ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_CORE_DB_PATH="${PRIVILEGE_DB_DIR}/.core_privilege_mapping.db")
ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_WRT_DB_PATH="${PRIVILEGE_DB_DIR}/.wrt_privilege_mapping.db")
ADD_DEFINITIONS(-DPRIVILEGE_POLICY_DB_PATH="${TZ_SYS_DB}/.policy.db")
+ADD_DEFINITIONS(-DPRIVILEGE_PRIVACY_DB_PATH="${TZ_SYS_DB}/.privacy.db")
ADD_DEFINITIONS(-DASKUSER_RUNTIME_DISABLE_PATH="${TZ_SYS_SHARE}/askuser_disable")
SET(ROOT_DIR ${CMAKE_SOURCE_DIR}/cmake_build_tmp/output)
SET(LOCALE_ROOT_PATH "${ROOT_DIR}/target/generic/root/usr/share/locale")
#define __PRIVILEGE_DB_MANAGER_H
#include <glib.h>
+#include <stdbool.h>
#include "privilege_manager_types.h"
#ifdef __cplusplus
* @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
* @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
* @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL Write could not complete due to the disk is full.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed.
*/
int privilege_db_manager_set_black_list(privilege_manager_policy_type_e policy_type, int uid, privilege_manager_package_type_e pacakge_type, GList *privilege_list);
* @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
* @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
* @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed.
*/
int privilege_db_manager_unset_black_list(privilege_manager_policy_type_e policy_type, int uid, privilege_manager_package_type_e package_type, GList *privilege_list);
*/
int privilege_db_manager_check_black_list(uid_t uid, privilege_manager_package_type_e pacakge_type, GList *privilege_list);
+/**
+ * @brief Set application package's critical privilege information
+ * @remarks Non-privacy privilege included in the privilege list will be ignored.
+ * @remarks Call it with the privilege list before mapping.
+ * @remarks @a critical_privilege_list must be released by you.
+ * @param [in] uid The uid
+ * @param [in] pkgid The package ID
+ * @param [in] package_type The package type of the given privilege list
+ * @param [in] api_version The api-version of package
+ * @param [in] is_privacy_requestable Indicates if the application package can request privacy
+ * @param [in] critical_privilege_list The ciritical privilege list
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL Write could not complete due to the disk is full.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed.
+ */
+int privilege_db_manager_set_package_critical_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, bool is_privacy_requestable, GList* critical_privilege_list);
+
+/**
+ * @brief Set application package's privacy privilege information
+ * @remarks Non-privacy privilege included in the privilege list will be ignored.
+ * @remarks Call it with the privilege list before mapping.
+ * @remarks @a privilege_list must be released by you.
+ * @param [in] uid The uid
+ * @param [in] pkgid The package ID
+ * @param [in] package_type The package type of the given privilege list
+ * @param [in] api_version The api-version of the package
+ * @param [in] is_privacy_requestable Indicates if the application package can request privacy
+ * @param [in] privilege_list The privacy privilege list
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL Write could not complete due to the disk is full.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed.
+ */
+int privilege_db_manager_set_package_privacy_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, bool is_privacy_requestable, GList* privilege_list);
+
+/**
+ * @brief Delete all privacy, critical privilege info of the given application package.
+ * @param [in] uid The uid
+ * @param [in] pkgid The package ID
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed.
+ */
+int privilege_db_manager_unset_package_privilege_info(const uid_t uid, const char* pkgid);
+
+/**
+ * @brief Get is_privacy_requestable value of the package
+ * @remarks If the package have no privacy privilege then it will return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT
+ * @param [in] uid The uid
+ * @param [in] pkgid The package ID
+ * @param [out] is_privacy_requestable is_privacy_requestable value
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury.
+ */
+int privilege_db_manager_is_privacy_requestable(const uid_t uid, const char* pkgid, bool* is_privacy_requestable);
+
+/**
+ * @brief Get is_critical value for thr privilege and package
+ * @remarks If the privilege is not a privacy privilege then it will return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT
+ * @param [in] uid The uid
+ * @param [in] pkgid The package ID
+ * @param [in] privilege The privilege
+ * @param [out] is_critical is_critical value
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury.
+ */
+int privilege_db_manager_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical);
+
+/**
+ * @brief Get all privacy package list of the user
+ * @param [in] uid The uid
+ * @param [out] package_list The package list
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury.
+ */
+int privilege_db_manager_get_all_privacy_package_list(const uid_t uid, GList** package_list);
+
+/**
+ * @brief Get privacy list of the application package
+ * @param [in] uid The uid
+ * @param [in] pkgid The package ID
+ * @param [out] privacy_list The privacy list
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury.
+ */
+int privilege_db_manager_get_privacy_list_by_pkgid(const uid_t uid, const char* pkgid, GList** privacy_list);
+
+/**
+ * @brief Get package list with the given privacy
+ * @param [in] uid The uid
+ * @param [in] privacy The privacy name
+ * @param [out] package_list The package list
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury.
+ */
+int privilege_db_manager_get_package_list_by_privacy(const uid_t uid, const char* privacy, GList** package_list);
+
+/**
+ * @brief Get package's privilege list related to the given privacy
+ * @param [in] uid The uid
+ * @param [in] pkgid The package id
+ * @param [in] privacy The privacy name
+ * @param [out] privilege_list The privilege list
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
+ * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury.
+ */
+int privilege_db_manager_get_privilege_list_by_pkgid_and_privacy(const uid_t uid, const char* pkgid, const char* privacy, GList** privilege_list);
+
#ifdef __cplusplus
}
#endif
--- /dev/null
+/*
+ * Copyright(c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0(the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __TIZEN_SECURITY_PRIVILEGE_PACKAGE_INFO_H
+#define __TIZEN_SECURITY_PRIVILEGE_PACKAGE_INFO_H
+
+#ifndef EXPORT_API
+#define EXPORT_API __attribute__((__visibility__("default")))
+#endif
+
+#include <glib.h>
+#include <stdbool.h>
+#include "privilege_manager_types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Set privacy privilege of the application package.
+ * @remarks Non-privacy privilege included in the privilege list will be ignored.
+ * @remarks Call it with the privilege list before mapping.
+ * @remarks @a privilege_list must be released by you.
+ * @param [in] uid The uid of the user who's trying to install the application.
+ * @param [in] pkgid The package ID
+ * @param [in] package_type The package type
+ * @param [in] api_version The api-version
+ * @param [in] privilege_list The privilege list.
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_package_info_set_privacy_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list);
+
+/**
+ * @brief Set critical privilege of the application package.
+ * @remarks Non-privacy privilege included in the privilege list will be ignored.
+ * @remarks Call it with the privilege list before mapping and include only critical privileges.
+ * @remarks @a critical_privilege_list must be released by you.
+ * @param [in] uid The uid of the user who's trying to install the application.
+ * @param [in] pkgid The package ID
+ * @param [in] package_type The package type
+ * @param [in] api_version The api-version
+ * @param [in] critical_privilege_list The critical privilege list.
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_package_info_set_critical_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list);
+
+/**
+ * @brief Delete all privacy, critical privilege info of the given application package.
+ * @param [in] uid The uid of the user who's trying to install the application.
+ * @param [in] pkgid The package ID
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_package_info_unset_package_privilege_info(const uid_t uid, const char* pkgid);
+
+/**
+ * @brief See if the application package's api-version is privacy requestable or not.
+ * @param [in] uid The uid of the user who's trying to install the application.
+ * @param [in] pkgid The package ID
+ * @param [out] is_requestable Indicates whether the given package is privacy requestable(true) or not(false). If the given package have no privacy privilege then it is set to false.
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_package_info_is_privacy_requestable(const uid_t uid, const char* pkgid, bool* is_requestable);
+
+/**
+ * @brief See if the given api-version is privacy requestable api-version.
+ * @param [in] api_version The api-version
+ * @param [out] is_requestable Indicates whether the given api-version is privacy requestable(true) or not(false).
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_package_info_is_privacy_requestable_api_version(const char* api_version, bool* is_requestable);
+
+/**
+ * @brief Check if the given privilege is critical for the application package.
+ * @param [in] uid The uid
+ * @param [in] pkgid The package ID
+ * @param [in] privilege The privilege to check
+ * @param [out] is_critical true if the given privilege is critical, or set to false.
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_package_info_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical);
+
+/**
+ * @brief Get all privacy package list of the user
+ * @param [in] uid The uid
+ * @param [out] package_list The package list
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_package_info_get_all_privacy_package_list(const uid_t uid, GList** package_list);
+
+/**
+ * @brief Get privacy list of the application package
+ * @param [in] uid The uid
+ * @param [in] pkgid The package ID
+ * @param [out] privacy_list The privacy list
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_package_info_get_privacy_list_by_pkgid(const uid_t uid, const char* pkgid, GList** privacy_list);
+
+/**
+ * @brief Get list of application packages with the given privacy related privileges
+ * @param [in] uid The uid
+ * @param [in] privacy The privacy name
+ * @param [out] package_list The application package list.
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_package_info_get_package_list_by_privacy(const uid_t uid, const char* privacy, GList** package_list);
+
+/**
+ * @brief Get the application package's privilege list related to the given privacy.
+ * @param [in] uid The uid
+ * @param [in] pkgid The package ID
+ * @param [in] privacy The privacy name
+ * @param [out] package_list The application package list.
+ * @return 0 on success, otherwise a negative error value.
+ * @retval #PRVMGR_ERR_NONE Successful
+ * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
+ * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
+ */
+EXPORT_API int privilege_package_info_get_privilege_list_by_pkgid_and_privacy(const uid_t uid, const char* pkgid, const char* privacy, GList** privilege_list);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TIZEN_SECURITY_PRIVILEGE_PACKAGE_INFO_H */
+
/*
- * Copyright(c)2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright(c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0(the License);
* you may not use this file except in compliance with the License.
#define INI_KEYWORD_PROFILE "General:Profile"
typedef enum {
- PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON = 0,
- PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE = 1,
- PRIVILEGE_DB_MANAGER_PROFILE_TYPE_WEARABLE = 2,
- PRIVILEGE_DB_MANAGER_PROFILE_TYPE_TV = 3,
- PRIVILEGE_DB_MANAGER_PROFILE_TYPE_UNKNOWN = 0xff,
-} privilege_db_manager_profile_type_e;
-extern privilege_db_manager_profile_type_e get_priv_profile();
-#define ENABLE_ASKUSER ((get_priv_profile() == PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE) || \
- (get_priv_profile() == PRIVILEGE_DB_MANAGER_PROFILE_TYPE_WEARABLE))
+ PRIVILEGE_PROFILE_TYPE_COMMON = 0,
+ PRIVILEGE_PROFILE_TYPE_MOBILE = 1,
+ PRIVILEGE_PROFILE_TYPE_WEARABLE = 2,
+ PRIVILEGE_PROFILE_TYPE_TV = 3,
+ PRIVILEGE_PROFILE_TYPE_UNKNOWN = 0xff,
+} privilege_profile_type_e;
+
+extern privilege_profile_type_e get_priv_profile();
+
+#define g_privilege_profile_type (get_priv_profile())
+
+#define ENABLE_ASKUSER ((g_privilege_profile_type == PRIVILEGE_PROFILE_TYPE_MOBILE) || \
+ (g_privilege_profile_type == PRIVILEGE_PROFILE_TYPE_WEARABLE))
#define DISABLE_ASKUSER (!ENABLE_ASKUSER)
+typedef u_int32_t api_version_code_t;
+extern int __get_api_version_code(const char* api_version, api_version_code_t* api_version_code);
+
+#define PRIVACY_REQUESTABLE_API_VERSION "4.0"
#ifdef __cplusplus
}
SET(CORE_PRIVILEGE_MAPPING_DB ".core_privilege_mapping.db")
SET(WRT_PRIVILEGE_MAPPING_DB ".wrt_privilege_mapping.db")
SET(POLICY_DB ".policy.db")
+SET(PRIVACY_DB ".privacy.db")
SET(CORE_PRIVILEGE_DB_MOBILE ".core_privilege_info.mobile.db")
SET(WRT_PRIVILEGE_DB_MOBILE ".wrt_privilege_info.mobile.db")
SET(CORE_PRIVILEGE_MAPPING_DB_MOBILE ".core_privilege_mapping.mobile.db")
SET(WRT_PRIVILEGE_MAPPING_DB_MOBILE ".wrt_privilege_mapping.mobile.db")
-SET(POLICY_DB_MOBILE ".policy.mobile.db")
SET(CORE_PRIVILEGE_DB_TV ".core_privilege_info.tv.db")
SET(WRT_PRIVILEGE_DB_TV ".wrt_privilege_info.tv.db")
SET(CORE_PRIVILEGE_MAPPING_DB_TV ".core_privilege_mapping.tv.db")
SET(WRT_PRIVILEGE_MAPPING_DB_TV ".wrt_privilege_mapping.tv.db")
-SET(POLICY_DB_TV ".policy.tv.db")
SET(CORE_PRIVILEGE_DB_WEARABLE ".core_privilege_info.wearable.db")
SET(WRT_PRIVILEGE_DB_WEARABLE ".wrt_privilege_info.wearable.db")
SET(CORE_PRIVILEGE_MAPPING_DB_WEARABLE ".core_privilege_mapping.wearable.db")
SET(WRT_PRIVILEGE_MAPPING_DB_WEARABLE ".wrt_privilege_mapping.wearable.db")
-SET(POLICY_DB_WEARABLE ".policy.wearable.db")
# Create TV DB / WEARABLE DB / MOBILE DB
ADD_CUSTOM_COMMAND(
- OUTPUT ${CORE_PRIVILEGE_DB_TV} ${WRT_PRIVILEGE_DB_TV} ${CORE_PRIVILEGE_MAPPING_DB_TV} ${WRT_PRIVILEGE_MAPPING_DB_TV} ${POLICY_DB_TV}
- ${CORE_PRIVILEGE_DB_WEARABLE} ${WRT_PRIVILEGE_DB_WEARABLE} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE} ${POLICY_DB_WEARABLE}
- ${CORE_PRIVILEGE_DB_MOBILE} ${WRT_PRIVILEGE_DB_MOBILE} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE} ${POLICY_DB_MOBILE}
- COMMAND ./tv_core_db_generator.sh && ./tv_wrt_db_generator.sh && ./tv_core_mapping_db_generator.sh && ./tv_wrt_mapping_db_generator.sh && ./policy_db_generator.sh &&
- mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_TV} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_TV} && mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_TV} &&
- mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_TV} && mv ${POLICY_DB} ${POLICY_DB_TV} && mv ${POLICY_DB}-journal ${POLICY_DB_TV}-journal &&
- ./core_db_generator.sh wearable && ./wrt_db_generator.sh wearable && ./core_mapping_db_generator.sh wearable && ./wrt_mapping_db_generator.sh wearable && ./policy_db_generator.sh &&
- mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_WEARABLE} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_WEARABLE} && mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} &&
- mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE} && mv ${POLICY_DB} ${POLICY_DB_WEARABLE} && mv ${POLICY_DB}-journal ${POLICY_DB_WEARABLE}-journal &&
- ./core_db_generator.sh mobile && ./wrt_db_generator.sh mobile && ./core_mapping_db_generator.sh mobile && ./wrt_mapping_db_generator.sh mobile && ./policy_db_generator.sh &&
- mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_MOBILE} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_MOBILE} && mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} &&
- mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE} && mv ${POLICY_DB} ${POLICY_DB_MOBILE} && mv ${POLICY_DB}-journal ${POLICY_DB_MOBILE}-journal
+ OUTPUT ${POLICY_DB} ${PRIVACY_DB}
+ ${CORE_PRIVILEGE_DB_TV} ${WRT_PRIVILEGE_DB_TV} ${CORE_PRIVILEGE_MAPPING_DB_TV} ${WRT_PRIVILEGE_MAPPING_DB_TV}
+ ${CORE_PRIVILEGE_DB_WEARABLE} ${WRT_PRIVILEGE_DB_WEARABLE} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE}
+ ${CORE_PRIVILEGE_DB_MOBILE} ${WRT_PRIVILEGE_DB_MOBILE} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE}
+ COMMAND ./policy_db_generator.sh && ./privacy_db_generator.sh &&
+ ./tv_core_db_generator.sh && ./tv_wrt_db_generator.sh && ./tv_core_mapping_db_generator.sh && ./tv_wrt_mapping_db_generator.sh &&
+ mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_TV} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_TV} &&
+ mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_TV} && mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_TV} &&
+ ./core_db_generator.sh wearable && ./wrt_db_generator.sh wearable && ./core_mapping_db_generator.sh wearable && ./wrt_mapping_db_generator.sh wearable &&
+ mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_WEARABLE} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_WEARABLE} &&
+ mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} && mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE} &&
+ ./core_db_generator.sh mobile && ./wrt_db_generator.sh mobile && ./core_mapping_db_generator.sh mobile && ./wrt_mapping_db_generator.sh mobile &&
+ mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_MOBILE} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_MOBILE} &&
+ mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} && mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE}
)
-ADD_CUSTOM_TARGET(privilege-db ALL DEPENDS ${CORE_PRIVILEGE_DB_TV} ${WRT_PRIVILEGE_DB_TV} ${CORE_PRIVILEGE_MAPPING_DB_TV} ${WRT_PRIVILEGE_MAPPING_DB_TV} ${POLICY_DB_TV}
- ${CORE_PRIVILEGE_DB_WEARABLE} ${WRT_PRIVILEGE_DB_WEARABLE} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE} ${POLICY_DB_WEARABLE}
- ${CORE_PRIVILEGE_DB_MOBILE} ${WRT_PRIVILEGE_DB_MOBILE} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE} ${POLICY_DB_MOBILE}
+ADD_CUSTOM_TARGET(privilege-db ALL DEPENDS ${POLICY_DB} ${PRIVACY_DB}
+ ${CORE_PRIVILEGE_DB_TV} ${WRT_PRIVILEGE_DB_TV} ${CORE_PRIVILEGE_MAPPING_DB_TV} ${WRT_PRIVILEGE_MAPPING_DB_TV}
+ ${CORE_PRIVILEGE_DB_WEARABLE} ${WRT_PRIVILEGE_DB_WEARABLE} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE}
+ ${CORE_PRIVILEGE_DB_MOBILE} ${WRT_PRIVILEGE_DB_MOBILE} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE}
)
INSTALL(FILES ${CORE_PRIVILEGE_DB_TV} ${WRT_PRIVILEGE_DB_TV} ${CORE_PRIVILEGE_MAPPING_DB_TV} ${WRT_PRIVILEGE_MAPPING_DB_TV}
DESTINATION ${DATADIR}/privilege-manager/
)
-INSTALL(FILES ${POLICY_DB_TV} ${POLICY_DB_TV}-journal DESTINATION ${TZ_SYS_DB}/)
-INSTALL(FILES ${POLICY_DB_WEARABLE} ${POLICY_DB_WEARABLE}-journal DESTINATION ${TZ_SYS_DB}/)
-INSTALL(FILES ${POLICY_DB_MOBILE} ${POLICY_DB_MOBILE}-journal DESTINATION ${TZ_SYS_DB}/)
+INSTALL(FILES ${POLICY_DB} ${POLICY_DB}-journal ${PRIVACY_DB} ${PRIVACY_DB}-journal DESTINATION ${TZ_SYS_DB}/)
INSTALL(PROGRAMS policy_db_updater.sh DESTINATION ${DATADIR}/privilege-manager/)
--- /dev/null
+#!/bin/bash
+PATH="/usr/bin:/bin:/usr/sbin:/sbin"
+DB_NAME=".privacy.db"
+
+rm $DB_NAME 2> /dev/null
+echo "Creating $DB_NAME ..."
+touch $DB_NAME
+
+echo "Creating PRIVACY_PACKAGE table ..."
+sqlite3 $DB_NAME "CREATE TABLE PRIVACY_PACKAGE (PKG_ID TEXT not null, UID NUMERIC not null, PRIVACY_NAME TEXT not null, PRIVILEGE_NAME TEXT not null, IS_CRITICAL NUMERIC not null, API_VERSION TEXT not null, IS_PRIVACY_REQUESTABLE NUMERIC not null, UNIQUE(PKG_ID, UID, PRIVILEGE_NAME));"
+
#include "privilege_db_manager.h"
#include "privilege_private.h"
+#include "privilege_manager_types.h"
#include <sqlite3.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
+#include <stdbool.h>
#ifdef __TIZEN__
#include <dlog.h>
#endif
#include <iniparser.h>
-privilege_db_manager_profile_type_e get_priv_profile()
+privilege_profile_type_e get_priv_profile()
{
- static privilege_db_manager_profile_type_e saved = 0xff;
+ static privilege_profile_type_e saved = 0xff;
if (__builtin_expect(saved == 0xff, 0)) {
char *val = NULL;
if (dic == NULL) {
/* if there is no .ini file, let's assume it's mobile (the default as recommended by Yunjin Lee) */
- saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE;
+ saved = PRIVILEGE_PROFILE_TYPE_MOBILE;
return saved;
}
switch (*val) {
case 'm':
case 'M':
- saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE;
+ saved = PRIVILEGE_PROFILE_TYPE_MOBILE;
break;
case 'w':
case 'W':
- saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_WEARABLE;
+ saved = PRIVILEGE_PROFILE_TYPE_WEARABLE;
break;
case 't':
case 'T':
- saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_TV;
+ saved = PRIVILEGE_PROFILE_TYPE_TV;
break;
default: // common or ivi or unknown ==> Mobile as the default recommended by Yunjin Lee
- saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE;
+ saved = PRIVILEGE_PROFILE_TYPE_MOBILE;
}
iniparser_freedict(dic);
} else {
- saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE;
+ saved = PRIVILEGE_PROFILE_TYPE_MOBILE;
}
}
return saved;
}
-#define g_privilege_db_manager_profile_type (get_priv_profile())
#define TryReturn(condition, expr, returnValue, ...) \
if (!(condition)) { \
case PRIVILEGE_DB_TYPE_POLICY_RO:
db_path = PRIVILEGE_POLICY_DB_PATH;
break;
+ case PRIVILEGE_DB_TYPE_PRIVACY_RW:
+ db_mode = SQLITE_OPEN_READWRITE;
+ case PRIVILEGE_DB_TYPE_PRIVACY_RO:
+ db_path = PRIVILEGE_PRIVACY_DB_PATH;
+ break;
default:
_LOGE("Undefined db initialize mode!");
return PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE;
return PRIVILEGE_DB_MANAGER_ERR_NONE;
}
-void __finalize_db(sqlite3 * db, sqlite3_stmt * stmt, char* sql)
+void __finalize_db(sqlite3 *db, sqlite3_stmt *stmt, char* sql)
{
if (stmt != NULL)
sqlite3_finalize(stmt);
return 0;
}
-int __get_db_error(int ret)
+static void __get_db_error(int *ret)
{
- _LOGE("[PRIVILEGE_DB_MANAGER_ERR_DB_FAIL] %s", sqlite3_errstr(ret));
- switch (ret) {
+ _LOGE("[PRIVILEGE_DB_MANAGER_ERR_DB_FAIL] %s", sqlite3_errstr(*ret));
+ switch (*ret) {
case SQLITE_BUSY:
- ret = PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL;
+ *ret = PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL;
break;
case SQLITE_CONSTRAINT:
- ret = PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL;
+ *ret = PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL;
break;
case SQLITE_FULL:
- ret = PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL;
+ *ret = PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL;
break;
default:
- ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
+ *ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
}
-
- return ret;
}
int privilege_db_manager_check_black_list(uid_t uid, privilege_manager_package_type_e package_type, GList* privilege_list)
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
do {
ret = sqlite3_step(stmt);
int ret;
char *changed_to_version = NULL;
- if (g_privilege_db_manager_profile_type == PRIVILEGE_DB_MANAGER_PROFILE_TYPE_TV) {
+ if (g_privilege_profile_type == PRIVILEGE_PROFILE_TYPE_TV) {
changed_to_version = strdup("CHANGED_TO_2_4_0");
} else {
if (strncmp(api_version, "2.3.1", strlen("2.3.1")) == 0)
GList *temp_privilege_list = NULL;
- char *sql = sqlite3_mprintf("select privilege_name, privilege_level_id, %s, api_version_issued, api_version_expired from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d", changed_to_version, PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type);
+ char *sql = sqlite3_mprintf("select privilege_name, privilege_level_id, %s, api_version_issued, api_version_expired from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d", changed_to_version, PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type);
free(changed_to_version);
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
do {
ret = sqlite3_step(stmt);
ret = __make_privilege_list_str(privilege_list, &privilege_list_str);
TryReturn(ret == 0 && privilege_list_str != NULL, sqlite3_close(db), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] making privilege_list_str for where in query is failed.");
- char *sql = sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where privilege_name in(%s)and(profile_id=%d or profile_id=%d)and from_api_version<=%Q and to_api_version>%Q", privilege_list_str, PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, api_version, api_version);
+ char *sql = sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where privilege_name in(%s)and(profile_id=%d or profile_id=%d)and from_api_version<=%Q and to_api_version>%Q", privilege_list_str, PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, api_version, api_version);
sqlite3_free(privilege_list_str);
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
do {
ret = sqlite3_step(stmt);
char *sql = sqlite3_mprintf("select privacy_display from privacy_info where privacy_name=%Q", privacy_name);
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
ret = sqlite3_step(stmt);
if (ret == SQLITE_ROW) {
if (api_version == NULL) {
/* api_version == NULL then get display name regardless of api version */
- sql = sqlite3_mprintf("select privilege_display from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q", PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name);
+ sql = sqlite3_mprintf("select privilege_display from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q", PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type, privilege_name);
} else {
- sql = sqlite3_mprintf("select privilege_display from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q and api_version_expired>%Q", PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name, api_version, api_version);
+ sql = sqlite3_mprintf("select privilege_display from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q and api_version_expired>%Q", PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type, privilege_name, api_version, api_version);
}
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
ret = sqlite3_step(stmt);
if (ret == SQLITE_ROW) {
char *sql = NULL;
if (api_version == NULL)
- sql = sqlite3_mprintf("select privilege_description from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q", PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name);
+ sql = sqlite3_mprintf("select privilege_description from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q", PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type, privilege_name);
else
- sql = sqlite3_mprintf("select privilege_description from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q and api_version_expired>%Q", PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name, api_version, api_version);
+ sql = sqlite3_mprintf("select privilege_description from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q and api_version_expired>%Q", PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type, privilege_name, api_version, api_version);
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
ret = sqlite3_step(stmt);
if (ret == SQLITE_ROW) {
return ret;
char *sql = sqlite3_mprintf("select privilege_group_id from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q",
- PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name, api_version, api_version);
+ PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type, privilege_name, api_version, api_version);
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
ret = sqlite3_step(stmt);
if (ret == SQLITE_ROW) {
char *sql = sqlite3_mprintf("select DISTINCT privacy_name from privilege_info where is_privacy=1 order by privacy_name");
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
GList* temp_privacy_list = NULL;
do {
char *sql = sqlite3_mprintf("select distinct privilege_name from valid_privilege_info where is_privacy=1 and privacy_name=%Q", privacy);
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
GList* temp_privilege_list = NULL;
do {
char *sql = sqlite3_mprintf("select privacy_name from valid_privilege_info where privilege_name=%Q", privilege);
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
ret = sqlite3_step(stmt);
if (ret == SQLITE_ROW) {
*privacy_name = strdup((char*)sqlite3_column_text(stmt, 0));
char *sql = sqlite3_mprintf("select privacy_id from privacy_info where privacy_name=(select privacy_name from valid_privilege_info where privilege_name=%Q)", privilege);
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
ret = sqlite3_step(stmt);
if (ret == SQLITE_ROW) {
int tmp = (int)sqlite3_column_int(stmt, 0);
char *sql = sqlite3_mprintf("select privacy_id from privacy_info where privacy_name=%Q", privacy);
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
ret = sqlite3_step(stmt);
if (ret == SQLITE_ROW) {
int tmp = (int)sqlite3_column_int(stmt, 0);
sql = sqlite3_mprintf("select privilege_name from %Q where uid=%d and package_type=%d", __get_policy_table(policy_type), uid, package_type);
TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
GList *temp_privilege_list = NULL;
do {
sql = sqlite3_mprintf("insert or ignore into %Q (uid, package_type, privilege_name) values (%d, %d, %Q)", __get_policy_table(policy_type), uid, package_type, privilege_name);
TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
ret = sqlite3_step(stmt);
if (ret != SQLITE_DONE) {
- __get_db_error(ret);
+ __get_db_error(&ret);
sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
__finalize_db(db, stmt, sql);
return ret;
sql = sqlite3_mprintf("delete from %Q where uid=%d and package_type=%d and privilege_name=%Q", __get_policy_table(policy_type), uid, package_type, privilege_name);
TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- if (ret != SQLITE_OK) {
- _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
- sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
- __finalize_db(db, stmt, sql);
- return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
- }
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
ret = sqlite3_step(stmt);
if (ret != SQLITE_DONE) {
- __get_db_error(ret);
+ __get_db_error(&ret);
sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
__finalize_db(db, stmt, sql);
return ret;
__finalize_db(db, stmt, NULL);
return PRIVILEGE_DB_MANAGER_ERR_NONE;
}
+
+int privilege_db_manager_set_package_critical_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, bool is_privacy_requestable, GList* critical_privilege_list)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RW, &db, package_type);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+
+ GList* mapped_privilege_list = NULL;
+ ret = privilege_db_manager_get_mapped_privilege_list(api_version, package_type, critical_privilege_list, &mapped_privilege_list);
+ TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE && mapped_privilege_list != NULL, __finalize_db(db, stmt, NULL), PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL, "[DB_FAIL] privilege_db_manager_get_mapped_privilege_list failed");
+
+ sqlite3_exec(db, "BEGIN IMMEDIATE TRANSACTION", NULL, NULL, NULL);
+ GList *l = NULL;
+ for (l = mapped_privilege_list; l != NULL; l = l->next) {
+ char *privilege_name = (char *)l->data;
+ if (strstr(privilege_name, "/internal/") == NULL) {
+ char* sql = NULL;
+ char * privacy_name = NULL;
+ ret = privilege_db_manager_get_privacy_by_privilege(privilege_name, &privacy_name);
+ if (ret == PRIVILEGE_DB_MANAGER_ERR_NONE && privacy_name != NULL && strstr(privacy_name, "N/A") == NULL) {
+ sql = sqlite3_mprintf("insert or replace into privacy_package (uid, pkg_id, privacy_name, privilege_name, api_version, is_privacy_requestable, is_critical) values (%d, %Q, %Q, %Q, %Q, %d, 1)", uid, pkgid, privacy_name, privilege_name, api_version, is_privacy_requestable);
+ _LOGD("sql: %s", sql);
+ TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); g_list_free_full(mapped_privilege_list, free); free(privacy_name); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ TryReturn(ret == SQLITE_OK, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); g_list_free_full(mapped_privilege_list, free); free(privacy_name); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
+ ret = sqlite3_step(stmt);
+ if (ret != SQLITE_DONE) {
+ __get_db_error(&ret);
+ sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
+ g_list_free_full(mapped_privilege_list, free);
+ free(privacy_name);
+ __finalize_db(db, stmt, sql);
+ return ret;
+ }
+ sqlite3_free(sql);
+ }
+ if (privacy_name != NULL)
+ free(privacy_name);
+ }
+ }
+ g_list_free_full(mapped_privilege_list, free);
+
+ sqlite3_exec(db, "COMMIT TRANSACTION", NULL, NULL, NULL);
+ __finalize_db(db, stmt, NULL);
+ return PRIVILEGE_DB_MANAGER_ERR_NONE;
+}
+
+int privilege_db_manager_set_package_privacy_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, bool is_privacy_requestable, GList* privilege_list)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RW, &db, package_type);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+ GList* mapped_privilege_list = NULL;
+ ret = privilege_db_manager_get_mapped_privilege_list(api_version, package_type, privilege_list, &mapped_privilege_list);
+ TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE && mapped_privilege_list != NULL, __finalize_db(db, stmt, NULL), PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL, "[DB_FAIL] privilege_db_manager_get_mapped_privilege_list failed");
+
+ sqlite3_exec(db, "BEGIN IMMEDIATE TRANSACTION", NULL, NULL, NULL);
+ GList *l = NULL;
+ for (l = mapped_privilege_list; l != NULL; l = l->next) {
+ char *privilege_name = (char *)l->data;
+ if (strstr(privilege_name, "/internal/") == NULL) {
+ char* sql = NULL;
+ char * privacy_name = NULL;
+ ret = privilege_db_manager_get_privacy_by_privilege(privilege_name, &privacy_name);
+ if (ret == PRIVILEGE_DB_MANAGER_ERR_NONE && privacy_name != NULL && strstr(privacy_name, "N/A") == NULL) {
+ sql = sqlite3_mprintf("insert or ignore into privacy_package (uid, pkg_id, privacy_name, privilege_name, api_version, is_privacy_requestable, is_critical) values (%d, %Q, %Q, %Q, %Q, %d, 0)", uid, pkgid, privacy_name, privilege_name, api_version, is_privacy_requestable);
+ _LOGD("sql: %s", sql);
+ TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); g_list_free_full(mapped_privilege_list, free); free(privacy_name); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ TryReturn(ret == SQLITE_OK, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); g_list_free_full(mapped_privilege_list, free); free(privacy_name); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
+ ret = sqlite3_step(stmt);
+ if (ret != SQLITE_DONE) {
+ __get_db_error(&ret);
+ sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL);
+ g_list_free_full(mapped_privilege_list, free);
+ free(privacy_name);
+ __finalize_db(db, stmt, sql);
+ return ret;
+ }
+ sqlite3_free(sql);
+ }
+ if (privacy_name != NULL)
+ free(privacy_name);
+ }
+ }
+ g_list_free_full(mapped_privilege_list, free);
+
+ sqlite3_exec(db, "COMMIT TRANSACTION", NULL, NULL, NULL);
+ __finalize_db(db, stmt, NULL);
+ return PRIVILEGE_DB_MANAGER_ERR_NONE;
+}
+
+int privilege_db_manager_unset_package_privilege_info(const uid_t uid, const char* pkgid)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RW, &db, PRVMGR_PACKAGE_TYPE_NONE);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+
+ char* sql = NULL;
+ sql = sqlite3_mprintf("delete from privacy_package where pkg_id = %Q and uid = %d", pkgid, uid);
+ TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
+ ret = sqlite3_step(stmt);
+ if (ret != SQLITE_DONE) {
+ __get_db_error(&ret);
+ } else {
+ ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
+ }
+
+ __finalize_db(db, stmt, sql);
+ return ret;
+}
+
+int privilege_db_manager_is_privacy_requestable(const uid_t uid, const char* pkgid, bool* is_privacy_requestable)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+
+ char* sql = sqlite3_mprintf("select is_privacy_requestable from privacy_package where uid=%d and pkg_id=%Q", uid, pkgid);
+ TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
+ _LOGD("sql: %s", sql);
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
+
+ ret = sqlite3_step(stmt);
+ if (ret == SQLITE_ROW) {
+ if (sqlite3_column_int(stmt, 0))
+ *is_privacy_requestable = true;
+ else
+ *is_privacy_requestable = false;
+ } else if (ret == SQLITE_DONE) {
+ __finalize_db(db, stmt, sql);
+ return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
+ } else {
+ _LOGE("ret = %d, %s", ret, sqlite3_errmsg(db));
+ __finalize_db(db, stmt, sql);
+ return ret;
+ }
+
+ __finalize_db(db, stmt, sql);
+
+ return PRIVILEGE_DB_MANAGER_ERR_NONE;
+
+
+}
+int privilege_db_manager_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+
+ char* sql = sqlite3_mprintf("select is_critical from privacy_package where uid=%d and pkg_id=%Q and privilege_name=%Q", uid, pkgid, privilege);
+ TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
+ _LOGD("sql: %s", sql);
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
+
+ ret = sqlite3_step(stmt);
+ if (ret == SQLITE_ROW) {
+ if (sqlite3_column_int(stmt, 0))
+ *is_critical = true;
+ else
+ *is_critical = false;
+ } else if (ret == SQLITE_DONE) {
+ __finalize_db(db, stmt, sql);
+ return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
+ } else {
+ _LOGE("ret = %d, %s", ret, sqlite3_errmsg(db));
+ __finalize_db(db, stmt, sql);
+ return ret;
+ }
+
+ __finalize_db(db, stmt, sql);
+
+ return PRIVILEGE_DB_MANAGER_ERR_NONE;
+
+}
+
+int privilege_db_manager_get_all_privacy_package_list(const uid_t uid, GList** package_list)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+
+ char *sql = sqlite3_mprintf("select distinct pkg_id from privacy_package where uid=%d", uid);
+ TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
+
+ GList* temp_package_list = NULL;
+ do {
+ ret = sqlite3_step(stmt);
+ if (ret == SQLITE_ROW) {
+ char *pkgid = strdup((char *)sqlite3_column_text(stmt, 0));
+ temp_package_list = g_list_append(temp_package_list, pkgid);
+ }
+ } while (ret == SQLITE_ROW);
+
+ __finalize_db(db, stmt, sql);
+
+ *package_list = temp_package_list;
+ if (temp_package_list == NULL)
+ return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
+
+ return PRIVILEGE_DB_MANAGER_ERR_NONE;
+}
+
+int privilege_db_manager_get_privacy_list_by_pkgid(const uid_t uid, const char* pkgid, GList** privacy_list)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+
+ char *sql = sqlite3_mprintf("select distinct privacy_name from privacy_package where uid=%d and pkg_id=%Q", uid, pkgid);
+ TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
+
+ GList* temp_privacy_list = NULL;
+ do {
+ ret = sqlite3_step(stmt);
+ if (ret == SQLITE_ROW) {
+ char *privacy_name = strdup((char *)sqlite3_column_text(stmt, 0));
+ temp_privacy_list = g_list_append(temp_privacy_list, privacy_name);
+ }
+ } while (ret == SQLITE_ROW);
+
+ __finalize_db(db, stmt, sql);
+
+ *privacy_list = temp_privacy_list;
+ if (temp_privacy_list == NULL)
+ return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
+
+ return PRIVILEGE_DB_MANAGER_ERR_NONE;
+}
+int privilege_db_manager_get_package_list_by_privacy(const uid_t uid, const char* privacy, GList** package_list)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+
+ char *sql = sqlite3_mprintf("select distinct pkg_id from privacy_package where uid=%d and privacy_name=%Q", uid, privacy);
+ TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
+
+ GList* temp_package_list = NULL;
+ do {
+ ret = sqlite3_step(stmt);
+ if (ret == SQLITE_ROW) {
+ char *pkgid = strdup((char *)sqlite3_column_text(stmt, 0));
+ temp_package_list = g_list_append(temp_package_list, pkgid);
+ }
+ } while (ret == SQLITE_ROW);
+
+ __finalize_db(db, stmt, sql);
+
+ *package_list = temp_package_list;
+ if (temp_package_list == NULL)
+ return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
+
+ return PRIVILEGE_DB_MANAGER_ERR_NONE;
+
+}
+int privilege_db_manager_get_privilege_list_by_pkgid_and_privacy(const uid_t uid, const char* pkgid, const char* privacy, GList** privilege_list)
+{
+ sqlite3 *db = NULL;
+ sqlite3_stmt *stmt = NULL;
+ int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
+ return ret;
+
+ char *sql = sqlite3_mprintf("select distinct privilege_name from privacy_package where uid=%d and pkg_id=%Q and privacy_name=%Q", uid, pkgid, privacy);
+ TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
+ ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
+ TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
+
+ GList* temp_privilege_list = NULL;
+ do {
+ ret = sqlite3_step(stmt);
+ if (ret == SQLITE_ROW) {
+ char *privilege_name = strdup((char *)sqlite3_column_text(stmt, 0));
+ temp_privilege_list = g_list_append(temp_privilege_list, privilege_name);
+ }
+ } while (ret == SQLITE_ROW);
+
+ __finalize_db(db, stmt, sql);
+
+ *privilege_list = temp_privilege_list;
+ if (temp_privilege_list == NULL)
+ return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
+
+ return PRIVILEGE_DB_MANAGER_ERR_NONE;
+
+}
#include "privilege_db_manager.h"
#include "privilege_manager.h"
#include "privilege_manager_types.h"
+#include "privilege_private.h"
#ifdef __TIZEN__
#include <dlog.h>
return returnValue; \
}
-typedef u_int32_t api_version_code_t;
-
-static int __get_api_version_code(const char *api_version, api_version_code_t *api_version_code)
+int __get_api_version_code(const char *api_version, api_version_code_t *api_version_code)
{
TryReturn(api_version != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] api_version is NULL");
--- /dev/null
+/*
+ * Copyright(c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0(the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdlib.h>
+#include <dlog.h>
+#include <glib.h>
+#include "privilege_db_manager.h"
+#include "privilege_private.h"
+#include "privilege_package_info.h"
+
+#ifdef LOG_TAG
+#undef LOG_TAG
+#define LOG_TAG "PRIVILEGE_PACKAGE_INFO"
+#endif
+
+#define TryReturn(condition, expr, returnValue, ...) \
+ if (!(condition)) { \
+ LOGE(__VA_ARGS__); \
+ expr; \
+ return returnValue; \
+ }
+
+static int __is_privacy_requestable_api_version(const char* api_version)
+{
+ api_version_code_t api_version_code;
+ api_version_code_t privacy_requestable_api_version_code;
+ int ret = __get_api_version_code(api_version, &api_version_code);
+ TryReturn(ret == PRVMGR_ERR_NONE, , -1, "[PRVMGR_ERR_INTERNAL_ERROR] __get_api_version_code failed. ret = %d", ret);
+ ret = __get_api_version_code(PRIVACY_REQUESTABLE_API_VERSION, &privacy_requestable_api_version_code);
+ TryReturn(ret == PRVMGR_ERR_NONE, , -1, "[PRVMGR_ERR_INTERNAL_ERROR] __get_api_version_code failed. ret = %d", ret);
+ if (api_version_code < privacy_requestable_api_version_code)
+ return 0;
+
+ return 1;
+}
+
+int privilege_package_info_set_privacy_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e pkg_type, const char* api_version, GList* privilege_list)
+{
+ TryReturn(pkgid != NULL && api_version != NULL && privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid, api_version, and privilege_list must not be NULL.");
+ int is_privacy_requestable = __is_privacy_requestable_api_version(api_version);
+ TryReturn(is_privacy_requestable == 1 || is_privacy_requestable == 0, , PRVMGR_ERR_INTERNAL_ERROR, "[PRVMGR_ERR_INTERNAL_ERROR] fail to get is_privacy_requestable value.");
+ int ret = privilege_db_manager_set_package_privacy_privilege_info(uid, pkgid, pkg_type, api_version, is_privacy_requestable, privilege_list);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
+ LOGE("privilege_db_manager_set_package_privacy_privilege_info failed. ret = %d", ret);
+ return PRVMGR_ERR_INTERNAL_ERROR;
+ }
+ return PRVMGR_ERR_NONE;
+}
+
+int privilege_package_info_set_critical_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e pkg_type, const char* api_version, GList* critical_privilege_list)
+{
+ TryReturn(pkgid != NULL && api_version != NULL && critical_privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid, api_version, and critical_privilege_list must not be NULL.");
+ int is_privacy_requestable = __is_privacy_requestable_api_version(api_version);
+ TryReturn(is_privacy_requestable == 1 || is_privacy_requestable == 0, , PRVMGR_ERR_INTERNAL_ERROR, "[PRVMGR_ERR_INTERNAL_ERROR] fail to get is_privacy_requestable value.");
+ int ret = privilege_db_manager_set_package_critical_privilege_info(uid, pkgid, pkg_type, api_version, is_privacy_requestable, critical_privilege_list);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
+ LOGE("privilege_db_manager_set_package_critical_privilege_info failed. ret = %d", ret);
+ return PRVMGR_ERR_INTERNAL_ERROR;
+ }
+ return PRVMGR_ERR_NONE;
+}
+
+int privilege_package_info_unset_package_privilege_info(const uid_t uid, const char* pkgid)
+{
+ TryReturn(pkgid != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid must not be NULL.");
+ int ret = privilege_db_manager_unset_package_privilege_info(uid, pkgid);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
+ LOGE("privilege_db_manager_unset_package_privilege_info failed. ret = %d", ret);
+ return PRVMGR_ERR_INTERNAL_ERROR;
+ }
+ return PRVMGR_ERR_NONE;
+}
+
+int privilege_package_info_is_privacy_requestable(const uid_t uid, const char* pkgid, bool* is_requestable)
+{
+ TryReturn(pkgid != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid must not be NULL.");
+ int ret = privilege_db_manager_is_privacy_requestable(uid, pkgid, is_requestable);
+ if (ret == PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) { // CASE: given pkgid have no privacy privileges
+ *is_requestable = false;
+ } else if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
+ LOGE("privilege_db_manager_is_privacy_requestable_package failed. ret = %d", ret);
+ return PRVMGR_ERR_INTERNAL_ERROR;
+ }
+ return PRVMGR_ERR_NONE;
+}
+int privilege_package_info_is_privacy_requestable_api_version(const char* api_version, bool* is_requestable)
+{
+ TryReturn(api_version != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] api_version must not be NULL");
+ int is_privacy_requestable = __is_privacy_requestable_api_version(api_version);
+ if (is_privacy_requestable == 1)
+ *is_requestable = true;
+ else if (is_privacy_requestable == 0)
+ *is_requestable = false;
+ else
+ return PRVMGR_ERR_INTERNAL_ERROR;
+ return PRVMGR_ERR_NONE;
+}
+
+int privilege_package_info_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical)
+{
+ TryReturn(pkgid != NULL && privilege != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid and privilege must not be null");
+ int ret = privilege_db_manager_is_critical_privilege(uid, pkgid, privilege, is_critical);
+ if (ret == PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) { // CASE: given pkgid have no privacy privileges
+ *is_critical = false;
+ } else if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
+ LOGE("privilege_db_manager_is_ciritical_privilege faild. ret = %d", ret);
+ return PRVMGR_ERR_INTERNAL_ERROR;
+ }
+ return PRVMGR_ERR_NONE;
+}
+
+int privilege_package_info_get_all_privacy_package_list(const uid_t uid, GList** privacy_list)
+{
+ int ret = privilege_db_manager_get_all_privacy_package_list(uid, privacy_list);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE && ret != PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) {
+ LOGE("privilege_db_manager_get_all_privacy_package_list failed. ret = %d", ret);
+ return PRVMGR_ERR_INTERNAL_ERROR;
+ }
+ return PRVMGR_ERR_NONE;
+}
+
+int privilege_package_info_get_privacy_list_by_pkgid(const uid_t uid, const char* pkgid, GList** privacy_list)
+{
+ TryReturn(pkgid != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid must not be null");
+ int ret = privilege_db_manager_get_privacy_list_by_pkgid(uid, pkgid, privacy_list);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE && ret != PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) {
+ LOGE("privilege_db_manager_get_privacy_list_by_pkgid failed. ret = %d", ret);
+ return PRVMGR_ERR_INTERNAL_ERROR;
+ }
+ return PRVMGR_ERR_NONE;
+}
+int privilege_package_info_get_package_list_by_privacy(const uid_t uid, const char* privacy, GList** package_list)
+{
+ TryReturn(privacy != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privacy must not be null");
+ int ret = privilege_db_manager_get_package_list_by_privacy(uid, privacy, package_list);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE && ret != PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) {
+ LOGE("privilege_db_manager_get_package_list_by_privacy failed. ret = %d", ret);
+ return PRVMGR_ERR_INTERNAL_ERROR;
+ }
+ return PRVMGR_ERR_NONE;
+}
+int privilege_package_info_get_privilege_list_by_pkgid_and_privacy(const uid_t uid, const char* pkgid, const char* privacy, GList** privilege_list)
+{
+ TryReturn(pkgid != NULL && privacy != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid and privacy must not be null");
+ int ret = privilege_db_manager_get_privilege_list_by_pkgid_and_privacy(uid, pkgid, privacy, privilege_list);
+ if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE && ret != PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) {
+ LOGE("privilege_db_manager_get_privilege_list_by_pkgid_and_privacy failed. ret = %d", ret);
+ return PRVMGR_ERR_INTERNAL_ERROR;
+ }
+ return PRVMGR_ERR_NONE;
+}
sed "s|@PROFILE@|wearable|" privilege-checker.ini > %{buildroot}%{_sysconfdir}/privilege-checker.ini.wearable
sed "s|@PROFILE@|mobile|" privilege-checker.ini > %{buildroot}%{_sysconfdir}/privilege-checker.ini.mobile
-
-
%if "%{?build_type}" != "NO_DB"
mv %{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.mobile.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.db
mv %{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.mobile.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.db
mv %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.mobile.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.db
mv %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.mobile.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.db
-mv %{buildroot}/%{TZ_SYS_DB}/.policy.mobile.db %{buildroot}/%{TZ_SYS_DB}/.policy.db
-mv %{buildroot}/%{TZ_SYS_DB}/.policy.mobile.db-journal %{buildroot}/%{TZ_SYS_DB}/.policy.db-journal
%endif
%find_lang privilege
%if "%{?build_type}" != "NO_DB"
chsmack -a System %{TZ_SYS_DB}/.policy.db
chsmack -a System %{TZ_SYS_DB}/.policy.db-journal
+chsmack -a System::Shared %{TZ_SYS_DB}/.privacy.db
+chsmack -a System::Shared %{TZ_SYS_DB}/.privacy.db-journal
%endif
%{_datadir}/privilege-manager/policy_db_updater.sh
%attr(700,root,root) %{_datadir}/privilege-manager/policy_db_updater.sh
%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.db
%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.db-journal
+%config(noreplace) %attr(0664, root, app_fw) /%{TZ_SYS_DB}/.privacy.db
+%config(noreplace) %attr(0664, root, app_fw) /%{TZ_SYS_DB}/.privacy.db-journal
%endif
%manifest packaging/security-privilege-manager.manifest
%license LICENSE.APLv2
%post -n security-privilege-manager-extension-mobile
mv %{_sysconfdir}/privilege-checker.ini.mobile %{_sysconfdir}/privilege-checker.ini
+
%files -n security-privilege-manager-extension-mobile
%license LICENSE.APLv2
%{_sysconfdir}/privilege-checker.ini.mobile
mv %{_datadir}/privilege-manager/.core_privilege_mapping.tv.db %{_datadir}/privilege-manager/.core_privilege_mapping.db
mv %{_datadir}/privilege-manager/.wrt_privilege_info.tv.db %{_datadir}/privilege-manager/.wrt_privilege_info.db
mv %{_datadir}/privilege-manager/.wrt_privilege_mapping.tv.db %{_datadir}/privilege-manager/.wrt_privilege_mapping.db
-mv /%{TZ_SYS_DB}/.policy.tv.db /%{TZ_SYS_DB}/.policy.db
-mv /%{TZ_SYS_DB}/.policy.tv.db-journal /%{TZ_SYS_DB}/.policy.db-journal
-
-chsmack -a System %{TZ_SYS_DB}/.policy.db
-chsmack -a System %{TZ_SYS_DB}/.policy.db-journal
%endif
mv %{_sysconfdir}/privilege-checker.ini.tv %{_sysconfdir}/privilege-checker.ini
%{_datadir}/privilege-manager/.core_privilege_mapping.tv.db
%{_datadir}/privilege-manager/.wrt_privilege_info.tv.db
%{_datadir}/privilege-manager/.wrt_privilege_mapping.tv.db
-%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.tv.db
-%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.tv.db-journal
%endif
%manifest packaging/security-privilege-manager.manifest
%license LICENSE.APLv2
mv %{_datadir}/privilege-manager/.core_privilege_mapping.wearable.db %{_datadir}/privilege-manager/.core_privilege_mapping.db
mv %{_datadir}/privilege-manager/.wrt_privilege_info.wearable.db %{_datadir}/privilege-manager/.wrt_privilege_info.db
mv %{_datadir}/privilege-manager/.wrt_privilege_mapping.wearable.db %{_datadir}/privilege-manager/.wrt_privilege_mapping.db
-mv /%{TZ_SYS_DB}/.policy.wearable.db /%{TZ_SYS_DB}/.policy.db
-mv /%{TZ_SYS_DB}/.policy.wearable.db-journal /%{TZ_SYS_DB}/.policy.db-journal
-
-chsmack -a System %{TZ_SYS_DB}/.policy.db
-chsmack -a System %{TZ_SYS_DB}/.policy.db-journal
%endif
mv %{_sysconfdir}/privilege-checker.ini.wearable %{_sysconfdir}/privilege-checker.ini
%{_datadir}/privilege-manager/.core_privilege_mapping.wearable.db
%{_datadir}/privilege-manager/.wrt_privilege_info.wearable.db
%{_datadir}/privilege-manager/.wrt_privilege_mapping.wearable.db
-%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.wearable.db
-%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.wearable.db-journal
%endif
%manifest packaging/security-privilege-manager.manifest
%license LICENSE.APLv2
%{_bindir}/tc-privilege-manager
%{_bindir}/tc-privilege-info
%{_bindir}/tc-privilege-black-list
+%{_bindir}/tc-privilege-package-info
%files -n privilege-verifier
%license LICENSE.APLv2
SET(TC2_NAME tc-privilege-manager)
SET(TC3_NAME tc-privilege-info)
SET(TC4_NAME tc-privilege-black-list)
+SET(TC5_NAME tc-privilege-package-info)
SET(TC_COMMON_SRCS ${TC_COMMON}.c)
SET(TC1_SRCS ${TC1_NAME}.c ${TC_COMMON_SRCS})
SET(TC2_SRCS ${TC2_NAME}.c ${TC_COMMON_SRCS})
SET(TC3_SRCS ${TC3_NAME}.c ${TC_COMMON_SRCS})
SET(TC4_SRCS ${TC4_NAME}.c ${TC_COMMON_SRCS})
+SET(TC5_SRCS ${TC5_NAME}.c ${TC_COMMON_SRCS})
INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/capi/include)
INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/test)
ADD_EXECUTABLE(${TC2_NAME} ${TC2_SRCS})
ADD_EXECUTABLE(${TC3_NAME} ${TC3_SRCS})
ADD_EXECUTABLE(${TC4_NAME} ${TC4_SRCS})
+ADD_EXECUTABLE(${TC5_NAME} ${TC5_SRCS})
TARGET_LINK_LIBRARIES(${TC1_NAME} "security-privilege-manager")
TARGET_LINK_LIBRARIES(${TC2_NAME} "security-privilege-manager")
TARGET_LINK_LIBRARIES(${TC3_NAME} "security-privilege-manager")
TARGET_LINK_LIBRARIES(${TC4_NAME} "security-privilege-manager")
+TARGET_LINK_LIBRARIES(${TC5_NAME} "security-privilege-manager")
INSTALL(TARGETS ${TC1_NAME} DESTINATION /usr/bin)
INSTALL(TARGETS ${TC2_NAME} DESTINATION /usr/bin)
INSTALL(TARGETS ${TC3_NAME} DESTINATION /usr/bin)
INSTALL(TARGETS ${TC4_NAME} DESTINATION /usr/bin)
+INSTALL(TARGETS ${TC5_NAME} DESTINATION /usr/bin)
}
}
+void __print_glist(GList* glist)
+{
+ GList *l;
+ for (l = glist; l != NULL; l = l->next) {
+ char *text = (char *)l->data;
+ printf("%s\n", text);
+ }
+}
+
bool __check_result(int result)
{
if (expected_result == result)
void __privinfo(char *name, char *level, char *comment);
void __print_privilege_list(GList * privilege_list);
+void __print_glist(GList *glist);
bool __check_result(int result);
bool __count_result(int result);
--- /dev/null
+#include <stdio.h>
+#include <stdlib.h>
+#include <privilege_package_info.h>
+#include <tc-common.h>
+
+static void __test_privilege_package_info()
+{
+ int ret = 0;
+ bool is_requestable;
+
+ gfree(privilege_list);
+ __print_line();
+ __tcinfo(goal, "set 5001, org.test.nativeapp privacy privilege set. api_version = 3.0");
+ __privinfo("http://tizen.org/privilege/internet", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/call", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/bookmark.admin", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/keygrab", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/account.read", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/account.write", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/display", NULL, NULL);
+ ret = privilege_package_info_set_privacy_privilege(5001, "org.test.nativeapp", PRVMGR_PACKAGE_TYPE_CORE, "3.0", privilege_list);
+ __tcinfo(expect, PRVMGR_ERR_NONE);
+ __print_result('m', ret);
+ gfree(privilege_list);
+
+ __print_line();
+ __tcinfo(goal, "set 5001, org.test.nativeapp critical privilege set. api_version = 3.0");
+ __privinfo("http://tizen.org/privilege/internet", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/call", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/account.read", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/display", NULL, NULL);
+ ret = privilege_package_info_set_critical_privilege(5001, "org.test.nativeapp", PRVMGR_PACKAGE_TYPE_CORE, "3.0", privilege_list);
+ __tcinfo(expect, PRVMGR_ERR_NONE);
+ __print_result('m', ret);
+ gfree(privilege_list);
+
+ __print_line();
+ __tcinfo(goal, "set 5001, org.test.webapp's privacy privilege set. api_version = 4.0");
+ __privinfo("http://tizen.org/privilege/internet", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/call", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/bookmark.read", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/mediacapture", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/account.read", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/download", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/messaging.write", NULL, NULL);
+ ret = privilege_package_info_set_privacy_privilege(5001, "org.test.webapp", PRVMGR_PACKAGE_TYPE_WRT, "4.0", privilege_list);
+ __tcinfo(expect, PRVMGR_ERR_NONE);
+ __print_result('m', ret);
+ gfree(privilege_list);
+
+ __print_line();
+ __tcinfo(goal, "set 5001, org.test.webapp's critical privilege set. api_version = 4.0");
+ __privinfo("http://tizen.org/privilege/internet", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/messaging.write", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/mediacapture", NULL, NULL);
+ __privinfo("http://tizen.org/privilege/download", NULL, NULL);
+ ret = privilege_package_info_set_critical_privilege(5001, "org.test.webapp", PRVMGR_PACKAGE_TYPE_WRT, "4.0", privilege_list);
+ __tcinfo(expect, PRVMGR_ERR_NONE);
+ __print_result('m', ret);
+ gfree(privilege_list);
+
+ __print_line();
+ __tcinfo(goal, "see if http://tizen.org/privilege/message.read is critical for uid 5001, org.test.webapp");
+ ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp", "http://tizen.org/privilege/message.read", &is_requestable);
+ if (is_requestable && ret == PRVMGR_ERR_NONE) {
+ __color_to_green();
+ printf("\nis critical privilege. SUCCESS\n");
+ success_cnt++;
+ __color_to_origin();
+ } else {
+ __color_to_red();
+ printf("\nFAIL\n");
+ fail_cnt++;
+ __color_to_origin();
+ }
+
+ __print_line();
+ __tcinfo(goal, "see if http://tizen.org/privilege/internet is critical for uid 5001, org.test.webapp");
+ ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp", "http://tizen.org/privilege/internet", &is_requestable);
+ if (!is_requestable && ret == PRVMGR_ERR_NONE) {
+ __color_to_green();
+ printf("\nis not critical privilege. SUCCESS\n");
+ success_cnt++;
+ __color_to_origin();
+ } else {
+ __color_to_red();
+ printf("\nFAIL\n");
+ fail_cnt++;
+ __color_to_origin();
+ }
+
+
+ __print_line();
+ __tcinfo(goal, "see if uid 5001, org.test.nativeapp is privacy requestable");
+ ret = privilege_package_info_is_privacy_requestable(5001, "org.test.nativeapp", &is_requestable);
+ if (is_requestable) {
+ __color_to_red();
+ printf("\nFAIL\n");
+ fail_cnt++;
+ __color_to_origin();
+ } else if (ret == PRVMGR_ERR_NONE) {
+ __color_to_green();
+ printf("\nis old app. SUCCESS\n");
+ success_cnt++;
+ __color_to_origin();
+ } else {
+ __color_to_red();
+ printf("\nFAIL\n");
+ fail_cnt++;
+ __color_to_origin();
+ }
+
+ __print_line();
+ __tcinfo(goal, "see if uid 5001, org.test.webapp is privacy requestable");
+ ret = privilege_package_info_is_privacy_requestable(5001, "org.test.webapp", &is_requestable);
+ if (is_requestable && ret == PRVMGR_ERR_NONE) {
+ __color_to_green();
+ printf("\nis privacy requestable app. SUCCESS\n");
+ success_cnt++;
+ __color_to_origin();
+ } else {
+ __color_to_red();
+ printf("FAIL!!!!!!!!!!!!!!!!!!!!!!\n");
+ fail_cnt++;
+ __color_to_origin();
+ }
+
+ __print_line();
+ __tcinfo(goal, "get privacy list of org.test.nativeapp");
+ GList* tmp_list = NULL;
+ ret = privilege_package_info_get_privacy_list_by_pkgid(5001, "org.test.nativeapp", &tmp_list);
+ __tcinfo(expect, PRVMGR_ERR_NONE);
+ __print_result('m', ret);
+ if (tmp_list != NULL) {
+ __print_glist(tmp_list);
+ gfree(tmp_list);
+ }
+
+ __print_line();
+ __tcinfo(goal, "get list of packaes with bookmark privacy");
+ ret = privilege_package_info_get_package_list_by_privacy(5001, "http://tizen.org/privacy/bookmark", &tmp_list);
+ __tcinfo(expect, PRVMGR_ERR_NONE);
+ __print_result('m', ret);
+ if (tmp_list != NULL) {
+ __print_glist(tmp_list);
+ gfree(tmp_list);
+ }
+
+ __print_line();
+ __tcinfo(goal, "get list of packaes with camera privacy");
+ ret = privilege_package_info_get_package_list_by_privacy(5001, "http://tizen.org/privacy/camera", &tmp_list);
+ __tcinfo(expect, PRVMGR_ERR_NONE);
+ __print_result('m', ret);
+ if (tmp_list != NULL) {
+ __print_glist(tmp_list);
+ gfree(tmp_list);
+ }
+
+ __print_line();
+ __tcinfo(goal, "get privilege list of org.test.nativeapp's account privacy");
+ ret = privilege_package_info_get_privilege_list_by_pkgid_and_privacy(5001, "org.test.nativeapp", "http://tizen.org/privacy/account", &tmp_list);
+ __tcinfo(expect, PRVMGR_ERR_NONE);
+ __print_result('m', ret);
+ if (tmp_list != NULL) {
+ __print_glist(tmp_list);
+ gfree(tmp_list);
+ }
+
+ __print_line();
+ __tcinfo(goal, "get all privacy package list of uid 5001");
+ ret = privilege_package_info_get_all_privacy_package_list(5001, &tmp_list);
+ __tcinfo(expect, PRVMGR_ERR_NONE);
+ __print_result('m', ret);
+ if (tmp_list != NULL) {
+ __print_glist(tmp_list);
+ gfree(tmp_list);
+ }
+
+ __print_line();
+ __tcinfo(goal, "unset 5001, org.test.nativeapp's package privilege info.");
+ ret = privilege_package_info_unset_package_privilege_info(5001, "org.test.nativeapp");
+ __tcinfo(expect, PRVMGR_ERR_NONE);
+ __print_result('m', ret);
+
+ __print_line();
+ __tcinfo(goal, "unset 5001, org.test.webapp's package privilege info.");
+ ret = privilege_package_info_unset_package_privilege_info(5001, "org.test.webapp");
+ __tcinfo(expect, PRVMGR_ERR_NONE);
+ __print_result('m', ret);
+ __print_line();
+
+}
+
+int main()
+{
+
+ __tcinfo(function, "privilege_package_info_set_privacy_privilege");
+ __tcinfo(function, "privilege_package_info_set_ciritical_privilege");
+ __tcinfo(function, "privilege_package_info_unset_package_privilege_info");
+ __tcinfo(function, "privilege_package_info_is_privacy_requestable");
+ __tcinfo(function, "privilege_package_info_is_privacy_requestable_api_version");
+ __tcinfo(function, "privilege_package_info_get_privacy_list_by_pkgid");
+ __tcinfo(function, "privilege_package_info_get_package_list_by_privacy");
+ __tcinfo(function, "privilege_package_info_get_privilege_list_by_pkgid_and_privacy");
+ __test_privilege_package_info();
+
+ __color_to_green();
+ printf("Test Complete\n");
+ printf("success : %d, ", success_cnt);
+
+ __color_to_red();
+ printf("fail : %d\n", fail_cnt);
+ __color_to_origin();
+
+ return 0;
+}
ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_CORE_DB_PATH="core_privilege_mapping.db")
ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_WRT_DB_PATH="wrt_privilege_mapping.db")
ADD_DEFINITIONS(-DPRIVILEGE_POLICY_DB_PATH="policy.db")
+ADD_DEFINITIONS(-DPRIVILEGE_PRIVACY_DB_PATH="${TZ_SYS_DB}/.privacy.db")
ADD_DEFINITIONS(-DASKUSER_RUNTIME_DISABLE_PATH="${TZ_SYS_SHARE}/askuser_disable")
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}")