#include <fts.h>
#include <stdbool.h>
#include <sys/smack.h>
+#include "privilege-control.h"
#ifdef LOG_TAG
#undef LOG_TAG
bool file_exists(const char* path);
int smack_file_name(const char* app_id, char** path);
inline int have_smack(void);
+int base_name_from_perm(const char *perm, char **name);
/**
+ * Get the permission family type name.
+ *
+ * @ingroup RDB internal functions
+ *
+ * @param app_type type of the application
+ * @return PC_OPERATION_SUCCESS on success,
+ * error code otherwise
+ */
+const char* app_type_name(app_type_t app_type);
+
+/**
+ * Get the permission type name
+ *
+ * @ingroup RDB internal functions
+ *
+ * @param app_type type of the application
+ * @return PC_OPERATION_SUCCESS on success,
+ * error code otherwise
+ */
+const char* app_type_group_name(app_type_t app_type);
+
+/**
* Divide a Smack rule into subject, object and access
*
* @ingroup RDB internal functions
int perm_add_additional_rules(const char** set_smack_rule_set);
-int base_name_from_perm(const char *perm, char **name);
-
-
-
#ifdef __cplusplus
}
#endif // __cplusplus
* @ingroup RDB API functions
*
* @param s_app_label_name application's label name
- * @param s_permission_type_name permission's type name
+ * @param i_permission_type permission's type id
* @param pp_permissions_list array of permissions to parse
* @param b_is_volatile are the new permissions volatile
* @return PC_OPERATION_SUCCESS on success,
* error code otherwise
*/
int rdb_enable_app_permissions(const char *const s_app_label_name,
- const char *const s_permission_type_name,
+ const app_type_t i_permission_type,
const char *const *const pp_permissions_list,
- const bool b_is_volatile);
+ const bool b_is_volatile);
/**
* @ingroup RDB API functions
*
* @param s_app_label_name application's label name
- * @param s_permission_type_name permission's type name
+ * @param i_permission_type permission's type id
* @param pp_permissions_list array of permissions to parse
* @return PC_OPERATION_SUCCESS on success,
* error code otherwise
*/
int rdb_disable_app_permissions(const char *const s_app_label_name,
- const char *const s_permission_type_name,
+ const app_type_t i_permission_type,
const char *const *const pp_permissions_list);
#include <sys/smack.h>
#include <sys/stat.h>
#include <sys/file.h>
+#include <iri.h>
#include "common.h"
#include "privilege-control.h"
}
return have_smack;
+}
+
+inline const char* app_type_name(app_type_t app_type)
+{
+ SECURE_C_LOGD("Entering function: %s. Params: app_type=%d",
+ __func__, app_type);
+
+ switch (app_type) {
+ case PERM_APP_TYPE_WGT:
+ C_LOGD("App type = WRT");
+ return "WRT";
+ case PERM_APP_TYPE_OSP:
+ C_LOGD("App type = OSP");
+ return "OSP";
+ case PERM_APP_TYPE_WGT_PARTNER:
+ C_LOGD("App type = WRT_partner");
+ return "WRT_partner";
+ case PERM_APP_TYPE_WGT_PLATFORM:
+ C_LOGD("App type = WRT_platform");
+ return "WRT_platform";
+ case PERM_APP_TYPE_OSP_PARTNER:
+ C_LOGD("App type = OSP_partner");
+ return "OSP_partner";
+ case PERM_APP_TYPE_OSP_PLATFORM:
+ C_LOGD("App type = OSP_platform");
+ return "OSP_platform";
+ case PERM_APP_TYPE_EFL:
+ C_LOGD("App type = EFL");
+ return "EFL";
+ default:
+ C_LOGD("App type = other");
+ return NULL;
+ }
+}
+
+inline const char* app_type_group_name(app_type_t app_type)
+{
+ SECURE_C_LOGD("Entering function: %s. Params: app_type=%d",
+ __func__, app_type);
+
+ switch (app_type) {
+ case PERM_APP_TYPE_WGT:
+ case PERM_APP_TYPE_WGT_PARTNER:
+ case PERM_APP_TYPE_WGT_PLATFORM:
+ C_LOGD("App type group name = WRT");
+ return "WRT";
+ case PERM_APP_TYPE_OSP:
+ case PERM_APP_TYPE_OSP_PARTNER:
+ case PERM_APP_TYPE_OSP_PLATFORM:
+ C_LOGD("App type group name = OST");
+ return "OSP";
+ case PERM_APP_TYPE_EFL:
+ C_LOGD("App type = EFL");
+ return "EFL";
+ default:
+ return NULL;
+ }
+}
+
+
+/**
+ * This function changes permission URI to basename for file name.
+ * For e.g. from http://tizen.org/privilege/contact.read will be
+ * created basename : org.tizen.privilege.contact.read
+ */
+
+int base_name_from_perm(const char *perm, char **name)
+{
+ SECURE_C_LOGD("Entering function: %s. Params: perm=%s",
+ __func__, perm);
+
+ iri_t *ip = NULL;
+ char *host_dot = NULL;
+ char *rest_slash = NULL;
+ int ret;
+
+ ip = iri_parse(perm);
+ if (ip == NULL || ip->host == NULL) {
+ SECURE_C_LOGE("Bad permission format : %s", perm);
+ iri_destroy(ip);
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ if (ip->path == NULL) {
+ ip->path = ip->host;
+ ip->host = NULL;
+ }
+
+ if (ip->host) {
+ host_dot = strrchr(ip->host, '.');
+ if (host_dot) {
+ *host_dot = '\0';
+ ++host_dot;
+ }
+ }
+
+ while ((rest_slash = strchr(ip->path, '/'))) {
+ *rest_slash = '.';
+ }
+
+ ret = asprintf(name, "%s%s%s%s",
+ host_dot ? host_dot : "", host_dot ? "." : "",
+ ip->host ? ip->host : "", ip->path);
+ if (ret == -1) {
+ C_LOGE("asprintf failed");
+ iri_destroy(ip);
+ return PC_ERR_MEM_OPERATION;
+ }
+
+ iri_destroy(ip);
+ return PC_OPERATION_SUCCESS;
}
\ No newline at end of file
#include <sys/mman.h>
#include <stdbool.h>
#include <search.h>
-#include <iri.h>
#include "privilege-control.h"
#include "access-db.h"
return perm_app_set_privilege(pkg_name, NULL, NULL);
}
-static inline const char* app_type_name(app_type_t app_type)
-{
- SECURE_C_LOGD("Entering function: %s. Params: app_type=%d",
- __func__, app_type);
-
- switch (app_type) {
- case PERM_APP_TYPE_WGT:
- C_LOGD("App type = WRT");
- return "WRT";
- case PERM_APP_TYPE_OSP:
- C_LOGD("App type = OSP");
- return "OSP";
- case PERM_APP_TYPE_WGT_PARTNER:
- C_LOGD("App type = WRT_partner");
- return "WRT_partner";
- case PERM_APP_TYPE_WGT_PLATFORM:
- C_LOGD("App type = WRT_platform");
- return "WRT_platform";
- case PERM_APP_TYPE_OSP_PARTNER:
- C_LOGD("App type = OSP_partner");
- return "OSP_partner";
- case PERM_APP_TYPE_OSP_PLATFORM:
- C_LOGD("App type = OSP_platform");
- return "OSP_platform";
- case PERM_APP_TYPE_EFL:
- C_LOGD("App type = EFL");
- return "EFL";
- default:
- C_LOGD("App type = other");
- return NULL;
- }
-}
-
-static inline const char* app_type_group_name(app_type_t app_type)
-{
- SECURE_C_LOGD("Entering function: %s. Params: app_type=%d",
- __func__, app_type);
-
- switch (app_type) {
- case PERM_APP_TYPE_WGT:
- case PERM_APP_TYPE_WGT_PARTNER:
- case PERM_APP_TYPE_WGT_PLATFORM:
- C_LOGD("App type group name = WRT");
- return "WRT";
- case PERM_APP_TYPE_OSP:
- case PERM_APP_TYPE_OSP_PARTNER:
- case PERM_APP_TYPE_OSP_PLATFORM:
- C_LOGD("App type group name = OST");
- return "OSP";
- case PERM_APP_TYPE_EFL:
- C_LOGD("App type = EFL");
- return "EFL";
- default:
- return NULL;
- }
-}
-
-/**
- * This function changes permission URI to basename for file name.
- * For e.g. from http://tizen.org/privilege/contact.read will be
- * created basename : org.tizen.privilege.contact.read
- */
-
-int base_name_from_perm(const char *perm, char **name)
-{
- SECURE_C_LOGD("Entering function: %s. Params: perm=%s",
- __func__, perm);
-
- iri_t *ip = NULL;
- char *host_dot = NULL;
- char *rest_slash = NULL;
- int ret;
-
- ip = iri_parse(perm);
- if (ip == NULL || ip->host == NULL) {
- SECURE_C_LOGE("Bad permission format : %s", perm);
- iri_destroy(ip);
- return PC_ERR_INVALID_PARAM;
- }
-
- if (ip->path == NULL) {
- ip->path = ip->host;
- ip->host = NULL;
- }
-
- if (ip->host) {
- host_dot = strrchr(ip->host, '.');
- if (host_dot) {
- *host_dot = '\0';
- ++host_dot;
- }
- }
-
- while ((rest_slash = strchr(ip->path, '/'))) {
- *rest_slash = '.';
- }
-
- ret = asprintf(name, "%s%s%s%s",
- host_dot ? host_dot : "", host_dot ? "." : "",
- ip->host ? ip->host : "", ip->path);
- if (ret == -1) {
- C_LOGE("asprintf failed");
- iri_destroy(ip);
- return PC_ERR_MEM_OPERATION;
- }
-
- iri_destroy(ip);
- return PC_OPERATION_SUCCESS;
-}
-
static int perm_file_path(char** path, app_type_t app_type, const char* perm, const char *suffix, bool is_early)
{
SECURE_C_LOGD("Entering function: %s. Params: app_type=%d, perm=%s, suffix=%s, is_early=%d",
// Enable the permissions:
ret = rdb_enable_app_permissions(app_id,
- app_type_group_name(app_type),
+ app_type,
perm_list,
!((bool)permanent));
if (ret != PC_OPERATION_SUCCESS) {
return PC_ERR_INVALID_PARAM;
}
- ret = rdb_disable_app_permissions(pkg_id, app_type_group_name(app_type), perm_list);
+ ret = rdb_disable_app_permissions(pkg_id, app_type, perm_list);
if (ret != PC_OPERATION_SUCCESS) {
C_LOGE("RDB rdb_disable_app_permissions failed with: %d", ret);
return ret;
int rdb_enable_app_permissions(const char *const s_app_label_name,
- const char *const s_permission_type_name,
+ const app_type_t i_permission_type,
const char *const *const pp_permissions_list,
const bool b_is_volatile)
{
- RDB_LOG_ENTRY_PARAM("%s %s %d", s_app_label_name, s_permission_type_name,(int)b_is_volatile);
+ RDB_LOG_ENTRY_PARAM("%s %d %d", s_app_label_name, i_permission_type,(int)b_is_volatile);
int ret = PC_ERR_DB_OPERATION;
sqlite3 *p_db = NULL;
char *s_permission_name = NULL;
int i;
int i_app_id = 0;
- C_LOGD("RDB: Enabling permissions START");
+
+ const char* s_permission_type_name = app_type_name(i_permission_type);
+ const char* s_permission_group_type_name = app_type_group_name(i_permission_type);
ret = rdb_begin(&p_db);
if(ret != PC_OPERATION_SUCCESS) goto finish;
if(ret != PC_OPERATION_SUCCESS) goto finish;
// Add permissions from the list:
- for(i = 0; pp_permissions_list[i] != NULL ; ++i) {
+ for(i = 0; pp_permissions_list[i] != NULL; ++i) {
// Ignore empty lines
if(strspn(pp_permissions_list[i], " \t\n")
== strlen(pp_permissions_list[i]))
ret = change_app_permission_internal(p_db,
i_app_id,
s_permission_name,
- s_permission_type_name,
+ s_permission_group_type_name,
b_is_volatile,
RDB_ENABLE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
int rdb_disable_app_permissions(const char *const s_app_label_name,
- const char *const s_permission_type_name,
+ const app_type_t i_permission_type,
const char *const *const pp_permissions_list)
{
- RDB_LOG_ENTRY_PARAM("%s %s", s_app_label_name, s_permission_type_name);
+ RDB_LOG_ENTRY_PARAM("%s %d", s_app_label_name, i_permission_type);
int ret = PC_ERR_DB_OPERATION;
sqlite3 *p_db = NULL;
char *s_permission_name = NULL;
int i, i_app_id;
+ const char* s_permission_group_type_name = app_type_group_name(i_permission_type);
ret = rdb_begin(&p_db);
if(ret != PC_OPERATION_SUCCESS) goto finish;
ret = switch_app_permission_internal(p_db,
i_app_id,
s_permission_name,
- s_permission_type_name,
+ s_permission_group_type_name,
RDB_DISABLE);
if(ret != PC_OPERATION_SUCCESS) goto finish;
projects / platform / core / security / libprivilege-control.git / commitdiff