#include "privilege_info_types.h"
#include "privilege_private.h"
+#include <cert-svc/ccert.h>
+#include <cert-svc/cinstance.h>
+
#ifdef LOG_TAG
#undef LOG_TAG
#define LOG_TAG "PRIVILEGE_INFO"
return 0;
}
+static int __is_preloaded_pkg(const char* pkgid)
+{
+ pkgmgrinfo_pkginfo_h handle;
+
+ int ret = pkgmgrinfo_pkginfo_get_pkginfo(pkgid, &handle);
+ TryReturn(ret == PMINFO_R_OK, , -1, "pkgmgrinfo_pkginfo_get_usr_pkginfo() failed for pkgid <%s>", pkgid);
+
+ bool is_preload = false;
+ ret = pkgmgrinfo_pkginfo_is_preload(handle, &is_preload);
+ TryReturn(ret == PMINFO_R_OK, pkgmgrinfo_pkginfo_destroy_pkginfo(handle), -1, "pkgmgrinfo_pkginfo_is_preload() failed. Failed to check whether %s is preloaded.", pkgid);
+
+ pkgmgrinfo_pkginfo_destroy_pkginfo(handle);
+
+ if (is_preload)
+ return 1;
+ else
+ return 0;
+}
+
+static privilege_manager_visibility_e __get_pkg_cert_level(uid_t uid, const char* pkgid)
+{
+ const char* cert_value;
+ pkgmgrinfo_certinfo_h certinfo;
+
+ int ret = pkgmgrinfo_pkginfo_create_certinfo(&certinfo);
+ TryReturn(ret == PMINFO_R_OK, pkgmgrinfo_pkginfo_destroy_certinfo(certinfo), PRVMGR_PACKAGE_VISIBILITY_NONE, "pkgmgrinfo_pkginfo_create_certinfo() failed. ret = %d", ret);
+
+ ret = pkgmgrinfo_pkginfo_load_certinfo(pkgid, certinfo, uid);
+ TryReturn(ret == PMINFO_R_OK, pkgmgrinfo_pkginfo_destroy_certinfo(certinfo), PRVMGR_PACKAGE_VISIBILITY_NONE, "pkgmgrinfo_pkginfo_load_certinfo() failed. ret = %d", ret);
+
+ ret = pkgmgrinfo_pkginfo_get_cert_value(certinfo, PMINFO_DISTRIBUTOR_ROOT_CERT, &cert_value);
+ TryReturn(ret == PMINFO_R_OK, pkgmgrinfo_pkginfo_destroy_certinfo(certinfo), PRVMGR_PACKAGE_VISIBILITY_NONE, "pkgmgrinfo_pkginfo_get_cert_value() failed. ret = %d", ret);
+
+ if (cert_value == NULL) {
+ pkgmgrinfo_pkginfo_destroy_pkginfo(certinfo);
+ // Check whether the given app is preloaded app
+ // -> Assume preloaded app to have platform level certificate (by appfw's guide)
+ ret = __is_preloaded_pkg(pkgid);
+ if (ret == 1) {
+ ret = PRVMGR_PACKAGE_VISIBILITY_PLATFORM;
+ } else {
+ LOGE("%s is not preloaded app and have no cert value", pkgid);
+ ret = PRVMGR_PACKAGE_VISIBILITY_NONE;
+ }
+ return ret;
+ }
+
+ char* temp_cert = g_strdup(cert_value);
+ TryReturn(temp_cert != NULL, pkgmgrinfo_pkginfo_destroy_certinfo(certinfo), PRVMGR_PACKAGE_VISIBILITY_NONE, "g_strdup() of cert_value failed.");
+
+ pkgmgrinfo_pkginfo_destroy_certinfo(certinfo);
+
+ CertSvcInstance instance;
+ CertSvcCertificate certificate;
+ CertSvcVisibility visibility = CERTSVC_VISIBILITY_PUBLIC;
+
+ ret = certsvc_instance_new(&instance);
+ TryReturn(ret == CERTSVC_SUCCESS, , PRVMGR_PACKAGE_VISIBILITY_NONE, "certsvc_instance_new() failed. ret = %d", ret);
+
+ ret = certsvc_certificate_new_from_memory(instance, (const unsigned char *)temp_cert, strlen(temp_cert), CERTSVC_FORM_DER_BASE64, &certificate);
+ TryReturn(ret == CERTSVC_SUCCESS, certsvc_instance_free(instance), PRVMGR_PACKAGE_VISIBILITY_NONE, "certsvc_certificate_new_from_memory() failed. ret = %d", ret);
+
+ g_free(temp_cert);
+
+ ret = certsvc_certificate_get_visibility(certificate, &visibility);
+ if (ret != CERTSVC_SUCCESS)
+ LOGE("certsvc_certificate_get_visibility() is failed.");
+
+ certsvc_certificate_free(certificate);
+ certsvc_instance_free(instance);
+
+ if (visibility & CERTSVC_VISIBILITY_PUBLIC)
+ return PRVMGR_PACKAGE_VISIBILITY_PUBLIC;
+ if (visibility & CERTSVC_VISIBILITY_PARTNER)
+ return PRVMGR_PACKAGE_VISIBILITY_PARTNER;
+ if (visibility & CERTSVC_VISIBILITY_PLATFORM)
+ return PRVMGR_PACKAGE_VISIBILITY_PLATFORM;
+ LOGE("cert level is not public/partner/platform");
+ if (visibility & CERTSVC_VISIBILITY_DEVELOPER)
+ LOGD("cert level developer");
+ return PRVMGR_PACKAGE_VISIBILITY_NONE;
+}
+
int privilege_info_get_privilege_type(uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, privilege_manager_visibility_e cert_level, const char* privilege, privilege_manager_privilege_type_e *type)
{
TryReturn(pkgid != NULL && privilege != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid or privilege is NULL");
+ if (cert_level == PRVMGR_PACKAGE_VISIBILITY_NONE)
+ cert_level = __get_pkg_cert_level(uid, pkgid);
+
+ TryReturn(cert_level != PRVMGR_PACKAGE_VISIBILITY_NONE, , PRVMGR_ERR_INTERNAL_ERROR, "[PRVMGR_ERR_INTERNAL_ERROR] Can't get %s's cert level", pkgid);
+
LOGD("get privilege type for uid: %d, package id: %s, type: %d, cert level: %d, privilege: %s", (int)uid, pkgid, package_type, cert_level, privilege);
int ret = PRVMGR_ERR_NONE;
projects / platform / core / security / privilege-checker.git / commitdiff