*/
int privilege_db_manager_check_black_list(uid_t uid, privilege_manager_package_type_e pacakge_type, GList *privilege_list);
-/**
- * @brief Set application package's critical privilege information
- * @remarks Non-privacy privilege included in the privilege list will be ignored.
- * @remarks Call it with the privilege list before mapping.
- * @remarks @a critical_privilege_list must be released by you.
- * @param [in] uid The uid
- * @param [in] pkgid The package ID
- * @param [in] package_type The package type of the given privilege list
- * @param [in] api_version The api-version of package
- * @param [in] critical_privilege_list The ciritical privilege list
- * @return 0 on success, otherwise a negative error value.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL Write could not complete due to the disk is full.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed.
- */
-int privilege_db_manager_set_package_critical_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* critical_privilege_list);
-
/**
* @brief Set application package's privacy privilege information
* @remarks Non-privacy privilege included in the privilege list will be ignored.
int privilege_db_manager_set_package_privacy_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list);
/**
- * @brief Delete all privacy, critical privilege info of the given application package.
+ * @brief Delete all privacy privilege info of the given application package.
* @param [in] uid The uid
* @param [in] pkgid The package ID
* @return 0 on success, otherwise a negative error value.
*/
int privilege_db_manager_is_privacy_requestable(const uid_t uid, const char* pkgid, const char* privilege, privilege_manager_package_type_e pkg_type, bool* is_privacy_requestable);
-/**
- * @brief Get is_critical value for thr privilege and package
- * @remarks If the privilege is not a privacy privilege then it will return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT
- * @param [in] uid The uid
- * @param [in] pkgid The package ID
- * @param [in] privilege The privilege
- * @param [out] is_critical is_critical value
- * @return 0 on success, otherwise a negative error value.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury.
- */
-int privilege_db_manager_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical);
-
/**
* @brief Get all privacy package list of the user
* @remarks @a package_list must be released by using privilege_db_manager_list_free().
EXPORT_API int privilege_package_info_set_privacy_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list);
/**
- * @brief Set critical privilege of the application package.
- * @remarks Non-privacy privilege included in the privilege list will be ignored.
- * @remarks Call it with the privilege list before mapping and include only critical privileges.
- * @remarks @a critical_privilege_list must be released by you.
- * @param [in] uid The uid of the user who's trying to install the application.
- * @param [in] pkgid The package ID
- * @param [in] package_type The package type
- * @param [in] api_version The api-version
- * @param [in] critical_privilege_list The critical privilege list.
- * @return 0 on success, otherwise a negative error value.
- * @retval #PRVMGR_ERR_NONE Successful
- * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
- * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
- */
-EXPORT_API int privilege_package_info_set_critical_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list);
-
-/**
- * @brief Delete all privacy, critical privilege info of the given application package.
+ * @brief Delete all privacy privilege info of the given application package.
* @param [in] uid The uid of the user who's trying to install the application.
* @param [in] pkgid The package ID
* @return 0 on success, otherwise a negative error value.
*/
EXPORT_API int privilege_package_info_is_privacy_requestable(const uid_t uid, const char* pkgid, const char* privilege, bool* is_requestable);
-/**
- * @brief Check if the given privilege is critical for the application package.
- * @param [in] uid The uid
- * @param [in] pkgid The package ID
- * @param [in] privilege The privilege to check
- * @param [out] is_critical true if the given privilege is critical, or set to false.
- * @return 0 on success, otherwise a negative error value.
- * @retval #PRVMGR_ERR_NONE Successful
- * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
- * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
- */
-EXPORT_API int privilege_package_info_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical);
-
/**
* @brief Get all privacy package list of the user
* @param [in] uid The uid
TRY_FINISH_TRANSACTION(ret, db, stmt, sql);
}
-//TODO: Do insert only. DO NOT determine whether to insert or not in here.
-int privilege_db_manager_set_package_critical_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* critical_privilege_list)
-{
- sqlite3 *db = NULL;
- sqlite3_stmt *stmt = NULL;
- char* sql = NULL;
- int ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
-
- TRY_INIT_DB(PRIVILEGE_DB_TYPE_PRIVACY_RW, &db);
-
- GList* mapped_privilege_list = NULL;
- ret = privilege_db_manager_get_mapped_privilege_list(api_version, package_type, critical_privilege_list, &mapped_privilege_list);
- TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE && mapped_privilege_list != NULL, __finalize_db(db, stmt, NULL), PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL, "[DB_FAIL] privilege_db_manager_get_mapped_privilege_list failed");
-
- TRY_BEGIN_TRANSACTION(db);
-
- for (GList *l = mapped_privilege_list; l != NULL; l = l->next) {
- char *privilege_name = (char *)l->data;
- if (strstr(privilege_name, "/internal/") == NULL) {
- char * privacy_name = NULL;
- ret = privilege_db_manager_get_privacy_by_privilege(privilege_name, &privacy_name);
- if (ret == PRIVILEGE_DB_MANAGER_ERR_NONE && strstr(privacy_name, "N/A") == NULL && privilege_db_manager_is_user_settable(pkgid, privacy_name) == 1) {
- sql = sqlite3_mprintf("insert or replace into privacy_package (uid, pkg_id, privacy_name, privilege_name, api_version, is_critical) values (%d, %Q, %Q, %Q, %Q, 1)", uid, pkgid, privacy_name, privilege_name, api_version);
-
- if (__prepare_stmt(db, sql, &stmt) != PRIVILEGE_DB_MANAGER_ERR_NONE) {
- ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
- break;
- }
-
- if (sqlite3_step(stmt) != SQLITE_DONE) {
- _LOGE("sqlite3_step() failed. [%s]", sqlite3_errmsg(db));
- ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
- break;
- }
-
- SAFE_SQLITE_FREE(sql);
- SAFE_SQLITE_FINALIZE(stmt);
- }
- SAFE_FREE(privacy_name);
- }
- }
- SAFE_G_LIST_FREE_FULL(mapped_privilege_list, free);
-
- TRY_FINISH_TRANSACTION(ret, db, stmt, sql);
-}
-
//TODO: Do insert only. DO NOT determine whether to insert or not in here.
int privilege_db_manager_set_package_privacy_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list)
{
return ret;
}
-int privilege_db_manager_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical)
-{
- sqlite3 *db = NULL;
- sqlite3_stmt *stmt = NULL;
- int ret;
-
- TRY_INIT_DB(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db);
-
- char* sql = sqlite3_mprintf("select is_critical from privacy_package where (uid=%d or uid=%d) and pkg_id=%Q and privilege_name=%Q", uid, GLOBAL_USER, pkgid, privilege);
-
- TRY_PREPARE_STMT(db, sql, &stmt);
-
- ret = sqlite3_step(stmt);
- if (ret == SQLITE_ROW) {
- if (sqlite3_column_int(stmt, 0))
- *is_critical = true;
- else
- *is_critical = false;
- ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
- } else if (ret == SQLITE_DONE) {
- ret = PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
- } else {
- _LOGE("ret = %d[%s]", ret, sqlite3_errmsg(db));
- //TODO: add error value for internal error
- }
-
- __finalize_db(db, stmt, sql);
-
- return ret;
-}
-
int privilege_db_manager_get_all_privacy_package_list(const uid_t uid, GList** package_list)
{
sqlite3 *db = NULL;
/*
- * Copyright(c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright(c) 2017-2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0(the License);
* you may not use this file except in compliance with the License.
return PRVMGR_ERR_NONE;
}
-int privilege_package_info_set_critical_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e pkg_type, const char* api_version, GList* critical_privilege_list)
-{
- TryReturn(pkgid != NULL && api_version != NULL && critical_privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid, api_version, and critical_privilege_list must not be NULL.");
- int ret = privilege_db_manager_set_package_critical_privilege_info(uid, pkgid, pkg_type, api_version, critical_privilege_list);
- if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
- LOGE("privilege_db_manager_set_package_critical_privilege_info failed. ret = %d", ret);
- return PRVMGR_ERR_INTERNAL_ERROR;
- }
- return PRVMGR_ERR_NONE;
-}
-
int privilege_package_info_unset_package_privilege_info(const uid_t uid, const char* pkgid)
{
if (DISABLE_ASKUSER)
return PRVMGR_ERR_NONE;
}
-int privilege_package_info_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical)
-{
- TryReturn(pkgid != NULL && privilege != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid and privilege must not be null");
- int ret = privilege_db_manager_is_critical_privilege(uid, pkgid, privilege, is_critical);
- if (ret == PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) { // CASE: given pkgid have no privacy privileges
- *is_critical = false;
- } else if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
- LOGE("privilege_db_manager_is_ciritical_privilege faild. ret = %d", ret);
- return PRVMGR_ERR_INTERNAL_ERROR;
- }
- return PRVMGR_ERR_NONE;
-}
-
int privilege_package_info_get_all_privacy_package_list(const uid_t uid, GList** privacy_list)
{
int ret = privilege_db_manager_get_all_privacy_package_list(uid, privacy_list);
__print_result('m', ret);
gfree(privilege_list);
- __print_line();
- __tcinfo(goal, "set 5001, org.test.nativeapp_3 critical privilege set. api_version = 3.0");
- __privinfo("http://tizen.org/privilege/internet", NULL, NULL);
- __privinfo("http://tizen.org/privilege/call", NULL, NULL);
- __privinfo("http://tizen.org/privilege/account.read", NULL, NULL);
- __privinfo("http://tizen.org/privilege/display", NULL, NULL);
- ret = privilege_package_info_set_critical_privilege(5001, "org.test.nativeapp_3", PRVMGR_PACKAGE_TYPE_CORE, "3.0", privilege_list);
- __tcinfo(expect, PRVMGR_ERR_NONE);
- __print_result('m', ret);
- gfree(privilege_list);
-
/* Web api-version 4.0 */
__print_line();
__tcinfo(goal, "set 5001, org.test.webapp_4's privacy privilege set. api_version = 4.0");
__print_result('m', ret);
gfree(privilege_list);
- __print_line();
- __tcinfo(goal, "set 5001, org.test.webapp_4's critical privilege set. api_version = 4.0");
- __privinfo("http://tizen.org/privilege/internet", NULL, NULL);
- __privinfo("http://tizen.org/privilege/messaging.write", NULL, NULL);
- __privinfo("http://tizen.org/privilege/mediacapture", NULL, NULL);
- __privinfo("http://tizen.org/privilege/mediastorage", NULL, NULL);
- ret = privilege_package_info_set_critical_privilege(5001, "org.test.webapp_4", PRVMGR_PACKAGE_TYPE_WRT, "4.0", privilege_list);
- __tcinfo(expect, PRVMGR_ERR_NONE);
- __print_result('m', ret);
- gfree(privilege_list);
-
/* Web api-version 5.0 */
__print_line();
__tcinfo(goal, "set 5001, org.test.webapp_5's privacy privilege set. api_version = 5.0");
__print_result('m', ret);
gfree(privilege_list);
- __print_line();
- __tcinfo(goal, "set 5001, org.test.webapp_5's critical privilege set. api_version = 5.0");
- __privinfo("http://tizen.org/privilege/internet", NULL, NULL);
- __privinfo("http://tizen.org/privilege/messaging.write", NULL, NULL);
- __privinfo("http://tizen.org/privilege/mediacapture", NULL, NULL);
- __privinfo("http://tizen.org/privilege/mediastorage", NULL, NULL);
- ret = privilege_package_info_set_critical_privilege(5001, "org.test.webapp_5", PRVMGR_PACKAGE_TYPE_WRT, "5.0", privilege_list);
- __tcinfo(expect, PRVMGR_ERR_NONE);
- __print_result('m', ret);
- gfree(privilege_list);
-
-
/* Test */
- __print_line();
- __tcinfo(goal, "see if http://tizen.org/privilege/message.read is critical for uid 5001, org.test.webapp_4");
- ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp_4", "http://tizen.org/privilege/message.read", &is_requestable);
- if (is_requestable && ret == PRVMGR_ERR_NONE) {
- printf_green("\nis critical privilege. SUCCESS\n");
- success_cnt++;
- } else {
- printf_red("\nFAIL\nis requestable = %s, ret = %s\n", is_requestable ? "true" : "false", __get_result_string('m', ret));
- fail_cnt++;
- }
-
- __print_line();
- __tcinfo(goal, "see if http://tizen.org/privilege/internet is critical for uid 5001, org.test.webapp_4");
- ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp_4", "http://tizen.org/privilege/internet", &is_requestable);
- if (!is_requestable && ret == PRVMGR_ERR_NONE) {
- printf_green("\nis not critical privilege. SUCCESS\n");
- success_cnt++;
- } else {
- printf_red("\nFAIL\nis requestable = %s, ret = %s\n", is_requestable ? "true" : "false", __get_result_string('m', ret));
- fail_cnt++;
- }
-
- __print_line();
- __tcinfo(goal, "see if http://tizen.org/privilege/message.read is critical for uid 5001, org.test.webapp_5");
- ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp_5", "http://tizen.org/privilege/message.read", &is_requestable);
- if (is_requestable && ret == PRVMGR_ERR_NONE) {
- printf_green("\nis critical privilege. SUCCESS\n");
- success_cnt++;
- } else {
- printf_red("\nFAIL\nis requestable = %s, ret = %s\n", is_requestable ? "true" : "false", __get_result_string('m', ret));
- fail_cnt++;
- }
-
- __print_line();
- __tcinfo(goal, "see if http://tizen.org/privilege/internet is critical for uid 5001, org.test.webapp_5");
- ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp_5", "http://tizen.org/privilege/internet", &is_requestable);
- if (!is_requestable && ret == PRVMGR_ERR_NONE) {
- printf_green("\nis not critical privilege. SUCCESS\n");
- success_cnt++;
- } else {
- printf_red("\nFAIL\nis requestable = %s, ret = %s\n", is_requestable ? "true" : "false", __get_result_string('m', ret));
- fail_cnt++;
- }
-
- __print_line();
- __tcinfo(goal, "see if http://tizen.org/privilege/mediastorage is critical for uid 5001, org.test.webapp_5");
- ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp_5", "http://tizen.org/privilege/mediastorage", &is_requestable);
- if (is_requestable && ret == PRVMGR_ERR_NONE) {
- printf_green("\nis not critical privilege. SUCCESS\n");
- success_cnt++;
- } else {
- printf_red("\nFAIL\nis requestable = %s, ret = %s\n", is_requestable ? "true" : "false", __get_result_string('m', ret));
- fail_cnt++;
- }
-
__print_line();
__tcinfo(goal, "see if uid 5001, api-version=3.0, org.test.nativeapp_3 can request privacy for http://tizen.org/privilege/call");
ret = privilege_package_info_is_privacy_requestable(5001, "org.test.nativeapp_3", "http://tizen.org/privilege/call", &is_requestable);
{
if (ENABLE_ASKUSER) {
__tcinfo(function, "privilege_package_info_set_privacy_privilege");
- __tcinfo(function, "privilege_package_info_set_ciritical_privilege");
__tcinfo(function, "privilege_package_info_unset_package_privilege_info");
__tcinfo(function, "privilege_package_info_is_privacy_requestable");
__tcinfo(function, "privilege_package_info_is_privacy_requestable_api_version");
projects / platform / core / security / privilege-checker.git / commitdiff