DELETE FROM label_view WHERE label_view.name = OLD.path_label_name;
END;
+
+-- PATH_REMOVAL VIEW -------------------------------------------------------------------
+DROP VIEW IF EXISTS path_removal_view;
+CREATE VIEW path_removal_view AS
+SELECT application_view.app_id AS owner_app_id,
+ application_view.name AS owner_app_label_name,
+ app_path.path AS path,
+ label.label_id AS path_label_id
+FROM app_path
+LEFT JOIN application_view USING (app_id)
+LEFT JOIN label USING (label_id);
+
+DROP TRIGGER IF EXISTS path_removal_delete_trigger;
+CREATE TRIGGER path_removal_delete_trigger
+INSTEAD OF DELETE ON path_removal_view
+BEGIN
+ -- Delete the path.
+ DELETE FROM app_path
+ WHERE app_path.app_id = OLD.owner_app_id AND
+ app_path.path = OLD.path;
+
+ -- Delete the path's label if it's not used anymore.
+ DELETE FROM label_view WHERE label_view.label_id = OLD.path_label_id;
+END;
+
+
-- APP PERMISSION LIST VIEW ----------------------------------------------------
-- Used in check_app_permission_internal to check if permissions are present
-- TODO: Check if SQLite optimizer doesn't change app_permission_view to the same code.
int perm_app_get_paths(const char* pkg_id, app_path_type_t app_path_type, char*** ppp_paths);
/**
+ * Remove path and all rules associated with it from the database.
+ *
+ * This does not remove data from the filesystem.
+ *
+ * @param pkg_id application identifier
+ * @param path path to remove
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int perm_app_remove_path(const char* pkg_id, const char *path);
+
+/**
* Make two applications "friends", by giving them both full permissions on
* each other.
* Results will be persistent on the file system. Must be called after
* error code otherwise
*/
int add_modified_apps_path_internal(sqlite3 *p_db, const char *const s_app_label_name);
+
+/**
+ * Adds path label's name to the modified labels.
+ * Used during removing path.
+ *
+ * @ingroup RDB internal functions
+ *
+ * @param p_db pointer to a SQLite3 database object
+ * @param s_path the path
+ * @return PC_OPERATION_SUCCESS on success, error code otherwise
+ */
+int add_modified_paths_label_internal(sqlite3 *p_db, const char *const s_path);
+
/**
* Open a connection with the database and perform an initialization.
*
const char *const s_access_reverse,
const char *const s_type);
+/**
+ * Remove path for the specified application and delete it's label if it's no longer used.
+ *
+ * @param p_db pointer to a SQLite3 database object
+ * @param s_owner_label_name owner application
+ * @param s_path the path
+ * @return PC_OPERATION_SUCCESS on success, error code otherwise
+ */
+int remove_path_internal(sqlite3 *p_db,
+ const char *const s_owner_label_name,
+ const char *const s_path);
+
/**
* Get number of paths of the specified type for the given application.
const char *const s_app_path_type_name,
char ***ppp_paths);
+
+/**
+ * Remove path and all rules associated with it from the database.
+ *
+ * @ingroup RDB API functions
+ *
+ * @param s_owner_label_name owner application's label name
+ * @param s_path the path
+ * @return PC_OPERATION_SUCCESS on success,
+ * error code otherwise
+ */
+int rdb_remove_path(const char *const s_owner_label_name,
+ const char *const s_path);
+
+
/**
* Add permission with the given name and type and add smack rules.
*
return PC_OPERATION_SUCCESS;
}
+API int perm_app_remove_path(const char* pkg_id, const char *path)
+{
+ SECURE_C_LOGD("Entering function: %s. Params: pkg_id=%s, path=%s", __func__, pkg_id, path);
+
+ int ret;
+
+ if (path == NULL) {
+ C_LOGE("Invalid param path (NULL).");
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ if (!smack_label_is_valid(pkg_id)) {
+ C_LOGE("Invalid param app_id.");
+ return PC_ERR_INVALID_PARAM;
+ }
+
+ ret = rdb_remove_path(pkg_id, path);
+ if (ret != PC_OPERATION_SUCCESS) {
+ C_LOGE("RDB rdb_remove_path failed with %d", ret);
+ return ret;
+ }
+
+ return PC_OPERATION_SUCCESS;
+}
+
API int app_add_friend(const char* pkg_id1, const char* pkg_id2)//deprecated
{
SECURE_C_LOGD("Entering function: %s. Params: pkg_id1=%s, pkg_id2=%s",
return ret;
}
+int add_modified_paths_label_internal(sqlite3 *p_db, const char *const s_path)
+{
+ int ret = PC_OPERATION_SUCCESS;
+ sqlite3_stmt *p_stmt = NULL;
+
+ ret = prepare_stmt(p_db, &p_stmt,
+ "INSERT OR IGNORE INTO modified_label(name) \
+ SELECT path_view.path_label_name \
+ FROM path_view \
+ WHERE path_view.path = %Q",
+ s_path);
+ if(ret != PC_OPERATION_SUCCESS) goto finish;
+
+ ret = step_and_convert_returned_value(p_stmt);
+finish:
+ if(sqlite3_finalize(p_stmt) < 0)
+ C_LOGE("RDB: Error during finalizing statement: %s", sqlite3_errmsg(p_db));
+
+ return ret;
+}
+
/**
* Function called when the target database is busy.
* We attempt to access the database every
}
+int remove_path_internal(sqlite3 *p_db,
+ const char *const s_owner_label_name,
+ const char *const s_path)
+{
+ int ret;
+ sqlite3_stmt *p_stmt = NULL;
+
+ ret = prepare_stmt(p_db, &p_stmt,
+ "DELETE FROM path_removal_view \
+ WHERE owner_app_label_name = %Q AND \
+ path = %Q",
+ s_owner_label_name, s_path);
+ if(ret != PC_OPERATION_SUCCESS) goto finish;
+
+ ret = step_and_convert_returned_value(p_stmt);
+finish:
+ if(sqlite3_finalize(p_stmt) < 0)
+ C_LOGE("RDB: Error during finalizing statement: %s", sqlite3_errmsg(p_db));
+ return ret;
+}
+
+
int add_permission_internal(sqlite3 *p_db,
const char *const s_permission_name,
const char *const s_permission_type_name)
s_app_path_type_name,
i_num_paths,
ppp_paths);
+finish:
+ return rdb_finish(p_db, ret);
+}
+
+int rdb_remove_path(const char *const s_owner_label_name,
+ const char *const s_path)
+{
+ RDB_LOG_ENTRY_PARAM("%s %s", s_owner_label_name, s_path);
+
+ int ret;
+ sqlite3 *p_db = NULL;
+
+ ret = rdb_begin(&p_db, RDB_TRANSACTION_EXCLUSIVE);
+ if (ret != PC_OPERATION_SUCCESS) goto finish;
+
+ ret = add_modified_paths_label_internal(p_db, s_path);
+ if (ret != PC_OPERATION_SUCCESS) goto finish;
+ ret = remove_path_internal(p_db, s_owner_label_name, s_path);
finish:
return rdb_finish(p_db, ret);
}
projects / platform / core / security / libprivilege-control.git / commitdiff