sqlite3 *p_db,
- char ***ppp_permissions,
- size_t i_permission_number,
- const char *const s_permission_type_name)
-{
- RDB_LOG_ENTRY_PARAM("%d %s", i_permission_number, s_permission_type_name);
-
- int ret_db = SQLITE_ERROR;
- int ret = PC_ERR_DB_OPERATION;
- sqlite3_stmt *p_stmt = NULL;
- size_t i_allocated_count = 0;
- size_t i;
-
- // add one additional element to the list to end it with NULL
- *ppp_permissions = (char **)malloc((i_permission_number + 1) * sizeof(char *));
-
- if(*ppp_permissions == NULL) {
- RDB_LOG_ENTRY_PARAM("RDB: Error during allocating memory.\n");
- ret = PC_ERR_MEM_OPERATION;
- goto finish;
- }
-
- ret = prepare_stmt(p_db, &p_stmt,
- "SELECT name \
- FROM permission_view \
- WHERE type_name = %Q AND \
- name != %Q",
- s_permission_type_name,
- s_permission_type_name);
-
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- for(i = 0; i < i_permission_number; ++i) {
- ret_db = sqlite3_step(p_stmt);
- if(ret_db == SQLITE_ROW) {
- (*ppp_permissions)[i] = strdup((char *)sqlite3_column_text(p_stmt,
- RDB_FIRST_COLUMN));
- C_LOGD("RDB: Found permission: %s", (*ppp_permissions)[i]);
- if((*ppp_permissions)[i] == NULL) {
- ret = PC_ERR_MEM_OPERATION;
- goto finish;
- }
- ++i_allocated_count;
- } else if(ret_db == SQLITE_DONE) {
- C_LOGE("RDB: Not enought permissions read.");
- ret = PC_ERR_DB_OPERATION;
- goto finish;
- } else if(ret_db == SQLITE_BUSY) {
- //base locked in exclusive mode for too long
- C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
- ret = PC_ERR_DB_CONNECTION;
- goto finish;
- } else {
- C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
- ret = PC_ERR_DB_QUERY_STEP;
- goto finish;
- }
- }
-
- (*ppp_permissions)[i] = NULL;
-
- ret_db = sqlite3_step(p_stmt);
- if(ret_db != SQLITE_DONE) {
- C_LOGE("RDB: Some unread permissions left.");
- ret = PC_ERR_DB_OPERATION;
- }
-
-finish:
- // if memory allocation succeeded only partially, clean everything up
- if(ret != PC_OPERATION_SUCCESS) {
- for(i = 0; i < i_allocated_count; ++i) {
- free((*ppp_permissions)[i]);
- }
- free(*ppp_permissions);
- *ppp_permissions = NULL;
- }
-
- if(sqlite3_finalize(p_stmt) != SQLITE_OK)
- C_LOGE("RDB: Error during finalizing statement: %s",
- sqlite3_errmsg(p_db));
-
- return ret;
-}
-
-int get_apps_number(sqlite3 *p_db,
- size_t *pi_apps_number,
- const char *const s_permission_type_name,
- const char *const s_permission_name)
-{
- RDB_LOG_ENTRY_PARAM("%s %s", s_permission_type_name, s_permission_name);
-
- int ret_db = SQLITE_ERROR;
- int ret = PC_ERR_DB_OPERATION;
- sqlite3_stmt *p_stmt = NULL;
-
- // determine number of apps:
- ret = prepare_stmt(p_db, &p_stmt,
- "SELECT COUNT(app_id) \
- FROM app_permission_view \
- WHERE type_name= %Q AND \
- name = %Q",
- s_permission_type_name,
- s_permission_name);
-
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret_db = sqlite3_step(p_stmt);
-
- if(ret_db == SQLITE_ROW) {
- *pi_apps_number = (size_t)sqlite3_column_int(p_stmt, RDB_FIRST_COLUMN);
- ret = PC_OPERATION_SUCCESS;
- } else if(ret_db == SQLITE_DONE) {
- // no return value - something went wrong
- C_LOGD("RDB: Not able to determine number of rows");
- ret = PC_ERR_DB_OPERATION;
- } else if(ret_db == SQLITE_BUSY) {
- // base locked in exclusive mode for too long
- C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
- ret = PC_ERR_DB_CONNECTION;
- } else {
- C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
- ret = PC_ERR_DB_QUERY_STEP;
- }
-
-finish:
- if(sqlite3_finalize(p_stmt) != SQLITE_OK)
- C_LOGE("RDB: Error during finalizing statement: %s",
- sqlite3_errmsg(p_db));
-
- return ret;
-}
-
-int get_apps_with_permission_internal(sqlite3 *p_db,
- perm_app_status_t **pp_apps,
- size_t i_apps_number,
- const char *const s_permission_type_name,
- const char *const s_permission_name)
-{
- RDB_LOG_ENTRY_PARAM("%s %s", s_permission_type_name, s_permission_name);
-
- int ret_db = SQLITE_ERROR;
- int ret = PC_ERR_DB_OPERATION;
- sqlite3_stmt *p_stmt = NULL;
- size_t i_allocated_count = 0;
- size_t i;
-
- *pp_apps = (perm_app_status_t *)malloc(i_apps_number * sizeof(perm_app_status_t));
-
- if(*pp_apps == NULL) {
- RDB_LOG_ENTRY_PARAM("RDB: Error during allocating memory.\n");
- ret = PC_ERR_MEM_OPERATION;
- goto finish;
- }
-
- ret = prepare_stmt(p_db, &p_stmt,
- "SELECT app_name, \
- is_enabled, \
- is_volatile \
- FROM app_permission_view \
- WHERE type_name= %Q AND \
- name = %Q",
- s_permission_type_name,
- s_permission_name);
-
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- for(i = 0; i < i_apps_number; ++i) {
- ret_db = sqlite3_step(p_stmt);
- if(ret_db == SQLITE_ROW) {
- (*pp_apps)[i].app_id = strdup((char *)sqlite3_column_text(p_stmt,
- RDB_FIRST_COLUMN));
- (*pp_apps)[i].is_enabled = sqlite3_column_int(p_stmt, RDB_SECOND_COLUMN);
- (*pp_apps)[i].is_permanent = !sqlite3_column_int(p_stmt, RDB_THIRD_COLUMN);
- C_LOGD("RDB: Found (app_id, is_enabled, is_permanent): %s, %d, %d",
- (*pp_apps)[i].app_id,
- (*pp_apps)[i].is_enabled,
- (*pp_apps)[i].is_permanent);
- if((*pp_apps)[i].app_id == NULL) {
- ret = PC_ERR_MEM_OPERATION;
- goto finish;
- }
- ++i_allocated_count;
- } else if(ret_db == SQLITE_DONE) {
- ret = PC_ERR_DB_OPERATION;
- C_LOGE("RDB: Not enough permissions read.");
- goto finish;
- } else if(ret_db == SQLITE_BUSY) {
- // base locked in exclusive mode for too long
- C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
- ret = PC_ERR_DB_CONNECTION;
- goto finish;
- } else {
- C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
- ret = PC_ERR_DB_QUERY_STEP;
- goto finish;
- }
- }
-
- ret_db = sqlite3_step(p_stmt);
- if(ret_db != SQLITE_DONE) {
- C_LOGE("RDB: Some unread permissions left.");
- ret = PC_ERR_DB_OPERATION;
- }
-
-finish:
- // if memory allocation succeeded only partially, clean everything up
- if(ret != PC_OPERATION_SUCCESS) {
- for(i = 0; i < i_allocated_count; ++i) {
- free((*pp_apps)[i].app_id);
- }
- free(*pp_apps);
- *pp_apps = NULL;
- }
-
- if(sqlite3_finalize(p_stmt) != SQLITE_OK)
- C_LOGE("RDB: Error during finalizing statement: %s",
- sqlite3_errmsg(p_db));
- return ret;
-}
int get_app_id_internal(sqlite3 *p_db,
int *pi_app_id,
}
-int rdb_get_app_paths(const char *const s_app_label_name,
- const char *const s_app_path_type_name,
- char ***ppp_paths)
-{
- RDB_LOG_ENTRY_PARAM("%s %s", s_app_label_name, s_app_path_type_name);
-
- int ret;
- int i_num_paths;
- sqlite3 *p_db = NULL;
-
- ret = rdb_begin(&p_db, RDB_TRANSACTION_SHARED_READ);
- if (ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = get_app_paths_count_internal(p_db,
- s_app_label_name,
- s_app_path_type_name,
- &i_num_paths);
- if (ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = get_app_paths_internal(p_db, s_app_label_name,
- s_app_path_type_name,
- i_num_paths,
- ppp_paths);
-finish:
- return rdb_finish(p_db, ret);
-}
-
-int rdb_remove_path(const char *const s_owner_label_name,
- const char *const s_path)
-{
- RDB_LOG_ENTRY_PARAM("%s %s", s_owner_label_name, s_path);
-
- int ret;
- sqlite3 *p_db = NULL;
-
- ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
- if (ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = add_modified_paths_label_internal(p_db, s_path);
- if (ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = remove_path_internal(p_db, s_owner_label_name, s_path);
-finish:
- return rdb_finish(p_db, ret);
-}
-
-
int rdb_add_permission_rules(const char *const s_permission_name,
const char *const s_permission_type_name,
const char *const *const pp_smack_rules)
return rdb_finish(p_db, ret);
}
-
-int rdb_add_additional_rules(const char *const *const pp_smack_rules)
-{
- RDB_LOG_ENTRY;
-
- int ret = PC_ERR_DB_OPERATION;
- sqlite3 *p_db = NULL;
-
- ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- // Old rules may disappear, so mark as modified
- ret = add_modified_additional_rules_internal(p_db);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = add_additional_rules_internal(p_db, pp_smack_rules);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- // New rules appear, so also mark as modified
- ret = add_modified_additional_rules_internal(p_db);
-
-finish:
- return rdb_finish(p_db, ret);
-}
-
-int rdb_app_has_permission(const char *const s_app_label_name,
- const char *const s_permission_type_name,
- const char *const s_permission_name,
- bool *const p_is_enabled)
-{
- RDB_LOG_ENTRY_PARAM("%s %s %s", s_app_label_name,
- s_permission_type_name, s_permission_name);
- int ret = PC_ERR_DB_OPERATION;
- sqlite3 *p_db = NULL;
-
- ret = rdb_begin(&p_db, RDB_TRANSACTION_SHARED_READ); //shared readonly transaction
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = check_app_has_permission_internal(p_db,
- s_app_label_name,
- s_permission_name,
- s_permission_type_name,
- p_is_enabled);
-
-finish:
- return rdb_finish(p_db, ret);
-}
-
-int rdb_app_get_permissions(const char *const s_app_label_name,
- const char *const s_permission_type_name,
- char ***ppp_perm_list)
-{
- RDB_LOG_ENTRY_PARAM("%s %s", s_app_label_name, s_permission_type_name);
-
- int ret = PC_ERR_DB_OPERATION;
- int i_num_permissions;
- sqlite3 *p_db = NULL;
-
- ret = rdb_begin(&p_db, RDB_TRANSACTION_SHARED_READ);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = get_app_permissions_number_internal(p_db,
- s_app_label_name,
- s_permission_type_name,
- &i_num_permissions);
- if (ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = get_app_permissions_internal(p_db,
- s_app_label_name,
- s_permission_type_name,
- i_num_permissions,
- ppp_perm_list);
-
-finish:
- return rdb_finish(p_db, ret);
-}
-
-int rdb_get_permissions(char ***ppp_permissions, const char *const s_permission_type_name)
-{
- RDB_LOG_ENTRY_PARAM("%s", s_permission_type_name);
- int ret = PC_ERR_DB_OPERATION;
- size_t i_permission_number;
- sqlite3 *p_db = NULL;
-
- ret = rdb_begin(&p_db, RDB_TRANSACTION_SHARED_READ);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = get_permission_number(p_db, &i_permission_number, s_permission_type_name);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = get_permissions_internal(p_db,
- ppp_permissions,
- i_permission_number,
- s_permission_type_name);
-
-finish:
- return rdb_finish(p_db, ret);
-}
-
-int rdb_get_apps_with_permission(perm_app_status_t **pp_apps,
- size_t *pi_apps_number,
- const char *const s_permission_type_name,
- const char *const s_permission_name)
-{
- RDB_LOG_ENTRY_PARAM("%s %s", s_permission_type_name, s_permission_name);
- int ret = PC_ERR_DB_OPERATION;
- sqlite3 *p_db = NULL;
-
- ret = rdb_begin(&p_db, RDB_TRANSACTION_SHARED_READ);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = get_apps_number(p_db,
- pi_apps_number,
- s_permission_type_name,
- s_permission_name);
- if(ret != PC_OPERATION_SUCCESS) goto finish;
-
- ret = get_apps_with_permission_internal(p_db,
- pp_apps,
- *pi_apps_number,
- s_permission_type_name,
- s_permission_name);
-
-finish:
- return rdb_finish(p_db, ret);
-}
projects / platform / core / security / libprivilege-control.git / commitdiff