* @brief The definition of ApiInterfaceImpl.
*/
+#include <unistd.h>
+#include <sys/types.h>
+
+#include <log/alog.h>
+#include <policy/Policy.h>
#include <askuser-notification/ask-user-client-channel.h>
#include <askuser-notification/ask-user-types.h>
askuser_check_result ApiInterfaceImpl::checkPrivilege(const std::string &privilege)
{
- // TODO use PolicyFetchRequest
- (void) privilege;
+ std::string appId = getOwnAppId();
+
+ PolicyEntry filter;
+ filter.setApp(appId);
+ filter.setUser(std::to_string(geteuid()));
+ filter.setPrivilege(privilege);
+
+ PolicyFetchRequest fetch(std::move(filter));
+ auto policies = fetch.fetchPolicy();
+
+ if (policies.size() != 1) {
+ ALOGE("Unusual situation, there are " << policies.size() << " policies for (" << appId << ", " << geteuid() << ", " << privilege << ")");
+ return ASKUSER_CHECK_RESULT_DENY;
+ }
+
+ auto level = policies.front().getLevel();
+
+ if (level == "Allow") {
+ return ASKUSER_CHECK_RESULT_ALLOW;
+ }
+
+ if (level == "Deny") {
+ return ASKUSER_CHECK_RESULT_DENY;
+ }
+
+ if (level == "Ask user") {
+ return ASKUSER_CHECK_RESULT_ASK;
+ }
return ASKUSER_CHECK_RESULT_DENY;
}
pkgLabel = pkgInfo.pkgLabel();
}
+std::string getOwnAppId()
+{
+ char *pkgName = nullptr;
+ char *appName = nullptr;
+
+ int ret = security_manager_identify_app_from_pid(getpid(), &pkgName, &appName);
+ std::unique_ptr<char, decltype(free)*> pkg_name_p(pkgName, free);
+ std::unique_ptr<char, decltype(free)*> app_name_p(appName, free);
+ throwOnSMError("security_manager_identify_app_from_pid", ret);
+
+ PkgInfo pkgInfo(pkgName, geteuid());
+ if (!appName)
+ return pkgInfo.mainAppId();
+
+ return std::string();
+}
+
PolicyEntry::PolicyEntry() {
throwOnSMError("security_manager_policy_entry_new",
security_manager_policy_entry_new(&m_entry));
projects / platform / core / security / askuser.git / commitdiff