#include <config/Limits.h>
#include <security-manager.h>
+#include <privilegemgr/privilege_info.h>
+#include <glib.h>
namespace AskUser {
{
int ret;
- policy_update_req *policyUpdateRequest = nullptr;
- policy_entry *policyEntry = nullptr;
-
try {
if (level != "Allow" && level != "Deny")
throw std::invalid_argument("Not allowed security level <" + level + ">");
ALOGD("SecurityManager: Setting security level to " << level);
+ policy_update_req *policyUpdateRequest = nullptr;
+
ret = security_manager_policy_update_req_new(&policyUpdateRequest);
throwOnSecurityPrivilegeError("security_manager_policy_update_req_new", ret);
- ret = security_manager_policy_entry_new(&policyEntry);
- throwOnSecurityPrivilegeError("security_manager_policy_entry_new", ret);
+ std::unique_ptr<policy_update_req, decltype(security_manager_policy_update_req_free)*>
+ policyUpdateRequestPtr(policyUpdateRequest, security_manager_policy_update_req_free);
+
+ char* privacy_name = nullptr;
+
+ ret = privilege_info_get_privacy_by_privilege(perm.c_str(), &privacy_name);
+ if (ret != PRVMGR_ERR_NONE || !privacy_name) {
+ ALOGE("Unable to get privacy group for privilege: <" << perm << ">, err: <" << ret << ">");
+ throw Exception("Can't get privacy group name for privilege " + perm);
+ }
+
+ GList *privilege_list = nullptr;
- ret = security_manager_policy_entry_set_application(policyEntry,
+ ret = privilege_info_get_privilege_list_by_privacy(privacy_name, &privilege_list);
+ free(privacy_name); // not needed anymore below this place
+
+ if (ret != PRVMGR_ERR_NONE || !privilege_list) {
+ ALOGE("Unable to get privacy group list of privileges; err: <" << ret << ">" );
+ throw Exception("Unable to get privacy list of privielges");
+ }
+
+ auto list_deleter = [](GList* l) { g_list_free_full(l, free); };
+ std::unique_ptr<GList,
+ decltype(list_deleter)> privilge_listPtr(privilege_list, list_deleter);
+ std::vector<std::unique_ptr<policy_entry,
+ decltype(security_manager_policy_entry_free)*>> policyEntries;
+
+ for (GList *l = privilege_list; l != NULL; l = l->next) {
+ char *privilege_name = static_cast<char*>(l->data);
+ policy_entry *policyEntry = nullptr;
+
+ ret = security_manager_policy_entry_new(&policyEntry);
+ throwOnSecurityPrivilegeError("security_manager_policy_entry_new", ret);
+
+ policyEntries.push_back(std::unique_ptr<policy_entry,
+ decltype(security_manager_policy_entry_free)*>(policyEntry, security_manager_policy_entry_free));
+
+ ret = security_manager_policy_entry_set_application(policyEntry,
dropPrefix(app.c_str()));
- throwOnSecurityPrivilegeError("security_manager_policy_entry_set_application", ret);
+ throwOnSecurityPrivilegeError("security_manager_policy_entry_set_application", ret);
- ret = security_manager_policy_entry_set_privilege(policyEntry, perm.c_str());
- throwOnSecurityPrivilegeError("security_manager_policy_entry_set_privilege", ret);
+ ret = security_manager_policy_entry_set_privilege(policyEntry, privilege_name);
+ throwOnSecurityPrivilegeError("security_manager_policy_entry_set_privilege", ret);
- ret = security_manager_policy_entry_set_level(policyEntry, level.c_str());
- throwOnSecurityPrivilegeError("security_manager_policy_entry_admin_set_level", ret);
+ ret = security_manager_policy_entry_set_level(policyEntry, level.c_str());
+ throwOnSecurityPrivilegeError("security_manager_policy_entry_admin_set_level", ret);
- ret = security_manager_policy_update_req_add_entry(policyUpdateRequest, policyEntry);
- throwOnSecurityPrivilegeError("security_manager_policy_update_req_add_entry", ret);
+ ret = security_manager_policy_update_req_add_entry(policyUpdateRequest, policyEntry);
+ throwOnSecurityPrivilegeError("security_manager_policy_update_req_add_entry", ret);
+ }
ret = security_manager_policy_update_send(policyUpdateRequest);
throwOnSecurityPrivilegeError("security_manager_policy_update_send", ret);
} catch (std::exception &e) {
ALOGE("SecurityManager: Failed <" << e.what() << ">");
}
-
- security_manager_policy_entry_free(policyEntry);
- security_manager_policy_update_req_free(policyUpdateRequest);
}
} /* namespace */