Enforce ownership of a shared path by one app.

owner_app_name is moved from table app_private_sharing to shared_path table.
Existing privilege_db constraints are used to assure that
a) a shared path is owned by one owner_app
b) a shared path's label is not changed

Change-Id: I36263fc5dc971c0da820fda44dad3b281d31c63e
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>

diff --git a/db/db.sql b/db/db.sql
index f720f84..f22e451 100644 (file)
--- a/db/db.sql
+++ b/db/db.sql
@@ -4,7 +4,7 @@ PRAGMA auto_vacuum = NONE;
 
 BEGIN EXCLUSIVE TRANSACTION;
 
-PRAGMA user_version = 8;
+PRAGMA user_version = 9;
 
 CREATE TABLE IF NOT EXISTS pkg (
 pkg_id INTEGER PRIMARY KEY,
@@ -38,15 +38,15 @@ CREATE TABLE IF NOT EXISTS shared_path (
 path_id INTEGER PRIMARY KEY,
 path VARCHAR NOT NULL,
 path_label VARCHAR NOT NULL,
+owner_app_name TEXT NOT NULL,
 UNIQUE (path)
 );
 
 CREATE TABLE IF NOT EXISTS app_private_sharing (
-owner_app_name TEXT NOT NULL,
 target_app_name TEXT NOT NULL,
 path_id INTEGER NOT NULL,
 counter INTEGER NOT NULL,
-PRIMARY KEY (owner_app_name, target_app_name, path_id)
+PRIMARY KEY (target_app_name, path_id)
 FOREIGN KEY (path_id) REFERENCES shared_path (path_id)
 );
 
@@ -150,9 +150,20 @@ DROP TRIGGER IF EXISTS app_private_sharing_view_insert_trigger;
 CREATE TRIGGER app_private_sharing_view_insert_trigger
 INSTEAD OF INSERT ON app_private_sharing_view
 BEGIN
-    INSERT OR IGNORE INTO shared_path(path, path_label) VALUES (NEW.path, NEW.path_label);
+    SELECT RAISE(ABORT, 'Redefining owner_app_name for shared path is not allowed')
+    WHERE EXISTS (SELECT path_id
+                  FROM shared_path
+                  WHERE path = NEW.path
+                  AND owner_app_name <> NEW.owner_app_name);
+    SELECT RAISE(ABORT, 'Redefining path_label for shared path is not allowed')
+    WHERE EXISTS (SELECT path_id
+                  FROM shared_path
+                  WHERE path = NEW.path
+                  AND path_label <> NEW.path_label);
+    INSERT OR IGNORE INTO shared_path(path, path_label, owner_app_name) VALUES (
+            NEW.path, NEW.path_label, NEW.owner_app_name);
     INSERT OR REPLACE INTO app_private_sharing VALUES (
-            NEW.owner_app_name, NEW.target_app_name,
+            NEW.target_app_name,
             (SELECT path_id FROM shared_path WHERE NEW.path = path),
             COALESCE((SELECT counter FROM app_private_sharing
                       WHERE target_app_name = NEW.target_app_name

diff --git a/db/updates/update-db-to-v9.sql b/db/updates/update-db-to-v9.sql
new file mode 100644 (file)
index 0000000..f47133c
--- /dev/null
+++ b/db/updates/update-db-to-v9.sql
@@ -0,0 +1,42 @@
+PRAGMA foreign_keys=OFF;
+
+BEGIN EXCLUSIVE TRANSACTION;
+
+PRAGMA user_version = 9;
+
+CREATE TABLE shared_path_new (
+path_id INTEGER PRIMARY KEY,
+path VARCHAR NOT NULL,
+path_label VARCHAR NOT NULL,
+owner_app_name TEXT NOT NULL,
+UNIQUE (path)
+);
+
+CREATE TABLE app_private_sharing_new (
+target_app_name TEXT NOT NULL,
+path_id INTEGER NOT NULL,
+counter INTEGER NOT NULL,
+PRIMARY KEY (target_app_name, path_id)
+FOREIGN KEY (path_id) REFERENCES shared_path (path_id)
+);
+
+INSERT INTO shared_path_new
+SELECT shared_path.path_id, path, path_label, owner_app_name
+FROM shared_path, app_private_sharing
+WHERE shared_path.path_id = app_private_sharing.path_id;
+
+INSERT INTO app_private_sharing_new
+SELECT target_app_name, path_id, counter
+FROM app_private_sharing;
+
+DROP TABLE shared_path;
+DROP TABLE app_private_sharing;
+
+ALTER TABLE shared_path_new RENAME TO shared_path;
+ALTER TABLE app_private_sharing_new RENAME TO app_private_sharing;
+
+PRAGMA foreign_key_check;
+
+COMMIT TRANSACTION;
+
+PRAGMA foreign_keys=ON;