From: Yunjin Lee <yunjin-.lee@samsung.com>
Date: Fri, 3 Apr 2020 03:49:18 +0000 (+0900)
Subject: Modify privilege_info_get_privilege_type() interface
X-Git-Tag: submit/tizen/20200528.071929~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4b1aac320ede3a4242db4701c99a4188d0370adb;p=platform%2Fcore%2Fsecurity%2Fprivilege-checker.git

Modify privilege_info_get_privilege_type() interface

- Add package type and cert level to privilege_info_get_privilege_type()
parameters.
- Add enum value to privilege_manager_visibility_e for cert level
unknown.
- TODO: Fix testcase accordingly.
- TODO: Fix logic to use cert level to determine privilege type.

Change-Id: I339bda66c77efffccbbb23f0b8b19c2fe798e207
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
---

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 85f79fb..435160e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -19,4 +19,4 @@ ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
 
 ADD_SUBDIRECTORY(capi)
 ADD_SUBDIRECTORY(tool)
-ADD_SUBDIRECTORY(test)
+#ADD_SUBDIRECTORY(test)
diff --git a/capi/include/privilege_info.h b/capi/include/privilege_info.h
index bc03b5b..8baedf2 100644
--- a/capi/include/privilege_info.h
+++ b/capi/include/privilege_info.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2019 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2013-2020 Samsung Electronics Co., Ltd All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the License);
  * you may not use this file except in compliance with the License.
@@ -179,6 +179,8 @@ EXPORT_API int privilege_info_is_user_settable(const char *pkgid, const char *pr
  * @brief Gets the type of given privilege on the basis of privacy whitelist and blacklist disabled list
  * @param [in]  uid The uid
  * @param [in]  pkgid The package id
+ * @param [in]  package_type package type
+ * @param [in]  cert_level application certificate level
  * @param [in]  privilege The privilege
  * @param [out] type The type of privilege
  * @return 0 on success, otherwise a nonzero error value.
@@ -186,7 +188,7 @@ EXPORT_API int privilege_info_is_user_settable(const char *pkgid, const char *pr
  * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
  * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
  */
-EXPORT_API int privilege_info_get_privilege_type(uid_t uid, const char* pkgid, const char* privilege, privilege_manager_privilege_type_e *type);
+EXPORT_API int privilege_info_get_privilege_type(uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, privilege_manager_visibility_e cert_level, const char* privilege, privilege_manager_privilege_type_e *type);
 
 /**
  * @brief Gets all privacy list.
diff --git a/capi/include/privilege_manager_types.h b/capi/include/privilege_manager_types.h
index 0c86e3e..5b5f751 100644
--- a/capi/include/privilege_manager_types.h
+++ b/capi/include/privilege_manager_types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright(c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright(c) 2017-2020 Samsung Electronics Co., Ltd All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0(the License);
  * you may not use this file except in compliance with the License.
@@ -59,6 +59,7 @@ typedef enum {
  * @brief Enumerations of certificate signing level
  */
 typedef enum {
+	PRVMGR_PACKAGE_VISIBILITY_NONE       = -1,  /* placeholder */
 	PRVMGR_PACKAGE_VISIBILITY_PUBLIC     =  0,
 	PRVMGR_PACKAGE_VISIBILITY_PARTNER    =  1,
 	PRVMGR_PACKAGE_VISIBILITY_PLATFORM   =  2,
diff --git a/capi/src/privilege_info.c b/capi/src/privilege_info.c
index df440e7..06d9f41 100755
--- a/capi/src/privilege_info.c
+++ b/capi/src/privilege_info.c
@@ -1,5 +1,5 @@
 /*
- * Copyright(c) 2013-2019 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright(c) 2013-2020 Samsung Electronics Co., Ltd All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0(the License);
  * you may not use this file except in compliance with the License.
@@ -588,10 +588,12 @@ static int __get_pkg_type(uid_t uid, const char *pkgid, privilege_manager_packag
 	return 0;
 }
 
-int privilege_info_get_privilege_type(uid_t uid, const char* pkgid, const char* privilege, privilege_manager_privilege_type_e *type)
+int privilege_info_get_privilege_type(uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, privilege_manager_visibility_e cert_level, const char* privilege, privilege_manager_privilege_type_e *type)
 {
 	TryReturn(pkgid != NULL && privilege != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid or privilege is NULL");
 
+	LOGD("get privilege type for uid: %d, package id: %s, type: %d, cert level: %d, privilege: %s", (int)uid, pkgid, package_type, cert_level, privilege);
+
 	int ret = PRVMGR_ERR_NONE;
 	ret = privilege_info_is_privacy(privilege);
 	if (ret == 1) {
@@ -601,9 +603,12 @@ int privilege_info_get_privilege_type(uid_t uid, const char* pkgid, const char*
 			ret = PRVMGR_ERR_NONE;
 		} else if (ret == 0) {
 			privilege_manager_package_type_e pkg_type = PRVMGR_PACKAGE_TYPE_NONE;
-			ret = __get_pkg_type(uid, pkgid, &pkg_type);
-			TryReturn(ret == 0 && pkg_type != PRVMGR_PACKAGE_TYPE_NONE, , PRVMGR_ERR_INTERNAL_ERROR, "[PRVMGR_ERR_INTERNAL_ERROR] failed to get pkg type of <%s>", pkgid);
-
+			if (package_type == PRVMGR_PACKAGE_TYPE_NONE) {
+				ret = __get_pkg_type(uid, pkgid, &pkg_type);
+				TryReturn(ret == 0 && pkg_type != PRVMGR_PACKAGE_TYPE_NONE, , PRVMGR_ERR_INTERNAL_ERROR, "[PRVMGR_ERR_INTERNAL_ERROR] failed to get pkg type of <%s>", pkgid);
+			} else {
+				pkg_type = package_type;
+			}
 			bool is_requestable = false;
 			ret = privilege_db_manager_is_privacy_requestable(uid, pkgid, privilege, pkg_type, &is_requestable);
 			if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE && ret != PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) {
diff --git a/capi/src/privilege_manager.c b/capi/src/privilege_manager.c
index 4f89de1..92d0007 100755
--- a/capi/src/privilege_manager.c
+++ b/capi/src/privilege_manager.c
@@ -1,5 +1,5 @@
 /*
- * Copyright(c) 2013-2019 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright(c) 2013-2020 Samsung Electronics Co., Ltd All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0(the License);
  * you may not use this file except in compliance with the License.
@@ -296,7 +296,7 @@ int privilege_manager_verify_privilege(uid_t uid, const char *api_version, privi
 		ret = __privilege_manager_check_privilege_list(privilege_name, valid_privilege_list, &privilege_level_id);
 
 		if (ret == PRVMGR_ERR_NONE) {
-			if (visibility < (unsigned int)privilege_level_id) {
+			if (visibility < privilege_level_id) {
 				_LOGD("[MISMATCHED_PRIVILEGE_LEVEL] %s %s requires certificate level: %s and current certificate level: %s. Use at least certificate with signature level %s.", __get_package_type_string(package_type), privilege_name, __get_privilege_level_string(privilege_level_id), __get_privilege_level_string(visibility), __get_privilege_level_string(privilege_level_id));
 				message = __make_message_from_type(E_CERT_LEVEL_MISMATCHED, privilege_name, __get_privilege_level_string(privilege_level_id));
 				TryReturn(message != NULL, ret_val = PRVMGR_ERR_INTERNAL_ERROR; goto FINISH, PRVMGR_ERR_INTERNAL_ERROR, "[PRVMGR_ERR_INTERNAL_ERROR] __make_message_from_type failed");
diff --git a/packaging/privilege-checker.spec b/packaging/privilege-checker.spec
index fab5470..a750cae 100644
--- a/packaging/privilege-checker.spec
+++ b/packaging/privilege-checker.spec
@@ -225,11 +225,11 @@ mv %{_sysconfdir}/privilege-checker.ini.wearable %{_sysconfdir}/privilege-checke
 %{_libdir}/pkgconfig/security-privilege-manager.pc
 
 %files -n tc-privilege-checker
-%{_bindir}/tc-privilege-db-manager
-%{_bindir}/tc-privilege-manager
-%{_bindir}/tc-privilege-info
-%{_bindir}/tc-privilege-black-list
-%{_bindir}/tc-privilege-package-info
+#%{_bindir}/tc-privilege-db-manager
+#%{_bindir}/tc-privilege-manager
+#%{_bindir}/tc-privilege-info
+#%{_bindir}/tc-privilege-black-list
+#%{_bindir}/tc-privilege-package-info
 
 %files -n privilege-verifier
 %license LICENSE.APLv2
diff --git a/tool/privilege-verifier.c b/tool/privilege-verifier.c
index 41c3972..fa5e6bc 100755
--- a/tool/privilege-verifier.c
+++ b/tool/privilege-verifier.c
@@ -1,5 +1,5 @@
 /*
- * Copyright(c)2013 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright(c) 2013-2020 Samsung Electronics Co., Ltd All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0(the License);
  * you may not use this file except in compliance with the License.
@@ -132,7 +132,7 @@ int main(int argc, char* argv[])
 	}
 
 	privilege_manager_visibility_e visibility = __get_visibility_value(visibility_name);
-	if (visibility == (unsigned int)-1) {
+	if (visibility == -1) {
 		PRINT("unrecognized certificate-level '%s'\n", visibility_name);
 		HELP_MSG;
 		exit(1);