int privilege_db_manager_get_black_list(privilege_manager_policy_type_e policy_type, int uid, privilege_manager_package_type_e package_type, GList** privilege_list);
/**
- * @brief Set blacklist privileges for the given policy type, uid, and package type.
- * @param [in] policy_type The policy type indicates which blacklist to get(PRVMGR_POLICY_TYPE_PREVENT for dpm blacklist and PRVMGR_POLICY_TYPE_DISABLE for mdm blacklist).
+ * @brief Set DPM blacklist privileges for the given uid and package type.
* @param [in] uid The uid
* @param [in] package_type The package type
* @param [in] privilege_list The privilege list.
* @retval #PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL Write could not complete due to the disk is full.
* @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed.
*/
-int privilege_db_manager_set_black_list(privilege_manager_policy_type_e policy_type, int uid, privilege_manager_package_type_e pacakge_type, GList *privilege_list);
+int privilege_db_manager_set_black_list(int uid, privilege_manager_package_type_e pacakge_type, GList *privilege_list);
/**
- * @brief Remove the given privileges from blacklist of the given policy type, uid, and package type.
- * @param [in] policy_type The policy type indicates which blacklist to get(PRVMGR_POLICY_TYPE_PREVENT for dpm blacklist and PRVMGR_POLICY_TYPE_DISABLE for mdm blacklist).
+ * @brief Remove the given privileges from DPM blacklist of the given uid and package type.
* @param [in] uid The uid
* @param [in] package_type The package type
* @param [in] privilege_list The privilege list.
* @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed.
* @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed.
*/
-int privilege_db_manager_unset_black_list(privilege_manager_policy_type_e policy_type, int uid, privilege_manager_package_type_e package_type, GList *privilege_list);
+int privilege_db_manager_unset_black_list(int uid, privilege_manager_package_type_e package_type, GList *privilege_list);
/**
- * @brief Get the number of blacklisted privileges in the give privilege list
+ * @brief Get the number of DPM blacklisted privileges in the give privilege list
* @remarks @a privilege_list must be released by you.
* @param [in] uid The uid
* @param [in] package_type The package type of the given privilege list
*/
EXPORT_API int privilege_manager_unset_black_list(int uid, privilege_manager_package_type_e package_type, GList* privilege_list);
-/**
- * @brief set mdm privilege black list accoring to the given uid and privilege list
- * @remarks @a privilege_list must be released by you
- * @param [in] uid The uid
- * @param [in] privilege_list The privilege list to set as black list
- * @retrun 0 on success, otherwise a nonzero error value
- * @retval #PRVMGR_ERR_NONE Successful
- * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
- * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
- */
-EXPORT_API int privilege_manager_set_mdm_black_list(uid_t uid, GList* privilege_list);
-
-/**
- * @brief unset mdm privilege black list accoring to the given uid and privilege list
- * @remarks @a privilege_list must be released by you
- * @param [in] uid The uid
- * @param [in] privilege_list The privilege list to unset from black list
- * @retrun 0 on success, otherwise a nonzero error value
- * @retval #PRVMGR_ERR_NONE Successful
- * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
- * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
- */
-EXPORT_API int privilege_manager_unset_mdm_black_list(uid_t uid, GList* privilege_list);
-
/**
* @brief verify metadata level in the metadata list.
* @remarks @a metadata_list must be released with free() by you.
return PRIVILEGE_DB_MANAGER_ERR_NONE;
}
-int privilege_db_manager_set_black_list(privilege_manager_policy_type_e policy_type, int uid, privilege_manager_package_type_e package_type, GList *privilege_list)
+int privilege_db_manager_set_black_list(int uid, privilege_manager_package_type_e package_type, GList *privilege_list)
{
sqlite3 *db = NULL;
sqlite3_stmt *stmt = NULL;
GList *l = NULL;
for (l = privilege_list; l != NULL; l = l->next) {
char *privilege_name = (char *)l->data;
- char* sql = NULL;
- if (policy_type == PRVMGR_POLICY_TYPE_DISABLE)
- sql = sqlite3_mprintf("insert or ignore into %Q (uid, privilege_name) values (%d, %Q)", __get_policy_table(policy_type), uid, privilege_name);
- else if (policy_type == PRVMGR_POLICY_TYPE_PREVENT)
- sql = sqlite3_mprintf("insert or ignore into %Q (uid, package_type, privilege_name) values (%d, %d, %Q)", __get_policy_table(policy_type), uid, package_type, privilege_name);
+ char* sql = sqlite3_mprintf("insert or ignore into prevent_list (uid, package_type, privilege_name) values (%d, %d, %Q)", uid, package_type, privilege_name);
TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
return PRIVILEGE_DB_MANAGER_ERR_NONE;
}
-int privilege_db_manager_unset_black_list(privilege_manager_policy_type_e policy_type, int uid, privilege_manager_package_type_e package_type, GList *privilege_list)
+int privilege_db_manager_unset_black_list(int uid, privilege_manager_package_type_e package_type, GList *privilege_list)
{
sqlite3 *db = NULL;
sqlite3_stmt *stmt = NULL;
GList *l = NULL;
for (l = privilege_list; l != NULL; l = l->next) {
char *privilege_name = (char *)l->data;
- char* sql = NULL;
- if (policy_type == PRVMGR_POLICY_TYPE_DISABLE)
- sql = sqlite3_mprintf("delete from %Q where uid=%d and privilege_name=%Q", __get_policy_table(policy_type), uid, privilege_name);
- else if (policy_type == PRVMGR_POLICY_TYPE_PREVENT)
- sql = sqlite3_mprintf("delete from %Q where uid=%d and package_type=%d and privilege_name=%Q", __get_policy_table(policy_type), uid, package_type, privilege_name);
+ char* sql = sqlite3_mprintf("delete from prevent_list where uid=%d and package_type=%d and privilege_name=%Q", uid, package_type, privilege_name);
TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db));
{
TryReturn(privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privilege_list is NULL.");
TryReturn(package_type == PRVMGR_PACKAGE_TYPE_WRT || package_type == PRVMGR_PACKAGE_TYPE_CORE, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] Invalid package_type = %d.", package_type);
- int ret = privilege_db_manager_set_black_list(PRVMGR_POLICY_TYPE_PREVENT, uid, package_type, privilege_list);
+ int ret = privilege_db_manager_set_black_list(uid, package_type, privilege_list);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
ret = PRVMGR_ERR_INTERNAL_ERROR;
return ret;
{
TryReturn(privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privilege_list is NULL.");
TryReturn(package_type == PRVMGR_PACKAGE_TYPE_WRT || package_type == PRVMGR_PACKAGE_TYPE_CORE, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] Invalid package_type = %d.", package_type);
- int ret = privilege_db_manager_unset_black_list(PRVMGR_POLICY_TYPE_PREVENT, uid, package_type, privilege_list);
- if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
- ret = PRVMGR_ERR_INTERNAL_ERROR;
- return ret;
-}
-
-int privilege_manager_set_mdm_black_list(uid_t uid, GList *privilege_list)
-{
- TryReturn(privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privilege_list is NULL.");
-
- int ret = privilege_db_manager_set_black_list(PRVMGR_POLICY_TYPE_DISABLE, uid, PRVMGR_PACKAGE_TYPE_NONE, privilege_list);
- if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
- ret = PRVMGR_ERR_INTERNAL_ERROR;
- return ret;
-}
-
-int privilege_manager_unset_mdm_black_list(uid_t uid, GList *privilege_list)
-{
- TryReturn(privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privilege_list is NULL.");
-
- int ret = privilege_db_manager_unset_black_list(PRVMGR_POLICY_TYPE_DISABLE, uid, PRVMGR_PACKAGE_TYPE_NONE, privilege_list);
+ int ret = privilege_db_manager_unset_black_list(uid, package_type, privilege_list);
if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
ret = PRVMGR_ERR_INTERNAL_ERROR;
return ret;
int ret = 0;
__color_to_bold_yellow();
- printf("\nTest black list set/unset/get\n\n");
+ printf("\nTest black list get\n\n");
__color_to_origin();
- __tcinfo(goal, "uid = 0, Get wrt black list");
+ __tcinfo(goal, "uid = 0, Get mdm black list - empty");
ret = privilege_info_get_mdm_black_list(0, &black_list);
__tcinfo(expect, PRVMGR_ERR_NONE);
__print_result('m', ret);
__print_line();
gfree(black_list);
- __tcinfo(goal, "uid = 0, Add privileges");
- __privinfo("http://tizen.org/privilege/aaa", NULL, NULL);
- __privinfo("http://tizen.org/privilege/bbb", NULL, NULL);
- __privinfo("http://tizen.org/privilege/ccc", NULL, NULL);
- __tcinfo(expect, PRVMGR_ERR_NONE);
- ret = privilege_manager_set_mdm_black_list(0, privilege_list);
- __print_result('m', ret);
+ printf("Set http://tizen.org/privilege/aaa to mdm blacklist for uid 0\n");
+ ret = system("/usr/bin/sqlite3 /opt/dbspace/.policy.db \"insert into disable_list values(0, 'http://tizen.org/privilege/aaa')\"");
+ if (ret != 0)
+ printf_red("system() failed!");
__print_line();
- gfree(privilege_list);
__tcinfo(goal, "uid = 0, Get mdm black list");
- __tcinfo(expect, PRVMGR_ERR_NONE);
ret = privilege_info_get_mdm_black_list(0, &black_list);
- __print_result('m', ret);
- __print_privilege_list(black_list);
- __print_line();
- gfree(black_list);
- black_list = NULL;
-
- __tcinfo(goal, "uid = 0, Add privileges -- Add duplicated privileges");
- __privinfo("http://tizen.org/privilege/bbb", NULL, NULL);
- __privinfo("http://tizen.org/privilege/cccc", NULL, NULL);
- __privinfo("http://tizen.org/privilege/ddd", NULL, NULL);
- __privinfo("http://tizen.org/privilege/eee", NULL, NULL);
- __tcinfo(expect, PRVMGR_ERR_NONE);
- ret = privilege_manager_set_mdm_black_list(0, privilege_list);
- __print_result('m', ret);
- __print_line();
- gfree(privilege_list);
-
- __tcinfo(goal, "uid = 0, Get mdm black list");
__tcinfo(expect, PRVMGR_ERR_NONE);
- ret = privilege_info_get_mdm_black_list(0, &black_list);
__print_result('m', ret);
__print_privilege_list(black_list);
__print_line();
gfree(black_list);
- black_list = NULL;
-
- __tcinfo(goal, "uid = 0, Remove wrt privileges");
- __privinfo("http://tizen.org/privilege/cccc", NULL, NULL);
- __privinfo("http://tizen.org/privilege/ddd", NULL, NULL);
- __privinfo("http://tizen.org/privilege/eee", NULL, NULL);
- __tcinfo(expect, PRVMGR_ERR_NONE);
- ret = privilege_manager_unset_mdm_black_list(0, privilege_list);
- __print_result('m', ret);
- __print_line();
- gfree(privilege_list);
- __tcinfo(goal, "uid = 0, Get mdm black list");
- __tcinfo(expect, PRVMGR_ERR_NONE);
- ret = privilege_info_get_mdm_black_list(0, &black_list);
- __print_result('m', ret);
- __print_privilege_list(black_list);
- __print_line();
+ printf("Unset mdm blacklist for uid 0\n");
+ ret = system("/usr/bin/sqlite3 /opt/dbspace/.policy.db \"delete from disable_list where uid=0 and privilege_name='http://tizen.org/privilege/aaa'\"");
+ if (ret != 0)
+ printf_red("system() failed!");
- __tcinfo(goal, "uid = 0, Remove all mdm black list");
- __tcinfo(expect, PRVMGR_ERR_NONE);
- ret = privilege_manager_unset_mdm_black_list(0, black_list);
- __print_result('m', ret);
- __print_line();
- gfree(black_list);
- black_list = NULL;
-
- __tcinfo(goal, "uid = 0, Get mdm black list");
- __tcinfo(expect, PRVMGR_ERR_NONE);
- ret = privilege_info_get_mdm_black_list(0, &black_list);
- __print_result('m', ret);
- __print_privilege_list(black_list);
- __print_line();
- gfree(black_list);
}
void __test_mdm_black_list_type()
privilege_manager_privilege_type_e type;
__print_line();
- __tcinfo(goal, "uid = 0, Add mdm black list privileges");
- __privinfo("http://tizen.org/privilege/aaa", NULL, NULL);
- __privinfo("http://tizen.org/privilege/ccc", NULL, NULL);
- __tcinfo(expect, PRVMGR_ERR_NONE);
- ret = privilege_manager_set_mdm_black_list(0, privilege_list);
- __print_result('m', ret);
- __print_line();
+ __tcinfo(goal, "uid = 0, Add http://tizen.org/privilege/aaa to mdm black list");
+ __tcinfo(goal, "set mdm blacklist for uid 0");
+ ret = system("/usr/bin/sqlite3 /opt/dbspace/.policy.db \"insert into disable_list values(0, 'http://tizen.org/privilege/aaa')\"");
+ if (ret != 0)
+ printf_red("system() failed!");
__tcinfo(goal, "Is disabled privilege");
printf("uid = 0, privilege = http://tizen.org/privilege/aaa\n");
}
__print_line();
- __tcinfo(goal, "uid = 0, Remove all mdm black list privileges");
- __privinfo("http://tizen.org/privilege/aaa", NULL, NULL);
- __privinfo("http://tizen.org/privilege/ccc", NULL, NULL);
- __tcinfo(expect, PRVMGR_ERR_NONE);
- ret = privilege_manager_unset_mdm_black_list(0, privilege_list);
- __print_result('m', ret);
- __print_line();
+ __tcinfo(goal, "unset mdm blacklist for uid 0");
+ ret = system("/usr/bin/sqlite3 /opt/dbspace/.policy.db \"delete from disable_list where uid=0 and privilege_name='http://tizen.org/privilege/aaa'\"");
+ if (ret != 0)
+ printf_red("system() failed!");
- gfree(privilege_list);
}
int main()
__tcinfo(function, "privilege_manager_verify_privilege");
__test_dpm_black_list_verify_privilege();
- __tcinfo(function, "privilege_manager_set_mdm_black_list");
- __tcinfo(function, "privilege_manager_unset_mdm_black_list");
__tcinfo(function, "privilege_info_get_mdm_black_list");
__test_mdm_black_list_set_unset();
printf("uid = 0\n");
printf("pkgid = org.tizen.testtest\n");
printf("privilege = http://tizen.org/privilege/yyyyy\n");
- printf("set mdm black list for above condition\n");
- gfree(privilege_list);
__print_line();
- __privinfo("http://tizen.org/privilege/yyyyy", NULL, NULL);
- __tcinfo(expect, PRVMGR_ERR_NONE);
- ret = privilege_manager_set_mdm_black_list(0, privilege_list);
- __print_result('m', ret);
+ printf("set mdm black list for above condition\n");
+ ret = system("/usr/bin/sqlite3 /opt/dbspace/.policy.db \"insert into disable_list values (0, 'http://tizen.org/privilege/yyyyy')\"");
+ if (ret != 0)
+ printf_red("system() failed!");
+
__print_line();
printf("check privilege type\n");
ret = privilege_info_get_privilege_type(0, "org.tizen.testtest", "http://tizen.org/privilege/yyyyy", &type);
}
__print_line();
printf("unset mdm black list for above condition\n");
- __tcinfo(expect, PRVMGR_ERR_NONE);
- ret = privilege_manager_unset_mdm_black_list(0, privilege_list);
- __print_result('m', ret);
- gfree(privilege_list);
+ ret = system("/usr/bin/sqlite3 /opt/dbspace/.policy.db \"delete from disable_list where uid=0 and privilege_name='http://tizen.org/privilege/yyyyy'\"");
+ if (ret != 0)
+ printf_red("system() failed!");
type = PRIVILEGE_MANAGER_PRIVILEGE_TYPE_MAX;
projects / platform / core / security / privilege-checker.git / commitdiff