return PRIVACY_PRIVILEGE_MANAGER_ERROR_IO_ERROR;
case ASKUSER_API_ALREADY_IN_PROGRESS:
return PRIVACY_PRIVILEGE_MANAGER_ERROR_ALREADY_IN_PROGRESS;
+ case ASKUSER_API_PERMISSION_DENIED:
+ return PRIVACY_PRIVILEGE_MANAGER_ERROR_PERMISSION_DENIED;
default:
break;
}
}
EXPORT_API
+int ppm_check_app_permission(const char *app_id, const char *privilege, ppm_check_result_e *result)
+{
+ if (!privilege || !result || !app_id) {
+ return PRIVACY_PRIVILEGE_MANAGER_ERROR_INVALID_PARAMETER;
+ }
+
+ int ret = ppm_init_client();
+ if (ret != PRIVACY_PRIVILEGE_MANAGER_ERROR_NONE) {
+ return ret;
+ }
+
+ askuser_check_result check_result = ASKUSER_CHECK_RESULT_DENY;
+ ret = askuser_client_check_app_privilege(ppm_handle->client, app_id, privilege, &check_result);
+ if (ret != ASKUSER_API_SUCCESS) {
+ return ask_user_to_ppm_error(ret);
+ }
+
+ *result = ask_user_check_result_to_ppm(check_result);
+
+ return PRIVACY_PRIVILEGE_MANAGER_ERROR_NONE;
+}
+
+EXPORT_API
int ppm_check_permissions(const char **privileges, size_t privileges_count,
ppm_check_result_e *results)
{
}
EXPORT_API
+int ppm_check_app_permissions(const char *app_id, const char **privileges,
+ size_t privileges_count, ppm_check_result_e *results)
+{
+ if (!privileges_count || !privileges || !results) {
+ return PRIVACY_PRIVILEGE_MANAGER_ERROR_INVALID_PARAMETER;
+ }
+ for (size_t iterator = 0; iterator < privileges_count; iterator++) {
+ if (!privileges[iterator]) {
+ return PRIVACY_PRIVILEGE_MANAGER_ERROR_INVALID_PARAMETER;
+ }
+ }
+
+ int ret = ppm_init_client();
+ if (ret != PRIVACY_PRIVILEGE_MANAGER_ERROR_NONE) {
+ return ret;
+ }
+
+ askuser_check_result *check_results = malloc(privileges_count * sizeof(askuser_check_result));
+ if (!check_results) {
+ return PRIVACY_PRIVILEGE_MANAGER_ERROR_OUT_OF_MEMORY;
+ }
+
+ ret = askuser_client_check_app_privileges(ppm_handle->client, app_id, privileges, privileges_count, check_results);
+ if (ret != ASKUSER_API_SUCCESS) {
+ free(check_results);
+ return ask_user_to_ppm_error(ret);
+ }
+
+ for (size_t iterator = 0; iterator < privileges_count; iterator++) {
+ results[iterator] = ask_user_check_result_to_ppm(check_results[iterator]);
+ }
+
+ free(check_results);
+ return PRIVACY_PRIVILEGE_MANAGER_ERROR_NONE;
+}
+
+EXPORT_API
int ppm_request_permission(const char *privilege, ppm_request_response_cb callback, void *user_data)
{
if (!privilege || !callback) {
virtual ~ApiInterface() {}
virtual int process(int fd, int events) = 0;
+ virtual askuser_check_result checkPrivilege(const std::string &app_id,
+ const std::string &privilege) = 0;
virtual askuser_check_result checkPrivilege(const std::string &privilege) = 0;
virtual RequestId popupRequest(const std::string &privilege,
const askuser_popup_response_callback callback,
}
API
+int askuser_client_check_app_privilege(askuser_client *p_client,
+ const char *app_id,
+ const char *privilege,
+ askuser_check_result *p_result)
+{
+ if (!p_client || !privilege || !p_result) {
+ return ASKUSER_API_INVALID_PARAM;
+ }
+
+ if (std::strlen(privilege) == 0) {
+ return ASKUSER_API_INVALID_PARAM;
+ }
+
+ return AskUser::Client::tryCatch([&]() {
+ *p_result = p_client->impl->checkPrivilege(app_id, privilege);
+ return ASKUSER_API_SUCCESS;
+ });
+}
+
+API
int askuser_client_check_privileges(askuser_client *p_client, const char **privileges,
size_t privileges_count, askuser_check_result *p_results)
{
}
API
+int askuser_client_check_app_privileges(askuser_client *p_client, const char *app_id,
+ const char **privileges, size_t privileges_count,
+ askuser_check_result *p_results)
+{
+ if (!p_client || !privileges || !p_results ||
+ privileges_count == 0 || privileges_count > AskUser::Protocol::MAX_PRIVS_NUMBER) {
+ return ASKUSER_API_INVALID_PARAM;
+ }
+
+ int ret = ASKUSER_API_SUCCESS;
+ for (size_t i = 0; i < privileges_count; ++i) {
+ ret = askuser_client_check_app_privilege(p_client, app_id, privileges[i], &(p_results[i]));
+ if (ret != ASKUSER_API_SUCCESS)
+ break;
+ }
+ return ret;
+}
+
+API
int askuser_client_popup_request(askuser_client *p_client, const char *privilege,
askuser_popup_response_callback response_callback,
void *p_user_data, int *p_request_id)
return m_channel->process(fd, eventsToAskUserMask(events));
}
-askuser_check_result ApiInterfaceImpl::checkPrivilege(const std::string &privilege)
+askuser_check_result ApiInterfaceImpl::checkPrivilege(const std::string &appId, const std::string &privilege)
{
- std::string appId = getOwnAppId(m_pkgInfo);
PrivilegePolicy privPolicy(appId, privilege);
- auto policyLevel = privPolicy.calculatePolicy(m_appInfo);
+ Policy policyLevel;
+ if (appId == getOwnAppId(m_pkgInfo)) {
+ policyLevel = privPolicy.calculatePolicy(m_appInfo);
+ } else {
+ PkgMgrAppInfo appInfo;
+ appInfo.type(appId, geteuid());
+ policyLevel = privPolicy.calculatePolicy(appInfo);
+ }
if (policyLevel == "Allow") {
return ASKUSER_CHECK_RESULT_ALLOW;
return ASKUSER_CHECK_RESULT_DENY;
}
+askuser_check_result ApiInterfaceImpl::checkPrivilege(const std::string &privilege)
+{
+ return ApiInterfaceImpl::checkPrivilege(getOwnAppId(m_pkgInfo), privilege);
+}
+
RequestId ApiInterfaceImpl::popupRequest(const std::string &privilege,
const askuser_popup_response_callback callback,
void *userData)
ApiInterface &operator=(const ApiInterfaceImpl& orig) = delete;
virtual int process(int fd, int events);
+ virtual askuser_check_result checkPrivilege(const std::string &appId,
+ const std::string &privilege);
virtual askuser_check_result checkPrivilege(const std::string &privilege);
virtual RequestId popupRequest(const std::string &privilege,
const askuser_popup_response_callback callback,
#include <log/alog.h>
#include <connection-exception.h>
+#include <exception/AuthenticationFailedException.h>
#include <askuser-notification-client.h>
} catch (const Protocol::ConnectionException &e) {
ALOGE(e.what());
return ASKUSER_API_CONNECTION_ERROR;
+ } catch (const AuthenticationFailedException &e) {
+ ALOGE(e.what());
+ return ASKUSER_API_PERMISSION_DENIED;
} catch (const std::bad_alloc &e) {
ALOGE(e.what());
return ASKUSER_API_OUT_OF_MEMORY;
/*! \brief indicating that a request has already been sent */
#define ASKUSER_API_ALREADY_IN_PROGRESS -5
+/*! \brief indicating that a permission check was denied */
+#define ASKUSER_API_PERMISSION_DENIED -6
+
/** @} */
/**
/**
* \brief Description
+ * This function is called to check if an application with a given app_id has access
+ * to a particular privilege.
+ *
+ * \par Purpose:
+ * This API function should be called if a calling application wants to check
+ * if an application with a given app_id has access to a given privilege.
+ *
+ * \par Sync (or) Async:
+ * This is a synchronous API.
+ *
+ * \par Thread-safety:
+ * This function is NOT thread-safe.
+ *
+ * Required privilege: http://tizen.org/privilege/permission.check
+ *
+ * \param[in] p_client An instance of the askuser_client structure previously
+ * created by askuser_client_initialize().
+ * \param[in] app_id The app_id of the app that is to be checked.
+ * \param[in] privilege Privilege that is to be checked.
+ * \param[out] p_result The result of a privilege check.
+ *
+ * \return ASKUSER_API_SUCCESS on success
+ * \return a negative value in case of an error (see "Status return codes")
+ */
+int askuser_client_check_app_privilege(askuser_client *p_client,
+ const char *app_id,
+ const char *privilege,
+ askuser_check_result *p_result);
+
+/**
+ * \brief Description
* This function is called to check if an application has access to given
* privileges.
*
/**
* \brief Description
+ * This function is called to check if an application with a given app_id has access
+ * to given privileges.
+ *
+ * \par Purpose:
+ * This API function should be called if a calling application wants to check
+ * if an application with a given app_id has access to given privileges.
+ *
+ * \par Sync (or) Async:
+ * This is a synchronous API.
+ *
+ * \par Thread-safety:
+ * This function is NOT thread-safe.
+ *
+ * Required privilege: http://tizen.org/privilege/permission.check
+ *
+ * \param[in] p_client An instance of the askuser_client structure previously
+ * \param[in] app_id The app_id of the app that is to be checked.
+ * created by askuser_client_initialize().
+ * \param[in] privileges Privileges array that is to be checked.
+ * \param[in] privileges_count The number of elements of the privileges and results arrays.
+ * The parameter value should not exceed 100.
+ * \param[out] p_results The results array of a privileges check.
+ *
+ * \return ASKUSER_API_SUCCESS on success
+ * \return a negative value in case of an error (see "Status return codes")
+ */
+int askuser_client_check_app_privileges(askuser_client *p_client, const char *app_id,
+ const char **privileges, size_t privileges_count,
+ askuser_check_result *p_results);
+
+/**
+ * \brief Description
* This function is called to determine a privacy privilege .
*
* \par Purpose:
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/**
+ * @file src/common/AuthenticationFailedException.h
+ * @author Pawel Kowalski <p.kowalski@partner.samsung.com>
+ * @brief Declaration of AuthenticationFailedException
+ */
+
+#pragma once
+
+#include <exception>
+#include <string>
+
+#include "Exception.h"
+
+namespace AskUser {
+
+class AuthenticationFailedException : public Exception
+{
+public:
+ AuthenticationFailedException(const std::string &function) {
+ m_msg = "Authentication failed in following function: " + function;
+ }
+};
+
+} /* namespace AskUser */
#include <security-manager.h>
#include <exception/Exception.h>
+#include <exception/AuthenticationFailedException.h>
#include <log/alog.h>
#include "Policy.h"
int ret = security_manager_get_app_manifest_policy(appId.c_str(), geteuid(),
&privsRaw, &privsCount);
if (ret != SECURITY_MANAGER_SUCCESS) {
+ if (ret == SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED) {
+ throw AuthenticationFailedException("security_manager_get_app_manifest_policy");
+ }
ALOGE("Failed to fetch manifest privileges for app " << appId << " : " << ret);
return {};
}
projects / platform / core / security / askuser.git / commitdiff