return SECURITY_MANAGER_SUCCESS;
}
+SECURITY_MANAGER_API
+int security_manager_app_inst_req_set_pkg_privilege_level(app_inst_req *p_req,
+ pkg_privilege_level privilege_level)
+{
+ if (!p_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ p_req->privLevel = privilege_level;
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_app_inst_req_set_pkg_type(app_inst_req *p_req, pkg_type pkg_type)
+{
+ if (!p_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ p_req->pkgType = pkg_type;
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+
SECURITY_MANAGER_API
int security_manager_app_inst_req_add_privilege(app_inst_req *p_req, const char *privilege)
{
/*
- * Copyright (c) 2014-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
const std::string &label,
bool global,
uid_t uid,
+ int pkg_type,
+ int pkg_privilege_level,
const std::vector<std::string> &privileges,
bool policyRemove)
{
- updateAppPolicy(label, label, global, uid, privileges, policyRemove);
+ updateAppPolicy(label, label, global, uid, pkg_type,
+ pkg_privilege_level, privileges, policyRemove);
}
void CynaraAdmin::updateAppPolicy(
const std::string &newLabel,
bool global,
uid_t uid,
+ int pkg_type,
+ int pkg_privilege_level,
const std::vector<std::string> &privileges,
bool policyRemove)
{
std::vector<std::string> blacklistPrivileges;
std::vector<std::string> privacyPrivileges;
for (auto &p : privileges) {
- PrivilegeInfo priv(id, oldLabel, p);
+ PrivilegeInfo priv(id, oldLabel, p, pkg_type, pkg_privilege_level);
if (askUserEnabled && priv.hasAttribute(PrivilegeInfo::PrivilegeAttr::PRIVACY))
privacyPrivileges.push_back(p);
if (priv.hasAttribute(PrivilegeInfo::PrivilegeAttr::BLACKLIST))
/*
- * Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
* @param label application Smack label
* @param global true if it's a global or preloaded installation
* @param uid user identifier
+ * @param pkg_type package type
+ * @param pkg_privilege_level package privilege level
* @param privileges currently enabled privileges
* @param policyRemove true while application deinstallation
*/
void updateAppPolicy(const std::string &label, bool global, uid_t uid,
+ int pkg_type, int pkg_privilege_level,
const std::vector<std::string> &privileges,
bool policyRemove = false);
* @param newLabel application Smack new label
* @param global true if it's a global or preloaded installation
* @param uid user identifier
+ * @param pkg_type package type passed from installation request
+ * @param pkg_privilege_level package privilege level passed from installation request
* @param privileges currently enabled privileges
* @param policyRemove true while application deinstallation
*/
void updateAppPolicy(const std::string &oldLabel, const std::string &newLabel, bool global, uid_t uid,
+ int pkg_type, int pkg_privilege_level,
const std::vector<std::string> &privileges,
bool policyRemove = false);
/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#pragma once
+#include <privilege_info.h> // external privilege-info header
#include <string>
#include <functional>
#include <dpl/exception.h>
+#include <security-manager-types.h>
namespace SecurityManager {
BLACKLIST
};
- PrivilegeInfo(uid_t uid, const std::string &label, const std::string &privilege);
+ PrivilegeInfo(uid_t uid, const std::string &label, const std::string &privilege,
+ int pkg_type = SM_PKG_TYPE_NONE,
+ int pkg_privilege_level = SM_PKG_PRIVILEGE_LEVEL_NONE);
bool hasAttribute(PrivilegeAttr attr);
std::string m_appId;
std::string m_pkgId;
std::string m_privilege;
+ privilege_manager_package_type_e m_packageType;
+ privilege_manager_visibility_e m_privilegeLevel;
};
} // namespace SecurityManager
std::string tizenVersion;
std::string authorName;
int installationType = SM_APP_INSTALL_NONE;
+ int pkgType = SM_PKG_TYPE_NONE;
+ int privLevel = SM_PKG_PRIVILEGE_LEVEL_NONE;
bool isHybrid = false;
app_inst_req() : apps(1) {}
{
Deserialization::Deserialize(stream,
apps, pkgName, pkgPaths, uid, tizenVersion, authorName,
- installationType, isHybrid);
+ installationType, pkgType, privLevel, isHybrid);
}
virtual void Serialize(IStream &stream) const
{
Serialization::Serialize(stream,
apps, pkgName, pkgPaths, uid, tizenVersion, authorName,
- installationType, isHybrid);
+ installationType, pkgType, privLevel, isHybrid);
}
};
/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2017 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* @version 1.0
*/
-#include <privilege_info.h> // external privilege-info header
-
#include "privilege-info.h" // header for this file
#include <dpl/log/log.h>
namespace SecurityManager {
-PrivilegeInfo::PrivilegeInfo(uid_t uid, const std::string &label, const std::string &privilege) :
+PrivilegeInfo::PrivilegeInfo(uid_t uid, const std::string &label, const std::string &privilege,
+ int pkg_type, int pkg_privilege_level) :
m_uid(uid),
m_privilege(privilege)
{
+ switch(pkg_type) {
+ case SM_PKG_TYPE_NONE:
+ m_packageType = PRVMGR_PACKAGE_TYPE_NONE;
+ break;
+ case SM_PKG_TYPE_WRT:
+ m_packageType = PRVMGR_PACKAGE_TYPE_WRT;
+ break;
+ case SM_PKG_TYPE_CORE:
+ m_packageType = PRVMGR_PACKAGE_TYPE_CORE;
+ break;
+ case SM_PKG_TYPE_METADATA:
+ m_packageType = PRVMGR_PACKAGE_TYPE_METADATA;
+ break;
+ default:
+ ThrowMsg(Exception::UnknownError,
+ "Error in PrivilegeInfo::PrivilegeInfo(), invalid pkg_type" << pkg_type);
+ }
+
+ switch(pkg_privilege_level) {
+ case SM_PKG_PRIVILEGE_LEVEL_NONE:
+ m_privilegeLevel = PRVMGR_PACKAGE_VISIBILITY_NONE;
+ break;
+ case SM_PKG_PRIVILEGE_LEVEL_PUBLIC:
+ m_privilegeLevel = PRVMGR_PACKAGE_VISIBILITY_PUBLIC;
+ break;
+ case SM_PKG_PRIVILEGE_LEVEL_PARTNER:
+ m_privilegeLevel = PRVMGR_PACKAGE_VISIBILITY_PARTNER;
+ break;
+ case SM_PKG_PRIVILEGE_LEVEL_PLATFORM:
+ m_privilegeLevel = PRVMGR_PACKAGE_VISIBILITY_PLATFORM;
+ break;
+ default:
+ ThrowMsg(Exception::UnknownError,
+ "Error in PrivilegeInfo::PrivilegeInfo(), invalid pkg_privilege_level" << pkg_privilege_level);
+ }
+
try {
SmackLabels::generateAppPkgNameFromLabel(label, m_appId, m_pkgId);
} catch(const SmackException::InvalidLabel&) {
bool PrivilegeInfo::hasAttribute(PrivilegeAttr attr)
{
privilege_manager_privilege_type_e type;
- int ret = privilege_info_get_privilege_type(m_uid, m_pkgId.c_str(), m_privilege.c_str(), &type);
+ int ret = privilege_info_get_privilege_type(m_uid, m_pkgId.c_str(),
+ m_packageType, m_privilegeLevel, m_privilege.c_str(), &type);
if (ret != PRVMGR_ERR_NONE)
ThrowMsg(Exception::UnknownError, "Error while getting privilege type " << ret);
Smack::Label oldAppLabel = SmackLabels::generateProcessLabel(
app.appName, req.pkgName, ih.isOldPkgHybrid);
- m_cynaraAdmin.updateAppPolicy(oldAppLabel, appLabel, global, req.uid, privileges);
+ m_cynaraAdmin.updateAppPolicy(oldAppLabel, appLabel, global,
+ req.uid, req.pkgType, req.privLevel, privileges);
m_cynaraAdmin.updateAppDefinedPolicy(global, req.uid,
ih.oldAppDefinedPrivileges, app.appDefinedPrivileges);
}
// policy for entire package, as all apps in non-hybrid package have
// the same Smack label.
// This bug exists in security-manager since version 1.2.1 (Sep 2016).
- m_cynaraAdmin.updateAppPolicy(processLabel, global, req.uid, std::vector<std::string>(), true);
+ m_cynaraAdmin.updateAppPolicy(processLabel, global,
+ req.uid, req.pkgType, req.privLevel, std::vector<std::string>(), true);
m_cynaraAdmin.updateAppDefinedPolicy(global, req.uid,
ui.oldAppDefinedPrivileges, AppDefinedPrivilegesVector());
}
/*
- * Copyright (c) 2000 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
*/
int security_manager_app_inst_req_set_target_version(app_inst_req *p_req, const char *tizen_ver);
+/**
+ * This function is used to set package privilege level. If not set in the installation request,
+ * defaults to SM_PKG_PRIVILEGE_LEVEL_NONE (value will be checked in package manager in such case).
+ *
+ * This API can be called only once for installation request
+ * (like security_manager_app_inst_req_set_pkg_id).
+ *
+ * \param[in] p_req Pointer handling app_inst_req structure
+ * \param[in] privilege_level Package privilege level
+ * \return API return code or error code
+ */
+int security_manager_app_inst_req_set_pkg_privilege_level(app_inst_req *p_req,
+ pkg_privilege_level privilege_level);
+
+/**
+ * This function is used to set package type. If not set in the installation request,
+ * defaults to SM_PKG_TYPE_NONE (value will be checked in package manager in such case).
+ *
+ * This API can be called only once for installation request
+ * (like security_manager_app_inst_req_set_pkg_id).
+ *
+ * \param[in] p_req Pointer handling app_inst_req structure
+ * \param[in] privilege_level Package type
+ * \return API return code or error code
+ */
+int security_manager_app_inst_req_set_pkg_type(app_inst_req *p_req, pkg_type pkg_type);
+
/**
* This function is used to set up application identifier in app_inst_req structure
*
/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
};
typedef enum app_install_type app_install_type;
+/**
+ * This enum is used to set the level of trust for privileges
+ * that can be requested by the application in its manifest in given package.
+ * This information is used by underlying privilege-checker
+ * database module.
+ */
+enum pkg_privilege_level {
+ SM_PKG_PRIVILEGE_LEVEL_NONE = 0,
+ SM_PKG_PRIVILEGE_LEVEL_PUBLIC,
+ SM_PKG_PRIVILEGE_LEVEL_PARTNER,
+ SM_PKG_PRIVILEGE_LEVEL_PLATFORM
+};
+typedef enum pkg_privilege_level pkg_privilege_level;
+
+/**
+ * This enum defines the package type as recognized
+ * by underlying privilege-checker database module.
+ */
+ enum pkg_type {
+ SM_PKG_TYPE_NONE = 0,
+ SM_PKG_TYPE_WRT,
+ SM_PKG_TYPE_CORE,
+ SM_PKG_TYPE_METADATA
+ };
+typedef enum pkg_type pkg_type;
+
/**
* This enum has values equivalent to gumd user type.
* The gum-utils help states that
projects / platform / core / security / security-manager.git / commitdiff