From: Yunjin Lee Date: Tue, 5 Apr 2016 23:56:39 +0000 (+0900) Subject: Add black list APIs and DB X-Git-Tag: submit/tizen/20160407.023728~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6a81088a5bb4fc58e41dfc3113e0c13f9ae420cd;p=platform%2Fcore%2Fsecurity%2Fprivilege-checker.git Add black list APIs and DB For testing, build package and install tc-privilege-checker.*.rpm on target and run /usr/bin/tc-privilege-black-list on target shell Change-Id: Ia7a931a7325a3cce8e039b52be67e187c8dfde44 Signed-off-by: Yunjin Lee --- diff --git a/capi/CMakeLists.txt b/capi/CMakeLists.txt index 3ceba9c..7b89dbd 100644 --- a/capi/CMakeLists.txt +++ b/capi/CMakeLists.txt @@ -9,33 +9,33 @@ SET(PREFIX ${CMAKE_INSTALL_PREFIX}) SET(INC_DIR include) INCLUDE_DIRECTORIES( - "${INC_DIR}" - ) + "${INC_DIR}" +) SET(pc_requires "glib-2.0") INCLUDE(FindPkgConfig) pkg_check_modules(${fw_name} REQUIRED dlog pkgmgr-info glib-2.0) FOREACH(flag ${${fw_name}_CFLAGS}) - SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") + SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") ENDFOREACH(flag) SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} -fPIC") SET(CMAKE_C_FLAGS_DEBUG "-O0 -g") IF("${ARCH}" STREQUAL "arm") - ADD_DEFINITIONS("-DTARGET") + ADD_DEFINITIONS("-DTARGET") ENDIF("${ARCH}" STREQUAL "arm") ADD_DEFINITIONS("-DPREFIX=\"${CMAKE_INSTALL_PREFIX}\"") ADD_DEFINITIONS("-DSLP_DEBUG") MESSAGE("PROFILE_TYPE = ${PROFILE_TYPE}") IF("${PROFILE_TYPE}" STREQUAL "WEARABLE") - ADD_DEFINITIONS("-DPROFILE_TYPE_WEARABLE") + ADD_DEFINITIONS("-DPROFILE_TYPE_WEARABLE") ELSEIF("${PROFILE_TYPE}" STREQUAL "MOBILE") - ADD_DEFINITIONS("-DPROFILE_TYPE_MOBILE") + ADD_DEFINITIONS("-DPROFILE_TYPE_MOBILE") ELSEIF("${PROFILE_TYPE}" STREQUAL "TV") - ADD_DEFINITIONS("-DPROFILE_TYPE_TV") + ADD_DEFINITIONS("-DPROFILE_TYPE_TV") ENDIF() SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed -Wl,--rpath=${LIBDIR}") @@ -45,20 +45,20 @@ ADD_LIBRARY(${fw_name} SHARED ${SOURCES}) TARGET_LINK_LIBRARIES(${fw_name} ${${fw_name}_LDFLAGS}) -SET_TARGET_PROPERTIES(${fw_name} - PROPERTIES - SOVERSION ${API_VERSION} - VERSION ${VERSION} - CLEAN_DIRECT_OUTPUT 1 +SET_TARGET_PROPERTIES(${fw_name} + PROPERTIES + SOVERSION ${API_VERSION} + VERSION ${VERSION} + CLEAN_DIRECT_OUTPUT 1 ) INSTALL(TARGETS ${fw_name} DESTINATION ${LIBDIR}) INSTALL( - DIRECTORY ${INC_DIR}/ DESTINATION ${INCLUDEDIR}/privilegemgr - FILES_MATCHING - PATTERN "*_private.h" EXCLUDE - PATTERN "${INC_DIR}/*.h" - ) + DIRECTORY ${INC_DIR}/ DESTINATION ${INCLUDEDIR}/privilegemgr + FILES_MATCHING + PATTERN "*_private.h" EXCLUDE + PATTERN "${INC_DIR}/*.h" +) SET(PC_NAME ${fw_name}) SET(PC_REQUIRED ${pc_requires}) @@ -73,54 +73,59 @@ IF(UNIX) ADD_CUSTOM_TARGET (distclean @echo cleaning for source distribution) ADD_CUSTOM_COMMAND( - DEPENDS clean - COMMENT "distribution clean" - COMMAND find - ARGS . - -not -name config.cmake -and \( - -name tester.c -or - -name Testing -or - -name CMakeFiles -or - -name cmake.depends -or - -name cmake.check_depends -or - -name CMakeCache.txt -or - -name cmake.check_cache -or - -name *.cmake -or - -name Makefile -or - -name core -or - -name core.* -or - -name gmon.out -or - -name install_manifest.txt -or - -name *.pc -or - -name *~ \) - | grep -v TC | xargs rm -rf - TARGET distclean - VERBATIM + DEPENDS clean + COMMENT "distribution clean" + COMMAND find + ARGS . + -not -name config.cmake -and \( + -name tester.c -or + -name Testing -or + -name CMakeFiles -or + -name cmake.depends -or + -name cmake.check_depends -or + -name CMakeCache.txt -or + -name cmake.check_cache -or + -name *.cmake -or + -name Makefile -or + -name core -or + -name core.* -or + -name gmon.out -or + -name install_manifest.txt -or + -name *.pc -or + -name *~ \) + | grep -v TC | xargs rm -rf + TARGET distclean + VERBATIM ) ENDIF(UNIX) - +SET(PRIVILEGE_DB_DIR "${DATADIR}/privilege-manager") +ADD_DEFINITIONS(-DPRIVILEGE_INFO_CORE_DB_PATH="${PRIVILEGE_DB_DIR}/.core_privilege_info.db") +ADD_DEFINITIONS(-DPRIVILEGE_INFO_WRT_DB_PATH="${PRIVILEGE_DB_DIR}/.wrt_privilege_info.db") +ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_CORE_DB_PATH="${PRIVILEGE_DB_DIR}/.core_privilege_mapping.db") +ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_WRT_DB_PATH="${PRIVILEGE_DB_DIR}/.wrt_privilege_mapping.db") +ADD_DEFINITIONS(-DPRIVILEGE_POLICY_DB_PATH="${PRIVILEGE_DB_DIR}/.policy.db") SET(ROOT_DIR ${CMAKE_SOURCE_DIR}/cmake_build_tmp/output) SET(LOCALE_ROOT_PATH "${ROOT_DIR}/target/generic/root/usr/share/locale") FILE(GLOB _pofiles res/string/*.po) FOREACH(_file ${_pofiles}) - GET_FILENAME_COMPONENT(_in ${_file} ABSOLUTE) - GET_FILENAME_COMPONENT(_basename ${_file} NAME_WE) + GET_FILENAME_COMPONENT(_in ${_file} ABSOLUTE) + GET_FILENAME_COMPONENT(_basename ${_file} NAME_WE) - SET(_out "${LOCALE_ROOT_PATH}/${_basename}/LC_MESSAGES/privilege.mo") + SET(_out "${LOCALE_ROOT_PATH}/${_basename}/LC_MESSAGES/privilege.mo") - ADD_CUSTOM_COMMAND( - OUTPUT ${_out} - COMMENT "Generating ${_out}" - COMMAND mkdir -p ${LOCALE_ROOT_PATH}/${_basename}/LC_MESSAGES - COMMAND msgfmt -o ${_out} ${_in} - DEPENDS ${_in} - ) + ADD_CUSTOM_COMMAND( + OUTPUT ${_out} + COMMENT "Generating ${_out}" + COMMAND mkdir -p ${LOCALE_ROOT_PATH}/${_basename}/LC_MESSAGES + COMMAND msgfmt -o ${_out} ${_in} + DEPENDS ${_in} + ) - SET(mo_files ${mo_files} ${_out}) + SET(mo_files ${mo_files} ${_out}) ENDFOREACH(_file ${_pofiles}) diff --git a/capi/include/privilege_db_manager.h b/capi/include/privilege_db_manager.h index bfc9990..9ddf244 100755 --- a/capi/include/privilege_db_manager.h +++ b/capi/include/privilege_db_manager.h @@ -35,22 +35,27 @@ typedef struct { } privilege_info_db_row_s; typedef enum { - PRIVILEGE_DB_MANAGER_ERR_NONE = 0, - PRIVILEGE_DB_NO_EXIST_RESULT = 1, - PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL = 2, - PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY = 3, - PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY = 4, + PRIVILEGE_DB_MANAGER_ERR_NONE = 0, + PRIVILEGE_DB_NO_EXIST_RESULT = 1, + PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL = 2, + PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY = 3, + PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY = 4, + PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE = 5, + PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL = 6, + PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL = 7, + PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL = 8, + PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL = 9, } privilege_db_manager_error_e; typedef enum { - PRIVILEGE_DB_MANAGER_PRIVILEGE_LEVEL_PUBLIC = 0, + PRIVILEGE_DB_MANAGER_PRIVILEGE_LEVEL_PUBLIC = 0, PRIVILEGE_DB_MANAGER_PRIVILEGE_LEVEL_PARTNER = 1, PRIVILEGE_DB_MANAGER_PRIVILEGE_LEVEL_PLATFORM = 2 } privilege_db_manager_privilege_level_e; typedef enum { - PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_WRT = 0, - PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE = 1 + PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_WRT = 0, + PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE = 1 } privilege_db_manager_package_type_e; #ifdef __cplusplus @@ -68,11 +73,15 @@ int privilege_db_manager_get_privilege_description(privilege_db_manager_package_ int privilege_db_manager_get_privilege_group_display(privilege_db_manager_package_type_e package_type, const char* privilege_name, const char* api_version, int* privilege_group_number); int __privilege_db_manager_is_privacy(const char* privilege); - int __privilege_db_manager_get_privacy_list(GList** privacy_list); - int __privilege_db_manager_get_privilege_list_by_privacy(const char* privacy, GList **privilege_list); +int privilege_db_manager_get_black_list(int uid, privilege_db_manager_package_type_e package_type, GList** privilege_list); +int privilege_db_manager_set_black_list(int uid, privilege_db_manager_package_type_e pacakge_type, GList *privilege_list); +int privilege_db_manager_unset_black_list(int uid, privilege_db_manager_package_type_e package_type, GList *privilege_list); + +int privilege_db_manager_check_black_list(int uid, privilege_db_manager_package_type_e pacakge_type, GList *privilege_list); + #ifdef __cplusplus } #endif diff --git a/capi/include/privilege_info.h b/capi/include/privilege_info.h index 1c94ef0..992e359 100644 --- a/capi/include/privilege_info.h +++ b/capi/include/privilege_info.h @@ -18,6 +18,7 @@ #define __TIZEN_SECURITY_PRIVILEGE_INFO_H #include +#include "privilege_manager.h" #ifndef EXPORT_API #define EXPORT_API __attribute__((__visibility__("default"))) @@ -27,21 +28,6 @@ extern "C" { #endif /** - * @brief Enumerations of error code for Privilege Information. - */ -typedef enum { - PRVMGR_ERR_NONE = 0, - PRVMGR_ERR_INVALID_PARAMETER = 1, - PRVMGR_ERR_OUT_OF_MEMORY = 2, - PRVMGR_ERR_INTERNAL_ERROR = 3, - PRVMGR_ERR_NO_DATA = 4, - PRVMGR_ERR_NO_EXIST_PRIVILEGE = 5, - PRVMGR_ERR_MISMACHED_PRIVILEGE_LEVEL = 6, - PRVMGR_ERR_INVALID_PRIVILEGE = 7, - PRVMGR_ERR_DEPRECATED_PRIVILEGE = 8, -} privilege_manager_error_e; - -/** * @brief Called to get a privilege group once for specific package. * @param[in] privilege_group The privilege group * @param[in] user_data The user data passed from the foreach function @@ -153,6 +139,19 @@ EXPORT_API int privilege_info_get_privacy_list(GList **privacy_list); */ EXPORT_API int privilege_info_get_privilege_list_by_privacy(const char *privacy, GList **privilege_list); +/** + * @brief Gets the list of privilges marked as black list. + * @remarks @a privilege_list must be released with g_list_free() by you. + * @param [in] uid The UID + * @param [in] package_type The privilege_manager_package_type_e + * @param [out] privilege_list The list for privileges marked as black list + * @return 0 on success, otherwise a nonzero error value. + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + */ +EXPORT_API int privilege_info_get_black_list(int uid, privilege_manager_package_type_e package_type, GList **privilege_list); + #ifdef __cplusplus } #endif diff --git a/capi/include/privilege_manager.h b/capi/include/privilege_manager.h index 5f42b46..25691f1 100755 --- a/capi/include/privilege_manager.h +++ b/capi/include/privilege_manager.h @@ -22,35 +22,48 @@ #endif #include -#include "privilege_info.h" #ifdef __cplusplus extern "C" { #endif +/** + * @brief Enumerations of error code for Privilege Manager + */ +typedef enum { + PRVMGR_ERR_NONE = 0, + PRVMGR_ERR_INVALID_PARAMETER = 1, + PRVMGR_ERR_OUT_OF_MEMORY = 2, + PRVMGR_ERR_INTERNAL_ERROR = 3, + PRVMGR_ERR_NO_DATA = 4, + PRVMGR_ERR_NO_EXIST_PRIVILEGE = 5, + PRVMGR_ERR_MISMACHED_PRIVILEGE_LEVEL = 6, + PRVMGR_ERR_INVALID_PRIVILEGE = 7, + PRVMGR_ERR_DEPRECATED_PRIVILEGE = 8, + PRVMGR_ERR_USING_BANNED_PRIVILEGE = 9, +} privilege_manager_error_e; typedef enum { - PRVMGR_PACKAGE_VISIBILITY_PUBLIC = 1 << 1, - PRVMGR_PACKAGE_VISIBILITY_PARTNER = 1 << 2, - PRVMGR_PACKAGE_VISIBILITY_PLATFORM = 1 << 3, + PRVMGR_PACKAGE_VISIBILITY_PUBLIC = 1 << 1, + PRVMGR_PACKAGE_VISIBILITY_PARTNER = 1 << 2, + PRVMGR_PACKAGE_VISIBILITY_PLATFORM = 1 << 3, } privilege_manager_visibility_e; typedef enum { - PRVMGR_PACKAGE_TYPE_WRT = 0, + PRVMGR_PACKAGE_TYPE_WRT = 0, PRVMGR_PACKAGE_TYPE_CORE = 1, } privilege_manager_package_type_e; - /** * @brief verify privilege in the privilege list by checking its name and level at given api version. - * @remarks @a privilege_list must be released with free()by you. - * @remarks @a error_message must be released with free()by you. + * @remarks @a privilege_list must be released with g_list_free() by you. + * @remarks @a error_message must be released with g_list_free() by you. * @param [in] api_version The api version of the application * @param [in] privilege_manager_package_type_e The privilege_manager_package_type_e * @param [in] privilege_list The privilege_list * @param [in] privilege_manager_visibility_e The privilege_manager_visibility_e * @param [out] error_message The error_message's value is assigned when the return value isn't PRVMGR_ERR_NONE, otherwise null is assigned. - * @return 0 on success, otherwise a negative error value. + * @return 0 on success, otherwise a nonzero error value. * @retval #PRVMGR_ERR_NONE Successful * @retval #PRVMGR_ERR_OUT_OF_MEMORY Out of memory * @retvak #PRVMGR_ERR_INVALID_PRIVILEGE The privilege_list contains invalid privilege(s). @@ -59,16 +72,15 @@ typedef enum { */ EXPORT_API int privilege_manager_verify_privilege(const char* api_version, privilege_manager_package_type_e package_type, GList* privilege_list, privilege_manager_visibility_e visibility, char **error_message); - /** * @brief get mapped privilege list of input privilege list according to the given package type, api version, and profile. - * @remarks @a privilege_list must be released with free()by you. - * @remarks @a mapped_privilege_list must be released with free()by you. + * @remarks @a privilege_list must be released with g_list_free() by you. + * @remarks @a mapped_privilege_list must be released with g_list_free() by you. * @param [in] api_version The api version of the application * @param [in] privilege_manager_package_type_e The privilege_manager_package_type_e * @param [in] privilege_list The privilege_list * @param [out] mapped_privilege_list The mapped_privilege_list is assigned when privileges mapped to the given privilege list are exist. Else, mapped_privilege_list is NULL. Mapped privileges are listed according to the given the privilege_list, package_type, api_version, and profile. - * @return 0 on success, otherwise a negative error value. + * @return 0 on success, otherwise a nonzero error value. * @retval #PRVMGR_ERR_NONE Successful * @retval #PRVMGR_ERR_OUT_OF_MEMORY Out of memory * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter @@ -76,6 +88,31 @@ EXPORT_API int privilege_manager_verify_privilege(const char* api_version, privi */ EXPORT_API int privilege_manager_get_mapped_privilege_list(const char* api_version, privilege_manager_package_type_e package_type, GList* privilege_list, GList** mapped_privilege_list); +/** + * @brief set privilege black list accoring to the given uid and privilege list + * @remarks @a privilege_list must be released by you + * @param [in] uid The uid + * @param [in] package_type The privilege_manager_pacakge_type_e + * @param [in] privilege_list The privilege list to set as black list + * @retrun 0 on success, otherwise a nonzero error value + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_manager_set_black_list(int uid, privilege_manager_package_type_e package_type, GList* privilege_list); + +/** + * @brief unset privilege black list accoring to the given uid and privilege list + * @remarks @a privilege_list must be released by you + * @param [in] uid The uid + * @param [in] package_type The privilege_manager_pacakge_type_e + * @param [in] privilege_list The privilege list to unset from black list + * @retrun 0 on success, otherwise a nonzero error value + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_manager_unset_black_list(int uid, privilege_manager_package_type_e package_type, GList* privilege_list); #ifdef __cplusplus } diff --git a/capi/res/dbspace/CMakeLists.txt b/capi/res/dbspace/CMakeLists.txt index 8227c95..0fa378e 100644 --- a/capi/res/dbspace/CMakeLists.txt +++ b/capi/res/dbspace/CMakeLists.txt @@ -2,6 +2,7 @@ SET(CORE_PRIVILEGE_DB ".core_privilege_info.db") SET(WRT_PRIVILEGE_DB ".wrt_privilege_info.db") SET(CORE_PRIVILEGE_MAPPING_DB ".core_privilege_mapping.db") SET(WRT_PRIVILEGE_MAPPING_DB ".wrt_privilege_mapping.db") +SET(POLICY_DB ".policy.db") IF("${PROFILE_TYPE}" STREQUAL "WEARABLE") SET(_profile "wearable") @@ -13,17 +14,17 @@ ENDIF() IF("${_profile}" STREQUAL "tv") ADD_CUSTOM_COMMAND( - OUTPUT ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} - COMMAND ./tv_core_db_generator.sh && ./tv_wrt_db_generator.sh && ./tv_core_mapping_db_generator.sh && ./tv_wrt_mapping_db_generator.sh + OUTPUT ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB} + COMMAND ./tv_core_db_generator.sh && ./tv_wrt_db_generator.sh && ./tv_core_mapping_db_generator.sh && ./tv_wrt_mapping_db_generator.sh && ./policy_db_generator.sh ) ELSE() ADD_CUSTOM_COMMAND( - OUTPUT ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} - COMMAND ./core_db_generator.sh ${_profile} && ./wrt_db_generator.sh ${_profile} && ./core_mapping_db_generator.sh ${_profile} && ./wrt_mapping_db_generator.sh ${_profile} + OUTPUT ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB} + COMMAND ./core_db_generator.sh ${_profile} && ./wrt_db_generator.sh ${_profile} && ./core_mapping_db_generator.sh ${_profile} && ./wrt_mapping_db_generator.sh ${_profile} && ./policy_db_generator.sh ) ENDIF() -ADD_CUSTOM_TARGET(privilege-db ALL DEPENDS ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB}) - -INSTALL(FILES ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} DESTINATION ${DATADIR}/privilege-manager/) +ADD_CUSTOM_TARGET(privilege-db ALL DEPENDS ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB}) + +INSTALL(FILES ${CORE_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB} ${CORE_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB} ${POLICY_DB} ${POLICY_DB}-journal DESTINATION ${DATADIR}/privilege-manager/) diff --git a/capi/src/privilege_db_manager.c b/capi/src/privilege_db_manager.c index ba1e249..04f87f6 100755 --- a/capi/src/privilege_db_manager.c +++ b/capi/src/privilege_db_manager.c @@ -3,11 +3,6 @@ #include #include #include -#define PRIVILEGE_INFO_CORE_DB_PATH "/usr/share/privilege-manager/.core_privilege_info.db" -#define PRIVILEGE_INFO_WRT_DB_PATH "/usr/share/privilege-manager/.wrt_privilege_info.db" -#define PRIVILEGE_MAPPING_CORE_DB_PATH "/usr/share/privilege-manager/.core_privilege_mapping.db" -#define PRIVILEGE_MAPPING_WRT_DB_PATH "/usr/share/privilege-manager/.wrt_privilege_mapping.db" - #ifdef LOG_TAG #undef LOG_TAG #define LOG_TAG "PRIVILEGE_DB_MANAGER" @@ -37,16 +32,35 @@ static privilege_db_manager_profile_type_e g_privilege_db_manager_profile_type = return returnValue; \ } -int __initialize_db(sqlite3 ** db, privilege_db_manager_package_type_e package_type) +int __initialize_db(char type, sqlite3 ** db, privilege_db_manager_package_type_e package_type) { char *db_path = NULL; + int db_mode = SQLITE_OPEN_READONLY; - if (package_type == PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE) - db_path = PRIVILEGE_INFO_CORE_DB_PATH; - else - db_path = PRIVILEGE_INFO_WRT_DB_PATH; - - int ret = sqlite3_open_v2(db_path, db, SQLITE_OPEN_READONLY, NULL); + switch (type) { + case 'i': + if (package_type == PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE) + db_path = PRIVILEGE_INFO_CORE_DB_PATH; + else + db_path = PRIVILEGE_INFO_WRT_DB_PATH; + break; + case 'm': + if (package_type == PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE) + db_path = PRIVILEGE_MAPPING_CORE_DB_PATH; + else + db_path = PRIVILEGE_MAPPING_WRT_DB_PATH; + break; + case 'u': + db_mode = SQLITE_OPEN_READWRITE; + case 'p': + db_path = PRIVILEGE_POLICY_DB_PATH; + break; + default: + LOGE("Undefined db initialize mode!"); + return PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE; + } + LOGD("DB PATH = %s", db_path); + int ret = sqlite3_open_v2(db_path, db, db_mode, NULL); if (ret != SQLITE_OK) { LOGE("[DB_FAIL] Can't open database %s : %s", db_path, sqlite3_errmsg(*db)); sqlite3_close(*db); @@ -55,33 +69,96 @@ int __initialize_db(sqlite3 ** db, privilege_db_manager_package_type_e package_t return PRIVILEGE_DB_MANAGER_ERR_NONE; } -int __initialize_mapping_db(sqlite3 ** db, privilege_db_manager_package_type_e package_type) +void __finalize_db(sqlite3 * db, sqlite3_stmt * stmt) { - char *db_path = NULL; + if (stmt != NULL) + sqlite3_finalize(stmt); - if (package_type == PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE) - db_path = PRIVILEGE_MAPPING_CORE_DB_PATH; - else - db_path = PRIVILEGE_MAPPING_WRT_DB_PATH; + if (db != NULL) + sqlite3_close(db); +} - int ret = sqlite3_open_v2(db_path, db, SQLITE_OPEN_READONLY, NULL); - if (ret != SQLITE_OK) { - LOGE("[DB_FAIL] Can't open database %s : %s", db_path, sqlite3_errmsg(*db)); - sqlite3_close(*db); - return PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL; +int __make_privilege_list_str(GList *privilege_list, char** privilege_list_str) +{ + GList *l; + char* temp_privilege_list_str = NULL; + for (l = privilege_list; l != NULL; l = l->next) { + char *privilege_name = (char *)l->data; + if (temp_privilege_list_str == NULL) { + size_t size = snprintf(0, 0, "'%s'", privilege_name) + 1; + temp_privilege_list_str = (char *)malloc(size * sizeof(char)); + TryReturn(temp_privilege_list_str != NULL, , PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_list_str's malloc is failed."); + snprintf(temp_privilege_list_str, size, "'%s'", privilege_name); + } else { + size_t new_size = snprintf(0, 0, "%s, '%s'", temp_privilege_list_str, privilege_name) + 1; + temp_privilege_list_str = realloc(temp_privilege_list_str, new_size * sizeof(char)); + TryReturn(temp_privilege_list_str != NULL, free(temp_privilege_list_str), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_list_str's realloc is failed."); + strncat(temp_privilege_list_str, ", '", strlen(", '")); + strncat(temp_privilege_list_str, privilege_name, strlen(privilege_name)); + strncat(temp_privilege_list_str, "'", strlen("'")); + } } - return PRIVILEGE_DB_MANAGER_ERR_NONE; + *privilege_list_str = temp_privilege_list_str; + return 0; } -void __finalize_db(sqlite3 * db, sqlite3_stmt * stmt) +int __get_db_error(int ret) { - if (stmt != NULL) - sqlite3_finalize(stmt); + LOGE("[PRIVILEGE_DB_MANAGER_ERR_DB_FAIL] %s", sqlite3_errstr(ret)); + switch (ret) { + case SQLITE_BUSY: + ret = PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL; + break; + case SQLITE_CONSTRAINT: + ret = PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL; + break; + case SQLITE_FULL: + ret = PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL; + break; + default: + ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL; + } - if (db != NULL) + return ret; +} + +int privilege_db_manager_check_black_list(int uid, privilege_db_manager_package_type_e package_type, GList* privilege_list) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = 0; + int count = 0; + + ret = __initialize_db('p', &db, package_type); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + + char *privilege_list_str = NULL; + ret = __make_privilege_list_str(privilege_list, &privilege_list_str); + LOGD("check black list with uid = %d, package_type = %d, privilege_list = %s", uid, package_type, privilege_list_str); + char *sql = sqlite3_mprintf("select distinct privilege_name from black_list where privilege_name in(%s)and uid=%d and package_type=%d", privilege_list_str, uid, package_type); + + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + if (ret != SQLITE_OK) { + LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); sqlite3_close(db); + return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; + } + + do { + ret = sqlite3_step(stmt); + if (ret == SQLITE_ROW) + ++count; + } while (ret == SQLITE_ROW); + + if (count > 0) + LOGE("Privilege list contains banned privileges!"); + + __finalize_db(db, stmt); + return count; } + int privilege_db_manager_get_privilege_list(const char *api_version, privilege_db_manager_package_type_e package_type, GList ** privilege_list) { sqlite3 *db = NULL; @@ -103,7 +180,7 @@ int privilege_db_manager_get_privilege_list(const char *api_version, privilege_d } TryReturn(changed_to_version != NULL, , PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_name's strdup is failed."); - ret = __initialize_db(&db, package_type); + ret = __initialize_db('i', &db, package_type); if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) return ret; @@ -177,32 +254,15 @@ int privilege_db_manager_get_mapped_privilege_list(const char *api_version, priv sqlite3_stmt *stmt = NULL; int ret; - ret = __initialize_mapping_db(&db, package_type); + ret = __initialize_db('m', &db, package_type); if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) return ret; GList *temp_privilege_list = NULL; char *privilege_list_str = NULL; - GList *l; - for (l = privilege_list; l != NULL; l = l->next) { - char *privilege_name = (char *)l->data; - if (privilege_list_str == NULL) { - size_t size = snprintf(0, 0, "'%s'", privilege_name) + 1; - privilege_list_str = (char *)malloc(size * sizeof(char)); - TryReturn(privilege_list_str != NULL, , PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_list_str's malloc is failed."); - snprintf(privilege_list_str, size, "'%s'", privilege_name); - LOGD("privilege_list_str = %s", privilege_list_str); - } else { - size_t new_size = snprintf(0, 0, "%s, '%s'", privilege_list_str, privilege_name) + 1; - privilege_list_str = realloc(privilege_list_str, new_size * sizeof(char)); - TryReturn(privilege_list_str != NULL, free(privilege_list_str), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] privilege_list_str's realloc is failed."); - strncat(privilege_list_str, ", '", strlen(", '")); - strncat(privilege_list_str, privilege_name, strlen(privilege_name)); - strncat(privilege_list_str, "'", strlen("'")); - LOGD("privilege_list_str = %s", privilege_list_str); - } - } + ret = __make_privilege_list_str(privilege_list, &privilege_list_str); + TryReturn(ret == 0 && privilege_list_str != NULL, , PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] making privilege_list_str for where in query is failed."); char *sql = sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where privilege_name in(%s)and(profile_id=%d or profile_id=%d)and from_api_version<=%Q and to_api_version>%Q", privilege_list_str, PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, api_version, api_version); free(privilege_list_str); @@ -234,7 +294,7 @@ int privilege_db_manager_get_privilege_display(privilege_db_manager_package_type sqlite3 *db = NULL; sqlite3_stmt *stmt = NULL; int ret; - ret = __initialize_db(&db, package_type); + ret = __initialize_db('i', &db, package_type); if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) return ret; @@ -273,7 +333,7 @@ int privilege_db_manager_get_privilege_description(privilege_db_manager_package_ sqlite3 *db = NULL; sqlite3_stmt *stmt = NULL; int ret; - ret = __initialize_db(&db, package_type); + ret = __initialize_db('i', &db, package_type); if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) return ret; @@ -311,7 +371,7 @@ int privilege_db_manager_get_privilege_group_display(privilege_db_manager_packag sqlite3 *db = NULL; sqlite3_stmt *stmt = NULL; int ret; - ret = __initialize_db(&db, package_type); + ret = __initialize_db('i', &db, package_type); if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) return ret; @@ -342,7 +402,7 @@ int __privilege_db_manager_is_privacy(const char* privilege) { sqlite3 *db = NULL; sqlite3_stmt *stmt = NULL; - int ret = __initialize_db(&db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE); + int ret = __initialize_db('i', &db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE); if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) return -1; @@ -369,7 +429,7 @@ int __privilege_db_manager_get_privacy_list(GList **privacy_list) { sqlite3 *db = NULL; sqlite3_stmt *stmt = NULL; - int ret = __initialize_db(&db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE); + int ret = __initialize_db('i', &db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE); if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) return ret; @@ -403,13 +463,12 @@ int __privilege_db_manager_get_privilege_list_by_privacy(const char* privacy, GL { sqlite3 *db = NULL; sqlite3_stmt *stmt = NULL; - int ret = __initialize_db(&db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE); + int ret = __initialize_db('i', &db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE); if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) return ret; char *sql = sqlite3_mprintf("select distinct privilege_name from privilege_info where is_privacy=1 and privacy_group=%Q", privacy); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); if (ret != SQLITE_OK) { LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); sqlite3_close(db); @@ -432,3 +491,108 @@ int __privilege_db_manager_get_privilege_list_by_privacy(const char* privacy, GL return PRIVILEGE_DB_MANAGER_ERR_NONE; } + +int privilege_db_manager_get_black_list(int uid, privilege_db_manager_package_type_e package_type, GList **privilege_list) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db('p', &db, package_type); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + LOGD("Get privilege_name from black_list where uid = %d, package_type = %d", uid, package_type); + char* sql = sqlite3_mprintf("select privilege_name from black_list where uid=%d and package_type=%d", uid, package_type); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + if (ret != SQLITE_OK) { + LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); + sqlite3_close(db); + return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; + } + + GList *temp_privilege_list = NULL; + do { + ret = sqlite3_step(stmt); + if (ret == SQLITE_ROW) { + char *privilege_name = strdup((char *)sqlite3_column_text(stmt, 0)); + LOGE("privilege name: %s", privilege_name); + temp_privilege_list = g_list_append(temp_privilege_list, privilege_name); + } else if (ret != SQLITE_DONE) { + LOGE("ret = %d", ret); + } + } while (ret == SQLITE_ROW); + + *privilege_list = temp_privilege_list; + + __finalize_db(db, stmt); + + return PRIVILEGE_DB_MANAGER_ERR_NONE; +} + +int privilege_db_manager_set_black_list(int uid, privilege_db_manager_package_type_e package_type, GList *privilege_list) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db('u', &db, package_type); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + + sqlite3_exec(db, "BEGIN IMMEDIATE TRANSACTION", NULL, NULL, NULL); + GList *l = NULL; + for (l = privilege_list; l != NULL; l = l->next) { + char *privilege_name = (char *)l->data; + LOGD("insert uid = %d, package_type = %d, privilege_name = %s", uid, package_type, privilege_name); + char* sql = sqlite3_mprintf("insert or ignore into black_list (uid, package_type, privilege_name) values (%d, %d, %Q)", uid, package_type, privilege_name); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + if (ret != SQLITE_OK) { + LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); + sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); + sqlite3_close(db); + return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; + } + ret = sqlite3_step(stmt); + if (ret != SQLITE_DONE) { + __get_db_error(ret); + sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); + __finalize_db(db, stmt); + return ret; + } + } + + sqlite3_exec(db, "COMMIT TRANSACTION", NULL, NULL, NULL); + __finalize_db(db, stmt); + return PRIVILEGE_DB_MANAGER_ERR_NONE; +} + +int privilege_db_manager_unset_black_list(int uid, privilege_db_manager_package_type_e package_type, GList *privilege_list) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db('u', &db, package_type); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + + sqlite3_exec(db, "BEGIN IMMEDIATE TRANSACTION", NULL, NULL, NULL); + GList *l = NULL; + for (l = privilege_list; l != NULL; l = l->next) { + char *privilege_name = (char *)l->data; + LOGD("delete from black_list where uid = %d, package_type = %d, privilege_name = %s", uid, package_type, privilege_name); + char* sql = sqlite3_mprintf("delete from black_list where uid=%d and package_type=%d and privilege_name=%Q", uid, package_type, privilege_name); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + if (ret != SQLITE_OK) { + LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); + sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); + sqlite3_close(db); + return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; + } + ret = sqlite3_step(stmt); + if (ret != SQLITE_DONE) { + __get_db_error(ret); + sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); + __finalize_db(db, stmt); + return ret; + } + } + + sqlite3_exec(db, "COMMIT TRANSACTION", NULL, NULL, NULL); + __finalize_db(db, stmt); + return PRIVILEGE_DB_MANAGER_ERR_NONE; +} diff --git a/capi/src/privilege_info.c b/capi/src/privilege_info.c index 3c7d79a..eecc237 100755 --- a/capi/src/privilege_info.c +++ b/capi/src/privilege_info.c @@ -557,3 +557,16 @@ int privilege_info_get_privilege_list_by_privacy(const char* privacy, GList **pr ret = PRVMGR_ERR_INTERNAL_ERROR; return ret; } + + +int privilege_info_get_black_list(int uid, privilege_manager_package_type_e package_type, GList **privilege_list) +{ + TryReturn(package_type == PRVMGR_PACKAGE_TYPE_WRT || package_type == PRVMGR_PACKAGE_TYPE_CORE, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] package_type invalid!"); + + int ret = privilege_db_manager_get_black_list(uid, package_type, privilege_list); + if (ret == PRIVILEGE_DB_MANAGER_ERR_NONE) + ret = PRVMGR_ERR_NONE; + else + ret = PRVMGR_ERR_INTERNAL_ERROR; + return ret; +} diff --git a/capi/src/privilege_manager.c b/capi/src/privilege_manager.c index 2626445..dd52c30 100755 --- a/capi/src/privilege_manager.c +++ b/capi/src/privilege_manager.c @@ -1,6 +1,8 @@ #include #include #include +#include +#include #include "privilege_db_manager.h" #include "privilege_manager.h" @@ -269,6 +271,16 @@ int privilege_manager_verify_privilege(const char *api_version, privilege_manage free(pkg_type); return PRVMGR_ERR_INVALID_PARAMETER; } + + /* Check black list */ + int uid = getuid(); + ret = privilege_db_manager_check_black_list(uid, package_type, privilege_list); + if (ret > 0) { + LOGE("[PRVMGR_ERR_USING_BANNED_PRIVILEGE] Application manifest contains banned privilege(s) declared by DPM"); + *error_message = strdup("[PRVMGR_ERR_USING_BANNED_PRIVILEGE] Application manifest contains banned privilege(s) declared by the DPM"); + return PRVMGR_ERR_USING_BANNED_PRIVILEGE; + } + /* Get vaild privilege list */ ret = privilege_db_manager_get_privilege_list(api_version, package_type, &vaild_privilege_list); if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) { @@ -466,3 +478,23 @@ int privilege_manager_get_mapped_privilege_list(const char *api_version, privile TryReturn(ret == PRVMGR_ERR_NONE, , PRVMGR_ERR_INTERNAL_ERROR, "[PRVMGR_ERR_INTERNAL_ERROR] privilege_db_manager_get_mapped_privilege_list failed, ret = %d", ret); return ret; } + +int privilege_manager_set_black_list(int uid, privilege_manager_package_type_e package_type, GList *privilege_list) +{ + TryReturn(privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privilege_list is NULL."); + TryReturn(package_type == PRVMGR_PACKAGE_TYPE_WRT || package_type == PRVMGR_PACKAGE_TYPE_CORE, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] Invalid package_type = %d.", package_type); + int ret = privilege_db_manager_set_black_list(uid, package_type, privilege_list); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + ret = PRVMGR_ERR_INTERNAL_ERROR; + return ret; +} + +int privilege_manager_unset_black_list(int uid, privilege_manager_package_type_e package_type, GList *privilege_list) +{ + TryReturn(privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privilege_list is NULL."); + TryReturn(package_type == PRVMGR_PACKAGE_TYPE_WRT || package_type == PRVMGR_PACKAGE_TYPE_CORE, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] Invalid package_type = %d.", package_type); + int ret = privilege_db_manager_unset_black_list(uid, package_type, privilege_list); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + ret = PRVMGR_ERR_INTERNAL_ERROR; + return ret; +} diff --git a/packaging/privilege-checker.spec b/packaging/privilege-checker.spec index 6a63988..8ae0bac 100644 --- a/packaging/privilege-checker.spec +++ b/packaging/privilege-checker.spec @@ -97,25 +97,6 @@ rm -rf %{buildroot} mkdir -p %{buildroot}%{_datadir}/license cp LICENSE.APLv2 %{buildroot}%{_datadir}/license/privilege-checker mkdir -p %{buildroot}%{_datadir}/privilege-manager -#%if "%{?profile}" == "tv" -#cp capi/res/dbspace/tv_wrt_privilege_info.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.db -#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.db "select * from privilege_info" -#cp capi/res/dbspace/tv_core_privilege_info.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.db -#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.db "select * from privilege_info" -#cp capi/res/dbspace/tv_wrt_privilege_mapping.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.db -#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.db "select * from privilege_mapping" -#cp capi/res/dbspace/tv_core_privilege_mapping.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.db -#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.db "select * from privilege_mapping" -#%else -#cp capi/res/dbspace/core_privilege_info.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.db -#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.db "select * from privilege_info" -#cp capi/res/dbspace/wrt_privilege_info.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.db -#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.db "select * from privilege_info" -#cp capi/res/dbspace/core_privilege_mapping.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.db -#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.db "select * from privilege_mapping" -#cp capi/res/dbspace/wrt_privilege_mapping.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.db -#sqlite3 /%{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.db "select * from privilege_mapping" -#%endif %make_install %post -p /sbin/ldconfig @@ -137,6 +118,8 @@ mkdir -p %{buildroot}%{_datadir}/privilege-manager #%endif %{_datadir}/privilege-manager/.wrt_privilege_info.db %{_datadir}/privilege-manager/.wrt_privilege_mapping.db +%config(noreplace) %{_datadir}/privilege-manager/.policy.db +%config(noreplace) %{_datadir}/privilege-manager/.policy.db-journal %manifest packaging/security-privilege-manager.manifest %files -n security-privilege-manager-devel @@ -147,6 +130,7 @@ mkdir -p %{buildroot}%{_datadir}/privilege-manager %{_bindir}/tc-privilege-db-manager %{_bindir}/tc-privilege-manager %{_bindir}/tc-privilege-info +%{_bindir}/tc-privilege-black-list %clean rm -rf %{buildroot} diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 4f67ac6..7edf76a 100755 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -5,10 +5,12 @@ PROJECT(${PACKAGE_NAME}) SET(TC1_NAME tc-privilege-db-manager) SET(TC2_NAME tc-privilege-manager) SET(TC3_NAME tc-privilege-info) +SET(TC4_NAME tc-privilege-black-list) SET(TC1_SRCS ${TC1_NAME}.c) SET(TC2_SRCS ${TC2_NAME}.c) SET(TC3_SRCS ${TC3_NAME}.c) +SET(TC4_SRCS ${TC4_NAME}.c) INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/capi/include) @@ -37,11 +39,14 @@ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} ${PACKAGE_NAME_CFLAGS}") ADD_EXECUTABLE(${TC1_NAME} ${TC1_SRCS}) ADD_EXECUTABLE(${TC2_NAME} ${TC2_SRCS}) ADD_EXECUTABLE(${TC3_NAME} ${TC3_SRCS}) +ADD_EXECUTABLE(${TC4_NAME} ${TC4_SRCS}) TARGET_LINK_LIBRARIES(${TC1_NAME} "security-privilege-manager") TARGET_LINK_LIBRARIES(${TC2_NAME} "security-privilege-manager") TARGET_LINK_LIBRARIES(${TC3_NAME} "security-privilege-manager") +TARGET_LINK_LIBRARIES(${TC4_NAME} "security-privilege-manager") INSTALL(TARGETS ${TC1_NAME} DESTINATION /usr/bin) INSTALL(TARGETS ${TC2_NAME} DESTINATION /usr/bin) INSTALL(TARGETS ${TC3_NAME} DESTINATION /usr/bin) +INSTALL(TARGETS ${TC4_NAME} DESTINATION /usr/bin) diff --git a/test/tc-privilege-black-list.c b/test/tc-privilege-black-list.c new file mode 100755 index 0000000..9e718f5 --- /dev/null +++ b/test/tc-privilege-black-list.c @@ -0,0 +1,525 @@ +#include +#include +#include +#include +#include +#include +#include + +#define BRIGHTNESS 0 +#define RED 31 +#define GREEN 32 +#define YELLOW 33 +#define BLUE 34 +#define WHITE 37 +#define BG_BLACK 40 +#define ShowErrorMsg(condition, error_message, result, ...) \ + __print_result(__get_result_string(result)); \ + if (condition) { \ + __print_error_message(error_message); \ + free(error_message); \ + error_message = NULL; \ + } + +static void __change_color_to_red() +{ + printf("%c[%d;%dm", 0x1B, BRIGHTNESS, RED); +} + +static void __change_color_to_green() +{ + printf("%c[%d;%dm", 0x1B, BRIGHTNESS, GREEN); +} + +static void __change_color_to_yellow() +{ + printf("%c[%d;%dm", 0x1B, BRIGHTNESS, YELLOW); +} + +static void __change_color_to_blue() +{ + printf("%c[%d;%dm", 0x1B, BRIGHTNESS, BLUE); +} + +static void __change_color_to_origin() +{ + printf("%c[%dm", 0x1B, 0); +} + +static void __change_to_bold_red() +{ + printf("%c[%dm%c[%dm", 0x1B, 1, 0x1B, RED); +} + +static void __change_to_bold_yellow() +{ + printf("%c[%dm%c[%dm", 0x1B, 1, 0x1B, YELLOW); +} + +static int fail_cnt = 0; +static int success_cnt = 0; +GList *privilege_list = NULL; + +static const char *__get_result_string(privilege_manager_error_e ret) +{ + if (ret == PRVMGR_ERR_NONE) + return "PRVMGR_ERR_NONE"; + else if (ret == PRVMGR_ERR_INVALID_PRIVILEGE) + return "PRVMGR_ERR_INVALID_PRIVILEGE"; + else if (ret == PRVMGR_ERR_INVALID_PARAMETER) + return "PRVMGR_ERR_INVALID_PARAMETER"; + else if (ret == PRVMGR_ERR_INTERNAL_ERROR) + return "PRVMGR_ERR_INTERNAL_ERROR"; + else if (ret == PRVMGR_ERR_USING_BANNED_PRIVILEGE) + return "PRVMGR_ERR_USING_BANNED_PRIVILEGE"; + + return "FAIL"; +} + +static void __print_error_message(char *error_message) +{ + char *token = NULL; + char *temp = strdup(error_message); + char *save = NULL; + + char err_type[256] = { 0, }; + + if (strstr(error_message, "DEPRECATED") != NULL) + strncat(err_type, "PRVMGR_ERR_DEPRECATED_PRIVILEGE ", strlen("PRVMGR_ERR_DEPRECATED_PRIVILEGE ")); + + if (strstr(error_message, "NO_EXIST") != NULL) + strncat(err_type, "PRVMGR_ERR_NO_EXIST_PRIVILEGE ", strlen("PRVMGR_ERR_NO_EXIST_PRIVILEGE ")); + + if (strstr(error_message, "MISMATCHED") != NULL) + strncat(err_type, "PRVMGR_ERR_MISMACHED_PRIVILEGE_LEVEL ", strlen("PRVMGR_ERR_MISMACHED_PRIVILEGE_LEVEL ")); + + if (strstr(error_message, "INVALID_PARAMETER") != NULL) + strncat(err_type, "PRVMGR_ERR_INVALID_PARAMETER ", strlen("PRVMGR_ERR_INVALID_PARAMETER ")); + + if (strstr(error_message, "BANNED") != NULL) + strncat(err_type, "PRVMGR_ERR_USING_BANNED_PRIVILEGE ", strlen("PRVMGR_ERR_USING_BANNED_PRIVILEGE ")); + + if (strlen(err_type) == 0) { + fail_cnt++; + strncat(err_type, "test failed - unknown error type", strlen("test failed - unknown error type ")); + __change_color_to_red(); + } else { + __change_color_to_blue(); + } + printf("Error Message : %s\n", err_type); + __change_color_to_origin(); + + token = strtok_r(temp, "|", &save); + while (token) { + printf("%s\n", token); + token = strtok_r(NULL, "|", &save); + } + printf("\n"); + free(temp); +} + +typedef enum { + goal = 1, + pkg_type = 4, + expect = 5 +} tcinfo_type_e; + +static void __tcinfo(tcinfo_type_e type, char *input_string, ...) +{ + switch (type) { + case goal: + __change_color_to_yellow(); + printf("TEST >> %s\n\n", input_string); + __change_color_to_origin(); + break; + case pkg_type: + printf("PACKAGE TYPE : %s\n", input_string); + break; + case expect: + printf("- expected result : %s\n", input_string); + break; + default: + printf("no matching enum for input\n"); + } +} + +static void __privinfo(char *name) +{ + printf("%s", name); + privilege_list = g_list_append(privilege_list, name); + printf("\n"); +} + +static void __print_result(const char *input_string) +{ + printf("- achieved result : %s\n\n", input_string); +} + +static void __print_line() +{ + printf("-------------------------------------------------------------------\n"); +} + +static void __print_dline() +{ + printf("===================================================================\n"); +} + +static void __print_privilege_list(GList * privilege_list) +{ + GList *l; + printf("Print privilege list: \n"); + for (l = privilege_list; l != NULL; l = l->next) { + char *privilege_name = (char *)l->data; + printf("%s\n", privilege_name); + } +} + +static void __check_verify_result(privilege_manager_error_e expected_result, privilege_manager_error_e result) +{ + if (expected_result != result) { + __change_to_bold_red(); + printf(">> test fail\n"); + fail_cnt++; + } else { + __change_color_to_green(); + printf(">> test success\n"); + success_cnt++; + } + __change_color_to_origin(); +} + + +static void __test_black_list_set_unset() +{ + int ret = 0; + GList *black_list; + + __change_to_bold_yellow(); + printf("\nTest black list set/unset/get\n\n"); + __change_color_to_origin(); + + __tcinfo(goal, "uid = 0, Get wrt black list"); + ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_privilege_list(black_list); + __print_line(); + g_list_free(black_list); + black_list = NULL; + + __tcinfo(goal, "uid = 0, Add wrt privileges"); + __privinfo("http://tizen.org/privilege/filesystem.read"); + __privinfo("http://tizen.org/privilege/account.read"); + __privinfo("http://tizen.org/privilege/internet"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_manager_set_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_line(); + g_list_free(privilege_list); + privilege_list = NULL; + + __tcinfo(goal, "uid = 0, Get wrt black list"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_privilege_list(black_list); + __print_line(); + g_list_free(black_list); + black_list = NULL; + + __tcinfo(goal, "uid = 0, Add wrt privileges -- Add duplicated privileges"); + __privinfo("http://tizen.org/privilege/filesystem.read"); + __privinfo("http://tizen.org/privilege/account.read"); + __privinfo("http://tizen.org/privilege/internet"); + __privinfo("http://tizen.org/privilege/mediacapture"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_manager_set_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_line(); + g_list_free(privilege_list); + privilege_list = NULL; + + __tcinfo(goal, "uid = 0, Get wrt black list"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_privilege_list(black_list); + __print_line(); + g_list_free(black_list); + black_list = NULL; + + __tcinfo(goal, "uid = 0, Remove wrt privileges"); + __privinfo("http://tizen.org/privilege/filesystem.read"); + __privinfo("http://tizen.org/privilege/account.read"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_manager_unset_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_line(); + g_list_free(privilege_list); + privilege_list = NULL; + + __tcinfo(goal, "uid = 0, Get wrt black list"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_privilege_list(black_list); + __print_line(); + g_list_free(black_list); + black_list = NULL; + + __tcinfo(goal, "uid = 0, Remove wrt privileges -- Try to remove already removed privileges"); + __privinfo("http://tizen.org/privilege/filesystem.read"); + __privinfo("http://tizen.org/privilege/account.read"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_manager_unset_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_line(); + g_list_free(privilege_list); + privilege_list = NULL; + + __tcinfo(goal, "uid = 0, Get wrt black list"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_privilege_list(black_list); + __print_line(); + g_list_free(black_list); + black_list = NULL; + +} + + +static void __test_black_list_check() +{ + GList *black_list = NULL; + int ret = 0; + + __change_to_bold_yellow(); + printf("\nTest privilege list with banned privilege\n\n"); + __change_color_to_origin(); + + __tcinfo(goal, "uid = 0, Get wrt black list"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_privilege_list(black_list); + __print_line(); + g_list_free(black_list); + black_list = NULL; + + __tcinfo(goal, "uid = 0, contains banned privilege"); + __privinfo("http://tizen.org/privilege/mediacapture"); + __privinfo("http://tizen.org/privilege/internet"); + __privinfo("http://tizen.org/privilege/telephony"); + __tcinfo(expect, "PRVMGR_ERR_USING_BANNED_PRIVILEGE"); + ret = privilege_db_manager_check_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list); + if (ret > 0) + ret = PRVMGR_ERR_USING_BANNED_PRIVILEGE; + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_USING_BANNED_PRIVILEGE, ret); + __print_line(); + g_list_free(privilege_list); + privilege_list = NULL; + + __tcinfo(goal, "uid = 0, Not contains banned privilege"); + __privinfo("http://tizen.org/privilege/account.write"); + __privinfo("http://tizen.org/privilege/mediacontroller.client"); + __privinfo("http://tizen.org/privilege/telephony"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_db_manager_check_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, privilege_list); + if (ret > 0) + ret = PRVMGR_ERR_USING_BANNED_PRIVILEGE; + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_line(); + g_list_free(privilege_list); + privilege_list = NULL; + + __tcinfo(goal, "uid = 1, Contains banned privilege but the UID is different"); + __privinfo("http://tizen.org/privilege/account.read"); + __privinfo("http://tizen.org/privilege/internet"); + __privinfo("http://tizen.org/privilege/telephony"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_db_manager_check_black_list(1, PRVMGR_PACKAGE_TYPE_WRT, privilege_list); + if (ret > 0) + ret = PRVMGR_ERR_USING_BANNED_PRIVILEGE; + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_line(); + g_list_free(privilege_list); + privilege_list = NULL; + + __tcinfo(goal, "uid = 0, Contains banned privilege but the package type is different"); + __privinfo("http://tizen.org/privilege/account.read"); + __privinfo("http://tizen.org/privilege/internet"); + __privinfo("http://tizen.org/privilege/telephony"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_db_manager_check_black_list(0, PRVMGR_PACKAGE_TYPE_CORE, privilege_list); + if (ret > 0) + ret = PRVMGR_ERR_USING_BANNED_PRIVILEGE; + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_line(); + g_list_free(privilege_list); + privilege_list = NULL; +} + +static void __test_black_list_verify_privilege() +{ + GList *black_list = NULL; + char *error_message = NULL; + int ret = 0; + + __change_to_bold_yellow(); + printf("\nTest privilege_manager_verify_privilege with banned privilege\n\n"); + __change_color_to_origin(); + + __tcinfo(goal, "uid = 0, Get wrt black list"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_privilege_list(black_list); + __print_line(); + + __tcinfo(goal, "2.3.1, wrt, Name=OK, Version=OK, Level=OK -- Public "); + __privinfo("http://tizen.org/privilege/bluetooth.gap"); + __privinfo("http://tizen.org/privilege/bluetooth.health"); + __privinfo("http://tizen.org/privilege/alarm"); + __privinfo("http://tizen.org/privilege/application.info"); + __privinfo("http://tizen.org/privilege/calendar.read"); + __privinfo("http://tizen.org/privilege/call"); + __privinfo("http://tizen.org/privilege/callhistory.read"); + __privinfo("http://tizen.org/privilege/contact.write"); + __privinfo("http://tizen.org/privilege/content.read"); + __privinfo("http://tizen.org/privilege/datacontrol.consumer"); + __privinfo("http://tizen.org/privilege/datasync"); + __privinfo("http://tizen.org/privilege/download"); + __privinfo("http://tizen.org/privilege/filesystem.read"); + __privinfo("http://tizen.org/privilege/fullscreen"); + __privinfo("http://tizen.org/privilege/healthinfo"); + __privinfo("http://tizen.org/privilege/internet"); + __privinfo("http://tizen.org/privilege/location"); + __privinfo("http://tizen.org/privilege/mediacapture"); + __privinfo("http://tizen.org/privilege/messaging.write"); + __privinfo("http://tizen.org/privilege/nfc.admin"); + __privinfo("http://tizen.org/privilege/notification"); + __privinfo("http://tizen.org/privilege/package.info"); + __privinfo("http://tizen.org/privilege/power"); + __privinfo("http://tizen.org/privilege/telephony"); + __privinfo("http://tizen.org/privilege/websetting"); + __tcinfo(expect, "PRVMGR_ERR_USING_BANNED_PRIVILEGE"); + ret = privilege_manager_verify_privilege("2.3.1", PRVMGR_PACKAGE_TYPE_WRT, privilege_list, PRVMGR_PACKAGE_VISIBILITY_PUBLIC, &error_message); + ShowErrorMsg(error_message != NULL, error_message, ret); + __check_verify_result(PRVMGR_ERR_USING_BANNED_PRIVILEGE, ret); + __print_line(); + + g_list_free(privilege_list); + privilege_list = NULL; + + __tcinfo(goal, "uid = 0, Remove all banned wrt privileges"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_manager_unset_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, black_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_line(); + g_list_free(black_list); + black_list = NULL; + + __tcinfo(goal, "uid = 0, Get wrt black list"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_info_get_black_list(0, PRVMGR_PACKAGE_TYPE_WRT, &black_list); + __print_result(__get_result_string(ret)); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_privilege_list(black_list); + __print_line(); + + + __tcinfo(goal, "2.3.1, wrt, Name=OK, Version=OK, Level=OK -- Public "); + __privinfo("http://tizen.org/privilege/bluetooth.gap"); + __privinfo("http://tizen.org/privilege/bluetooth.health"); + __privinfo("http://tizen.org/privilege/alarm"); + __privinfo("http://tizen.org/privilege/application.info"); + __privinfo("http://tizen.org/privilege/calendar.read"); + __privinfo("http://tizen.org/privilege/call"); + __privinfo("http://tizen.org/privilege/callhistory.read"); + __privinfo("http://tizen.org/privilege/contact.write"); + __privinfo("http://tizen.org/privilege/content.read"); + __privinfo("http://tizen.org/privilege/datacontrol.consumer"); + __privinfo("http://tizen.org/privilege/datasync"); + __privinfo("http://tizen.org/privilege/download"); + __privinfo("http://tizen.org/privilege/filesystem.read"); + __privinfo("http://tizen.org/privilege/fullscreen"); + __privinfo("http://tizen.org/privilege/healthinfo"); + __privinfo("http://tizen.org/privilege/internet"); + __privinfo("http://tizen.org/privilege/location"); + __privinfo("http://tizen.org/privilege/mediacapture"); + __privinfo("http://tizen.org/privilege/messaging.write"); + __privinfo("http://tizen.org/privilege/nfc.admin"); + __privinfo("http://tizen.org/privilege/notification"); + __privinfo("http://tizen.org/privilege/package.info"); + __privinfo("http://tizen.org/privilege/power"); + __privinfo("http://tizen.org/privilege/telephony"); + __privinfo("http://tizen.org/privilege/websetting"); + __tcinfo(expect, "PRVMGR_ERR_NONE"); + ret = privilege_manager_verify_privilege("2.3.1", PRVMGR_PACKAGE_TYPE_WRT, privilege_list, PRVMGR_PACKAGE_VISIBILITY_PUBLIC, &error_message); + ShowErrorMsg(error_message != NULL, error_message, ret); + __check_verify_result(PRVMGR_ERR_NONE, ret); + __print_line(); + + g_list_free(privilege_list); + privilege_list = NULL; + +} + +int main() +{ + __print_dline(); + + __change_color_to_yellow(); + printf("\n"); + printf("Test function : privilege_manager_set_black_list\n"); + printf(" privilege_manager_unset_black_list\n"); + printf(" privilege_info_get_black_list\n"); + printf("\n"); + __change_color_to_origin(); + __test_black_list_set_unset(); + + __print_dline(); + + __change_color_to_yellow(); + printf("Test function : privilege_db_manager_check_black_list\n"); + printf(" privilege_info_get_black_list\n"); + __change_color_to_origin(); + __test_black_list_check(); + + __print_dline(); + + + __change_color_to_yellow(); + printf("Test function : privilege_manager_verify_privilege\n"); + __change_color_to_origin(); + __test_black_list_verify_privilege(); + + __print_dline(); + + __change_color_to_green(); + printf("Test Complete\n"); + printf("success : %d, ", success_cnt); + __change_color_to_red(); + printf("fail : %d\n", fail_cnt); + __change_color_to_origin(); + + return 0; +} diff --git a/test/tc-privilege-manager.c b/test/tc-privilege-manager.c index 6ee9b67..50a2bbb 100755 --- a/test/tc-privilege-manager.c +++ b/test/tc-privilege-manager.c @@ -68,6 +68,8 @@ static const char *__get_result_string(privilege_manager_error_e ret) return "PRVMGR_ERR_INVALID_PARAMETER"; else if (ret == PRVMGR_ERR_INTERNAL_ERROR) return "PRVMGR_ERR_INTERNAL_ERROR"; + else if (ret == PRVMGR_ERR_USING_BANNED_PRIVILEGE) + return "PRVMGR_ERR_USING_BANNED_PRIVILEGE"; return "FAIL"; } @@ -91,6 +93,8 @@ static void __print_error_message(char *error_message) if (strstr(error_message, "INVALID_PARAMETER") != NULL) strncat(err_type, "PRVMGR_ERR_INVALID_PARAMETER ", strlen("PRVMGR_ERR_INVALID_PARAMETER ")); + if (strstr(error_message, "BANNED") != NULL) + strncat(err_type, "PRVMGR_ERR_USING_BANNED_PRIVILEGE ", strlen("PRVMGR_ERR_USING_BANNED_PRIVILEGE ")); if (strlen(err_type) == 0) { fail_cnt++;