uid INTEGER NOT NULL,
name VARCHAR NOT NULL,
version VARCHAR NOT NULL,
+author_id INTEGER,
UNIQUE (name, uid),
FOREIGN KEY (pkg_id) REFERENCES pkg (pkg_id)
+FOREIGN KEY (author_id) REFERENCES author (author_id)
);
CREATE TABLE IF NOT EXISTS privilege (
privilege_name VARCHAR
);
+CREATE TABLE IF NOT EXISTS author (
+ author_id INTEGER PRIMARY KEY,
+ name VARCHAR NOT NULL,
+ UNIQUE (name)
+);
+
DROP VIEW IF EXISTS app_privilege_view;
CREATE VIEW app_privilege_view AS
SELECT
app.pkg_id,
app.uid,
pkg.name as pkg_name,
- app.version as version
+ app.version as version,
+ app.author_id,
+ author.name as author_name
FROM app
-LEFT JOIN pkg USING (pkg_id);
+LEFT JOIN pkg USING (pkg_id)
+LEFT JOIN author USING (author_id);
DROP TRIGGER IF EXISTS app_privilege_view_insert_trigger;
CREATE TRIGGER app_privilege_view_insert_trigger
CREATE TRIGGER app_pkg_view_insert_trigger
INSTEAD OF INSERT ON app_pkg_view
BEGIN
+ INSERT OR IGNORE INTO author(name) VALUES (NEW.author_name);
INSERT OR IGNORE INTO pkg(name) VALUES (NEW.pkg_name);
- INSERT OR IGNORE INTO app(pkg_id, name, uid, version) VALUES ((SELECT pkg_id FROM pkg WHERE name=NEW.pkg_name), NEW.app_name, NEW.uid, NEW.version);
+ INSERT OR IGNORE INTO app(pkg_id, name, uid, version, author_id) VALUES (
+ (SELECT pkg_id FROM pkg WHERE name=NEW.pkg_name),
+ NEW.app_name,
+ NEW.uid,
+ NEW.version,
+ (SELECT author_id FROM author WHERE name=NEW.author_name));
END;
DROP TRIGGER IF EXISTS app_pkg_view_delete_trigger;
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
#include <utility>
#include <vector>
#include <map>
+#include <string>
#include <dpl/log/log.h>
#include <dpl/singleton.h>
{"rw", SECURITY_MANAGER_PATH_RW},
{"ro", SECURITY_MANAGER_PATH_RO},
{"public_ro", SECURITY_MANAGER_PATH_PUBLIC_RO},
- {"rw_others_ro", SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO}
+ {"rw_others_ro", SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO},
+ {"trusted_rw", SECURITY_MANAGER_PATH_TRUSTED_RW},
};
static std::map <std::string, enum security_manager_user_type> user_type_map = {
("path,p", po::value< std::vector<std::string> >()->multitoken(),
"path for setting smack labels (may occur more than once).\n"
"Format: --path <path> <path type>\n"
- " where <path type> is: \trw, ro, public_ro, rw_others_ro\n"
+ " where <path type> is: \trw, ro, public_ro, rw_others_ro, trusted_rw\n"
+ " ('trusted rw' requires author id)\n"
"example:\n"
" \t--path=/home/user/app rw")
("privilege,s", po::value< std::vector<std::string> >(),
"privilege for the application (may occur more than once)")
("uid,u", po::value<uid_t>()->required(),
"user identifier number (required)")
+ ("author-id,c", po::value<std::string>(),
+ "unique author's identifier (required for trusted_rw paths)")
;
return opts;
}
}
if (vm.count("uid"))
req.uid = vm["uid"].as<uid_t>();
+ if (vm.count("author-id")) {
+ req.authorId = vm["author-id"].as<std::string>();
+ }
}
const std::map<StmtType, const char * const > Queries = {
{ StmtType::EGetPkgPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE pkg_name=? AND uid=? ORDER BY privilege_name"},
{ StmtType::EGetAppPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE app_name=? AND uid=? ORDER BY privilege_name"},
- { StmtType::EAddApplication, "INSERT INTO app_pkg_view (app_name, pkg_name, uid, version) VALUES (?, ?, ?, ?)" },
+ { StmtType::EAddApplication, "INSERT INTO app_pkg_view (app_name, pkg_name, uid, version, author_name) VALUES (?, ?, ?, ?, ?)" },
{ StmtType::ERemoveApplication, "DELETE FROM app_pkg_view WHERE app_name=? AND uid=?" },
{ StmtType::EAddAppPrivileges, "INSERT INTO app_privilege_view (app_name, uid, privilege_name) VALUES (?, ?, ?)" },
{ StmtType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=? AND uid=?" },
* @param pkgId - package identifier
* @param uid - user identifier for whom application is going to be installed
* @param targetTizenVer - target tizen version for application
+ * @param author - author identifier
* @exception DB::SqlConnection::Exception::InternalError on internal error
*/
- void AddApplication(const std::string &appId, const std::string &pkgId,
- uid_t uid, const std::string &targetTizenVer);
+ void AddApplication(
+ const std::string &appId,
+ const std::string &pkgId,
+ uid_t uid,
+ const std::string &targetTizenVer,
+ const std::string &authorId);
/**
* Remove an application from the database
});
}
-void PrivilegeDb::AddApplication(const std::string &appId,
- const std::string &pkgId,
- uid_t uid,
- const std::string &targetTizenVer)
+void PrivilegeDb::AddApplication(
+ const std::string &appId,
+ const std::string &pkgId,
+ uid_t uid,
+ const std::string &targetTizenVer,
+ const std::string &authorId)
{
try_catch<void>([&] {
auto command = getStatement(StmtType::EAddApplication);
command->BindString(2, pkgId);
command->BindInteger(3, static_cast<unsigned int>(uid));
command->BindString(4, targetTizenVer);
+ authorId.empty() ? command->BindNull(5) : command->BindString(5, authorId);
if (command->Step()) {
LogDebug("Unexpected SQLITE_ROW answer to query: " <<
return SECURITY_MANAGER_API_ERROR_INPUT_PARAM;
}
- PrivilegeDb::getInstance().AddApplication(req.appId, req.pkgId, uid, req.tizenVersion);
+ PrivilegeDb::getInstance().AddApplication(req.appId, req.pkgId, uid, req.tizenVersion, req.authorId);
PrivilegeDb::getInstance().UpdateAppPrivileges(req.appId, uid, req.privileges);
/* Get all application ids in the package to generate rules withing the package */
PrivilegeDb::getInstance().GetAppIdsForPkgId(req.pkgId, pkgContents);