--- /dev/null
+CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
+
+SET (this_target osp-security-service)
+SET (APPID q7097a278m)
+
+SET(CMAKE_EXECUTABLE_SUFFIX ".exe")
+SET(EXECUTABLE_OUTPUT_PATH "${CMAKE_CURRENT_SOURCE_DIR}/output")
+
+INCLUDE_DIRECTORIES (
+ /usr/include/glib-2.0
+ /usr/lib/glib-2.0/include
+ /usr/include/osp
+ /usr/include/osp/app
+ /usr/include/osp/base
+ /usr/include/osp/io
+ /usr/include/chromium
+ /usr/include/osp/security
+ inc
+ )
+
+SET (${this_target}_SOURCE_FILES
+ src/SecurityService.cpp
+ src/SecurityServiceEntry.cpp
+ src/SecurityServiceMessage.cpp
+## PrivilegeService
+ src/PrivilegeService.cpp
+## CertificateService
+ src/CertificateService.cpp
+ )
+
+## SET EXTRA COMPILER FLAGS
+SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -pthread -g3 -fPIE" )
+
+## SET C COMPILER FLAGS
+SET(CMAKE_C_FLAGS "${OSP_DEBUG_FLAGS} ${OSP_OPT_FLAGS} ${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} ${OSP_COMPILER_FLAGS}")
+
+## SET CPP COMPILER FLAGS
+SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fvisibility=hidden")
+SET(CMAKE_CXX_FLAGS "${OSP_DEBUG_FLAGS} ${OSP_OPT_FLAGS} ${CMAKE_CXX_FLAGS} ${EXTRA_CFLAGS} ${OSP_COMPILER_FLAGS}")
+
+## Create Library
+ADD_EXECUTABLE (${this_target} ${${this_target}_SOURCE_FILES})
+
+TARGET_LINK_LIBRARIES(${this_target} -Xlinker --no-undefined -Xlinker --as-needed -pie)
+TARGET_LINK_LIBRARIES(${this_target} -Xlinker --version-script=${CMAKE_CURRENT_SOURCE_DIR}/system-service-export.ver)
+TARGET_LINK_LIBRARIES(${this_target} -L/usr/lib/osp -losp-appfw -lchromium)
+
+## Cory additional info
+INSTALL(TARGETS ${this_target} DESTINATION ../usr/apps/${APPID}/bin)
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/manifest.xml DESTINATION ../usr/apps/${APPID}/info)
+
--- /dev/null
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
--- /dev/null
+Copyright (c) 2012-2013 Samsung Electronics Co., Ltd. All rights reserved.
+Except as noted, this software is licensed under Apache License, Version 2.
+Please, see the LICENSE.APLv2 file for Apache License terms and conditions.
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2012-2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file OspCerMgrServiceD.h
+ * @brief This is the header file of the Certificate Manger daemon.
+ */
+
+#ifndef _CERTMGR_SERVICE_H_
+#define _CERTMGR_SERVICE_H_
+
+#include <FApp.h>
+#include <FIo.h>
+#include <FIoIFileEventListener.h>
+#include <FIoFileEventManager.h>
+
+namespace Tizen { namespace Security { namespace Cert
+{
+
+class _CertServiceStub;
+
+} } }
+
+//opt/share/cert-svc/certs/
+class FileEventListenerCerts
+ : public Tizen::Io::IFileEventListener
+{
+public:
+ virtual void OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId);
+};
+
+//opt/share/cert-svc/certs/sim/
+class FileEventListenerCertsSim
+ : public Tizen::Io::IFileEventListener
+{
+public:
+ virtual void OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId);
+};
+
+//opt/share/cert-svc/certs/sim/operator/
+class FileEventListenerCertsSimOperator
+ : public Tizen::Io::IFileEventListener
+{
+public:
+ virtual void OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId);
+};
+
+//opt/share/cert-svc/certs/sim/thirdparty/
+class FileEventListenerCertsSimThirdparty
+ : public Tizen::Io::IFileEventListener
+{
+public:
+ virtual void OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId);
+};
+
+//opt/share/cert-svc/certs/ssl/
+class FileEventListenerCertsSsl
+ : public Tizen::Io::IFileEventListener
+{
+public:
+ virtual void OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId);
+};
+
+//usr/share/cert-svc/ca-certs/
+class FileEventListenerUsrCaCerts
+ : public Tizen::Io::IFileEventListener
+{
+public:
+ virtual void OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId);
+};
+
+/**
+ * [CertificateService] Manages Certificate privilege API calls
+ */
+class CertificateService
+{
+public:
+ CertificateService();
+ ~CertificateService();
+ result Construct(void);
+
+private:
+ Tizen::Security::Cert::_CertServiceStub* __pCertMgrServer;
+ Tizen::Io::FileEventManager __fileEventManagerCerts;
+ Tizen::Io::FileEventManager __fileEventManagerCertsSim;
+ Tizen::Io::FileEventManager __fileEventManagerCertsSimOperator;
+ Tizen::Io::FileEventManager __fileEventManagerCertsSimThirdparty;
+ Tizen::Io::FileEventManager __fileEventManagerCertsSsl;
+ Tizen::Io::FileEventManager __fileEventManagerUsrCaCerts;
+ Tizen::Io::FileEventManager __fileEventManagerUsrCaCertsSsl;
+
+ FileEventListenerCerts* __pFileEventListenerCerts;
+ FileEventListenerCertsSim* __pFileEventListenerCertsSim;
+ FileEventListenerCertsSimOperator* __pFileEventListenerCertsSimOperator;
+ FileEventListenerCertsSimThirdparty* __pFileEventListenerCertsSimThirdparty;
+ FileEventListenerCertsSsl* __pFileEventListenerCertsSsl;
+ FileEventListenerUsrCaCerts* __pFileEventListenerUsrCaCerts;
+};
+
+#endif // _CERTMGR_SERVICE_H_
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2012-2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file PrivilegeService.h
+ * @brief This is the header file of the Privilege Manger daemon.
+ */
+
+#ifndef _PRIVILEGE_SERVICE_H_
+#define _PRIVILEGE_SERVICE_H_
+
+#include <FIo_IIpcServerEventListener.h>
+
+namespace Tizen { namespace Io
+{
+ class _IpcServer;
+}}
+
+namespace IPC
+{
+ class Message;
+}
+
+namespace Tizen { namespace Base
+{
+ class String;
+}}
+
+class _OSP_EXPORT_ PrivilegeService
+ : public Tizen::Io::_IIpcServerEventListener
+{
+
+public:
+ PrivilegeService(void);
+ ~PrivilegeService(void);
+ result Construct(void);
+
+public:
+
+ virtual void OnIpcServerStarted(const Tizen::Io::_IpcServer& server);
+ virtual void OnIpcServerStopped(const Tizen::Io::_IpcServer& server);
+ virtual void OnIpcClientConnected(const Tizen::Io::_IpcServer& server, int clientId);
+ virtual void OnIpcClientDisconnected(const Tizen::Io::_IpcServer& server, int clientId);
+ virtual void OnIpcRequestReceived(Tizen::Io::_IpcServer& server, const IPC::Message& message);
+
+ bool RetrievePrivilege(Tizen::Base::String* pEncryptedBitwise, Tizen::Base::String* pHmac, result* pRes);
+ bool RetrieveVisibility(Tizen::Base::String* pEncryptedVisibility, Tizen::Base::String* pHmac, result* pRes);
+
+ result GenerateVisibilityString(Tizen::App::AppId appId, Tizen::Base::String* pEncryptedVisibility, Tizen::Base::String* pHmac);
+ result GetEncryptedVisibility(int visibility, Tizen::Base::String& encryptedVisibility);
+ result GetChecksum(Tizen::App::AppId appId, int visibility, Tizen::Base::String& checksum);
+
+private:
+ Tizen::Io::_IpcServer* __pIpcServer;
+}; // PrivilegeService
+
+#endif // _PRIVILEGE_SERVICE_H_
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2012-2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file SecurityService.h
+ * @brief This is the header file of the Security service.
+ */
+
+#ifndef _SECURITY_SERVICE_H_
+#define _SECURITY_SERVICE_H_
+
+#include <FAppServiceApp.h>
+
+namespace Tizen { namespace App
+{
+ class AppRegistry;
+}}
+
+namespace Tizen { namespace Base { namespace Collection
+{
+ class IList;
+}}}
+
+class PrivilegeService;
+class CertificateService;
+
+class _OSP_EXPORT_ SecurityService
+ : public Tizen::App::Service
+{
+public:
+ static Tizen::App::Service* CreateInstance(void);
+
+public:
+ SecurityService(void);
+ ~SecurityService(void);
+
+public:
+ bool OnAppInitializing(Tizen::App::AppRegistry& appRegistry);
+ bool OnAppTerminating(Tizen::App::AppRegistry& appRegistry, bool forcedTermination = false);
+ void OnLowMemory(void);
+ void OnBatteryLevelChanged(Tizen::System::BatteryLevel batteryLevel);
+ void OnUserEventReceivedN(RequestId requestId, Tizen::Base::Collection::IList *pArgs);
+
+private:
+ PrivilegeService* __pPrivilegeService;
+ CertificateService* __pCertificateService;
+
+}; // SecurityService
+
+#endif // _SECURITY_SERVICE_H_
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Manifest xmlns="http://schemas.tizen.org/2012/06/manifest">
+ <Id>q7097a278m</Id>
+ <Version>1.0.0</Version>
+ <Type>C++App</Type>
+ <Vendors>
+ <Vendor Locale="eng-GB">Samsung Electronics</Vendor>
+ <Vendor Locale="kor-KR">삼성전자</Vendor>
+ </Vendors>
+ <Descriptions>
+ <Description Locale="eng-US">Security service.</Description>
+ </Descriptions>
+ <Apps>
+ <Secret>AA43CFC79D2AF5A3F7064553C8BF2B2F</Secret>
+ <Privileges/>
+ <ApiVersion>2.1</ApiVersion>
+ <ServiceApp ExecutableName="osp-security-service" Default="True" AutoRestart="True">
+ <Names>
+ <Name Locale="eng-GB">osp-security-service</Name>
+ </Names>
+ <Icons/>
+ <AppControls/>
+ <LaunchConditions/>
+ <Notifications/>
+ </ServiceApp>
+ </Apps>
+</Manifest>
--- /dev/null
+<manifest>
+ <define>
+ <domain name="osp-security-service"/>
+ </define>
+ <request>
+ <domain name="osp-security-service"/>
+ </request>
+ <assign>
+ <filesystem path="/usr/apps/q7097a278m/bin/osp-security-service.exe" label="osp-security-service" exec_label="osp-security-service"/>
+ <filesystem path="/usr/share/license/osp-security-service" label="_"/>
+ </assign>
+</manifest>
\ No newline at end of file
--- /dev/null
+Name: osp-security-service
+Summary: osp security service
+Version: 1.2.0.0
+Release: 2
+Group: TO_BE/FILLED_IN
+License: TO_BE/FILLED_IN
+Source0: %{name}-%{version}.tar.gz
+BuildRequires: cmake
+BuildRequires: pkgconfig(chromium)
+BuildRequires: pkgconfig(capi-system-media-key)
+BuildRequires: pkgconfig(capi-network-bluetooth)
+BuildRequires: pkgconfig(pkgmgr)
+BuildRequires: pkgconfig(glib-2.0)
+BuildRequires: pkgconfig(osp-appfw)
+BuildRequires: osp-appfw-internal-devel
+
+# runtime requires
+Requires: osp-appfw
+Requires: osp-installer
+Requires: osp-app-service
+Requires: osp-channel-service
+
+%description
+osp security service
+
+%prep
+%setup -q
+
+%build
+MAJORVER=`echo %{version} | awk 'BEGIN {FS="."}{print $1}'`
+%ifarch %{ix86}
+CXXFLAGS="$CXXFLAGS -D_OSP_DEBUG_ -D_OSP_X86_ -D_OSP_EMUL_" cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix}
+%else
+CXXFLAGS="-O2 -g -pipe -Wall -fno-exceptions -Wformat -Wformat-security -Wl,--as-needed -fmessage-length=0 -march=armv7-a -mtune=cortex-a8 -mlittle-endian -mfpu=neon -mfloat-abi=softfp -D__SOFTFP__ -mthumb -Wa,-mimplicit-it=thumb -funwind-tables -D_OSP_DEBUG_ -D_OSP_ARMEL_" cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix}
+%endif
+
+# Call make instruction with smp support
+make %{?jobs:-j%jobs}
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}/usr/share/license
+cp %{_builddir}/%{name}-%{version}/LICENSE.APLv2 %{buildroot}/usr/share/license/%{name}
+
+%make_install
+
+%post
+
+/bin/rm -fr /opt/apps/q7097a278m
+
+/usr/etc/package-manager/backend/tpk -i /usr/apps/q7097a278m
+cp -f %{_libdir}/osp/osp-system-service-loader /usr/apps/q7097a278m/bin/osp-security-service
+if [ -f /usr/lib/rpm-plugins/msm.so ]
+then
+ chsmack -a osp-security-service /usr/apps/q7097a278m/bin/osp-security-service
+ chsmack -e osp-security-service /usr/apps/q7097a278m/bin/osp-security-service
+fi
+
+#%postun -p /sbin/ldconfig
+
+%files
+%manifest osp-security-service.manifest
+/usr/share/license/%{name}
+/usr/apps/*
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2012-2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied..
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file CertificateService.cpp
+ * @brief This is the implementation file for CertificateService class.
+ */
+
+#include <new>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <error.h>
+#include <memory.h>
+#include <malloc.h>
+#include <unique_ptr.h>
+#include <sys/stat.h>
+#include <assert.h>
+#include <FOspConfig.h>
+#include <FBaseString.h>
+#include <FBaseByteBuffer.h>
+#include <FBaseResult.h>
+#include <FBaseSysLog.h>
+#include <FBaseRt_EventDispatcher.h>
+#include <FIo_IpcServer.h>
+#include <FSecCert_CertServiceStub.h>
+#include <FSecCert_CertService.h>
+#include <FIo_DirectoryImpl.h>
+
+#include "CertificateService.h"
+
+using namespace Tizen::App;
+using namespace Tizen::Base;
+using namespace Tizen::System;
+using namespace Tizen::Io;
+using namespace Tizen::Security::Cert;
+
+const String __CERT_MGR_DIR_CERTS__(L"/opt/share/cert-svc/certs/");
+const String __CERT_MGR_DIR_CERTS_SIM__(L"/opt/share/cert-svc/certs/sim/");
+const String __CERT_MGR_DIR_CERTS_SIM_OPERATOR__(L"/opt/share/cert-svc/certs/sim/operator/");
+const String __CERT_MGR_DIR_CERTS_SIM_THIRDPARTY__(L"/opt/share/cert-svc/certs/sim/thirdparty/");
+const String __CERT_MGR_DIR_CERTS_SSL__(L"/opt/share/cert-svc/certs/ssl/");
+const String __CERT_MGR_DIR_CA_CERTS__(L"/usr/share/cert-svc/ca-certs/");
+
+CertificateService::CertificateService()
+ : __pCertMgrServer(null)
+ , __pFileEventListenerCerts(null)
+ , __pFileEventListenerCertsSim(null)
+ , __pFileEventListenerCertsSimOperator(null)
+ , __pFileEventListenerCertsSimThirdparty(null)
+ , __pFileEventListenerCertsSsl(null)
+ , __pFileEventListenerUsrCaCerts(null)
+{
+}
+result
+CertificateService::Construct()
+{
+ result r = E_SUCCESS;
+ String certsDir(__CERT_MGR_DIR_CERTS__);
+ String certsSimDir(__CERT_MGR_DIR_CERTS_SIM__);
+ String certsSimOperatorDir(__CERT_MGR_DIR_CERTS_SIM_OPERATOR__);
+ String certsSimThirdPartyDir(__CERT_MGR_DIR_CERTS_SIM_THIRDPARTY__);
+ String certsSslDir(__CERT_MGR_DIR_CERTS_SSL__);
+ String caCertsDir(__CERT_MGR_DIR_CA_CERTS__);
+
+ __pCertMgrServer = new (std::nothrow) Tizen::Security::Cert::_CertServiceStub();
+ SysTryReturnResult(NID_SEC_CERT, __pCertMgrServer != null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to initialize cert mgr server.");
+
+ r = __pCertMgrServer->Construct();
+ if (IsFailed(r))
+ {
+ delete __pCertMgrServer;
+ __pCertMgrServer = null;
+
+ SysTryReturnResult(NID_SEC_CERT, false, E_SYSTEM, "[E_SYSTEM] Failed constructed certificate manager service.");
+ }
+
+ __pFileEventListenerCerts = new (std::nothrow) FileEventListenerCerts();
+ SysTryCatch(NID_SEC_CERT, __pFileEventListenerCerts != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
+
+ __pFileEventListenerCertsSim = new (std::nothrow) FileEventListenerCertsSim();
+ SysTryCatch(NID_SEC_CERT, __pFileEventListenerCertsSim != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
+
+ __pFileEventListenerCertsSimOperator = new (std::nothrow) FileEventListenerCertsSimOperator();
+ SysTryCatch(NID_SEC_CERT, __pFileEventListenerCertsSimOperator != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
+
+ __pFileEventListenerCertsSimThirdparty = new (std::nothrow) FileEventListenerCertsSimThirdparty();
+ SysTryCatch(NID_SEC_CERT, __pFileEventListenerCertsSimThirdparty != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
+
+ __pFileEventListenerCertsSsl = new (std::nothrow) FileEventListenerCertsSsl();
+ SysTryCatch(NID_SEC_CERT, __pFileEventListenerCertsSsl != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
+
+ __pFileEventListenerUsrCaCerts = new (std::nothrow) FileEventListenerUsrCaCerts();
+ SysTryCatch(NID_SEC_CERT, __pFileEventListenerUsrCaCerts != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
+
+ r = __fileEventManagerCerts.Construct(*__pFileEventListenerCerts);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed constructed file event manager.");
+
+ r = __fileEventManagerCerts.AddPath(certsDir, FILE_EVENT_TYPE_CLOSE_WRITE);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed add path in file event manager.");
+
+ r = __fileEventManagerCertsSim.Construct(*__pFileEventListenerCertsSim);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed constructed file event manager.");
+
+ r = __fileEventManagerCertsSim.AddPath(certsSimDir, FILE_EVENT_TYPE_CLOSE_WRITE);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed add path in file event manager.");
+
+ r = __fileEventManagerCertsSimOperator.Construct(*__pFileEventListenerCertsSimOperator);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed constructed file event manager.");
+
+ r = __fileEventManagerCertsSimOperator.AddPath(certsSimOperatorDir, FILE_EVENT_TYPE_CLOSE_WRITE);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed add path in file event manager.");
+
+ r = __fileEventManagerCertsSimThirdparty.Construct(*__pFileEventListenerCertsSimThirdparty);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed constructed file event manager.");
+
+ r = __fileEventManagerCertsSimThirdparty.AddPath(certsSimThirdPartyDir, FILE_EVENT_TYPE_CLOSE_WRITE);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed add path in file event manager.");
+
+ r = __fileEventManagerCertsSsl.Construct(*__pFileEventListenerCertsSsl);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed constructed file event manager.");
+
+ r = __fileEventManagerCertsSsl.AddPath(certsSslDir, FILE_EVENT_TYPE_CLOSE_WRITE);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed add path in file event manager.");
+
+ r = __fileEventManagerUsrCaCerts.Construct(*__pFileEventListenerUsrCaCerts);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed constructed file event manager.");
+
+ r = __fileEventManagerUsrCaCerts.AddPath(caCertsDir, FILE_EVENT_TYPE_CLOSE_WRITE);
+ SysTryCatch(NID_SEC_CERT, !(IsFailed(r) && r != E_FILE_NOT_FOUND), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed add path in file event manager.");
+
+CATCH:
+ return r;
+}
+CertificateService::~CertificateService()
+{
+ delete __pFileEventListenerCerts;
+ delete __pFileEventListenerCertsSim;
+ delete __pFileEventListenerCertsSimOperator;
+ delete __pFileEventListenerCertsSimThirdparty;
+ delete __pFileEventListenerCertsSsl;
+ delete __pFileEventListenerUsrCaCerts;
+ delete __pCertMgrServer;
+}
+
+
+void
+FileEventListenerCerts::OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId)
+{
+ result r = E_SUCCESS;
+ String fileName(path);
+ String dirPath;
+ FileAttributes attr;
+ File file;
+ long long size;
+ int readCnt;
+ int certBuffLength = 0;
+
+ dirPath.Append(__CERT_MGR_DIR_CERTS__);
+ dirPath.Append(fileName);
+
+ r = file.Construct(dirPath, L"r");
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to construct file.");
+
+ r = File::GetAttributes(dirPath, attr);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to get file attributes.");
+
+ size = attr.GetFileSize();
+
+ std::unique_ptr<byte[]> pCertBuffer(new (std::nothrow) byte[size]);
+ SysTryReturnVoidResult(NID_SEC_CERT, pCertBuffer != null, E_SYSTEM, "[E_SYSTEM] Failed to allocate buffer.");
+
+ readCnt = file.Read(pCertBuffer.get(), size);
+ r = GetLastResult();
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to read file.");
+
+ certBuffLength = static_cast< int >(readCnt);
+ SysTryReturnVoidResult(NID_SEC_CERT, certBuffLength > 0, E_SYSTEM, "[E_SYSTEM] Failed to read file.");
+
+ switch (events)
+ {
+ case FILE_EVENT_TYPE_CLOSE_WRITE:
+ r = _CertService::InsertCaCertificate(_CERT_TYPE_ROOT_CA, _CERT_X509, pCertBuffer.get(), certBuffLength);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to insert root certificate.");
+ break;
+
+ default:
+ break;
+ }
+}
+
+void
+FileEventListenerCertsSim::OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId)
+{
+ result r = E_SUCCESS;
+ String fileName(path);
+ String dirPath;
+ FileAttributes attr;
+ File file;
+ long long size;
+ int readCnt;
+ int certBuffLength = 0;
+
+ dirPath.Append(__CERT_MGR_DIR_CERTS_SIM__);
+ dirPath.Append(fileName);
+
+ r = file.Construct(dirPath, L"r");
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to construct file.");
+
+ r = File::GetAttributes(dirPath, attr);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to get file attributes.");
+
+ size = attr.GetFileSize();
+
+ std::unique_ptr<byte[]> pCertBuffer(new (std::nothrow) byte[size]);
+ SysTryReturnVoidResult(NID_SEC_CERT, pCertBuffer != null, E_SYSTEM, "[E_SYSTEM] Failed to allocate buffer.");
+
+ readCnt = file.Read(pCertBuffer.get(), size);
+ r = GetLastResult();
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to read file.");
+
+ certBuffLength = static_cast< int >(readCnt);
+
+ switch (events)
+ {
+ case FILE_EVENT_TYPE_CLOSE_WRITE:
+ r = _CertService::InsertCaCertificate(_CERT_TYPE_ROOT_CA, _CERT_X509, pCertBuffer.get(), certBuffLength);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to insert root certificate.");
+ break;
+
+ default:
+ break;
+ }
+}
+
+void
+FileEventListenerCertsSimOperator::OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId)
+{
+ result r = E_SUCCESS;
+ String fileName(path);
+ String dirPath;
+ FileAttributes attr;
+ File file;
+ long long size;
+ int readCnt;
+ int certBuffLength = 0;
+
+ dirPath.Append(__CERT_MGR_DIR_CERTS_SIM_OPERATOR__);
+ dirPath.Append(fileName);
+
+ r = file.Construct(dirPath, L"r");
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to construct file.");
+
+ r = File::GetAttributes(dirPath, attr);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to get file attributes.");
+
+ size = attr.GetFileSize();
+
+ std::unique_ptr<byte[]> pCertBuffer(new (std::nothrow) byte[size]);
+ SysTryReturnVoidResult(NID_SEC_CERT, pCertBuffer != null, E_SYSTEM, "[E_SYSTEM] Failed to allocate buffer.");
+
+ readCnt = file.Read(pCertBuffer.get(), size);
+ r = GetLastResult();
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to read file.");
+
+ certBuffLength = static_cast< int >(readCnt);
+
+ switch (events)
+ {
+ case FILE_EVENT_TYPE_CLOSE_WRITE:
+ r = _CertService::InsertCaCertificate(_CERT_TYPE_ROOT_CA, _CERT_X509, pCertBuffer.get(), certBuffLength);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to insert root certificate.");
+ break;
+
+ default:
+ break;
+ }
+}
+
+void
+FileEventListenerCertsSimThirdparty::OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId)
+{
+ result r = E_SUCCESS;
+ String fileName(path);
+ String dirPath;
+ FileAttributes attr;
+ File file;
+ long long size;
+ int readCnt;
+ int certBuffLength = 0;
+
+ dirPath.Append(__CERT_MGR_DIR_CERTS_SIM_THIRDPARTY__);
+ dirPath.Append(fileName);
+
+ r = file.Construct(dirPath, L"r");
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to construct file.");
+
+ r = File::GetAttributes(dirPath, attr);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to get file attributes.");
+
+ size = attr.GetFileSize();
+
+ std::unique_ptr<byte[]> pCertBuffer(new (std::nothrow) byte[size]);
+ SysTryReturnVoidResult(NID_SEC_CERT, pCertBuffer != null, E_SYSTEM, "[E_SYSTEM] Failed to allocate buffer.");
+
+ readCnt = file.Read(pCertBuffer.get(), size);
+ r = GetLastResult();
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to read file.");
+
+ certBuffLength = static_cast< int >(readCnt);
+
+ switch (events)
+ {
+ case FILE_EVENT_TYPE_CLOSE_WRITE:
+ r = _CertService::InsertCaCertificate(_CERT_TYPE_ROOT_CA, _CERT_X509, pCertBuffer.get(), certBuffLength);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to insert root certificate.");
+ break;
+
+ default:
+ break;
+ }
+}
+
+void
+FileEventListenerCertsSsl::OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId)
+{
+ result r = E_SUCCESS;
+ String fileName(path);
+ String dirPath;
+ FileAttributes attr;
+ File file;
+ long long size;
+ int readCnt;
+ int certBuffLength = 0;
+
+ dirPath.Append(__CERT_MGR_DIR_CERTS_SSL__);
+ dirPath.Append(fileName);
+
+ r = file.Construct(dirPath, L"r");
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to construct file.");
+
+ r = File::GetAttributes(dirPath, attr);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to get file attributes.");
+
+ size = attr.GetFileSize();
+
+ std::unique_ptr<byte[]> pCertBuffer(new (std::nothrow) byte[size]);
+ SysTryReturnVoidResult(NID_SEC_CERT, pCertBuffer != null, E_SYSTEM, "[E_SYSTEM] Failed to allocate buffer.");
+
+ readCnt = file.Read(pCertBuffer.get(), size);
+ r = GetLastResult();
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to read file.");
+
+ certBuffLength = static_cast< int >(readCnt);
+
+ switch (events)
+ {
+ case FILE_EVENT_TYPE_CLOSE_WRITE:
+ r = _CertService::InsertCaCertificate(_CERT_TYPE_ROOT_CA, _CERT_X509, pCertBuffer.get(), certBuffLength);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to insert root certificate.");
+ break;
+
+ default:
+ break;
+ }
+}
+
+void
+FileEventListenerUsrCaCerts::OnFileEventOccured(const unsigned long events, const Tizen::Base::String& path, const unsigned int eventId)
+{
+ result r = E_SUCCESS;
+ String fileName(path);
+ String dirPath;
+ FileAttributes attr;
+ File file;
+ long long size;
+ int readCnt;
+ int certBuffLength = 0;
+
+ dirPath.Append(__CERT_MGR_DIR_CA_CERTS__);
+ dirPath.Append(fileName);
+
+ r = file.Construct(dirPath, L"r");
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to construct file.");
+
+ r = File::GetAttributes(dirPath, attr);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to get file attributes.");
+
+ size = attr.GetFileSize();
+
+ std::unique_ptr<byte[]> pCertBuffer(new (std::nothrow) byte[size]);
+ SysTryReturnVoidResult(NID_SEC_CERT, pCertBuffer != null, E_SYSTEM, "[E_SYSTEM] Failed to allocate buffer.");
+
+ readCnt = file.Read(pCertBuffer.get(), size);
+ r = GetLastResult();
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to read file.");
+
+ certBuffLength = static_cast< int >(readCnt);
+
+ switch (events)
+ {
+ case FILE_EVENT_TYPE_CLOSE_WRITE:
+ r = _CertService::InsertCaCertificate(_CERT_TYPE_ROOT_CA, _CERT_X509, pCertBuffer.get(), certBuffLength);
+ SysTryReturnVoidResult(NID_SEC_CERT, !IsFailed(r), E_SYSTEM, "[E_SYSTEM] Failed to insert root certificate.");
+ break;
+
+ default:
+ break;
+ }
+}
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2012-2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file PrivilegeService.cpp
+ * @brief This is the implementation file for PrivilegeService class.
+ */
+
+#include <FIo_IpcServer.h>
+#include <FIo_IIpcServerEventListener.h>
+#include <FIo_IpcCommonDataTypes.h>
+#include <FBaseSysLog.h>
+#include <FSec_PrivilegeManager.h>
+#include <FSec_PrivilegeManagerMessage.h>
+#include <FAppPkg_PackageInfoImpl.h>
+#include <FSecCryptoAesCipher.h>
+#include <FSecCryptoSha1Hmac.h>
+#include <FBase_StringConverter.h>
+#include <FBaseInternalTypes.h>
+#include <FSec_DeviceKeyGenerator.h>
+
+#include "PrivilegeService.h"
+
+using namespace Tizen::Base;
+using namespace Tizen::Base::Runtime;
+using namespace Tizen::System;
+using namespace Tizen::App;
+using namespace Tizen::App::Package;
+using namespace Tizen::Io;
+using namespace Tizen::Base::Collection;
+using namespace Tizen::Security;
+using namespace Tizen::Security::Crypto;
+using namespace Tizen::Base::Utility;
+
+PrivilegeService::PrivilegeService(void)
+ : __pIpcServer(null)
+{
+
+}
+
+PrivilegeService::~PrivilegeService(void)
+{
+ SysLog(NID_SEC, "Enter.");
+
+ delete __pIpcServer;
+
+ SysLog(NID_SEC, "Exit.");
+}
+
+
+result
+PrivilegeService::Construct(void)
+{
+ result r = E_SUCCESS;
+
+ SysLog(NID_SEC, "Enter.");
+ __pIpcServer = new (std::nothrow) _IpcServer();
+ SysTryReturn(NID_SEC, __pIpcServer != null, false, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");
+
+ r = __pIpcServer->Construct("osp.security.ipcserver.privilegemanager", *this);
+ SysTryReturn(NID_SEC, r == E_SUCCESS, false, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ SysLog(NID_SEC, "Exit.");
+ return r;
+}
+
+void
+PrivilegeService::OnIpcServerStarted(const _IpcServer& server)
+{
+
+}
+
+void
+PrivilegeService::OnIpcServerStopped(const _IpcServer& server)
+{
+
+}
+
+void
+PrivilegeService::OnIpcClientConnected(const _IpcServer& server, int clientId)
+{
+
+}
+
+void
+PrivilegeService::OnIpcClientDisconnected(const _IpcServer&server, int clientId)
+{
+
+}
+
+bool
+PrivilegeService::RetrievePrivilege(String* pEncryptedBitwise, String* pHmac, result* pRes)
+{
+ String encryptedBitwise;
+ String hmac;
+ AppId appId;
+
+ SysLog(NID_SEC, "Enter.");
+
+ __pIpcServer->GetClientAppId().SubString(0, MAX_APP_ID_SIZE, appId);
+
+ *pRes = _PrivilegeManager::RetrieveCipherPrivilegeEx(appId, encryptedBitwise, hmac);
+ if (*pRes == E_SUCCESS)
+ {
+ pEncryptedBitwise->Append(encryptedBitwise);
+ pHmac->Append(hmac);
+ }
+
+ SysLog(NID_SEC, "Exit.");
+ return true;
+}
+
+bool
+PrivilegeService::RetrieveVisibility(String* pEncryptedVisibility, String* pHmac, result* pRes)
+{
+ String encryptedVisibility;
+ String hmac;
+ AppId appId;
+
+ SysLog(NID_SEC, "Enter.");
+
+ __pIpcServer->GetClientAppId().SubString(0, MAX_APP_ID_SIZE, appId);
+
+ *pRes = GenerateVisibilityString(appId, pEncryptedVisibility, pHmac);
+
+ SysLog(NID_SEC, "Exit.");
+ return true;
+}
+
+result
+PrivilegeService::GenerateVisibilityString(AppId appId, String* pEncryptedVisibility, String* pHmac)
+{
+ _PackageInfoImpl infoImpl;
+ result r = E_SUCCESS;
+ int visibility = 0;
+
+ String encryptedVisibility;
+ String checksum;
+
+ SysLog(NID_SEC, "Enter.");
+
+ r = infoImpl.Construct(appId);
+ if (r == E_APP_NOT_INSTALLED)
+ {
+ SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
+ return E_DATA_NOT_FOUND;
+ }
+ SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
+
+ visibility = infoImpl.GetApiVisibility();
+ SysTryReturnResult(NID_SEC, visibility >= 0, E_SYSTEM, "An unexpected system error occurred.");
+
+ r = GetEncryptedVisibility(visibility, encryptedVisibility);
+ SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
+
+ r = GetChecksum(appId, visibility, checksum);
+ SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
+
+ pEncryptedVisibility->Append(encryptedVisibility);
+ pHmac->Append(checksum);
+
+ SysLog(NID_SEC, "Exit.");
+ return r;
+}
+
+result
+PrivilegeService::GetEncryptedVisibility(int visibility, String& encryptedVisibility)
+{
+ result r = E_SUCCESS;
+ ISecretKey* pKey = null;
+ ByteBuffer ivByte;
+ ByteBuffer* pEncryptedVisibility = null;
+ ByteBuffer* pTempVisibility = null;
+ AesCipher cipherEnc;
+ const byte ivector[_IV_LEN] = { 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B};
+
+ SysLog(NID_SEC, "Enter.");
+
+ pTempVisibility = new (std::nothrow) ByteBuffer();
+ SysTryReturnResult(NID_SEC, pTempVisibility != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
+
+ r = pTempVisibility->Construct(sizeof(int));
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = ivByte.Construct(_IV_LEN);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = ivByte.SetArray(ivector, 0, _IV_LEN);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+ ivByte.Flip();
+
+ r = pTempVisibility->SetArray((byte*)(&visibility), 0, sizeof(int));
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+ pTempVisibility->Flip();
+
+ r = cipherEnc.Construct(L"CBC/128/PKCS7PADDING", CIPHER_ENCRYPT);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ pKey = _DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN);
+ SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = cipherEnc.SetKey(*pKey);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = cipherEnc.SetInitialVector(ivByte);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ pEncryptedVisibility = cipherEnc.EncryptN(*pTempVisibility);
+ SysTryCatch(NID_SEC, pTempVisibility != null, r = E_SYSTEM, E_SYSTEM,
+ "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = StringUtil::EncodeToBase64String(*pEncryptedVisibility, encryptedVisibility);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ // fall through
+
+CATCH:
+
+ delete pTempVisibility;
+ delete pKey;
+ delete pEncryptedVisibility;
+
+ SysLog(NID_SEC, "Exit.");
+ return r;
+}
+
+result
+PrivilegeService::GetChecksum(AppId appId, int visibility, String& checksum)
+{
+ result r = E_SUCCESS;
+ byte tempChecksumString[sizeof(int) + MAX_APP_ID_SIZE];
+
+ ISecretKey* pKey = null;
+ ByteBuffer ivByte;
+ ByteBuffer input;
+ IHmac* pHmac = null;
+ ByteBuffer* pChecksumByteBuffer = null;
+ char* pAppId = null;
+
+ SysLog(NID_SEC, "Enter.");
+
+ pAppId = (char*) _StringConverter::CopyToCharArrayN(appId);
+ SysTryCatch(NID_SEC, pAppId != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ memcpy(tempChecksumString, pAppId, MAX_APP_ID_SIZE);
+ memcpy(tempChecksumString + MAX_APP_ID_SIZE, (byte*)(&visibility), sizeof(int));
+
+ delete[] pAppId;
+ pAppId = null;
+
+ r = input.Construct(MAX_APP_ID_SIZE + sizeof(int));
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + sizeof(int));
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+ input.Flip();
+
+ pHmac = new (std::nothrow) Sha1Hmac();
+ SysTryCatch(NID_SEC, pHmac != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
+
+ pKey = _DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN);
+ SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = pHmac->SetKey(*pKey);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ pChecksumByteBuffer = pHmac->GetHmacN(input);
+ SysTryCatch(NID_SEC, pChecksumByteBuffer != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = StringUtil::EncodeToBase64String(*pChecksumByteBuffer, checksum);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ // fall through
+
+CATCH:
+
+ delete pKey;
+ delete pHmac;
+ delete pChecksumByteBuffer;
+
+ SysLog(NID_SEC, "Exit.");
+ return r;
+}
+
+void
+PrivilegeService::OnIpcRequestReceived(_IpcServer& server, const IPC::Message& message)
+{
+ IPC_BEGIN_MESSAGE_MAP(PrivilegeService, message)
+ IPC_MESSAGE_HANDLER_EX(PrivilegeManagerMsg_retrieve, &server, RetrievePrivilege)
+ IPC_MESSAGE_HANDLER_EX(PrivilegeManagerMsg_retrieveEx, &server, RetrieveVisibility)
+ IPC_END_MESSAGE_MAP()
+}
+
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2012-2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file SecurityService.cpp
+ * @brief This is the implementation file for SecurityService class.
+ */
+
+#include <FAppAppRegistry.h>
+#include <FSysBattery.h>
+#include <FBaseSysLog.h>
+
+#include "SecurityService.h"
+#include "PrivilegeService.h"
+#include "CertificateService.h"
+
+using namespace Tizen::System;
+using namespace Tizen::App;
+using namespace Tizen::Base::Collection;
+
+
+static SecurityService* __pSecurityService = null;
+
+SecurityService::SecurityService(void)
+ : __pPrivilegeService(null)
+ , __pCertificateService(null)
+{
+
+}
+
+SecurityService::~SecurityService(void)
+{
+
+}
+
+Service*
+SecurityService::CreateInstance(void)
+{
+ result r = E_SUCCESS;
+
+ ClearLastResult();
+
+ if (__pSecurityService == null)
+ {
+ __pSecurityService = new (std::nothrow) SecurityService();
+ if (__pSecurityService == null)
+ {
+ AppLogException("[E_OUT_OF_MEMORY] The memory is insufficient.");
+ r = E_OUT_OF_MEMORY;
+ }
+ }
+
+ SetLastResult(r);
+
+ return __pSecurityService;
+}
+
+bool
+SecurityService::OnAppInitializing(AppRegistry& appRegistry)
+{
+ result r = E_SUCCESS;
+
+ AppLog("Enter");
+ __pPrivilegeService = new (std::nothrow) PrivilegeService();
+ SysTryReturn(NID_SEC, __pPrivilegeService != null, false, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");
+
+ r = __pPrivilegeService->Construct();
+ SysTryReturn(NID_SEC, r == E_SUCCESS, false, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ __pCertificateService = new (std::nothrow) CertificateService(); //return true even if error occured
+ //because privilege must be running.
+ SysTryCatch(NID_SEC, __pCertificateService != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");
+
+ r = __pCertificateService->Construct();
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ AppLog("Exit");
+CATCH:
+ return true;
+}
+
+bool
+SecurityService::OnAppTerminating(AppRegistry& appRegistry, bool forcedTermination)
+{
+ AppLog("Enter");
+
+ delete __pPrivilegeService;
+ delete __pCertificateService;
+
+ AppLog("Exit");
+ return true;
+}
+
+void
+SecurityService::OnLowMemory(void)
+{
+
+}
+
+void
+SecurityService::OnBatteryLevelChanged(BatteryLevel batteryLevel)
+{
+
+}
+
+void
+SecurityService::OnUserEventReceivedN(RequestId requestId, Tizen::Base::Collection::IList *pArgs)
+{
+
+}
+
+
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2012-2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file SecurirtyServiceEntry.cpp
+ * @brief This is the implementation file for SecurirtyService entry point.
+ */
+
+#include <FOspConfig.h>
+#include <FBaseSysLog.h>
+#include <FBaseColArrayList.h>
+
+#include "SecurityService.h"
+
+using namespace Tizen::Base;
+using namespace Tizen::Base::Collection;
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif // __cplusplus
+
+_OSP_EXPORT_ int OspMain(int argc, char *pArgv[]);
+#ifdef _PROFILE
+extern void start_profile (void);
+extern void end_profile (void);
+#else
+#define start_profile(void)
+#define end_profile(void)
+#endif
+
+
+/**
+ * The entry function of Tizen application called by the operating system.
+ */
+int
+OspMain(int argc, char *pArgv[])
+{
+ result r = E_SUCCESS;
+
+ AppLog("Application started.");
+ ArrayList* pArgs = new ArrayList();
+ pArgs->Construct();
+ for (int i = 0; i < argc; i++)
+ {
+ pArgs->Add(*(new String(pArgv[i])));
+ }
+
+ start_profile();
+ r = Tizen::App::ServiceApp::Execute(SecurityService::CreateInstance, pArgs);
+ if (IsFailed(r))
+ {
+ AppLogException("Application execution failed-[%s].", GetErrorMessage(r));
+ r &= 0x0000FFFF;
+ }
+ end_profile();
+
+ pArgs->RemoveAll(true);
+ delete pArgs;
+ AppLog("Application finished.");
+
+ return static_cast<int>(r);
+}
+#ifdef __cplusplus
+}
+#endif // __cplusplus
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2012-2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file PrivilegeServiceMessage.cpp
+ * @brief This is the message type of the IPC communication of PrivilegeService daemon.
+ */
+
+#define IPC_MESSAGE_IMPL
+#include <FSec_PrivilegeManagerMessage.h>
+
+// Generate constructors.
+#include <ipc/struct_constructor_macros.h>
+#include <FSec_PrivilegeManagerMessage.h>
+// Generate destructors.
+
+#include <ipc/struct_destructor_macros.h>
+#include <FSec_PrivilegeManagerMessage.h>
+
+// Generate param traits write methods.
+#include <ipc/param_traits_write_macros.h>
+namespace IPC {
+#include <FSec_PrivilegeManagerMessage.h>
+} // namespace IPC
+
+// Generate param traits read methods.
+#include <ipc/param_traits_read_macros.h>
+namespace IPC {
+#include <FSec_PrivilegeManagerMessage.h>
+} // namespace IPC
--- /dev/null
+{
+global:
+ OspMain;
+local:
+ *;
+};