For testing, build package and install tc-privilege-checker.*.rpm on target and run /usr/bin/tc-privilege-black-list on target shell
Change-Id: Ia7a931a7325a3cce8e039b52be67e187c8dfde44
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
SET(INC_DIR include)
INCLUDE_DIRECTORIES(
- "${INC_DIR}"
- )
+ "${INC_DIR}"
+)
SET(pc_requires "glib-2.0")
INCLUDE(FindPkgConfig)
pkg_check_modules(${fw_name} REQUIRED dlog pkgmgr-info glib-2.0)
FOREACH(flag ${${fw_name}_CFLAGS})
- SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
+ SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
ENDFOREACH(flag)
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} -fPIC")
SET(CMAKE_C_FLAGS_DEBUG "-O0 -g")
IF("${ARCH}" STREQUAL "arm")
- ADD_DEFINITIONS("-DTARGET")
+ ADD_DEFINITIONS("-DTARGET")
ENDIF("${ARCH}" STREQUAL "arm")
ADD_DEFINITIONS("-DPREFIX=\"${CMAKE_INSTALL_PREFIX}\"")
ADD_DEFINITIONS("-DSLP_DEBUG")
MESSAGE("PROFILE_TYPE = ${PROFILE_TYPE}")
IF("${PROFILE_TYPE}" STREQUAL "WEARABLE")
- ADD_DEFINITIONS("-DPROFILE_TYPE_WEARABLE")
+ ADD_DEFINITIONS("-DPROFILE_TYPE_WEARABLE")
ELSEIF("${PROFILE_TYPE}" STREQUAL "MOBILE")
- ADD_DEFINITIONS("-DPROFILE_TYPE_MOBILE")
+ ADD_DEFINITIONS("-DPROFILE_TYPE_MOBILE")
ELSEIF("${PROFILE_TYPE}" STREQUAL "TV")
- ADD_DEFINITIONS("-DPROFILE_TYPE_TV")
+ ADD_DEFINITIONS("-DPROFILE_TYPE_TV")
ENDIF()
SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed -Wl,--rpath=${LIBDIR}")
TARGET_LINK_LIBRARIES(${fw_name} ${${fw_name}_LDFLAGS})
-SET_TARGET_PROPERTIES(${fw_name}
- PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION}
- CLEAN_DIRECT_OUTPUT 1
+SET_TARGET_PROPERTIES(${fw_name}
+ PROPERTIES
+ SOVERSION ${API_VERSION}
+ VERSION ${VERSION}
+ CLEAN_DIRECT_OUTPUT 1
)
INSTALL(TARGETS ${fw_name} DESTINATION ${LIBDIR})
INSTALL(
- DIRECTORY ${INC_DIR}/ DESTINATION ${INCLUDEDIR}/privilegemgr
- FILES_MATCHING
- PATTERN "*_private.h" EXCLUDE
- PATTERN "${INC_DIR}/*.h"
- )
+ DIRECTORY ${INC_DIR}/ DESTINATION ${INCLUDEDIR}/privilegemgr
+ FILES_MATCHING
+ PATTERN "*_private.h" EXCLUDE
+ PATTERN "${INC_DIR}/*.h"
+)
SET(PC_NAME ${fw_name})
SET(PC_REQUIRED ${pc_requires})
ADD_CUSTOM_TARGET (distclean @echo cleaning for source distribution)
ADD_CUSTOM_COMMAND(
- DEPENDS clean
- COMMENT "distribution clean"
- COMMAND find
- ARGS .
- -not -name config.cmake -and \(
- -name tester.c -or
- -name Testing -or
- -name CMakeFiles -or
- -name cmake.depends -or
- -name cmake.check_depends -or
- -name CMakeCache.txt -or
- -name cmake.check_cache -or
- -name *.cmake -or
- -name Makefile -or
- -name core -or
- -name core.* -or
- -name gmon.out -or
- -name install_manifest.txt -or
- -name *.pc -or
- -name *~ \)
- | grep -v TC | xargs rm -rf
- TARGET distclean
- VERBATIM
+ DEPENDS clean
+ COMMENT "distribution clean"
+ COMMAND find
+ ARGS .
+ -not -name config.cmake -and \(
+ -name tester.c -or
+ -name Testing -or
+ -name CMakeFiles -or
+ -name cmake.depends -or
+ -name cmake.check_depends -or
+ -name CMakeCache.txt -or
+ -name cmake.check_cache -or
+ -name *.cmake -or
+ -name Makefile -or
+ -name core -or
+ -name core.* -or
+ -name gmon.out -or
+ -name install_manifest.txt -or
+ -name *.pc -or
+ -name *~ \)
+ | grep -v TC | xargs rm -rf
+ TARGET distclean
+ VERBATIM
)
ENDIF(UNIX)
-
+SET(PRIVILEGE_DB_DIR "${DATADIR}/privilege-manager")
+ADD_DEFINITIONS(-DPRIVILEGE_INFO_CORE_DB_PATH="${PRIVILEGE_DB_DIR}/.core_privilege_info.db")
+ADD_DEFINITIONS(-DPRIVILEGE_INFO_WRT_DB_PATH="${PRIVILEGE_DB_DIR}/.wrt_privilege_info.db")
+ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_CORE_DB_PATH="${PRIVILEGE_DB_DIR}/.core_privilege_mapping.db")
+ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_WRT_DB_PATH="${PRIVILEGE_DB_DIR}/.wrt_privilege_mapping.db")
+ADD_DEFINITIONS(-DPRIVILEGE_POLICY_DB_PATH="${PRIVILEGE_DB_DIR}/.policy.db")
SET(ROOT_DIR ${CMAKE_SOURCE_DIR}/cmake_build_tmp/output)
SET(LOCALE_ROOT_PATH "${ROOT_DIR}/target/generic/root/usr/share/locale")
FILE(GLOB _pofiles res/string/*.po)
FOREACH(_file ${_pofiles})
- GET_FILENAME_COMPONENT(_in ${_file} ABSOLUTE)
- GET_FILENAME_COMPONENT(_basename ${_file} NAME_WE)
+ GET_FILENAME_COMPONENT(_in ${_file} ABSOLUTE)
+ GET_FILENAME_COMPONENT(_basename ${_file} NAME_WE)
- SET(_out "${LOCALE_ROOT_PATH}/${_basename}/LC_MESSAGES/privilege.mo")
+ SET(_out "${LOCALE_ROOT_PATH}/${_basename}/LC_MESSAGES/privilege.mo")
- ADD_CUSTOM_COMMAND(
- OUTPUT ${_out}
- COMMENT "Generating ${_out}"
- COMMAND mkdir -p ${LOCALE_ROOT_PATH}/${_basename}/LC_MESSAGES
- COMMAND msgfmt -o ${_out} ${_in}
- DEPENDS ${_in}
- )
+ ADD_CUSTOM_COMMAND(
+ OUTPUT ${_out}
+ COMMENT "Generating ${_out}"
+ COMMAND mkdir -p ${LOCALE_ROOT_PATH}/${_basename}/LC_MESSAGES
+ COMMAND msgfmt -o ${_out} ${_in}
+ DEPENDS ${_in}
+ )
- SET(mo_files ${mo_files} ${_out})
+ SET(mo_files ${mo_files} ${_out})
ENDFOREACH(_file ${_pofiles})
} privilege_info_db_row_s;
typedef enum {
- PRIVILEGE_DB_MANAGER_ERR_NONE = 0,
- PRIVILEGE_DB_NO_EXIST_RESULT = 1,
- PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL = 2,
- PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY = 3,
- PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY = 4,
+ PRIVILEGE_DB_MANAGER_ERR_NONE = 0,
+ PRIVILEGE_DB_NO_EXIST_RESULT = 1,
+ PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL = 2,
+ PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY = 3,
+ PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY = 4,
+ PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE = 5,
+ PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL = 6,
+ PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL = 7,
+ PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL = 8,
+ PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL = 9,
} privilege_db_manager_error_e;
typedef enum {
- PRIVILEGE_DB_MANAGER_PRIVILEGE_LEVEL_PUBLIC = 0,
+ PRIVILEGE_DB_MANAGER_PRIVILEGE_LEVEL_PUBLIC = 0,
PRIVILEGE_DB_MANAGER_PRIVILEGE_LEVEL_PARTNER = 1,
PRIVILEGE_DB_MANAGER_PRIVILEGE_LEVEL_PLATFORM = 2
} privilege_db_manager_privilege_level_e;
typedef enum {
- PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_WRT = 0,
- PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE = 1
+ PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_WRT = 0,
+ PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE = 1
} privilege_db_manager_package_type_e;
#ifdef __cplusplus
int privilege_db_manager_get_privilege_group_display(privilege_db_manager_package_type_e package_type, const char* privilege_name, const char* api_version, int* privilege_group_number);
int __privilege_db_manager_is_privacy(const char* privilege);
-
int __privilege_db_manager_get_privacy_list(GList** privacy_list);
-
int __privilege_db_manager_get_privilege_list_by_privacy(const char* privacy, GList **privilege_list);
+int privilege_db_manager_get_black_list(int uid, privilege_db_manager_package_type_e package_type, GList** privilege_list);
+int privilege_db_manager_set_black_list(int uid, privilege_db_manager_package_type_e pacakge_type, GList *privilege_list);
+int privilege_db_manager_unset_black_list(int uid, privilege_db_manager_package_type_e package_type, GList *privilege_list);
+
+int privilege_db_manager_check_black_list(int uid, privilege_db_manager_package_type_e pacakge_type, GList *privilege_list);
+
#ifdef __cplusplus
}
#endif
#define __TIZEN_SECURITY_PRIVILEGE_INFO_H
#include <glib.h>
+#include "privilege_manager.h"
#ifndef EXPORT_API
#define EXPORT_API __attribute__((__visibility__("default")))
#endif
/**
- * @brief Enumerations of error code for Privilege Information.
- */
-typedef enum {
- PRVMGR_ERR_NONE = 0,
- PRVMGR_ERR_INVALID_PARAMETER = 1,
- PRVMGR_ERR_OUT_OF_MEMORY = 2,
- PRVMGR_ERR_INTERNAL_ERROR = 3,
- PRVMGR_ERR_NO_DATA = 4,
- PRVMGR_ERR_NO_EXIST_PRIVILEGE = 5,
- PRVMGR_ERR_MISMACHED_PRIVILEGE_LEVEL = 6,
- PRVMGR_ERR_INVALID_PRIVILEGE = 7,
- PRVMGR_ERR_DEPRECATED_PRIVILEGE = 8,
-} privilege_manager_error_e;
-
-/**
* @brief Called to get a privilege group once for specific package.
* @param[in] privilege_group The privilege group
* @param[in] user_data The user data passed from the foreach function
*/
EXPORT_API int privilege_info_get_privilege_list_by_privacy(const char *privacy, GList **privilege_list);
+/**
+ * @brief Gets the list of privilges marked as black list.
+ * @remarks @a privilege_list must be released with g_list_free() by you.
+ * @param [in] uid The UID
+ * @param [in] package_type The privilege_manager_package_type_e
+ * @param [out] privilege_list The list for privileges marked as black list
+ * @return 0 on success, otherwise a nonzero error value.
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ */
+EXPORT_API int privilege_info_get_black_list(int uid, privilege_manager_package_type_e package_type, GList **privilege_list);
+
#ifdef __cplusplus
}
#endif
#endif
#include <glib.h>
-#include "privilege_info.h"
#ifdef __cplusplus
extern "C" {
#endif
+/**
+ * @brief Enumerations of error code for Privilege Manager
+ */
+typedef enum {
+ PRVMGR_ERR_NONE = 0,
+ PRVMGR_ERR_INVALID_PARAMETER = 1,
+ PRVMGR_ERR_OUT_OF_MEMORY = 2,
+ PRVMGR_ERR_INTERNAL_ERROR = 3,
+ PRVMGR_ERR_NO_DATA = 4,
+ PRVMGR_ERR_NO_EXIST_PRIVILEGE = 5,
+ PRVMGR_ERR_MISMACHED_PRIVILEGE_LEVEL = 6,
+ PRVMGR_ERR_INVALID_PRIVILEGE = 7,
+ PRVMGR_ERR_DEPRECATED_PRIVILEGE = 8,
+ PRVMGR_ERR_USING_BANNED_PRIVILEGE = 9,
+} privilege_manager_error_e;
typedef enum {
- PRVMGR_PACKAGE_VISIBILITY_PUBLIC = 1 << 1,
- PRVMGR_PACKAGE_VISIBILITY_PARTNER = 1 << 2,
- PRVMGR_PACKAGE_VISIBILITY_PLATFORM = 1 << 3,
+ PRVMGR_PACKAGE_VISIBILITY_PUBLIC = 1 << 1,
+ PRVMGR_PACKAGE_VISIBILITY_PARTNER = 1 << 2,
+ PRVMGR_PACKAGE_VISIBILITY_PLATFORM = 1 << 3,
} privilege_manager_visibility_e;
typedef enum {
- PRVMGR_PACKAGE_TYPE_WRT = 0,
+ PRVMGR_PACKAGE_TYPE_WRT = 0,
PRVMGR_PACKAGE_TYPE_CORE = 1,
} privilege_manager_package_type_e;
-
/**
* @brief verify privilege in the privilege list by checking its name and level at given api version.
- * @remarks @a privilege_list must be released with free()by you.
- * @remarks @a error_message must be released with free()by you.
+ * @remarks @a privilege_list must be released with g_list_free() by you.
+ * @remarks @a error_message must be released with g_list_free() by you.
* @param [in] api_version The api version of the application
* @param [in] privilege_manager_package_type_e The privilege_manager_package_type_e
* @param [in] privilege_list The privilege_list
* @param [in] privilege_manager_visibility_e The privilege_manager_visibility_e
* @param [out] error_message The error_message's value is assigned when the return value isn't PRVMGR_ERR_NONE, otherwise null is assigned.
- * @return 0 on success, otherwise a negative error value.
+ * @return 0 on success, otherwise a nonzero error value.
* @retval #PRVMGR_ERR_NONE Successful
* @retval #PRVMGR_ERR_OUT_OF_MEMORY Out of memory
* @retvak #PRVMGR_ERR_INVALID_PRIVILEGE The privilege_list contains invalid privilege(s).
*/
EXPORT_API int privilege_manager_verify_privilege(const char* api_version, privilege_manager_package_type_e package_type, GList* privilege_list, privilege_manager_visibility_e visibility, char **error_message);
-
/**
* @brief get mapped privilege list of input privilege list according to the given package type, api version, and profile.
- * @remarks @a privilege_list must be released with free()by you.
- * @remarks @a mapped_privilege_list must be released with free()by you.
+ * @remarks @a privilege_list must be released with g_list_free() by you.
+ * @remarks @a mapped_privilege_list must be released with g_list_free() by you.
* @param [in] api_version The api version of the application
* @param [in] privilege_manager_package_type_e The privilege_manager_package_type_e
* @param [in] privilege_list The privilege_list
* @param [out] mapped_privilege_list The mapped_privilege_list is assigned when privileges mapped to the given privilege list are exist. Else, mapped_privilege_list is NULL. Mapped privileges are listed according to the given the privilege_list, package_type, api_version, and profile.
- * @return 0 on success, otherwise a negative error value.
+ * @return 0 on success, otherwise a nonzero error value.
* @retval #PRVMGR_ERR_NONE Successful
* @retval #PRVMGR_ERR_OUT_OF_MEMORY Out of memory
* @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
*/
EXPORT_API int privilege_manager_get_mapped_privilege_list(const char* api_version, privilege_manager_package_type_e package_type, GList* privilege_list, GList** mapped_privilege_list);
+/**
+ * @brief set privilege black list accoring to the given uid and privilege list
+ * @remarks @a privilege_list must be released by you
+ * @param [in] uid The uid
+ * @param [in] package_type The privilege_manager_pacakge_type_e
+ * @param [in] privilege_list The privilege list to set as black list
+ * @retrun 0 on success, otherwise a nonzero error value
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_manager_set_black_list(int uid, privilege_manager_package_type_e package_type, GList* privilege_list);
+
+/**
+ * @brief unset privilege black list accoring to the given uid and privilege list
+ * @remarks @a privilege_list must be released by you
+ * @param [in] uid The uid
+ * @param [in] package_type The privilege_manager_pacakge_type_e
+ * @param [in] privilege_list The privilege list to unset from black list
+ * @retrun 0 on success, otherwise a nonzero error value
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_manager_unset_black_list(int uid, privilege_manager_package_type_e package_type, GList* privilege_list);
#ifdef __cplusplus
}
SET(WRT_PRIVILEGE_DB ".wrt_privilege_info.db")
SET(CORE_PRIVILEGE_MAPPING_DB ".core_privilege_mapping.db")
SET(WRT_PRIVILEGE_MAPPING_DB ".wrt_privilege_mapping.db")
+SET(POLICY_DB ".policy.db")
IF("${PROFILE_TYPE}" STREQUAL "WEARABLE")
SET(_profile "wearable")
IF("${_profile}" STREQUAL "tv")
ADD_CUSTOM_COMMAND(
- OUTPUT ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB}
- COMMAND ./tv_core_db_generator.sh && ./tv_wrt_db_generator.sh && ./tv_core_mapping_db_generator.sh && ./tv_wrt_mapping_db_generator.sh
+ OUTPUT ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB}
+ COMMAND ./tv_core_db_generator.sh && ./tv_wrt_db_generator.sh && ./tv_core_mapping_db_generator.sh && ./tv_wrt_mapping_db_generator.sh && ./policy_db_generator.sh
)
ELSE()
ADD_CUSTOM_COMMAND(
- OUTPUT ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB}
- COMMAND ./core_db_generator.sh ${_profile} && ./wrt_db_generator.sh ${_profile} && ./core_mapping_db_generator.sh ${_profile} && ./wrt_mapping_db_generator.sh ${_profile}
+ OUTPUT ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB}
+ COMMAND ./core_db_generator.sh ${_profile} && ./wrt_db_generator.sh ${_profile} && ./core_mapping_db_generator.sh ${_profile} && ./wrt_mapping_db_generator.sh ${_profile} && ./policy_db_generator.sh
)
ENDIF()
-ADD_CUSTOM_TARGET(privilege-db ALL DEPENDS ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB})
-
-INSTALL(FILES ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} DESTINATION ${DATADIR}/privilege-manager/)
+ADD_CUSTOM_TARGET(privilege-db ALL DEPENDS ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB})
+
+INSTALL(FILES ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB} ${POLICY_DB}-journal DESTINATION ${DATADIR}/privilege-manager/)
#include <dlog.h>
#include <stdio.h>
#include <stdlib.h>
-#define PRIVILEGE_INFO_CORE_DB_PATH "/usr/share/privilege-manager/.core_privilege_info.db"
-#define PRIVILEGE_INFO_WRT_DB_PATH "/usr/share/privilege-manager/.wrt_privilege_info.db"
-#define PRIVILEGE_MAPPING_CORE_DB_PATH "/usr/share/privilege-manager/.core_privilege_mapping.db"
-#define PRIVILEGE_MAPPING_WRT_DB_PATH "/usr/share/privilege-manager/.wrt_privilege_mapping.db"
-
#ifdef LOG_TAG
#undef LOG_TAG
#define LOG_TAG "PRIVILEGE_DB_MANAGER"
return returnValue; \
}
-int __initialize_db(sqlite3 ** db, privilege_db_manager_package_type_e package_type)
+int __initialize_db(char type, sqlite3 ** db, privilege_db_manager_package_type_e package_type)
{
char *db_path = NULL;
+ int db_mode = SQLITE_OPEN_READONLY;
- if (package_type == PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE)
- db_path = PRIVILEGE_INFO_CORE_DB_PATH;
- else
- db_path = PRIVILEGE_INFO_WRT_DB_PATH;
-
- int ret = sqlite3_open_v2(db_path, db, SQLITE_OPEN_READONLY, NULL);
+ switch (type) {
+ case 'i':
+ if (package_type == PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE)
+ db_path = PRIVILEGE_INFO_CORE_DB_PATH;
+ else
+ db_path = PRIVILEGE_INFO_WRT_DB_PATH;
+ break;
+ case 'm':
+ if (package_type == PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE)
+ db_path = PRIVILEGE_MAPPING_CORE_DB_PATH;
+ else
+ db_path = PRIVILEGE_MAPPING_WRT_DB_PATH;
+ break;
+ case 'u':
+ db_mode = SQLITE_OPEN_READWRITE;
+ case 'p':
+ db_path = PRIVILEGE_POLICY_DB_PATH;
+ break;
+ default:
+ LOGE("Undefined db initialize mode!");
+ return PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE;
+ }
+ LOGD("DB PATH = %s", db_path);
+ int ret = sqlite3_open_v2(db_path, db, db_mode, NULL);
if (ret != SQLITE_OK) {
LOGE("[DB_FAIL] Can't open database %s : %s", db_path, sqlite3_errmsg(*db));
sqlite3_close(*db);
return PRIVILEGE_DB_MANAGER_ERR_NONE;
}
-int __initialize_mapping_db(sqlite3 ** db, privilege_db_manager_package_type_e package_type)
+void __finalize_db(sqlite3 * db, sqlite3_stmt * stmt)
{
- char *db_path = NULL;
+ if (stmt != NULL)
+ sqlite3_finalize(stmt);
- if (package_type == PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE)
- db_path = PRIVILEGE_MAPPING_CORE_DB_PATH;
- else
- db_path = PRIVILEGE_MAPPING_WRT_DB_PATH;
+ if (db != NULL)
+ sqlite3_close(db);
+}
- int ret = sqlite3_open_v2(db_path, db, SQLITE_OPEN_READONLY, NULL);
- if (ret != SQLITE_OK) {
- LOGE("[DB_FAIL] Can't open database %s : %s", db_path, sqlite3_errmsg(*db));
- sqlite3_close(*db);
- return PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL;
+int __make_privilege_list_str(GList *privilege_list, char** privilege_list_str)
+{
+ GList *l;
+ char* temp_privilege_list_str = NULL;
+ for (l = privilege_list; l != NULL; l = l->next) {
+ char *privilege_name = (char *)l->data;
+ if (temp_privilege_list_str == NULL) {
+ size_t size = snprintf(0, 0, "'%s'", privilege_name) + 1;
+ temp_privilege_list_str = (char *)malloc(size * sizeof(char));
+ TryReturn(temp_privilege_list_str != NULL, , PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_list_str's malloc is failed.");
+ snprintf(temp_privilege_list_str, size, "'%s'", privilege_name);
+ } else {
+ size_t new_size = snprintf(0, 0, "%s, '%s'", temp_privilege_list_str, privilege_name) + 1;
+ temp_privilege_list_str = realloc(temp_privilege_list_str, new_size * sizeof(char));
+ TryReturn(temp_privilege_list_str != NULL, free(temp_privilege_list_str), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_list_str's realloc is failed.");
+ strncat(temp_privilege_list_str, ", '", strlen(", '"));
+ strncat(temp_privilege_list_str, privilege_name, strlen(privilege_name));
+ strncat(temp_privilege_list_str, "'", strlen("'"));
+ }
}
- return PRIVILEGE_DB_MANAGER_ERR_NONE;
+ *privilege_list_str = temp_privilege_list_str;
+ return 0;
}
-void __finalize_db(sqlite3 * db, sqlite3_stmt * stmt)
+int __get_db_error(int ret)
{
- if (stmt != NULL)
- sqlite3_finalize(stmt);
+ LOGE("[PRIVILEGE_DB_MANAGER_ERR_DB_FAIL] %s", sqlite3_errstr(ret));
+ switch (ret) {
+ case SQLITE_BUSY:
+ ret = PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL;
+ break;
+ case SQLITE_CONSTRAINT:
+ ret = PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL;
+ break;
+ case SQLITE_FULL:
+ ret = PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL;
+ break;
+ default:
+ ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
+ }
- if (db != NULL)
+ return ret;
+}
+
+int privilege_db_manager_check_black_list(int uid, privilege_db_manager_package_type_e package_type, GList* privilege_list)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = 0;
+ int count = 0;
+
+ ret = __initialize_db('p', &db, package_type);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+
+ char *privilege_list_str = NULL;
+ ret = __make_privilege_list_str(privilege_list, &privilege_list_str);
+ LOGD("check black list with uid = %d, package_type = %d, privilege_list = %s", uid, package_type, privilege_list_str);
+ char *sql = sqlite3_mprintf("select distinct privilege_name from black_list where privilege_name in(%s)and uid=%d and package_type=%d", privilege_list_str, uid, package_type);
+
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ if (ret != SQLITE_OK) {
+ LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
sqlite3_close(db);
+ return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
+ }
+
+ do {
+ ret = sqlite3_step(stmt);
+ if (ret == SQLITE_ROW)
+ ++count;
+ } while (ret == SQLITE_ROW);
+
+ if (count > 0)
+ LOGE("Privilege list contains banned privileges!");
+
+ __finalize_db(db, stmt);
+ return count;
}
+
int privilege_db_manager_get_privilege_list(const char *api_version, privilege_db_manager_package_type_e package_type, GList ** privilege_list)
{
sqlite3 *db = NULL;
}
TryReturn(changed_to_version != NULL, , PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_name's strdup is failed.");
- ret = __initialize_db(&db, package_type);
+ ret = __initialize_db('i', &db, package_type);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
return ret;
sqlite3_stmt *stmt = NULL;
int ret;
- ret = __initialize_mapping_db(&db, package_type);
+ ret = __initialize_db('m', &db, package_type);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
return ret;
GList *temp_privilege_list = NULL;
char *privilege_list_str = NULL;
- GList *l;
- for (l = privilege_list; l != NULL; l = l->next) {
- char *privilege_name = (char *)l->data;
- if (privilege_list_str == NULL) {
- size_t size = snprintf(0, 0, "'%s'", privilege_name) + 1;
- privilege_list_str = (char *)malloc(size * sizeof(char));
- TryReturn(privilege_list_str != NULL, , PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_list_str's malloc is failed.");
- snprintf(privilege_list_str, size, "'%s'", privilege_name);
- LOGD("privilege_list_str = %s", privilege_list_str);
- } else {
- size_t new_size = snprintf(0, 0, "%s, '%s'", privilege_list_str, privilege_name) + 1;
- privilege_list_str = realloc(privilege_list_str, new_size * sizeof(char));
- TryReturn(privilege_list_str != NULL, free(privilege_list_str), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_list_str's realloc is failed.");
- strncat(privilege_list_str, ", '", strlen(", '"));
- strncat(privilege_list_str, privilege_name, strlen(privilege_name));
- strncat(privilege_list_str, "'", strlen("'"));
- LOGD("privilege_list_str = %s", privilege_list_str);
- }
- }
+ ret = __make_privilege_list_str(privilege_list, &privilege_list_str);
+ TryReturn(ret == 0 && privilege_list_str != NULL, , PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] making privilege_list_str for where in query is failed.");
char *sql = sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where privilege_name in(%s)and(profile_id=%d or profile_id=%d)and from_api_version<=%Q and to_api_version>%Q", privilege_list_str, PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, api_version, api_version);
free(privilege_list_str);
sqlite3 *db = NULL;
sqlite3_stmt *stmt = NULL;
int ret;
- ret = __initialize_db(&db, package_type);
+ ret = __initialize_db('i', &db, package_type);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
return ret;
sqlite3 *db = NULL;
sqlite3_stmt *stmt = NULL;
int ret;
- ret = __initialize_db(&db, package_type);
+ ret = __initialize_db('i', &db, package_type);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
return ret;
sqlite3 *db = NULL;
sqlite3_stmt *stmt = NULL;
int ret;
- ret = __initialize_db(&db, package_type);
+ ret = __initialize_db('i', &db, package_type);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
return ret;
{
sqlite3 *db = NULL;
sqlite3_stmt *stmt = NULL;
- int ret = __initialize_db(&db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE);
+ int ret = __initialize_db('i', &db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
return -1;
{
sqlite3 *db = NULL;
sqlite3_stmt *stmt = NULL;
- int ret = __initialize_db(&db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE);
+ int ret = __initialize_db('i', &db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
return ret;
{
sqlite3 *db = NULL;
sqlite3_stmt *stmt = NULL;
- int ret = __initialize_db(&db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE);
+ int ret = __initialize_db('i', &db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
return ret;
char *sql = sqlite3_mprintf("select distinct privilege_name from privilege_info where is_privacy=1 and privacy_group=%Q", privacy);
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
if (ret != SQLITE_OK) {
LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
sqlite3_close(db);
return PRIVILEGE_DB_MANAGER_ERR_NONE;
}
+
+int privilege_db_manager_get_black_list(int uid, privilege_db_manager_package_type_e package_type, GList **privilege_list)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db('p', &db, package_type);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+ LOGD("Get privilege_name from black_list where uid = %d, package_type = %d", uid, package_type);
+ char* sql = sqlite3_mprintf("select privilege_name from black_list where uid=%d and package_type=%d", uid, package_type);
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ if (ret != SQLITE_OK) {
+ LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
+ sqlite3_close(db);
+ return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
+ }
+
+ GList *temp_privilege_list = NULL;
+ do {
+ ret = sqlite3_step(stmt);
+ if (ret == SQLITE_ROW) {
+ char *privilege_name = strdup((char *)sqlite3_column_text(stmt, 0));
+ LOGE("privilege name: %s", privilege_name);
+ temp_privilege_list = g_list_append(temp_privilege_list, privilege_name);
+ } else if (ret != SQLITE_DONE) {
+ LOGE("ret = %d", ret);
+ }
+ } while (ret == SQLITE_ROW);
+
+ *privilege_list = temp_privilege_list;
+
+ __finalize_db(db, stmt);
+
+ return PRIVILEGE_DB_MANAGER_ERR_NONE;
+}
+
+int privilege_db_manager_set_black_list(int uid, privilege_db_manager_package_type_e package_type, GList *privilege_list)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db('u', &db, package_type);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+
+ sqlite3_exec(db, "BEGIN IMMEDIATE TRANSACTION", NULL, NULL, NULL);
+ GList *l = NULL;
+ for (l = privilege_list; l != NULL; l = l->next) {
+ char *privilege_name = (char *)l->data;
+ LOGD("insert uid = %d, package_type = %d, privilege_name = %s", uid, package_type, privilege_name);
+ char* sql = sqlite3_mprintf("insert or ignore into black_list (uid, package_type, privilege_name) values (%d, %d, %Q)", uid, package_type, privilege_name);
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ if (ret != SQLITE_OK) {
+ LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
+ sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
+ sqlite3_close(db);
+ return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
+ }
+ ret = sqlite3_step(stmt);
+ if (ret != SQLITE_DONE) {
+ __get_db_error(ret);
+ sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
+ __finalize_db(db, stmt);
+ return ret;
+ }
+ }
+
+ sqlite3_exec(db, "COMMIT TRANSACTION", NULL, NULL, NULL);
+ __finalize_db(db, stmt);
+ return PRIVILEGE_DB_MANAGER_ERR_NONE;
+}
+
+int privilege_db_manager_unset_black_list(int uid, privilege_db_manager_package_type_e package_type, GList *privilege_list)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db('u', &db, package_type);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+
+ sqlite3_exec(db, "BEGIN IMMEDIATE TRANSACTION", NULL, NULL, NULL);
+ GList *l = NULL;
+ for (l = privilege_list; l != NULL; l = l->next) {
+ char *privilege_name = (char *)l->data;
+ LOGD("delete from black_list where uid = %d, package_type = %d, privilege_name = %s", uid, package_type, privilege_name);
+ char* sql = sqlite3_mprintf("delete from black_list where uid=%d and package_type=%d and privilege_name=%Q", uid, package_type, privilege_name);
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ if (ret != SQLITE_OK) {
+ LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
+ sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
+ sqlite3_close(db);
+ return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
+ }
+ ret = sqlite3_step(stmt);
+ if (ret != SQLITE_DONE) {
+ __get_db_error(ret);
+ sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
+ __finalize_db(db, stmt);
+ return ret;
+ }
+ }
+
+ sqlite3_exec(db, "COMMIT TRANSACTION", NULL, NULL, NULL);
+ __finalize_db(db, stmt);
+ return PRIVILEGE_DB_MANAGER_ERR_NONE;
+}
ret = PRVMGR_ERR_INTERNAL_ERROR;
return ret;
}
+
+
+int privilege_info_get_black_list(int uid, privilege_manager_package_type_e package_type, GList **privilege_list)
+{
+ TryReturn(package_type == PRVMGR_PACKAGE_TYPE_WRT || package_type == PRVMGR_PACKAGE_TYPE_CORE, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] package_type invalid!");
+
+ int ret = privilege_db_manager_get_black_list(uid, package_type, privilege_list);
+ if (ret == PRIVILEGE_DB_MANAGER_ERR_NONE)
+ ret = PRVMGR_ERR_NONE;
+ else
+ ret = PRVMGR_ERR_INTERNAL_ERROR;
+ return ret;
+}
#include <dlog.h>
#include <stdlib.h>
#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
#include "privilege_db_manager.h"
#include "privilege_manager.h"
free(pkg_type);
return PRVMGR_ERR_INVALID_PARAMETER;
}
+
+ /* Check black list */
+ int uid = getuid();
+ ret = privilege_db_manager_check_black_list(uid, package_type, privilege_list);
+ if (ret > 0) {
+ LOGE("[PRVMGR_ERR_USING_BANNED_PRIVILEGE] Application manifest contains banned privilege(s) declared by DPM");
+ *error_message = strdup("[PRVMGR_ERR_USING_BANNED_PRIVILEGE] Application manifest contains banned privilege(s) declared by the DPM");
+ return PRVMGR_ERR_USING_BANNED_PRIVILEGE;
+ }
+
/* Get vaild privilege list */
ret = privilege_db_manager_get_privilege_list(api_version, package_type, &vaild_privilege_list);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
TryReturn(ret == PRVMGR_ERR_NONE, , PRVMGR_ERR_INTERNAL_ERROR, "[PRVMGR_ERR_INTERNAL_ERROR] privilege_db_manager_get_mapped_privilege_list failed, ret = %d", ret);
return ret;
}
+
+int privilege_manager_set_black_list(int uid, privilege_manager_package_type_e package_type, GList *privilege_list)
+{
+ TryReturn(privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privilege_list is NULL.");
+ TryReturn(package_type == PRVMGR_PACKAGE_TYPE_WRT || package_type == PRVMGR_PACKAGE_TYPE_CORE, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] Invalid package_type = %d.", package_type);
+ int ret = privilege_db_manager_set_black_list(uid, package_type, privilege_list);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ ret = PRVMGR_ERR_INTERNAL_ERROR;
+ return ret;
+}
+
+int privilege_manager_unset_black_list(int uid, privilege_manager_package_type_e package_type, GList *privilege_list)
+{
+ TryReturn(privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privilege_list is NULL.");
+ TryReturn(package_type == PRVMGR_PACKAGE_TYPE_WRT || package_type == PRVMGR_PACKAGE_TYPE_CORE, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] Invalid package_type = %d.", package_type);
+ int ret = privilege_db_manager_unset_black_list(uid, package_type, privilege_list);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ ret = PRVMGR_ERR_INTERNAL_ERROR;
+ return ret;
+}
mkdir -p %{buildroot}%{_datadir}/license
cp LICENSE.APLv2 %{buildroot}%{_datadir}/license/privilege-checker
mkdir -p %{buildroot}%{_datadir}/privilege-manager
-#%if "%{?profile}" == "tv"
-#cp capi/res/dbspace/tv_wrt_privilege_info.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.db
-#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.db "select * from privilege_info"
-#cp capi/res/dbspace/tv_core_privilege_info.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.db
-#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.db "select * from privilege_info"
-#cp capi/res/dbspace/tv_wrt_privilege_mapping.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.db
-#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.db "select * from privilege_mapping"
-#cp capi/res/dbspace/tv_core_privilege_mapping.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.db
-#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.db "select * from privilege_mapping"
-#%else
-#cp capi/res/dbspace/core_privilege_info.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.db
-#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.db "select * from privilege_info"
-#cp capi/res/dbspace/wrt_privilege_info.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.db
-#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.db "select * from privilege_info"
-#cp capi/res/dbspace/core_privilege_mapping.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.db
-#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.db "select * from privilege_mapping"
-#cp capi/res/dbspace/wrt_privilege_mapping.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.db
-#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.db "select * from privilege_mapping"
-#%endif
%make_install
%post -p /sbin/ldconfig
#%endif
%{_datadir}/privilege-manager/.wrt_privilege_info.db
%{_datadir}/privilege-manager/.wrt_privilege_mapping.db
+%config(noreplace) %{_datadir}/privilege-manager/.policy.db
+%config(noreplace) %{_datadir}/privilege-manager/.policy.db-journal
%manifest packaging/security-privilege-manager.manifest
%files -n security-privilege-manager-devel
%{_bindir}/tc-privilege-db-manager
%{_bindir}/tc-privilege-manager
%{_bindir}/tc-privilege-info
+%{_bindir}/tc-privilege-black-list
%clean
rm -rf %{buildroot}
SET(TC1_NAME tc-privilege-db-manager)
SET(TC2_NAME tc-privilege-manager)
SET(TC3_NAME tc-privilege-info)
+SET(TC4_NAME tc-privilege-black-list)
SET(TC1_SRCS ${TC1_NAME}.c)
SET(TC2_SRCS ${TC2_NAME}.c)
SET(TC3_SRCS ${TC3_NAME}.c)
+SET(TC4_SRCS ${TC4_NAME}.c)
INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/capi/include)
ADD_EXECUTABLE(${TC1_NAME} ${TC1_SRCS})
ADD_EXECUTABLE(${TC2_NAME} ${TC2_SRCS})
ADD_EXECUTABLE(${TC3_NAME} ${TC3_SRCS})
+ADD_EXECUTABLE(${TC4_NAME} ${TC4_SRCS})
TARGET_LINK_LIBRARIES(${TC1_NAME} "security-privilege-manager")
TARGET_LINK_LIBRARIES(${TC2_NAME} "security-privilege-manager")
TARGET_LINK_LIBRARIES(${TC3_NAME} "security-privilege-manager")
+TARGET_LINK_LIBRARIES(${TC4_NAME} "security-privilege-manager")
INSTALL(TARGETS ${TC1_NAME} DESTINATION /usr/bin)
INSTALL(TARGETS ${TC2_NAME} DESTINATION /usr/bin)
INSTALL(TARGETS ${TC3_NAME} DESTINATION /usr/bin)
+INSTALL(TARGETS ${TC4_NAME} DESTINATION /usr/bin)
--- /dev/null
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <glib.h>
+#include <privilege_manager.h>
+#include <privilege_info.h>
+#include <privilege_db_manager.h>
+
+#define BRIGHTNESS 0
+#define RED 31
+#define GREEN 32
+#define YELLOW 33
+#define BLUE 34
+#define WHITE 37
+#define BG_BLACK 40
+#define ShowErrorMsg(condition, error_message, result, ...) \
+ __print_result(__get_result_string(result)); \
+ if (condition) { \
+ __print_error_message(error_message); \
+ free(error_message); \
+ error_message = NULL; \
+ }
+
+static void __change_color_to_red()
+{
+ printf("%c[%d;%dm", 0x1B, BRIGHTNESS, RED);
+}
+
+static void __change_color_to_green()
+{
+ printf("%c[%d;%dm", 0x1B, BRIGHTNESS, GREEN);
+}
+
+static void __change_color_to_yellow()
+{
+ printf("%c[%d;%dm", 0x1B, BRIGHTNESS, YELLOW);
+}
+
+static void __change_color_to_blue()
+{
+ printf("%c[%d;%dm", 0x1B, BRIGHTNESS, BLUE);
+}
+
+static void __change_color_to_origin()
+{
+ printf("%c[%dm", 0x1B, 0);
+}
+
+static void __change_to_bold_red()
+{
+ printf("%c[%dm%c[%dm", 0x1B, 1, 0x1B, RED);
+}
+
+static void __change_to_bold_yellow()
+{
+ printf("%c[%dm%c[%dm", 0x1B, 1, 0x1B, YELLOW);
+}
+
+static int fail_cnt = 0;
+static int success_cnt = 0;
+GList *privilege_list = NULL;
+
+static const char *__get_result_string(privilege_manager_error_e ret)
+{
+ if (ret == PRVMGR_ERR_NONE)
+ return "PRVMGR_ERR_NONE";
+ else if (ret == PRVMGR_ERR_INVALID_PRIVILEGE)
+ return "PRVMGR_ERR_INVALID_PRIVILEGE";
+ else if (ret == PRVMGR_ERR_INVALID_PARAMETER)
+ return "PRVMGR_ERR_INVALID_PARAMETER";
+ else if (ret == PRVMGR_ERR_INTERNAL_ERROR)
+ return "PRVMGR_ERR_INTERNAL_ERROR";
+ else if (ret == PRVMGR_ERR_USING_BANNED_PRIVILEGE)
+ return "PRVMGR_ERR_USING_BANNED_PRIVILEGE";
+
+ return "FAIL";
+}
+
+static void __print_error_message(char *error_message)
+{
+ char *token = NULL;
+ char *temp = strdup(error_message);
+ char *save = NULL;
+
+ char err_type[256] = { 0, };
+
+ if (strstr(error_message, "DEPRECATED") != NULL)
+ strncat(err_type, "PRVMGR_ERR_DEPRECATED_PRIVILEGE ", strlen("PRVMGR_ERR_DEPRECATED_PRIVILEGE "));
+
+ if (strstr(error_message, "NO_EXIST") != NULL)
+ strncat(err_type, "PRVMGR_ERR_NO_EXIST_PRIVILEGE ", strlen("PRVMGR_ERR_NO_EXIST_PRIVILEGE "));
+
+ if (strstr(error_message, "MISMATCHED") != NULL)
+ strncat(err_type, "PRVMGR_ERR_MISMACHED_PRIVILEGE_LEVEL ", strlen("PRVMGR_ERR_MISMACHED_PRIVILEGE_LEVEL "));
+
+ if (strstr(error_message, "INVALID_PARAMETER") != NULL)
+ strncat(err_type, "PRVMGR_ERR_INVALID_PARAMETER ", strlen("PRVMGR_ERR_INVALID_PARAMETER "));
+
+ if (strstr(error_message, "BANNED") != NULL)
+ strncat(err_type, "PRVMGR_ERR_USING_BANNED_PRIVILEGE ", strlen("PRVMGR_ERR_USING_BANNED_PRIVILEGE "));
+
+ if (strlen(err_type) == 0) {
+ fail_cnt++;
+ strncat(err_type, "test failed - unknown error type", strlen("test failed - unknown error type "));
+ __change_color_to_red();
+ } else {
+ __change_color_to_blue();
+ }
+ printf("Error Message : %s\n", err_type);
+ __change_color_to_origin();
+
+ token = strtok_r(temp, "|", &save);
+ while (token) {
+ printf("%s\n", token);
+ token = strtok_r(NULL, "|", &save);
+ }
+ printf("\n");
+ free(temp);
+}
+
+typedef enum {
+ goal = 1,
+ pkg_type = 4,
+ expect = 5
+} tcinfo_type_e;
+
+static void __tcinfo(tcinfo_type_e type, char *input_string, ...)
+{
+ switch (type) {
+ case goal:
+ __change_color_to_yellow();
+ printf("TEST >> %s\n\n", input_string);
+ __change_color_to_origin();
+ break;
+ case pkg_type:
+ printf("PACKAGE TYPE : %s\n", input_string);
+ break;
+ case expect:
+ printf("- expected result : %s\n", input_string);
+ break;
+ default:
+ printf("no matching enum for input\n");
+ }
+}
+
+static void __privinfo(char *name)
+{
+ printf("%s", name);
+ privilege_list = g_list_append(privilege_list, name);
+ printf("\n");
+}
+
+static void __print_result(const char *input_string)
+{
+ printf("- achieved result : %s\n\n", input_string);
+}
+
+static void __print_line()
+{
+ printf("-------------------------------------------------------------------\n");
+}
+
+static void __print_dline()
+{
+ printf("===================================================================\n");
+}
+
+static void __print_privilege_list(GList * privilege_list)
+{
+ GList *l;
+ printf("Print privilege list: \n");
+ for (l = privilege_list; l != NULL; l = l->next) {
+ char *privilege_name = (char *)l->data;
+ printf("%s\n", privilege_name);
+ }
+}
+
+static void __check_verify_result(privilege_manager_error_e expected_result, privilege_manager_error_e result)
+{
+ if (expected_result != result) {
+ __change_to_bold_red();
+ printf(">> test fail\n");
+ fail_cnt++;
+ } else {
+ __change_color_to_green();
+ printf(">> test success\n");
+ success_cnt++;
+ }
+ __change_color_to_origin();
+}
+
+
+static void __test_black_list_set_unset()
+{
+ int ret = 0;
+ GList *black_list;
+
+ __change_to_bold_yellow();
+ printf("\nTest black list set/unset/get\n\n");
+ __change_color_to_origin();
+
+ __tcinfo(goal, "uid = 0, Get wrt black list");
+ ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list);
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_privilege_list(black_list);
+ __print_line();
+ g_list_free(black_list);
+ black_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Add wrt privileges");
+ __privinfo("http://tizen.org/privilege/filesystem.read");
+ __privinfo("http://tizen.org/privilege/account.read");
+ __privinfo("http://tizen.org/privilege/internet");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_manager_set_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_line();
+ g_list_free(privilege_list);
+ privilege_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Get wrt black list");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_privilege_list(black_list);
+ __print_line();
+ g_list_free(black_list);
+ black_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Add wrt privileges -- Add duplicated privileges");
+ __privinfo("http://tizen.org/privilege/filesystem.read");
+ __privinfo("http://tizen.org/privilege/account.read");
+ __privinfo("http://tizen.org/privilege/internet");
+ __privinfo("http://tizen.org/privilege/mediacapture");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_manager_set_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_line();
+ g_list_free(privilege_list);
+ privilege_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Get wrt black list");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_privilege_list(black_list);
+ __print_line();
+ g_list_free(black_list);
+ black_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Remove wrt privileges");
+ __privinfo("http://tizen.org/privilege/filesystem.read");
+ __privinfo("http://tizen.org/privilege/account.read");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_manager_unset_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_line();
+ g_list_free(privilege_list);
+ privilege_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Get wrt black list");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_privilege_list(black_list);
+ __print_line();
+ g_list_free(black_list);
+ black_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Remove wrt privileges -- Try to remove already removed privileges");
+ __privinfo("http://tizen.org/privilege/filesystem.read");
+ __privinfo("http://tizen.org/privilege/account.read");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_manager_unset_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_line();
+ g_list_free(privilege_list);
+ privilege_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Get wrt black list");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_privilege_list(black_list);
+ __print_line();
+ g_list_free(black_list);
+ black_list = NULL;
+
+}
+
+
+static void __test_black_list_check()
+{
+ GList *black_list = NULL;
+ int ret = 0;
+
+ __change_to_bold_yellow();
+ printf("\nTest privilege list with banned privilege\n\n");
+ __change_color_to_origin();
+
+ __tcinfo(goal, "uid = 0, Get wrt black list");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_privilege_list(black_list);
+ __print_line();
+ g_list_free(black_list);
+ black_list = NULL;
+
+ __tcinfo(goal, "uid = 0, contains banned privilege");
+ __privinfo("http://tizen.org/privilege/mediacapture");
+ __privinfo("http://tizen.org/privilege/internet");
+ __privinfo("http://tizen.org/privilege/telephony");
+ __tcinfo(expect, "PRVMGR_ERR_USING_BANNED_PRIVILEGE");
+ ret = privilege_db_manager_check_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list);
+ if (ret > 0)
+ ret = PRVMGR_ERR_USING_BANNED_PRIVILEGE;
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_USING_BANNED_PRIVILEGE, ret);
+ __print_line();
+ g_list_free(privilege_list);
+ privilege_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Not contains banned privilege");
+ __privinfo("http://tizen.org/privilege/account.write");
+ __privinfo("http://tizen.org/privilege/mediacontroller.client");
+ __privinfo("http://tizen.org/privilege/telephony");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_db_manager_check_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list);
+ if (ret > 0)
+ ret = PRVMGR_ERR_USING_BANNED_PRIVILEGE;
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_line();
+ g_list_free(privilege_list);
+ privilege_list = NULL;
+
+ __tcinfo(goal, "uid = 1, Contains banned privilege but the UID is different");
+ __privinfo("http://tizen.org/privilege/account.read");
+ __privinfo("http://tizen.org/privilege/internet");
+ __privinfo("http://tizen.org/privilege/telephony");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_db_manager_check_black_list(1, PRVMGR_PACKAGE_TYPE_WRT, privilege_list);
+ if (ret > 0)
+ ret = PRVMGR_ERR_USING_BANNED_PRIVILEGE;
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_line();
+ g_list_free(privilege_list);
+ privilege_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Contains banned privilege but the package type is different");
+ __privinfo("http://tizen.org/privilege/account.read");
+ __privinfo("http://tizen.org/privilege/internet");
+ __privinfo("http://tizen.org/privilege/telephony");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_db_manager_check_black_list(0, PRVMGR_PACKAGE_TYPE_CORE, privilege_list);
+ if (ret > 0)
+ ret = PRVMGR_ERR_USING_BANNED_PRIVILEGE;
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_line();
+ g_list_free(privilege_list);
+ privilege_list = NULL;
+}
+
+static void __test_black_list_verify_privilege()
+{
+ GList *black_list = NULL;
+ char *error_message = NULL;
+ int ret = 0;
+
+ __change_to_bold_yellow();
+ printf("\nTest privilege_manager_verify_privilege with banned privilege\n\n");
+ __change_color_to_origin();
+
+ __tcinfo(goal, "uid = 0, Get wrt black list");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_privilege_list(black_list);
+ __print_line();
+
+ __tcinfo(goal, "2.3.1, wrt, Name=OK, Version=OK, Level=OK -- Public ");
+ __privinfo("http://tizen.org/privilege/bluetooth.gap");
+ __privinfo("http://tizen.org/privilege/bluetooth.health");
+ __privinfo("http://tizen.org/privilege/alarm");
+ __privinfo("http://tizen.org/privilege/application.info");
+ __privinfo("http://tizen.org/privilege/calendar.read");
+ __privinfo("http://tizen.org/privilege/call");
+ __privinfo("http://tizen.org/privilege/callhistory.read");
+ __privinfo("http://tizen.org/privilege/contact.write");
+ __privinfo("http://tizen.org/privilege/content.read");
+ __privinfo("http://tizen.org/privilege/datacontrol.consumer");
+ __privinfo("http://tizen.org/privilege/datasync");
+ __privinfo("http://tizen.org/privilege/download");
+ __privinfo("http://tizen.org/privilege/filesystem.read");
+ __privinfo("http://tizen.org/privilege/fullscreen");
+ __privinfo("http://tizen.org/privilege/healthinfo");
+ __privinfo("http://tizen.org/privilege/internet");
+ __privinfo("http://tizen.org/privilege/location");
+ __privinfo("http://tizen.org/privilege/mediacapture");
+ __privinfo("http://tizen.org/privilege/messaging.write");
+ __privinfo("http://tizen.org/privilege/nfc.admin");
+ __privinfo("http://tizen.org/privilege/notification");
+ __privinfo("http://tizen.org/privilege/package.info");
+ __privinfo("http://tizen.org/privilege/power");
+ __privinfo("http://tizen.org/privilege/telephony");
+ __privinfo("http://tizen.org/privilege/websetting");
+ __tcinfo(expect, "PRVMGR_ERR_USING_BANNED_PRIVILEGE");
+ ret = privilege_manager_verify_privilege("2.3.1", PRVMGR_PACKAGE_TYPE_WRT, privilege_list, PRVMGR_PACKAGE_VISIBILITY_PUBLIC, &error_message);
+ ShowErrorMsg(error_message != NULL, error_message, ret);
+ __check_verify_result(PRVMGR_ERR_USING_BANNED_PRIVILEGE, ret);
+ __print_line();
+
+ g_list_free(privilege_list);
+ privilege_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Remove all banned wrt privileges");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_manager_unset_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, black_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_line();
+ g_list_free(black_list);
+ black_list = NULL;
+
+ __tcinfo(goal, "uid = 0, Get wrt black list");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list);
+ __print_result(__get_result_string(ret));
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_privilege_list(black_list);
+ __print_line();
+
+
+ __tcinfo(goal, "2.3.1, wrt, Name=OK, Version=OK, Level=OK -- Public ");
+ __privinfo("http://tizen.org/privilege/bluetooth.gap");
+ __privinfo("http://tizen.org/privilege/bluetooth.health");
+ __privinfo("http://tizen.org/privilege/alarm");
+ __privinfo("http://tizen.org/privilege/application.info");
+ __privinfo("http://tizen.org/privilege/calendar.read");
+ __privinfo("http://tizen.org/privilege/call");
+ __privinfo("http://tizen.org/privilege/callhistory.read");
+ __privinfo("http://tizen.org/privilege/contact.write");
+ __privinfo("http://tizen.org/privilege/content.read");
+ __privinfo("http://tizen.org/privilege/datacontrol.consumer");
+ __privinfo("http://tizen.org/privilege/datasync");
+ __privinfo("http://tizen.org/privilege/download");
+ __privinfo("http://tizen.org/privilege/filesystem.read");
+ __privinfo("http://tizen.org/privilege/fullscreen");
+ __privinfo("http://tizen.org/privilege/healthinfo");
+ __privinfo("http://tizen.org/privilege/internet");
+ __privinfo("http://tizen.org/privilege/location");
+ __privinfo("http://tizen.org/privilege/mediacapture");
+ __privinfo("http://tizen.org/privilege/messaging.write");
+ __privinfo("http://tizen.org/privilege/nfc.admin");
+ __privinfo("http://tizen.org/privilege/notification");
+ __privinfo("http://tizen.org/privilege/package.info");
+ __privinfo("http://tizen.org/privilege/power");
+ __privinfo("http://tizen.org/privilege/telephony");
+ __privinfo("http://tizen.org/privilege/websetting");
+ __tcinfo(expect, "PRVMGR_ERR_NONE");
+ ret = privilege_manager_verify_privilege("2.3.1", PRVMGR_PACKAGE_TYPE_WRT, privilege_list, PRVMGR_PACKAGE_VISIBILITY_PUBLIC, &error_message);
+ ShowErrorMsg(error_message != NULL, error_message, ret);
+ __check_verify_result(PRVMGR_ERR_NONE, ret);
+ __print_line();
+
+ g_list_free(privilege_list);
+ privilege_list = NULL;
+
+}
+
+int main()
+{
+ __print_dline();
+
+ __change_color_to_yellow();
+ printf("\n");
+ printf("Test function : privilege_manager_set_black_list\n");
+ printf(" privilege_manager_unset_black_list\n");
+ printf(" privilege_info_get_black_list\n");
+ printf("\n");
+ __change_color_to_origin();
+ __test_black_list_set_unset();
+
+ __print_dline();
+
+ __change_color_to_yellow();
+ printf("Test function : privilege_db_manager_check_black_list\n");
+ printf(" privilege_info_get_black_list\n");
+ __change_color_to_origin();
+ __test_black_list_check();
+
+ __print_dline();
+
+
+ __change_color_to_yellow();
+ printf("Test function : privilege_manager_verify_privilege\n");
+ __change_color_to_origin();
+ __test_black_list_verify_privilege();
+
+ __print_dline();
+
+ __change_color_to_green();
+ printf("Test Complete\n");
+ printf("success : %d, ", success_cnt);
+ __change_color_to_red();
+ printf("fail : %d\n", fail_cnt);
+ __change_color_to_origin();
+
+ return 0;
+}
return "PRVMGR_ERR_INVALID_PARAMETER";
else if (ret == PRVMGR_ERR_INTERNAL_ERROR)
return "PRVMGR_ERR_INTERNAL_ERROR";
+ else if (ret == PRVMGR_ERR_USING_BANNED_PRIVILEGE)
+ return "PRVMGR_ERR_USING_BANNED_PRIVILEGE";
return "FAIL";
}
if (strstr(error_message, "INVALID_PARAMETER") != NULL)
strncat(err_type, "PRVMGR_ERR_INVALID_PARAMETER ", strlen("PRVMGR_ERR_INVALID_PARAMETER "));
+ if (strstr(error_message, "BANNED") != NULL)
+ strncat(err_type, "PRVMGR_ERR_USING_BANNED_PRIVILEGE ", strlen("PRVMGR_ERR_USING_BANNED_PRIVILEGE "));
if (strlen(err_type) == 0) {
fail_cnt++;
projects / platform / core / security / privilege-checker.git / commitdiff