int privilege_db_manager_get_privilege_group_display(privilege_db_manager_package_type_e package_type, const char* privilege_name, const char* api_version, int* privilege_group_number);
-int __privilege_db_manager_is_privacy(const char* privilege);
+int privilege_db_manager_is(char type, const char* privilege);
int __privilege_db_manager_get_privacy_list(GList** privacy_list);
int __privilege_db_manager_get_privilege_list_by_privacy(const char* privacy, GList **privilege_list);
EXPORT_API int privilege_info_get_privilege_description(const char *privilege, char **description);
/**
+ * @brief Determines whether the given privilege is valid.
+ * @param [in] privilege The privilege
+ * @return 1 if true(=is valid privilege. the privilege can be granted by security-manager and checked by cynara), 0 if false, and -1 on error
+ */
+EXPORT_API int privilege_info_is_valid(const char *privilege);
+
+/**
+ * @brief Determines whether the given privilege is internal privilege.
+ * @param [in] privilege The privilege
+ * @return 1 if true(=is internal privilege), 0 if false, and -1 on error
+ */
+EXPORT_API int privilege_info_is_internal(const char *privilege);
+
+/**
* @brief Determines whether the given privilege is privacy related or not.
* @param [in] privilege The privilege
* @return 1 if true(=is privacy related privilege), 0 if false, and -1 on error
ADD_CUSTOM_TARGET(privilege-db ALL DEPENDS ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB})
-INSTALL(FILES ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB} ${POLICY_DB}-journal DESTINATION ${DATADIR}/privilege-manager/)
+INSTALL(FILES ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB} ${POLICY_DB}-journal update_valid_info_table.sh DESTINATION ${DATADIR}/privilege-manager/)
echo "Creating PRIVILEGE_INFO table ..."
sqlite3 $DB_NAME "CREATE TABLE PRIVILEGE_INFO (PROFILE_ID NUMERIC, PROFILE TEXT, PACKAGE_TYPE_ID NUMERIC, PACKAGE_TYPE TEXT, PRIVILEGE_LEVEL_ID NUMERIC, PRIVILEGE_LEVEL TEXT, API_VERSION_ISSUED TEXT, API_VERSION_EXPIRED TEXT, DOCUMENTED INTEGER, PRIVILEGE_NAME TEXT, IS_PRIVACY NUMERIC, PRIVACY_GROUP TEXT, PRIVILEGE_DISPLAY TEXT, PRIVILEGE_DESCRIPTION TEXT, PRIVILEGE_GROUP_ID NUMERIC, PRIVLEGE_GROUP TEXT, CHANGED_TO_2_3_1 TEXT, CHANGED_TO_2_4_0 TEXT);"
+echo "Create Valid Privilege Info Table..."
+sqlite3 $DB_NAME "CREATE TABLE VALID_PRIVILEGE_INFO (PRIVILEGE_NAME TEXT UNIQUE, IS_PRIVACY NUMERIC, IS_INTERNAL NUMERIC);"
+
echo "Inserting data ..."
IFS=$'\n'
for i in `cat core_privilege_info.csv`
echo "Inserting $PRIVILEGE_NAME ..."
sqlite3 $DB_NAME "insert into privilege_info values ( $PROFILE_ID, '$PROFILE', $PACKAGE_TYPE_ID, '$PACKAGE_TYPE', $PRIVILEGE_LEVEL_ID, '$PRIVILEGE_LEVEL', '$API_VERSION_ISSUED', '$API_VERSION_EXPIRED', '$DOCUMENTED', '$PRIVILEGE_NAME', '$IS_PRIVACY', '$PRIVACY_GROUP', '$PRIVILEGE_DISPLAY', '$PRIVILEGE_DESCRIPTION', $PRIVILEGE_GROUP_ID, '$PRIVILEGE_GROUP', '$CHANGED_TO_2_3_1', '$CHANGED_TO_2_4_0')"
+ sqlite3 $DB_NAME "insert into valid_privilege_info (privilege_name, is_privacy, is_internal) values ('$PRIVILEGE_NAME', '$IS_PRIVACY', 0)"
done
-echo "Check inserted data"
-sqlite3 $DB_NAME "select * from privilege_info"
echo "Inserting $PRIVILEGE_NAME $MAPPED_PRIVILEGE_NAME..."
sqlite3 $DB_NAME "insert into privilege_mapping values ( $PROFILE_ID, '$PROFILE', '$PRIVILEGE_NAME','$FROM_API_VERSION', '$TO_API_VERSION', '$MAPPED_PRIVILEGE_NAME')"
+ sqlite3 .core_privilege_info.db "insert or ignore into valid_privilege_info values ('$MAPPED_PRIVILEGE_NAME', 0, 1)"
done
echo "Check inserted data"
--- /dev/null
+#!/bin/bash
+
+DB_NAME="/usr/share/privilege-manager/.core_privilege_info.db"
+
+echo "Inserting data ..."
+
+for i in `cat /var/cynara/db/_USER_TYPE_* | cut -d ";" -f 3 | sort | uniq | grep -v "*"`
+do
+ if [[ $i == "http://tizen.org/privilege/internal/"* ]]; then
+ echo "Inserting $i ..."
+ sqlite3 $DB_NAME "insert or ignore into valid_privilege_info (privilege_name, is_privacy, is_internal) values ('$i', 0, 1)"
+ elif [ $i = "http://tizen.org/privilege/notexist" ]; then
+ echo "Inserting $i ..."
+ sqlite3 $DB_NAME "insert or ignore into valid_privilege_info (privilege_name, is_privacy, is_internal) values ('$i', 0, 1)"
+ fi
+done
+
+echo "complete!"
echo "Inserting $PRIVILEGE_NAME $MAPPED_PRIVILEGE_NAME..."
sqlite3 $DB_NAME "insert into privilege_mapping values ( $PROFILE_ID, '$PROFILE', '$PRIVILEGE_NAME','$FROM_API_VERSION', '$TO_API_VERSION', '$MAPPED_PRIVILEGE_NAME')"
+ sqlite3 .core_privilege_info.db "insert or ignore into valid_privilege_info values ('$MAPPED_PRIVILEGE_NAME', 0, 1)"
done
echo "Check inserted data"
char* temp_privilege_list_str = NULL;
for (l = privilege_list; l != NULL; l = l->next) {
char *privilege_name = (char *)l->data;
- if (temp_privilege_list_str == NULL) {
+ if (temp_privilege_list_str == NULL)
temp_privilege_list_str = sqlite3_mprintf("'%q'", privilege_name);
- } else {
+ else
temp_privilege_list_str = sqlite3_mprintf("%s, '%q'", temp_privilege_list_str, privilege_name);
- }
}
*privilege_list_str = temp_privilege_list_str;
return 0;
return PRIVILEGE_DB_NO_EXIST_RESULT;
}
-int __privilege_db_manager_is_privacy(const char* privilege)
+int privilege_db_manager_is(char type, const char* privilege)
{
sqlite3 *db = NULL;
sqlite3_stmt *stmt = NULL;
- int is_privacy = 0;
+ int res = 0;
int ret = __initialize_db('i', &db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE);
TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE, , ret, "[PRIVILEGE_DB_MANAGER] DB INITIALIZE FAIL");
- char *sql = sqlite3_mprintf("select is_privacy from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q",
- PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE, privilege);
+ char *sql = sqlite3_mprintf("select * from valid_privilege_info where privilege_name=%Q", privilege);
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
- TryReturn (ret == SQLITE_OK, sqlite3_close(db), -PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
+ TryReturn(ret == SQLITE_OK, sqlite3_close(db), -PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
ret = sqlite3_step(stmt);
if (ret == SQLITE_ROW) {
- is_privacy = sqlite3_column_int(stmt, 0);
- ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
+ LOGD("privilege: %s, is-privacy : %d, is-internal : %d", (char*)sqlite3_column_text(stmt, 0), sqlite3_column_int(stmt, 1), sqlite3_column_int(stmt, 2));
+ switch (type) {
+ case 'v':
+ res = 1;
+ break;
+ case 'p':
+ res = sqlite3_column_int(stmt, 1);
+ break;
+ case 'i':
+ res = sqlite3_column_int(stmt, 2);
+ break;
+ default:
+ LOGE("Undefined type for privilege_db_manager_is()");
+ return PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE;
+ }
} else if (ret == SQLITE_DONE) {
- LOGD("[PRIVILEGE_DB_MANAGER] NO DATA TO READ. ret = %d", ret);
- ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
+ LOGD("[PRIVILEGE_DB_MANAGER] NO DATA TO READ. %s is invalid privilege. ret = %d", privilege, ret);
+ } else {
+ res = -1;
}
__finalize_db(db, stmt);
sqlite3_free(sql);
- if (ret > 0)
+ if (res < 0)
return -ret;
else
- return is_privacy;
+ return res;
}
int __privilege_db_manager_get_privacy_list(GList **privacy_list)
/* TBD: check if the privilege exist and whether the privilege is internal or not */
if (strstr(privilege_name, "internal") != NULL || strstr(privilege_name, "notexist") != NULL)
- return PRVMGR_ERR_NONE;
+ return PRVMGR_ERR_NONE;
if (data.privilege_group == EXTRA_GROUP) {
LOGD("data.privilege_group = %d", data.privilege_group);
res = data.callback(privilege_name, data.user_data);
{
TryReturn(privilege != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privilege is NULL");
- int ret = __privilege_db_manager_is_privacy(privilege);
+ int ret = privilege_db_manager_is('p', privilege);
+ LOGD("%s is privacy? %d", privilege, ret);
+ if (ret != 0 && ret != 1)
+ ret = -1;
+ return ret;
+}
+
+int privilege_info_is_valid(const char* privilege)
+{
+ TryReturn(privilege != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privilege is NULL");
+
+ int ret = privilege_db_manager_is('v', privilege);
+ LOGD("%s is valid? %d", privilege, ret);
+ if (ret != 0 && ret != 1)
+ ret = -1;
+ return ret;
+}
+
+int privilege_info_is_internal(const char* privilege)
+{
+ TryReturn(privilege != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privilege is NULL");
+
+ int ret = privilege_db_manager_is('i', privilege);
+ LOGD("%s is internal? %d", privilege, ret);
if (ret != 0 && ret != 1)
ret = -1;
return ret;
ret = PRVMGR_ERR_INTERNAL_ERROR;
return ret;
}
+/*
+int privilege_info_is_valid(const char* privilege)
+{
+}
+
+int privilege_info_is_internal(const char* privilege)
+{
+}*/
BuildRequires: cmake
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(sqlite3)
-BuildRequires: pkgconfig(glib-2.0)
+BuildRequires: pkgconfig(glib-2.0)
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
-%post -n security-privilege-manager -p /sbin/ldconfig
+%post -n security-privilege-manager
+/sbin/ldconfig
+echo "Update valid privilege info table"
+%{_datadir}/privilege-manager/update_valid_info_table.sh
+rm %{_datadir}/privilege-manager/update_valid_info_table.sh
%postun -n security-privilege-manager -p /sbin/ldconfig
%files -n privilege-checker
%{_datadir}/privilege-manager/.wrt_privilege_mapping.db
%config(noreplace) %{_datadir}/privilege-manager/.policy.db
%config(noreplace) %{_datadir}/privilege-manager/.policy.db-journal
+%attr(755,root,root) %{_datadir}/privilege-manager/update_valid_info_table.sh
%manifest packaging/security-privilege-manager.manifest
%files -n security-privilege-manager-devel
else if (ret == PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE)
return "PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE";
else if (ret == PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL)
- return "PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL";
+ return "PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL";
else if (ret == PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL)
- return "PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL";
+ return "PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL";
else if (ret == PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL)
- return "PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL";
+ return "PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL";
else if (ret == PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL)
- return "PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL";
+ return "PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL";
break;
default:
break;
visibility = PRVMGR_PACKAGE_VISIBILITY_PUBLIC;
else if (strncmp(visibility_string, "partner", strlen(visibility_string)) == 0)
visibility = PRVMGR_PACKAGE_VISIBILITY_PARTNER;
- else if(strncmp(visibility_string, "platform", strlen(visibility_string)) == 0)
+ else if (strncmp(visibility_string, "platform", strlen(visibility_string)) == 0)
visibility = PRVMGR_PACKAGE_VISIBILITY_PLATFORM;
else
printf("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WRONG CERT LEVEL!!!!!!!!!!!!!!!!!!!!!");
__color_to_bold_yellow();
api_version = va_arg(ap, char*);
char* pkg_type_string = va_arg(ap, char*);
- if(strncmp("core", pkg_type_string, strlen("core")) == 0 )
+ if (strncmp("core", pkg_type_string, strlen("core")) == 0)
pkg_type = PRVMGR_PACKAGE_TYPE_CORE;
- else if(strncmp("wrt", pkg_type_string, strlen("wrt")) == 0)
+ else if (strncmp("wrt", pkg_type_string, strlen("wrt")) == 0)
pkg_type = PRVMGR_PACKAGE_TYPE_WRT;
else
printf("!!!!!!!!!!!!!!!!!!!!!!WRONG PACKAGE TYPE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
}
__color_to_origin();
}
+static void __test_privilege_info_is_valid()
+{
+ int ret;
+ printf("privilege : http://tizen.org/privilege/account.read\n");
+ ret = privilege_info_is_valid("http://tizen.org/privilege/account.read");
+ if (ret == 1) {
+ success_cnt++;
+ printf("SUCCESS: http://tizen.org/privilege/account.read is valid\n");
+ } else {
+ fail_cnt++;
+ printf("Test FAILED. ret = %d\n", ret);
+ }
+ __print_line();
+
+ printf("privilege : http://tizen.org/privilege/internal/default/public\n");
+ ret = privilege_info_is_valid("http://tizen.org/privilege/internal/default/public");
+ if (ret == 1) {
+ success_cnt++;
+ printf("SUCCESS: http://tizen.org/privilege/internal/default/public is valid\n");
+ } else {
+ fail_cnt++;
+ printf("Test FAILED. ret = %d\n", ret);
+ }
+ __print_line();
+
+ printf("privilege : http://tizen.org/privilege/internettttttt\n");
+ ret = privilege_info_is_valid("http://tizen.org/privilege/internettttttt");
+ if (ret == 0) {
+ success_cnt++;
+ printf("SUCCESS: http://tizen.org/privilege/internettttttt is invalid\n");
+ } else {
+ fail_cnt++;
+ printf("Test FAILED. ret = %d\n", ret);
+ }
+ __print_line();
+
+}
+
+static void __test_privilege_info_is_internal()
+{
+ int ret;
+ printf("privilege : http://tizen.org/privilege/internal/default/public\n");
+ ret = privilege_info_is_internal("http://tizen.org/privilege/internal/default/public");
+ if (ret == 1) {
+ success_cnt++;
+ printf("SUCCESS: http://tizen.org/privilege/internal/default/public is internal\n");
+ } else {
+ fail_cnt++;
+ printf("Test FAILED. ret = %d\n", ret);
+ }
+ __print_line();
+
+ printf("privilege : http://tizen.org/privilege/internal/dbus\n");
+ ret = privilege_info_is_internal("http://tizen.org/privilege/internal/dbus");
+ if (ret == 1) {
+ success_cnt++;
+ printf("SUCCESS: http://tizen.org/privilege/internal/dbus is internal\n");
+ } else {
+ fail_cnt++;
+ printf("Test FAILED. ret = %d\n", ret);
+ }
+ __print_line();
+
+ printf("privilege : http://tizen.org/privilege/internet\n");
+ ret = privilege_info_is_internal("http://tizen.org/privilege/internet");
+ if (ret == 0) {
+ success_cnt++;
+ printf("SUCCESS: http://tizen.org/privilege/internet is NOT internal\n");
+ } else {
+ fail_cnt++;
+ printf("Test FAILED. ret = %d\n", ret);
+ }
+ __print_line();
+ printf("privilege : http://tizen.org/privilege/internettttt\n");
+ ret = privilege_info_is_internal("http://tizen.org/privilege/internettttt");
+ if (ret == 0) {
+ success_cnt++;
+ printf("SUCCESS: http://tizen.org/privilege/internettttt is NOT internal\n");
+ } else {
+ fail_cnt++;
+ printf("Test FAILED. ret = %d\n", ret);
+ }
+ __print_line();
+}
static void __test_privilege_info_is_privacy()
{
int ret;
__print_line();
printf("privilege : http://tizen.org/privilege/internettttt\n");
- ret = privilege_info_is_privacy("http://tizen.org/privilege/internettttt");
- if (ret == 0) {
- success_cnt++;
- printf("SUCCESS: http://tizen.org/privilege/internettttt is NOT PRIVACY\n");
- } else {
- fail_cnt++;
- printf("Test FAILED. ret = %d\n", ret);
- }
+ ret = privilege_info_is_privacy("http://tizen.org/privilege/internettttt");
+ if (ret == 0) {
+ success_cnt++;
+ printf("SUCCESS: http://tizen.org/privilege/internettttt is NOT PRIVACY\n");
+ } else {
+ fail_cnt++;
+ printf("Test FAILED. ret = %d\n", ret);
+ }
__print_line();
}
__tcinfo(function, "privilege_info_is_privacy");
__test_privilege_info_is_privacy();
+ __tcinfo(function, "privilege_info_is_internal");
+ __test_privilege_info_is_internal();
+
+ __tcinfo(function, "privilege_info_is_valid");
+ __test_privilege_info_is_valid();
+
__tcinfo(function, "privilege_info_get_privilege_display_name");
__test_privilege_info_get_privilege_display_name();