In client side, this data needs to be retrieved only once for given client.
PkgMgr is checked only from askuser-notification daemon context, otherwise
AUL environment variables/AUL API is called to get data needed on client side.
This optimization should reduce API call time for ppm_check by ~60%
Change-Id: I5a9238113b062df551b73e3af7e52f6b13643c81
BuildRequires: pkgconfig(capi-ui-efl-util)
BuildRequires: pkgconfig(capi-system-info)
BuildRequires: pkgconfig(libsmack)
+BuildRequires: pkgconfig(aul)
BuildRequires: edje-bin
%if !%{defined build_type}
askuser_check_result ApiInterfaceImpl::checkPrivilege(const std::string &privilege)
{
- std::string appId = getOwnAppId();
+ std::string appId = getOwnAppId(m_pkgInfo);
PrivilegePolicy privPolicy(appId, privilege);
- auto policyLevel = privPolicy.calculatePolicy();
+ auto policyLevel = privPolicy.calculatePolicy(m_appInfo);
if (policyLevel == "Allow") {
return ASKUSER_CHECK_RESULT_ALLOW;
#include <vector>
#include <ApiInterface.h>
+#include <policy/AppInfo.h>
+#include <policy/PkgInfo.h>
#include <StatusCallbackClosure.h>
#include <client-channel.h>
StatusCallbackClosure m_statusClosure;
std::unique_ptr<Protocol::ClientChannel> m_channel;
std::vector<Request> m_requests;
+ AulAppInfo m_appInfo;
+ AulPkgInfo m_pkgInfo;
};
} // namespace Client
security-manager
pkgmgr-info
security-privilege-manager
+ aul
)
SET(ASKUSER_COMMON_VERSION_MAJOR 0)
SET(COMMON_SOURCES
${COMMON_PATH}/log/alog.cpp
+ ${COMMON_PATH}/policy/AppInfo.cpp
+ ${COMMON_PATH}/policy/PkgInfo.cpp
${COMMON_PATH}/policy/Policy.cpp
${COMMON_PATH}/policy/PrivilegeInfo.cpp
${COMMON_PATH}/policy/PrivilegePolicy.cpp
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/**
+ * @file src/common/policy/AppInfo.cpp
+ * @author Tomasz Swierczek <t.swierczek@samsung.com>
+ * @brief Implementation of AppInfo (sub)classes
+ */
+
+#include "AppInfo.h"
+
+#include <pkgmgr-info.h>
+
+#include <log/alog.h>
+
+
+namespace AskUser {
+
+void AulAppInfo::fetch(const std::string &appId, uid_t uid) {
+ static const char *AUL_APP_TYPE = "RUNTIME_TYPE";
+ static const char *AUL_TIZEN_API_VERSION = "TIZEN_API_VERSION";
+
+ char *type = getenv(AUL_APP_TYPE);
+ char *version = getenv(AUL_TIZEN_API_VERSION);
+ if (type) {
+ m_type = type;
+ ALOGD("aul fetched app type for appId " << appId << " is " << m_type);
+ } else {
+ ALOGE("couldn't fetch app type for appId " << appId << " with getenv from key " << AUL_APP_TYPE);
+ }
+
+ if (version) {
+ m_version = version;
+ ALOGD("aul fetched app Tizen target version for appId " << appId << " is " << m_version);
+ } else {
+ ALOGE("couldn't fetch app Tizen target version for appId " << appId << " with getenv from key " << AUL_TIZEN_API_VERSION);
+ }
+
+ m_appId = appId;
+ m_uid = uid;
+}
+
+
+void PkgMgrAppInfo::fetch(const std::string &appId, uid_t uid) {
+ pkgmgrinfo_appinfo_h handle = nullptr;
+ int ret = pkgmgrinfo_appinfo_get_usr_appinfo(appId.c_str(), uid, &handle);
+ if (ret != PMINFO_R_OK) {
+ ALOGE("pkgmgrinfo_appinfo_get_usr_appinfo failed for " << appId << " with " << ret);
+ return;
+ }
+
+ char *type = nullptr;
+ ret = pkgmgrinfo_appinfo_get_apptype(handle, &type);
+ if (ret != PMINFO_R_OK) {
+ ALOGE("pkgmgrinfo_appinfo_get_apptype failed with " << ret);
+ pkgmgrinfo_appinfo_destroy_appinfo(handle);
+ return;
+ }
+ if (type)
+ m_type = type;
+
+ char *version = nullptr;
+ ret = pkgmgrinfo_appinfo_get_api_version(handle, &version);
+ if (ret != PMINFO_R_OK) {
+ ALOGE("pkgmgrinfo_appinfo_get_api_version failed with " << ret);
+ pkgmgrinfo_appinfo_destroy_appinfo(handle);
+ return;
+ }
+ if (version)
+ m_version = version;
+
+ pkgmgrinfo_appinfo_destroy_appinfo(handle);
+
+ m_appId = appId;
+ m_uid = uid;
+}
+
+} // namespace AskUser
/*
- * Copyright (c) 2017 Samsung Electronics Co.
+ * Copyright (c) 2017-2018 Samsung Electronics Co.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/**
* @file src/common/policy/AppInfo.h
* @author Zofia Abramowska <z.abramowska@samsung.com>
- * @brief Definition of pkgmgr-info wrappers
+ * @author Tomasz Swierczek <t.swierczek@samsung.com>
+ * @brief Definition of app-data wrapper/cache (sub)classes
*/
#pragma once
#include <string>
#include <sys/types.h>
-#include <pkgmgr-info.h>
-
-#include <log/alog.h>
namespace AskUser {
-struct AppInfo {
- AppInfo(const std::string &appId, uid_t uid) : m_handle(nullptr) {
- int ret = pkgmgrinfo_appinfo_get_usr_appinfo(appId.c_str(), uid, &m_handle);
- if (ret != PMINFO_R_OK) {
- ALOGE("pkgmgrinfo_appinfo_get_usr_appinfo failed for " << appId << " with " << ret);
- m_handle = nullptr;
- }
+class AppInfo {
+public:
+
+ AppInfo() : m_uid(0) {};
+
+ virtual ~AppInfo() {};
+
+ virtual void purgeCache() {
+ m_appId.clear();
+ m_type.clear();
+ m_version.clear();
+ m_uid = 0;
}
- ~AppInfo() {
- if (m_handle)
- pkgmgrinfo_appinfo_destroy_appinfo(m_handle);
+
+ virtual std::string type(const std::string &appId, uid_t uid) {
+ update(appId, uid);
+ return m_type;
}
- const std::string type() {
- char *type = nullptr;
- int ret = pkgmgrinfo_appinfo_get_apptype(m_handle, &type);
- if (ret != PMINFO_R_OK) {
- ALOGE("pkgmgrinfo_appinfo_get_apptype failed with " << ret);
- return "";
- }
- return type ? type : "";
+
+ virtual std::string apiVersion(const std::string &appId, uid_t uid) {
+ update(appId, uid);
+ return m_version;
}
- const std::string apiVersion() {
- char *version = nullptr;
- int ret = pkgmgrinfo_appinfo_get_api_version(m_handle, &version);
- if (ret != PMINFO_R_OK) {
- ALOGE("pkgmgrinfo_appinfo_get_api_version failed with " << ret);
- return "";
+protected:
+ virtual void fetch(const std::string &appId, uid_t uid) = 0;
+
+ virtual void update(const std::string &appId, uid_t uid) {
+ if (m_appId != appId || uid != m_uid) {
+ purgeCache();
+ fetch(appId, uid);
}
- return version ? version : "";
}
- pkgmgrinfo_appinfo_h m_handle;
+ std::string m_appId;
+ uid_t m_uid;
+ std::string m_type;
+ std::string m_version;
+};
+
+class AulAppInfo : public AppInfo {
+protected:
+ virtual void fetch(const std::string &appId, uid_t uid);
};
+class PkgMgrAppInfo : public AppInfo {
+protected:
+ virtual void fetch(const std::string &appId, uid_t uid);
+};
+
+
} // namespace AskUser
--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/**
+ * @file src/common/policy/PkgInfo.cpp
+ * @author Tomasz Swierczek <t.swierczek@samsung.com>
+ * @brief Implementation of PkgInfo (sub)classes
+ */
+
+#include "PkgInfo.h"
+
+#include <aul.h>
+#include <pkgmgr-info.h>
+
+#include <log/alog.h>
+
+namespace AskUser {
+
+void AulPkgInfo::fetch(const std::string &pkgId, uid_t uid) {
+ char buffer[1024];
+ memset(buffer, 0, sizeof(buffer));
+ int ret = aul_app_get_appid_bypid(getpid(), buffer, sizeof(buffer) - 1);
+ if (AUL_R_OK == ret)
+ m_mainAppId = std::string(buffer);
+ else
+ ALOGE("aul_app_get_appid_bypid failed");
+
+ ret = aul_app_get_pkgname_bypid(getpid(), buffer, sizeof(buffer));
+ if (AUL_R_OK == ret)
+ m_pkgLabel = std::string(buffer);
+ else
+ ALOGE("aul_app_get_pkgname_bypid failed");
+ m_pkgId = pkgId;
+ m_uid = uid;
+}
+
+void PkgMgrPkgInfo::fetch(const std::string &pkgId, uid_t uid) {
+ pkgmgrinfo_pkginfo_h handle = nullptr;
+ int ret = pkgmgrinfo_pkginfo_get_usr_pkginfo(pkgId.c_str(), uid, &handle);
+ if (ret != PMINFO_R_OK) {
+ ALOGE("pkgmgrinfo_pkginfo_get_usr_pkginfo failed for " << pkgId << " with " << ret);
+ return;
+ }
+ char *mainAppId;
+ ret = pkgmgrinfo_pkginfo_get_mainappid(handle, &mainAppId);
+ if (ret != PMINFO_R_OK) {
+ ALOGE("pkgmgrinfo_pkginfo_get_mainappid failed with " << ret);
+ pkgmgrinfo_pkginfo_destroy_pkginfo(handle);
+ return;
+ }
+ if (mainAppId)
+ m_mainAppId = mainAppId;
+
+ char *pkgLabel;
+ ret = pkgmgrinfo_pkginfo_get_label(handle, &pkgLabel);
+ if (ret != PMINFO_R_OK) {
+ ALOGE("pkgmgrinfo_pkginfo_get_label failed with " << ret);
+ pkgmgrinfo_pkginfo_destroy_pkginfo(handle);
+ return;
+ }
+ if (pkgLabel)
+ m_pkgLabel = pkgLabel;
+
+ pkgmgrinfo_pkginfo_destroy_pkginfo(handle);
+ m_pkgId = pkgId;
+ m_uid = uid;
+}
+
+} // namespace AskUser
/*
- * Copyright (c) 2017 Samsung Electronics Co.
+ * Copyright (c) 2017-2018 Samsung Electronics Co.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/**
* @file src/common/policy/PkgInfo.h
* @author Zofia Abramowska <z.abramowska@samsung.com>
- * @brief Definition of pkgmgr-info wrappers
+ * @author Tomasz Swierczek <t.swierczek@samsung.com>
+ * @brief Definition of package-data wrappers/cache (sub)classes
*/
#pragma once
#include <string>
#include <sys/types.h>
-#include <pkgmgr-info.h>
-#include <log/alog.h>
+namespace AskUser {
-struct PkgInfo {
- PkgInfo(const std::string &pkgId, uid_t uid) : m_handle(nullptr) {
- int ret = pkgmgrinfo_pkginfo_get_usr_pkginfo(pkgId.c_str(), uid, &m_handle);
- if (ret != PMINFO_R_OK) {
- ALOGE("pkgmgrinfo_pkginfo_get_usr_pkginfo failed for " << pkgId << " with " << ret);
- m_handle = nullptr;
- }
+class PkgInfo {
+public:
+ PkgInfo() : m_uid(0) {};
+ virtual ~PkgInfo() {};
+
+ virtual void purgeCache() {
+ m_pkgId.clear();
+ m_mainAppId.clear();
+ m_pkgLabel.clear();
+ m_uid = 0;
}
- ~PkgInfo() {
- if (m_handle)
- pkgmgrinfo_pkginfo_destroy_pkginfo(m_handle);
+
+ std::string mainAppId(const std::string &pkgId, uid_t uid) {
+ update(pkgId, uid);
+ return m_mainAppId;
}
- const std::string mainAppId(){
- if (!m_handle) {
- return "";
- }
- char *mainAppId;
- int ret = pkgmgrinfo_pkginfo_get_mainappid(m_handle, &mainAppId);
- if (ret != PMINFO_R_OK) {
- ALOGE("pkgmgrinfo_pkginfo_get_mainappid failed with " << ret);
- return "";
- }
- return mainAppId ? mainAppId : "";
+
+ std::string pkgLabel(const std::string &pkgId, uid_t uid) {
+ update(pkgId, uid);
+ return m_pkgLabel;
}
- const std::string pkgLabel() {
- if (!m_handle) {
- return "";
- }
- char *pkgLabel;
- int ret = pkgmgrinfo_pkginfo_get_label(m_handle, &pkgLabel);
- if (ret != PMINFO_R_OK) {
- ALOGE("pkgmgrinfo_pkginfo_get_label failed with " << ret);
- return "";
+
+protected:
+ virtual void fetch(const std::string &pkgId, uid_t uid) = 0;
+
+ virtual void update(const std::string &pkgId, uid_t uid) {
+ if (pkgId != m_pkgId || uid != m_uid) {
+ purgeCache();
+ fetch(pkgId, uid);
}
- return pkgLabel ? pkgLabel : "";
}
- pkgmgrinfo_pkginfo_h m_handle;
+
+ std::string m_pkgId;
+ uid_t m_uid;
+ std::string m_mainAppId;
+ std::string m_pkgLabel;
+};
+
+class AulPkgInfo : public PkgInfo {
+protected:
+ virtual void fetch(const std::string &pkgId, uid_t uid);
};
+
+class PkgMgrPkgInfo : public PkgInfo {
+protected:
+ virtual void fetch(const std::string &pkgId, uid_t uid);
+};
+
+} // namespace AskUser
* @brief Implementation of Policy wrappers
*/
+#include <sys/types.h>
#include <memory>
+#include <unistd.h>
#include <vector>
#include <security-manager.h>
#include <exception/Exception.h>
#include <log/alog.h>
-#include "PkgInfo.h"
#include "Policy.h"
#include "PrivilegeInfo.h"
return fetch.fetchPolicy();
}
-void identifyApp(const std::string &client, std::string &appId, std::string &pkgLabel)
+void identifyApp(PkgInfo &pkgInfo, const std::string &client, std::string &appId, std::string &pkgLabel)
{
char *pkgName = nullptr;
char *appName = nullptr;
return;
}
- PkgInfo pkgInfo(pkgName, geteuid());
+ uid_t uid = geteuid();
if (!appName)
- appId = pkgInfo.mainAppId();
+ appId = pkgInfo.mainAppId(pkgName, uid);
else
appId = appName;
- pkgLabel = pkgInfo.pkgLabel();
+ pkgLabel = pkgInfo.pkgLabel(pkgName, uid);
}
-std::string getOwnAppId()
+std::string getOwnAppId(PkgInfo &pkgInfo)
{
char *pkgName = nullptr;
char *appName = nullptr;
std::unique_ptr<char, decltype(free)*> app_name_p(appName, free);
throwOnSMError("security_manager_identify_app_from_pid", ret);
- if (!appName) {
- PkgInfo pkgInfo(pkgName, geteuid());
- return pkgInfo.mainAppId();
- }
+ if (!appName)
+ return pkgInfo.mainAppId(pkgName, geteuid());
return appName;
}
#include <string>
#include <vector>
+#include <policy/PkgInfo.h>
#include <types/PolicyTypes.h>
struct policy_entry;
class PolicyEntryCopy;
-std::string getOwnAppId();
-void identifyApp(const std::string &client, std::string &appId, std::string &pkgLabel);
+std::string getOwnAppId(PkgInfo &pkgInfo);
+void identifyApp(PkgInfo &pkgInfo, const std::string &client, std::string &appId, std::string &pkgLabel);
std::set<Privilege> getManifestPrivs(const std::string &appId);
#include <cstdlib>
#include <memory>
#include <set>
+#include <sys/types.h>
+#include <unistd.h>
#include "Policy.h"
#include "PrivilegeInfo.h"
#include <exception/Exception.h>
#include <log/alog.h>
-#include <policy/AppInfo.h>
#include <privilegemgr/privilege_info.h>
#include <privilegemgr/privilege_db_manager.h>
return std::vector<Privacy>(privaciesSet.begin(), privaciesSet.end());
}
-std::vector<Privilege> getPrivilegeMapping(const std::string &appId, const Privilege &privilege) {
+std::vector<Privilege> getPrivilegeMapping(AppInfo &appInfo, const std::string &appId, const Privilege &privilege) {
ALOGD("Mapping privilege " << privilege);
- AppInfo app(appId, geteuid());
- std::string version = app.apiVersion();
- std::string type = app.type();
+ uid_t uid = geteuid();
+ std::string version = appInfo.apiVersion(appId, uid);
+ std::string type = appInfo.type(appId, uid);
if (version.empty() || type.empty()) {
ALOGE("Failed to fetch application version and type");
#include <string>
#include <vector>
+#include <policy/AppInfo.h>
#include <types/PolicyTypes.h>
namespace AskUser {
namespace PrivilegeInfo {
- std::vector<Privilege> getPrivilegeMapping(const std::string &appId,
+ std::vector<Privilege> getPrivilegeMapping(AppInfo &appInfo,
+ const std::string &appId,
const Privilege &privilege);
std::vector<Privacy> getPrivilegesPrivacies(const std::vector<std::string> &corePrivileges);
bool isPrivacy(const Privilege &privilege);
#include <set>
#include <log/alog.h>
-#include <policy/AppInfo.h>
#include <policy/Policy.h>
#include <policy/PrivilegeInfo.h>
m_privilege(privilege)
{}
-Policy PrivilegePolicy::calculatePolicy() {
+Policy PrivilegePolicy::calculatePolicy(AppInfo &appInfo) {
std::vector<Privilege> corePrivileges =
- PrivilegeInfo::getPrivilegeMapping(m_appId, m_privilege);
+ PrivilegeInfo::getPrivilegeMapping(appInfo, m_appId, m_privilege);
if (corePrivileges.empty()) {
ALOGE("Privilege " << m_privilege << " doesn't map to any core privilege");
return "Deny";
#include <string>
#include <vector>
+#include <policy/AppInfo.h>
#include <types/PolicyTypes.h>
namespace AskUser {
class PrivilegePolicy {
public:
PrivilegePolicy(const std::string &appId, const Privilege &privilege);
- Policy calculatePolicy();
+ Policy calculatePolicy(AppInfo &appInfo);
std::vector<Privacy> getAskablePrivacies() const {
return m_askablePrivacies;
}
}
std::string appId, pkgLabel;
- identifyApp(creds.label, appId, pkgLabel);
+ PkgMgrPkgInfo pkgInfo;
+ identifyApp(pkgInfo, creds.label, appId, pkgLabel);
ALOGD("Proper client connected");
stopTimer();
ConnectionInfo &conn = it->second;
PrivilegePolicy privPolicy(conn.appId, privilege);
- auto policyLevel = privPolicy.calculatePolicy();
+ PkgMgrAppInfo appInfo;
+ auto policyLevel = privPolicy.calculatePolicy(appInfo);
ALOGD("Privilege policy level calculated to : " << policyLevel);
if (policyLevel == "Allow") {