// for Checking in App Process
static int initialize(void);
static int check(const std::string pkgId, const std::string privacyId);
- static int checkWithPrivilege(const std::string pkgId, const std::string privilegeId);
static int checkWithDeviceCap(const std::string pkgId, const std::string deviceCap);
// for Checking in Server Process
static int initializeGMain(void);
static int check(const std::string privacyId);
static void checkMonitorByPrivilege(const std::string privilegeId);
- static int checkWithPrivilege(const std::string privilegeId);
- static int checkMonitorPolicyWithPrivilege(const int userId, const std::string packageId, const std::string privilegeId, std::string &privacyId, int &monitorPolicy);
static int checkWithDeviceCap(const std::string deviceCap);
static void printMonitorPolicyCache(void);
static int initMonitorPolicyCache(void);
static int getMonitorPolicy(const int userId, const std::string packageId, const std::string privacyId, int &monitorPolicy);
+
// common
static int finalize(void);
static DBusHandlerResult handleNotification(DBusConnection* connection, DBusMessage* message, void* user_data);
int PgForeachPackageInfoByPrivacyId(const int userId, const std::string privacyId, std::list < package_data_s > & packageList) const;
- int PgForeachMonitorPolicyByPackageId(const int userId, const std::string packageId,
- std::list <privacy_data_s> & privacyInfoList) const;
+ int PgForeachMonitorPolicyByPackageId(const int userId, const std::string packageId, std::list <privacy_data_s> & privacyInfoList) const;
- int PgGetMonitorPolicy(const int userId, const std::string packageId,
- const std::string privacyId, int& monitorPolicy) const;
+ int PgGetMonitorPolicy(const int userId, const std::string packageId, const std::string privacyId, int& monitorPolicy) const;
int PgGetAllMonitorPolicy(std::list < std::pair < std::string, int > > & monitorPolicyList) const;
int PgCheckPrivacyPackage(const int userId, const std::string packageId, bool &isPrivacyPackage);
- int PgUpdateMonitorPolicy(const int userId, const std::string packageId,
- const std::string privacyId, const int monitorPolicy);
+ int PgUpdateMonitorPolicy(const int userId, const std::string packageId, const std::string privacyId, const int monitorPolicy);
int PgGetMainMonitorPolicy(const int userId, bool &mainMonitorPolicy) const;
return m_socketConnector->read(outvalue);
}
-
private:
std::string m_serverAddress;
std::string m_interfaceName;
}
#endif
-
#endif //_PRIVACY_GUARD_CLIENT_INTERNAL_H_
}
}
-int
-PrivacyChecker::checkMonitorPolicyWithPrivilege(const int userId, const std::string packageId, const std::string privilegeId, std::string &privacyId, int &monitorPolicy)
-{
- checkMonitorByPrivilege(privilegeId);
-
- if (m_isMonitorEnable == true) {
- int res = PrivacyIdInfo::getPrivacyIdFromPrivilege(privilegeId, privacyId);
- TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "getPrivacyIdFromPrivilege : %d", res);
- return getMonitorPolicy(userId, packageId, privacyId, monitorPolicy);
- }
- else {
- return PRIV_GUARD_ERROR_NO_DATA;
- }
-}
-
void*
PrivacyChecker::runSignalListenerThread(void* pData)
{
}
int
-PrivacyChecker::checkWithPrivilege(const std::string pkgId, const std::string privilege)
-{
- std::string privacyId;
- int res = PrivacyIdInfo::getPrivacyIdFromPrivilege(privilege, privacyId);
- if (res == PRIV_GUARD_ERROR_NO_DATA) {
- return PRIV_GUARD_ERROR_SUCCESS;
- }
-
- TryReturn( res == PRIV_GUARD_ERROR_SUCCESS, res, , "getPrivacyIdFromPrivilege : %d", res);
-
- return check(pkgId, privacyId);
-}
-
-int
-PrivacyChecker::checkWithPrivilege(const std::string privilege)
-{
- std::string privacyId;
- int res = PrivacyIdInfo::getPrivacyIdFromPrivilege(privilege, privacyId);
- if (res == PRIV_GUARD_ERROR_NO_DATA) {
- return PRIV_GUARD_ERROR_SUCCESS;
- }
-
- TryReturn( res == PRIV_GUARD_ERROR_SUCCESS, res, , "getPrivacyIdFromPrivilege : %d", res);
-
- return check(privacyId);
-}
-
-int
PrivacyChecker::finalize(void)
{
std::lock_guard <std::mutex> guard (m_cacheMutex);
public:
static int initialize(void);
static int getPrivacyIdFromPrivilege(const std::string privilege, std::string& privacyId);
- static int getPrivilegeListFromPrivacyId(const std::string privacyId, std::list< std::string > & privilegeList);
static int getPrivacyIdListFromPrivilegeList(const std::list< std::string > privilegeList, std::list< std::string >& privacyIdList);
static bool isValidPrivacyId(const std::string privacyId);
static int getAllPrivacyId(std::list< std::string >& privacyIdList);
return read(&i);
}
+ int read(time_t& time)
+ {
+ return read(&time);
+ }
+
int read(int* pI)
{
int length = 0;
return PRIV_GUARD_ERROR_SUCCESS;
}
+
+ int read(time_t* pTime)
+ {
+ int length = 0;
+ int res = m_socketStream.readStream(sizeof(length), &length);
+ TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "readStream : %d", res);
+
+ char* pBuf = new (std::nothrow) char[length + 1];
+ TryReturn(pBuf != NULL, PRIV_GUARD_ERROR_OUT_OF_MEMORY, , "new : %d", PRIV_GUARD_ERROR_OUT_OF_MEMORY);
+
+ res = m_socketStream.readStream(length, pBuf);
+ TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, delete[] pBuf, "readStream : %d", res);
+
+ pBuf[length] = 0;
+
+ *pTime = * reinterpret_cast <time_t*> (pBuf);
+
+ delete[] pBuf;
+
+ return PRIV_GUARD_ERROR_SUCCESS;
+ }
+
int read(std::string* pStr)
{
int length = 0;
res = read(&(out.monitor_policy));
TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "readStream : %d", res);
+ // time
+ res = read(&(out.time));
+ TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "readStream : %d", res);
+
// count
res = read(&(out.count));
TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "readStream : %d", res);
return PRIV_GUARD_ERROR_SUCCESS;
}
+ int write(const time_t& in)
+ {
+ int length = sizeof(in);
+ int res = m_socketStream.writeStream(sizeof(length), &length);
+ TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "writeStream : %d", res);
+ res = m_socketStream.writeStream(length, &in);
+ TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "writeStream : %d", res);
+
+ return PRIV_GUARD_ERROR_SUCCESS;
+ }
+
int write(const bool& in)
{
int length = sizeof(in);
// privacy id
int length = strlen(in.privacy_id);
int res = 0;
+
res = m_socketStream.writeStream(sizeof(length), &length);
TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "writeStream : %d", res);
+
+ // privacy ID
res = m_socketStream.writeStream(length, in.privacy_id);
TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "writeStream : %d", res);
// package id
int length = strlen(in.package_id);
int res = 0;
+
res = m_socketStream.writeStream(sizeof(length), &length);
TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "writeStream : %d", res);
res = m_socketStream.writeStream(length, in.package_id);
res = write(in.monitor_policy);
TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "write : %d", res);
+ // time
+ res = write(in.time);
+ TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "write : %d", res);
+
// count
res = write(in.count);
TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, res, , "write : %d", res);
initialize();
}
- std::map< std::string, std::string >::iterator iter = m_privilegeToPrivacyMap.find(privilege);
- if (iter == m_privilegeToPrivacyMap.end()) {
- //PG_LOGD("There is no matching privacy to privilege [%s]", privilege.c_str());
- return PRIV_GUARD_ERROR_NO_DATA;
- }
-
- privacyId = iter->second;
-
- return PRIV_GUARD_ERROR_SUCCESS;
-}
+ int ret;
-int
-PrivacyIdInfo::getPrivilegeListFromPrivacyId(const std::string privacyId, std::list< std::string >& privilegeList)
-{
- if (!m_isInitialized) {
- initialize();
- }
-
- privilegeList.clear();
-
- for (std::map< std::string, std::string >::iterator iter = m_privilegeToPrivacyMap.begin(); iter != m_privilegeToPrivacyMap.end(); ++iter) {
- if (privacyId.compare((iter->second)) == 0) {
- privilegeList.push_back(iter->first);
- }
- }
-
- if (privilegeList.size() == 0) {
- PG_LOGE("There is no matching privilege to privacy [%s].", privacyId.c_str());
+ char *privacy_id = NULL;
+ ret = privilege_info_get_privacy_by_privilege(privilege.c_str(), &privacy_id);
+ if (ret != PRVMGR_ERR_NONE) {
+ //PG_LOGE("Failed to do privilege_info_get_privacy_by_privilege [%d]", ret);
return PRIV_GUARD_ERROR_NO_DATA;
}
+ privacyId = privacy_id;
+ free(privacy_id);
+
return PRIV_GUARD_ERROR_SUCCESS;
}
return PRIV_GUARD_ERROR_SUCCESS;
}
-
-/*
-int
-PrivacyIdInfo::getPrivaycDisplayName(const std::string privacyId, std::string& displayName)
-{
- if (!m_isInitialized)
- {
- initialize();
- }
-
- std::string sql = std::string("SELECT STR_MODULE_ID, STR_NAME_ID from PrivacyInfo where PRIVACY_ID=?");
-
- openDb(PRIVACY_INFO_DB_PATH, pDbHandler, SQLITE_OPEN_READONLY);
- prepareDb(pDbHandler, sql.c_str(), pStmt);
-
- int res = sqlite3_bind_text(pStmt.get(), 1, privacyId.c_str(), -1, SQLITE_TRANSIENT);
- TryReturn(res == SQLITE_OK, PRIV_GUARD_ERROR_DB_ERROR, , "sqlite3_bind_text : %d", res);
-
- if (sqlite3_step(pStmt.get()) == SQLITE_ROW)
- {
- const char* pModuleId = reinterpret_cast < const char* > (sqlite3_column_text(pStmt.get(), 0));
- const char* pNameId = reinterpret_cast < const char* > (sqlite3_column_text(pStmt.get(), 1));
-
- if (pNameId == NULL)
- {
- displayName = privacyId;
- }
- else
- {
- displayName = std::string(dgettext(pModuleId, pNameId));
- }
- }
- else
- {
- PG_LOGI("Cannot find privacy string %s ", privacyId.c_str());
- return PRIV_GUARD_ERROR_NO_DATA;
- }
-
- return PRIV_GUARD_ERROR_SUCCESS;
-}
-*/
-
-/*
-int
-PrivacyIdInfo::getPrivaycDescription(const std::string privacyId, std::string& displayName)
-{
- if (!m_isInitialized)
- {
- initialize();
- }
-
- std::string sql = std::string("SELECT STR_MODULE_ID, STR_NAME_ID from PrivacyInfo where PRIVACY_ID=?");
-
- openDb(PRIVACY_INFO_DB_PATH, pDbHandler, SQLITE_OPEN_READONLY);
- prepareDb(pDbHandler, sql.c_str(), pStmt);
-
- int res = sqlite3_bind_text(pStmt.get(), 1, privacyId.c_str(), -1, SQLITE_TRANSIENT);
- TryReturn(res == SQLITE_OK, PRIV_GUARD_ERROR_DB_ERROR, , "sqlite3_bind_text : %d", res);
-
- if (sqlite3_step(pStmt.get()) == SQLITE_ROW)
- {
- const char* pModuleId = reinterpret_cast < const char* > (sqlite3_column_text(pStmt.get(), 0));
- const char* pNameId = reinterpret_cast < const char* > (sqlite3_column_text(pStmt.get(), 1));
-
- displayName = std::string(dgettext(pModuleId, pNameId));
- }
- else
- {
- PG_LOGI("Cannot find privacy string %s ", privacyId.c_str());
- return PRIV_GUARD_ERROR_NO_DATA;
- }
-
- return PRIV_GUARD_ERROR_SUCCESS;
-}
-*/
-
-/*int
-PrivacyIdInfo::isFeatureEnabled(const char* feature, bool& enabled)
-{
- int res = PRIV_GUARD_ERROR_SUCCESS;
-
- if (feature == NULL)
- {
- enabled = true;
- return res;
- }
-
- res = system_info_get_platform_bool(feature, &enabled);
- TryReturn(res == PRIV_GUARD_ERROR_SUCCESS, PRIV_GUARD_ERROR_SYSTEM_ERROR, , "system_info_get_platform_bool : %d", res);
-
- return PRIV_GUARD_ERROR_SUCCESS;
-}
-*/
#define DEFAULT_MONITOR_POLICY 0
-static const xmlChar _NODE_PRIVILEGES[] = "privileges";
+//static const xmlChar _NODE_PRIVILEGES[] = "privileges";
static const xmlChar _NODE_PRIVILEGE[] = "privilege";
void destroy_char_list(char** ppList, int size)
#include <thread>
#include <cynara-monitor.h>
#include <pkgmgr-info.h>
+#include <security-manager.h>
+
#include "PrivacyGuardTypes.h"
#include "Utils.h"
#include "CynaraService.h"
#include "PrivacyGuardDb.h"
#include "PrivacyIdInfo.h"
-#include "security-manager.h"
#define GLOBAL_USER tzplatform_getuid(TZ_SYS_GLOBALAPP_USER)
int res = -1;
pthread_detach(pthread_self());
-
while (exit_flag == false) {
if (monitor_entries) {
cynara_monitor_entries_free(monitor_entries);
}
}
}
-
if (monitor_entries) {
cynara_monitor_entries_free(monitor_entries);
monitor_entries = NULL;
CynaraService::updateDb(cynara_monitor_entry **monitor_entries)
{
cynara_monitor_entry **entryIter = monitor_entries;
-
- // DB update
const char *user = NULL, *client = NULL, *privilege = NULL;
-#if 0
- char *package_id = NULL, *package_id_dup = NULL;
const timespec *timestamp = NULL;
- uid_t userId;
- std::string appId, privacyId, packageId;
+ uid_t user_id;
+ std::string privacyId;//appId, packageId;
time_t date;
int res = -1;
pkgmgrinfo_pkginfo_h pkg_handle;
bool is_global = false;
+ char *pkg_name = NULL, *app_name = NULL;
while (*entryIter != nullptr) {
privilege = cynara_monitor_entry_get_privilege(*entryIter);
TryReturn(privilege != NULL, PRIV_GUARD_ERROR_SYSTEM_ERROR, , "Privilege Id in the entry is NULL");
// change from privilege to privacy
+ privacyId.clear();
res = PrivacyIdInfo::getPrivacyIdFromPrivilege(privilege, privacyId);
+ //PG_LOGD("########## res: [%d] privilege: [%s] privacy: [%s]", res, privilege, privacyId.c_str());
if (res != PRIV_GUARD_ERROR_NO_DATA) {
+ PG_LOGD("#Privilege: [%s]", privilege);
+ PG_LOGD("#Privacy : [%s]", privacyId.c_str());
+
// User ID - string
user = cynara_monitor_entry_get_user(*entryIter);
TryReturn(user != NULL, PRIV_GUARD_ERROR_SYSTEM_ERROR, , "User Id in the entry is NULL");
// App ID - string
client = cynara_monitor_entry_get_client(*entryIter);
+ //PG_LOGD("client: [%s]", client);
TryReturn(client != NULL, PRIV_GUARD_ERROR_SYSTEM_ERROR, , "App Id in the entry is NULL");
// timestamp
TryReturn(timestamp != NULL, PRIV_GUARD_ERROR_SYSTEM_ERROR, , "timestamp in the entry is NULL");
// convert string to integer
- userId = atoi(user);
-
- // check app ID
- std::string tempAppId = client;
- //PG_LOGD("App ID from cynara: [%s]", client);
- if (tempAppId.substr(0, USER_APP_PREFIX_LEN).compare(USER_APP_PREFIX) == 0) {
- appId = tempAppId.substr(USER_APP_PREFIX_LEN, tempAppId.length() - USER_APP_PREFIX_LEN);
- PG_LOGD("App ID: [%s]", appId.c_str());
- } else {
- appId = client;
- PG_LOGD("App ID: [%s]", client);
- }
-
- // get package ID from app ID
- pkgmgrinfo_appinfo_h pkgmgrinfo_appinfo;
- if (userId == GLOBAL_USER) {
- res = pkgmgrinfo_appinfo_get_appinfo(appId.c_str(), &pkgmgrinfo_appinfo);
- } else {
- res = pkgmgrinfo_appinfo_get_usr_appinfo(appId.c_str(), userId, &pkgmgrinfo_appinfo);
- }
- if (res != PMINFO_R_OK) {
- PG_LOGE("Failed to do pkgmgrinfo_appinfo_get_appinfo or pkgmgrinfo_appinfo_get_usr_appinfo [%d] for the app [%s] with user [%d]. So set the package ID to app ID.", res, appId.c_str(), userId);
- packageId = appId;
- } else {
- res = pkgmgrinfo_appinfo_get_pkgname(pkgmgrinfo_appinfo, &package_id);
- if (res != PMINFO_R_OK) {
- PG_LOGE("Failed to do pkgmgrinfo_appinfo_get_pkgname [%d] for the app [%s]. So set the package ID to app ID.", res, appId.c_str());
- packageId = appId;
- }
- //PG_LOGD("Package ID of [%s] is [%s]", appId.c_str(), package_id);
- package_id_dup = strdup(package_id);
- packageId = package_id_dup;
- pkgmgrinfo_appinfo_destroy_appinfo(pkgmgrinfo_appinfo);
- }
-#else
- const timespec *timestamp = NULL;
- uid_t userId;
- std::string appId, privacyId, packageId;
- time_t date;
- int res = -1;
- pkgmgrinfo_pkginfo_h pkg_handle;
- bool is_global = false;
- char *pkg_name = NULL, *app_name = NULL;
-
- while (*entryIter != nullptr) {
- privilege = cynara_monitor_entry_get_privilege(*entryIter);
- TryReturn(privilege != NULL, PRIV_GUARD_ERROR_SYSTEM_ERROR, , "Privilege Id in the entry is NULL");
-
- // change from privilege to privacy
- res = PrivacyIdInfo::getPrivacyIdFromPrivilege(privilege, privacyId);
- if (res != PRIV_GUARD_ERROR_NO_DATA) {
- // User ID - string
- user = cynara_monitor_entry_get_user(*entryIter);
- TryReturn(user != NULL, PRIV_GUARD_ERROR_SYSTEM_ERROR, , "User Id in the entry is NULL");
-
- // App ID - string
- client = cynara_monitor_entry_get_client(*entryIter);
- TryReturn(client != NULL, PRIV_GUARD_ERROR_SYSTEM_ERROR, , "App Id in the entry is NULL");
-
- // timestamp
- timestamp = cynara_monitor_entry_get_timestamp(*entryIter);
- TryReturn(timestamp != NULL, PRIV_GUARD_ERROR_SYSTEM_ERROR, , "timestamp in the entry is NULL");
-
- // convert string to integer
- userId = atoi(user);
+ user_id = atoi(user);
+ // get pkgname from cynara-style app ID
res = security_manager_identify_app_from_cynara_client(client, &pkg_name, &app_name);
if (res != SECURITY_MANAGER_SUCCESS) {
- pkg_name = strdup(client);
- PG_LOGE("Failed to do security_manager_identify_app_from_cynara_client [%d]", res);
- }
-
- // check pkg ID
- std::string tempPkgId = pkg_name;
- if (tempPkgId.substr(0, USER_PKG_PREFIX_LEN).compare(USER_PKG_PREFIX) == 0) {
- packageId = tempPkgId.substr(USER_PKG_PREFIX_LEN, tempPkgId.length() - USER_PKG_PREFIX_LEN);
- PG_LOGD("Pkg ID: [%s]", packageId.c_str());
+ PG_LOGD("Failed to do security_manager_identify_app_from_cynara_client [%d]", res);
+ PG_LOGD("So use [%s] as a package name instead.", client);
+ pkg_name = strdup(client);
} else {
- packageId = pkg_name;
- PG_LOGD("Pkg ID: [%s]", pkg_name);
- }
-#endif
- // check this package is global app
- if (userId == GLOBAL_USER) {
- res = pkgmgrinfo_pkginfo_get_pkginfo(packageId.c_str(), &pkg_handle);
- } else {
- res = pkgmgrinfo_pkginfo_get_usr_pkginfo(packageId.c_str(), userId, &pkg_handle);
- }
- if (res != PMINFO_R_OK) {
- PG_LOGE("Failed to do pkgmgrinfo_pkginfo_get_pkginfo or pkgmgrinfo_pkginfo_get_usr_pkginfo [%d] for the package [%s] with user [%d]", res, packageId.c_str(), userId);
- } else {
- res = pkgmgrinfo_pkginfo_is_global(pkg_handle, &is_global);
+ PG_LOGD("#Package : [%s]", pkg_name);
+ // check this package is global app
+ if (user_id == GLOBAL_USER) {
+ res = pkgmgrinfo_pkginfo_get_pkginfo(pkg_name, &pkg_handle);
+ } else {
+ res = pkgmgrinfo_pkginfo_get_usr_pkginfo(pkg_name, user_id, &pkg_handle);
+ }
if (res != PMINFO_R_OK) {
- PG_LOGE("Failed to do pkgmgrinfo_pkginfo_is_global [%d]", res);
+ PG_LOGE("Failed to do pkgmgrinfo_pkginfo_get_pkginfo or pkgmgrinfo_pkginfo_get_usr_pkginfo [%d] for the package [%s] with user [%d]", res, pkg_name, user_id);
} else {
- if (is_global == true) {
- userId = GLOBAL_USER;
+ res = pkgmgrinfo_pkginfo_is_global(pkg_handle, &is_global);
+ if (res != PMINFO_R_OK) {
+ PG_LOGE("Failed to do pkgmgrinfo_pkginfo_is_global [%d]", res);
+ } else {
+ if (is_global == true) {
+ user_id = GLOBAL_USER;
+ }
}
+ pkgmgrinfo_pkginfo_destroy_pkginfo(pkg_handle);
}
- pkgmgrinfo_pkginfo_destroy_pkginfo(pkg_handle);
}
// datetime
date = timestamp->tv_sec;
// add access log
- int ret = PrivacyGuardDb::getInstance()->PgAddPrivacyAccessLogForCynara(userId, packageId, privacyId, date);
+ PG_LOGD("Insert [%s, %s] to DB.", pkg_name, privacyId.c_str());
+ int ret = PrivacyGuardDb::getInstance()->PgAddPrivacyAccessLogForCynara(user_id, pkg_name, privacyId, date);
if(ret != PRIV_GUARD_ERROR_SUCCESS){
- PG_LOGE("Failed to add access log to DB. UserID:[%d], PackageID:[%s], Privacy:[%s]", userId, packageId.c_str(), privacyId.c_str());
+ PG_LOGE("Failed to add access log to DB. UserID:[%d], PackageID:[%s], Privacy:[%s]", user_id, pkg_name, privacyId.c_str());
+ }
+
+ // deallocation
+ if (pkg_name) {
+ //PG_LOGD("freeing a pkg_name: [%s].", pkg_name);
+ free(pkg_name);
+ }
+ if (app_name) {
+ //PG_LOGD("freeing an app_name: [%s].", app_name);
+ free(app_name);
}
}
++entryIter;