Function can be used to query if an app has been granted a permission.
It will be used temporarily by initial implementation of Cynara.
Later Cynara will use it's own policy storage, but this is needed to setup
a prototype.
Change-Id: Idb5ea4eb904849f8c3694f4841052d495071a98c
int app_reset_permissions(const char* pkg_id) DEPRECATED;
/**
+ * Checks if an application has the privilege that is specified by the name.
+ * It must be called by privileged user.
+ *
+ * @param pkg_id application identifier
+ * @param app_type application type
+ * @param permission_name permission name
+ * @param is_enabled buffer for return value
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int perm_app_has_permission(const char *pkg_id,
+ app_type_t app_type,
+ const char *permission_name,
+ bool *is_enabled);
+
+/**
* Recursively set SMACK access labels for an application directory
* and execute labels for executable files.
* This function should be called once during app installation.
const char *const *const pp_smack_rules);
+/**
+ * Check if an app has a permission that is specified by the name.
+ *
+ * @ingroup RDB internal functions
+ *
+ * @param p_db pointer to a SQLite3 database object
+ * @param i_app_id application id
+ * @param s_permission_name permission name
+ * @param s_permission_type_name permission type name
+ * @param p_is_enabled buffer for return value
+ * @return PC_OPERATION_SUCCESS on success, error code otherwise
+ */
+int check_app_has_permission_internal(sqlite3 *p_db,
+ const char *const s_app_label_name,
+ const char *const s_permission_name,
+ const char *const s_permission_type_name,
+ bool *const p_is_enabled);
+
/**
* Gets the internal app id of an application with a given name.
*/
int rdb_reset_app_permissions(const char *const s_app_label_name);
+/**
+ * Check if app has the privilege that is specified by the name.
+ *
+ * @ingroup RDB API functions
+ *
+ * @param s_app_label_name application's label name
+ * @param s_permission_type_name permission's type name
+ * @param s_permission_name permission name
+ * @param p_is_enabled buffer for return value
+ * @return PC_OPERATION_SUCCESS on success,
+ * error code otherwise
+ */
+int rdb_app_has_permission(const char *const s_app_label_name,
+ const char *const s_permission_type_name,
+ const char *const s_permission_name,
+ bool *const p_is_enabled);
+
#endif /*_RULES_DB_H_*/
return PC_OPERATION_SUCCESS;
}
+API int perm_app_has_permission(const char *pkg_id,
+ app_type_t app_type,
+ const char *permission_name,
+ bool *is_enabled)
+{
+ SECURE_C_LOGD("Entering function: %s. Params: pkg_id=%s, app_type=%d, permission_name=%s",
+ __func__, pkg_id, app_type, permission_name);
+
+ const char *app_group = app_type_group_name(app_type);
+
+ if (app_group == NULL) {
+ C_LOGE("Unknown param app type.");
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ if (!smack_label_is_valid(pkg_id)) {
+ C_LOGE("Invalid param app_id.");
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ if (permission_name == NULL) {
+ C_LOGE("Invalid param permission_name (NULL).");
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ if (is_enabled == NULL) {
+ C_LOGE("Invalid param is_enabled (NULL).");
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ return rdb_app_has_permission(pkg_id, app_group, permission_name, is_enabled);
+}
+
API int app_label_dir(const char* label, const char* path)//deprecated
{
SECURE_C_LOGD("Entering function: %s. Params: label=%s, path=%s",
}
+int check_app_has_permission_internal(sqlite3 *p_db,
+ const char *const s_app_label_name,
+ const char *const s_permission_name,
+ const char *const s_permission_type_name,
+ bool *const p_is_enabled)
+{
+ RDB_LOG_ENTRY_PARAM("%s %s %s", s_app_label_name,
+ s_permission_name, s_permission_type_name);
+
+ int ret = PC_ERR_DB_OPERATION;
+ sqlite3_stmt *p_stmt = NULL;
+
+ ret = prepare_stmt(p_db, &p_stmt,
+ "SELECT is_enabled \
+ FROM app_permission_view \
+ WHERE app_name = %Q AND \
+ name = %Q AND \
+ type_name = %Q \
+ LIMIT 1",
+ s_app_label_name, s_permission_name, s_permission_type_name);
+ if(ret != PC_OPERATION_SUCCESS) goto finish;
+
+ ret = sqlite3_step(p_stmt);
+ if(ret == SQLITE_ROW) {
+ ret = PC_OPERATION_SUCCESS;
+ //store the result
+ *p_is_enabled = (bool)sqlite3_column_int(p_stmt, RDB_FIRST_COLUMN);
+ } else if(ret == SQLITE_DONE) {
+ //no entry == permission not assigned
+ C_LOGD("RDB: Permission: %s of type: %s is not assigned to app: %s",
+ s_permission_name, s_permission_type_name, s_app_label_name);
+ ret = PC_OPERATION_SUCCESS;
+ *p_is_enabled = false;
+ } else if(ret == SQLITE_BUSY) {
+ //base locked in exclusive mode for too long
+ C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
+ ret = PC_ERR_DB_CONNECTION;
+ } else {
+ C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
+ ret = PC_ERR_DB_QUERY_STEP;
+ }
+
+finish:
+ if(sqlite3_finalize(p_stmt) != SQLITE_OK)
+ C_LOGE("RDB: Error during finalizing statement: %s",
+ sqlite3_errmsg(p_db));
+ return ret;
+}
+
+
int get_app_id_internal(sqlite3 *p_db,
int *pi_app_id,
const char *const s_app_label_name)
return rdb_finish(p_db, ret);
}
+int rdb_app_has_permission(const char *const s_app_label_name,
+ const char *const s_permission_type_name,
+ const char *const s_permission_name,
+ bool *const p_is_enabled)
+{
+ RDB_LOG_ENTRY_PARAM("%s %s %s", s_app_label_name,
+ s_permission_type_name, s_permission_name);
+ int ret = PC_ERR_DB_OPERATION;
+ sqlite3 *p_db = NULL;
+
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_SHARED_READ); //shared readonly transaction
+ if(ret != PC_OPERATION_SUCCESS) goto finish;
+
+ ret = check_app_has_permission_internal(p_db,
+ s_app_label_name,
+ s_permission_name,
+ s_permission_type_name,
+ p_is_enabled);
+
+finish:
+ return rdb_finish(p_db, ret);
+}
+