return PC_OPERATION_SUCCESS;
}
+API int perm_app_has_permission(const char *pkg_id,
+ app_type_t app_type,
+ const char *permission_name,
+ bool *is_enabled)
+{
+ SECURE_C_LOGD("Entering function: %s. Params: pkg_id=%s, app_type=%d, permission_name=%s",
+ __func__, pkg_id, app_type, permission_name);
+
+ const char *app_group = app_type_group_name(app_type);
+
+ if (app_group == NULL) {
+ C_LOGE("Unknown param app type.");
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ if (!smack_label_is_valid(pkg_id)) {
+ C_LOGE("Invalid param app_id.");
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ if (permission_name == NULL) {
+ C_LOGE("Invalid param permission_name (NULL).");
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ if (is_enabled == NULL) {
+ C_LOGE("Invalid param is_enabled (NULL).");
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ return rdb_app_has_permission(pkg_id, app_group, permission_name, is_enabled);
+}
+
API int app_label_dir(const char* label, const char* path)//deprecated
{
SECURE_C_LOGD("Entering function: %s. Params: label=%s, path=%s",
return ret;
}
+int check_app_has_permission_internal(sqlite3 *p_db,
+ const char *const s_app_label_name,
+ const char *const s_permission_name,
+ const char *const s_permission_type_name,
+ bool *const p_is_enabled)
+{
+ RDB_LOG_ENTRY_PARAM("%s %s %s", s_app_label_name,
+ s_permission_name, s_permission_type_name);
+
+ int ret = PC_ERR_DB_OPERATION;
+ sqlite3_stmt *p_stmt = NULL;
+
+ ret = prepare_stmt(p_db, &p_stmt,
+ "SELECT is_enabled \
+ FROM app_permission_view \
+ WHERE app_name = %Q AND \
+ name = %Q AND \
+ type_name = %Q \
+ LIMIT 1",
+ s_app_label_name, s_permission_name, s_permission_type_name);
+ if(ret != PC_OPERATION_SUCCESS) goto finish;
+
+ ret = sqlite3_step(p_stmt);
+ if(ret == SQLITE_ROW) {
+ ret = PC_OPERATION_SUCCESS;
+ //store the result
+ *p_is_enabled = (bool)sqlite3_column_int(p_stmt, RDB_FIRST_COLUMN);
+ } else if(ret == SQLITE_DONE) {
+ //no entry == permission not assigned
+ C_LOGD("RDB: Permission: %s of type: %s is not assigned to app: %s",
+ s_permission_name, s_permission_type_name, s_app_label_name);
+ ret = PC_OPERATION_SUCCESS;
+ *p_is_enabled = false;
+ } else if(ret == SQLITE_BUSY) {
+ //base locked in exclusive mode for too long
+ C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
+ ret = PC_ERR_DB_CONNECTION;
+ } else {
+ C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
+ ret = PC_ERR_DB_QUERY_STEP;
+ }
+
+finish:
+ if(sqlite3_finalize(p_stmt) < 0)
+ C_LOGE("RDB: Error during finalizing statement: %s",
+ sqlite3_errmsg(p_db));
+ return ret;
+}
int get_app_id_internal(sqlite3 *p_db,
int *pi_app_id,
static sqlite3 *p_db__ = NULL;
static int i_session_ret_code__ = PC_OPERATION_SUCCESS;
+typedef enum {
+ RDB_TRANSACTION_EXCLUSIVE,
+ RDB_TRANSACTION_SHARED_READ
+} rdb_transaction_type_t;
/**
* Prepare to modify the database.
*
* @ingroup RDB internal functions
*
- * @param pp_db pointer to a pointer to a SQLite3 database object
- * @return PC_OPERATION_SUCCESS on success,
- * error code otherwise
+ * @param pp_db pointer to a pointer to a SQLite3 database object
+ * @param transaction_type indicates whether the transaction is exclusive or shared
+ * @return PC_OPERATION_SUCCESS on success, error code otherwise
*/
-static int rdb_begin(sqlite3 **pp_db)
+static int rdb_begin(sqlite3 **pp_db, rdb_transaction_type_t transaction_type)
{
RDB_LOG_ENTRY;
int ret = open_rdb_connection(pp_db);
if(ret != PC_OPERATION_SUCCESS) return ret;
- if(sqlite3_exec(*pp_db, "BEGIN EXCLUSIVE TRANSACTION", 0, 0, 0)
- != SQLITE_OK) {
+ if(transaction_type == RDB_TRANSACTION_EXCLUSIVE) {
+ ret = sqlite3_exec(*pp_db, "BEGIN EXCLUSIVE TRANSACTION", 0, 0, 0);
+ }
+ else if(transaction_type == RDB_TRANSACTION_SHARED_READ) {
+ ret = sqlite3_exec(*pp_db, "BEGIN DEFERRED TRANSACTION", 0, 0, 0);
+ }
+ else {
+ C_LOGE("RDB: Bad transaction type specified: %d",
+ (int)transaction_type);
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ if(ret != SQLITE_OK) {
C_LOGE("RDB: Error during transaction begin: %s",
sqlite3_errmsg(*pp_db));
return PC_ERR_DB_CONNECTION;
}
ret = save_smack_rules(*pp_db);
- if(ret != PC_OPERATION_SUCCESS) return ret;
-
- return PC_OPERATION_SUCCESS;
+ return ret;
}
rdb_modification_finish();
}
- return rdb_begin(&p_db__);
+ return rdb_begin(&p_db__, RDB_TRANSACTION_EXCLUSIVE);
}
int ret = PC_ERR_DB_OPERATION;
sqlite3 *p_db = NULL;
- ret = rdb_begin(&p_db);
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
ret = check_app_label_internal(p_db, s_label_name);
int ret = PC_ERR_DB_OPERATION;
sqlite3 *p_db = NULL;
- ret = rdb_begin(&p_db);
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
ret = remove_app_internal(p_db, s_label_name);
int ret = PC_ERR_DB_OPERATION;
sqlite3 *p_db = NULL;
- ret = rdb_begin(&p_db);
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
ret = add_path_internal(p_db,
sqlite3 *p_db = NULL;
sqlite3_int64 permission_id = -1;
- ret = rdb_begin(&p_db);
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
ret = add_permission_internal(p_db,
const char *s_permission_type_name = app_type_name(i_permission_type);
const char *s_permission_group_type_name = app_type_group_name(i_permission_type);
- ret = rdb_begin(&p_db);
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
ret = get_app_id_internal(p_db, &i_app_id, s_app_label_name);
int i, i_app_id;
const char *s_permission_group_type_name = app_type_group_name(i_permission_type);
- ret = rdb_begin(&p_db);
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
ret = get_app_id_internal(p_db, &i_app_id, s_app_label_name);
int ret = PC_ERR_DB_OPERATION;
sqlite3 *p_db = NULL;
- ret = rdb_begin(&p_db);
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
ret = revoke_app_permissions_internal(p_db, s_app_label_name);
int ret = PC_ERR_DB_OPERATION;
sqlite3 *p_db = NULL;
- ret = rdb_begin(&p_db);
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
ret = reset_app_permissions_internal(p_db, s_app_label_name);
int ret = PC_ERR_DB_OPERATION;
sqlite3 *p_db = NULL;
- ret = rdb_begin(&p_db);
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
ret = add_additional_rules_internal(p_db,
finish:
return rdb_finish(p_db, ret);
}
+
+int rdb_app_has_permission(const char *const s_app_label_name,
+ const char *const s_permission_type_name,
+ const char *const s_permission_name,
+ bool *const p_is_enabled)
+{
+ RDB_LOG_ENTRY_PARAM("%s %s %s", s_app_label_name,
+ s_permission_type_name, s_permission_name);
+ int ret = PC_ERR_DB_OPERATION;
+ sqlite3 *p_db = NULL;
+
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_SHARED_READ); //shared readonly transaction
+ if(ret != PC_OPERATION_SUCCESS) goto finish;
+
+ ret = check_app_has_permission_internal(p_db,
+ s_app_label_name,
+ s_permission_name,
+ s_permission_type_name,
+ p_is_enabled);
+
+finish:
+ return rdb_finish(p_db, ret);
+}
projects / platform / core / security / libprivilege-control.git / commitdiff