From: Tomasz Swierczek Date: Mon, 12 Feb 2018 15:41:36 +0000 (+0100) Subject: Add full get_app_manifest_policy API implementation X-Git-Tag: accepted/tizen/unified/20180302.155607~2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1be73d85b7c6fbc33c7110b7bc11102fc2725c4f;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git Add full get_app_manifest_policy API implementation Connected serviceImpl methods to IPC to provide fully functional get_app_manifest_policy API Change-Id: I7d94d15771330ca2352d3885698361ba8bc557a1 --- diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index 8d5efe9..e315ecf 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -1025,6 +1025,42 @@ int security_manager_policy_update_send(policy_update_req *p_req) }); } +static inline int security_manager_recv_strings_array_internal( + ClientRequest &request, + char ***ppp_array, + size_t *p_size) +{ + int count; + request.recv(count); + *p_size = count; + LogInfo("Number of strings: " << *p_size); + char **array = new char *[*p_size]; + + for (unsigned int i = 0; i < *p_size; ++i) { + std::string str; + request.recv(str); + if (str.empty()) { + LogError("Unexpected empty string"); + for (unsigned int j = 0; j < i; ++j) + free(array[j]); + delete [] array; + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + array[i] = strdup(str.c_str()); + if (array[i] == nullptr) { + for (unsigned int j = 0; j < i; ++j) + free(array[j]); + delete [] array; + return SECURITY_MANAGER_ERROR_MEMORY; + } + } + + *ppp_array = array; + + return SECURITY_MANAGER_SUCCESS; +} + static inline int security_manager_get_policy_internal( SecurityManager::SecurityModuleCall call_type, policy_entry *p_filter, @@ -1100,18 +1136,24 @@ int security_manager_get_app_manifest_policy( char ***ppp_privileges, size_t *p_size) { - (void) app_name; - (void) uid; - (void) ppp_privileges; - (void) p_size; - return SECURITY_MANAGER_SUCCESS; + if (!app_name || !ppp_privileges || !p_size) + return SECURITY_MANAGER_ERROR_INPUT_PARAM; + return try_catch([&]() -> int { + ClientRequest request(SecurityModuleCall::GET_APP_MANIFEST_POLICY); + if (request.send(std::string(app_name), uid).failed()) + return request.getStatus(); + return security_manager_recv_strings_array_internal(request, + ppp_privileges, + p_size); + }); } SECURITY_MANAGER_API void security_manager_privileges_free(char **pp_privileges, const size_t size) { - (void) pp_privileges; - (void) size; + for (size_t i = 0; i < size; ++i) + free(pp_privileges[i]); + delete [] pp_privileges; } @@ -1240,40 +1282,9 @@ int security_manager_policy_levels_get(char ***levels, size_t *levels_count) ClientRequest request(SecurityModuleCall::POLICY_GET_DESCRIPTIONS); if (request.send().failed()) return request.getStatus(); - - int count; - request.recv(count); - *levels_count = count; - LogInfo("Number of policy descriptions: " << *levels_count); - - char **array = new char *[*levels_count]; - - for (unsigned int i = 0; i < *levels_count; ++i) { - std::string level; - request.recv(level); - - if (level.empty()) { - LogError("Unexpected empty level"); - for (unsigned int j = 0; j < i; ++j) { - delete [] array[j]; - } - delete [] array; - return SECURITY_MANAGER_ERROR_UNKNOWN; - } - - array[i] = strdup(level.c_str()); - if (array[i] == nullptr) { - for (unsigned int j = 0; j < i; ++j) { - delete [] array[j]; - } - delete [] array; - return SECURITY_MANAGER_ERROR_MEMORY; - } - } - - *levels = array; - - return SECURITY_MANAGER_SUCCESS; + return security_manager_recv_strings_array_internal(request, + levels, + levels_count); }); } diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h index ad4faf7..c694aef 100644 --- a/src/common/include/protocols.h +++ b/src/common/include/protocols.h @@ -128,6 +128,7 @@ enum class SecurityModuleCall GET_CLIENT_PRIVILEGE_LICENSE, APP_SETUP_NAMESPACE, APP_CLEAN_NAMESPACE, + GET_APP_MANIFEST_POLICY, NOOP = 0x90, }; diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h index 1188935..a71e128 100644 --- a/src/server/service/include/service.h +++ b/src/server/service/include/service.h @@ -59,6 +59,15 @@ private: */ bool processOne(const ConnectionID &conn, MessageBuffer &buffer, InterfaceID interfaceID); + + /** + * Process getting application manifest policy + * @param buffer Raw received data buffer + * @param send Raw data buffer to be sent + * @param creds credentials of the requesting process + */ + void processAppGetManifestPolicy(MessageBuffer &buffer, MessageBuffer &send, const Credentials &creds); + /** * Process application installation * diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index 5d81500..d4f6e41 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -169,6 +169,10 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, LogDebug("call_type: SecurityModuleCall::APP_CLEAN_NAMESPACE"); processAppCleanNamespace(buffer, send, creds); break; + case SecurityModuleCall::GET_APP_MANIFEST_POLICY: + LogDebug("call_type: SecurityModuleCall::GET_APP_MANIFEST_POLICY"); + processAppGetManifestPolicy(buffer, send, creds); + break; default: LogError("Invalid call: " << call_type_int); Throw(ServiceException::InvalidAction); @@ -199,6 +203,26 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, return retval; } +void Service::processAppGetManifestPolicy(MessageBuffer &buffer, MessageBuffer &send, const Credentials &creds) +{ + std::string appName; + uid_t uid; + int ret; + std::vector privileges; + + Deserialization::Deserialize(buffer, appName); + Deserialization::Deserialize(buffer, uid); + + ret = serviceImpl.getAppManifestPolicy(creds, appName, uid, privileges); + + Serialization::Serialize(send, ret); + if (ret == SECURITY_MANAGER_SUCCESS) { + Serialization::Serialize(send, static_cast(privileges.size())); + for (const auto &privilege : privileges) + Serialization::Serialize(send, privilege); + } +} + void Service::processAppInstall(MessageBuffer &buffer, MessageBuffer &send, const Credentials &creds) { app_inst_req req;