Restore perm_app_has_permission API function.

author Rafal Krypa <r.krypa@samsung.com>

Wed, 30 Apr 2014 09:40:23 +0000 (11:40 +0200)

committer Marcin Niesluchowski <m.niesluchow@samsung.com>

Tue, 13 May 2014 06:41:46 +0000 (23:41 -0700)
author Rafal Krypa <r.krypa@samsung.com>
Wed, 30 Apr 2014 09:40:23 +0000 (11:40 +0200)
committer Marcin Niesluchowski <m.niesluchow@samsung.com>
Tue, 13 May 2014 06:41:46 +0000 (23:41 -0700)
diff --git a/include/privilege-control.h b/include/privilege-control.h

index 3c60f08..25d62b9 100644 (file)
--- a/include/privilege-control.h
+++ b/include/privilege-control.h
@@ -240,6 +240,21 @@ int perm_app_reset_permissions(const char* pkg_id);
  int app_reset_permissions(const char* pkg_id) DEPRECATED;
  
  /**
+ * Checks if an application has the privilege that is specified by the name.
+ * It must be called by privileged user.
+ *
+ * @param  pkg_id           application identifier
+ * @param  app_type         application type
+ * @param  permission_name  permission name
+ * @param  is_enabled       buffer for return value
+ * @return                  PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int perm_app_has_permission(const char *pkg_id,
+                           app_type_t app_type,
+                           const char *permission_name,
+                           bool *is_enabled);
+
+/**
   * Recursively set SMACK access labels for an application directory
   * and execute labels for executable files.
   * This function should be called once during app installation.
diff --git a/include/rules-db-internals.h b/include/rules-db-internals.h

index cd87171..9d06a16 100644 (file)
--- a/include/rules-db-internals.h
+++ b/include/rules-db-internals.h
@@ -241,6 +241,24 @@ int add_permission_rules_internal(sqlite3 *p_db,
                                   const char  *const *const pp_smack_rules);
  
  
+/**
+ * Check if an app has a permission that is specified by the name.
+ *
+ * @ingroup RDB internal functions
+ *
+ * @param  p_db                   pointer to a SQLite3 database object
+ * @param  i_app_id               application id
+ * @param  s_permission_name      permission name
+ * @param  s_permission_type_name permission type name
+ * @param  p_is_enabled           buffer for return value
+ * @return                        PC_OPERATION_SUCCESS on success, error code otherwise
+ */
+int check_app_has_permission_internal(sqlite3 *p_db,
+                                     const char *const s_app_label_name,
+                                     const char *const s_permission_name,
+                                     const char *const s_permission_type_name,
+                                     bool *const p_is_enabled);
+
  
  /**
   * Gets the internal app id of an application with a given name.
diff --git a/include/rules-db.h b/include/rules-db.h

index 28f2928..c70fd0e 100644 (file)
--- a/include/rules-db.h
+++ b/include/rules-db.h
@@ -196,5 +196,22 @@ int rdb_revoke_app_permissions(const char *const s_app_label_name);
   */
  int rdb_reset_app_permissions(const char *const s_app_label_name);
  
+/**
+ * Check if app has the privilege that is specified by the name.
+ *
+ * @ingroup RDB API functions
+ *
+ * @param  s_app_label_name       application's label name
+ * @param  s_permission_type_name permission's type name
+ * @param  s_permission_name      permission name
+ * @param  p_is_enabled           buffer for return value
+ * @return                        PC_OPERATION_SUCCESS on success,
+ *                                error code otherwise
+ */
+int rdb_app_has_permission(const char *const s_app_label_name,
+                          const char *const s_permission_type_name,
+                          const char *const s_permission_name,
+                          bool *const p_is_enabled);
+
  
  #endif /*_RULES_DB_H_*/
diff --git a/src/privilege-control.c b/src/privilege-control.c

index 3cefcc5..09c874f 100644 (file)
--- a/src/privilege-control.c
+++ b/src/privilege-control.c
@@ -846,6 +846,39 @@ API int perm_app_reset_permissions(const char* pkg_id)
         return PC_OPERATION_SUCCESS;
  }
  
+API int perm_app_has_permission(const char *pkg_id,
+                               app_type_t app_type,
+                               const char *permission_name,
+                               bool *is_enabled)
+{
+       SECURE_C_LOGD("Entering function: %s. Params: pkg_id=%s, app_type=%d, permission_name=%s",
+                               __func__, pkg_id, app_type, permission_name);
+
+       const char *app_group = app_type_group_name(app_type);
+
+       if (app_group == NULL) {
+               C_LOGE("Unknown param app type.");
+               return PC_ERR_INVALID_PARAM;
+       }
+
+       if (!smack_label_is_valid(pkg_id)) {
+               C_LOGE("Invalid param app_id.");
+               return PC_ERR_INVALID_PARAM;
+       }
+
+       if (permission_name == NULL) {
+               C_LOGE("Invalid param permission_name (NULL).");
+               return PC_ERR_INVALID_PARAM;
+       }
+
+       if (is_enabled == NULL) {
+               C_LOGE("Invalid param is_enabled (NULL).");
+               return PC_ERR_INVALID_PARAM;
+       }
+
+       return rdb_app_has_permission(pkg_id, app_group, permission_name, is_enabled);
+}
+
  API int app_label_dir(const char* label, const char* path)//deprecated
  {
         SECURE_C_LOGD("Entering function: %s. Params: label=%s, path=%s",
diff --git a/src/rules-db-internals.c b/src/rules-db-internals.c

index d6ba6d6..4cddb3b 100644 (file)
--- a/src/rules-db-internals.c
+++ b/src/rules-db-internals.c
@@ -738,6 +738,56 @@ finish:
  }
  
  
+int check_app_has_permission_internal(sqlite3 *p_db,
+                                     const char *const s_app_label_name,
+                                     const char *const s_permission_name,
+                                     const char *const s_permission_type_name,
+                                     bool *const p_is_enabled)
+{
+       RDB_LOG_ENTRY_PARAM("%s %s %s", s_app_label_name,
+                           s_permission_name, s_permission_type_name);
+
+       int ret = PC_ERR_DB_OPERATION;
+       sqlite3_stmt *p_stmt = NULL;
+
+       ret = prepare_stmt(p_db, &p_stmt,
+                          "SELECT is_enabled              \
+                           FROM   app_permission_view     \
+                           WHERE  app_name = %Q AND       \
+                                  name = %Q AND           \
+                                  type_name = %Q          \
+                           LIMIT  1",
+                          s_app_label_name, s_permission_name, s_permission_type_name);
+       if(ret != PC_OPERATION_SUCCESS) goto finish;
+
+       ret = sqlite3_step(p_stmt);
+       if(ret == SQLITE_ROW) {
+               ret = PC_OPERATION_SUCCESS;
+               //store the result
+               *p_is_enabled = (bool)sqlite3_column_int(p_stmt, RDB_FIRST_COLUMN);
+       } else if(ret == SQLITE_DONE) {
+               //no entry == permission not assigned
+               C_LOGD("RDB: Permission: %s of type: %s is not assigned to app: %s",
+                      s_permission_name, s_permission_type_name, s_app_label_name);
+               ret = PC_OPERATION_SUCCESS;
+               *p_is_enabled = false;
+       } else if(ret == SQLITE_BUSY) {
+               //base locked in exclusive mode for too long
+               C_LOGE("RDB: Database is busy. RDB Connection Error returned.");
+               ret = PC_ERR_DB_CONNECTION;
+       } else {
+               C_LOGE("RDB: Error during stepping: %s", sqlite3_errmsg(p_db));
+               ret = PC_ERR_DB_QUERY_STEP;
+       }
+
+finish:
+       if(sqlite3_finalize(p_stmt) != SQLITE_OK)
+               C_LOGE("RDB: Error during finalizing statement: %s",
+                      sqlite3_errmsg(p_db));
+       return ret;
+}
+
+
  int get_app_id_internal(sqlite3 *p_db,
                         int *pi_app_id,
                         const char *const s_app_label_name)
diff --git a/src/rules-db.c b/src/rules-db.c

index 8d86ac7..46a91a7 100644 (file)
--- a/src/rules-db.c
+++ b/src/rules-db.c
@@ -492,3 +492,26 @@ finish:
         return rdb_finish(p_db, ret);
  }
  
+int rdb_app_has_permission(const char *const s_app_label_name,
+                          const char *const s_permission_type_name,
+                          const char *const s_permission_name,
+                          bool *const p_is_enabled)
+{
+       RDB_LOG_ENTRY_PARAM("%s %s %s", s_app_label_name,
+                           s_permission_type_name, s_permission_name);
+       int ret = PC_ERR_DB_OPERATION;
+       sqlite3 *p_db = NULL;
+
+       ret = rdb_begin(&p_db, RDB_TRANSACTION_SHARED_READ); //shared readonly transaction
+       if(ret != PC_OPERATION_SUCCESS) goto finish;
+
+       ret = check_app_has_permission_internal(p_db,
+                                               s_app_label_name,
+                                               s_permission_name,
+                                               s_permission_type_name,
+                                               p_is_enabled);
+
+finish:
+       return rdb_finish(p_db, ret);
+}
+
author	Rafal Krypa <r.krypa@samsung.com>
	Wed, 30 Apr 2014 09:40:23 +0000 (11:40 +0200)
committer	Marcin Niesluchowski <m.niesluchow@samsung.com>
	Tue, 13 May 2014 06:41:46 +0000 (23:41 -0700)
include/privilege-control.h		patch \| blob \| history
include/rules-db-internals.h		patch \| blob \| history
include/rules-db.h		patch \| blob \| history
src/privilege-control.c		patch \| blob \| history
src/rules-db-internals.c		patch \| blob \| history
src/rules-db.c		patch \| blob \| history