From: Yunjin Lee Date: Wed, 14 Jun 2017 06:23:26 +0000 (+0900) Subject: Add privacy DB X-Git-Tag: submit/tizen/20170804.071219^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=90eaf84d446858e45d0fb443a77af443e7d76800;p=platform%2Fcore%2Fsecurity%2Fprivilege-checker.git Add privacy DB - Add privacy DB to store privacy package info - Remove redundant build: No need to build policy DB for each profile Change-Id: Ib2f7550b9e7f0d7c8788d6a1bfcf1ebadc1b6581 Signed-off-by: Yunjin Lee --- diff --git a/capi/CMakeLists.txt b/capi/CMakeLists.txt index 8144187..61f973c 100644 --- a/capi/CMakeLists.txt +++ b/capi/CMakeLists.txt @@ -98,6 +98,7 @@ ADD_DEFINITIONS(-DPRIVILEGE_INFO_WRT_DB_PATH="${PRIVILEGE_DB_DIR}/.wrt_privilege ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_CORE_DB_PATH="${PRIVILEGE_DB_DIR}/.core_privilege_mapping.db") ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_WRT_DB_PATH="${PRIVILEGE_DB_DIR}/.wrt_privilege_mapping.db") ADD_DEFINITIONS(-DPRIVILEGE_POLICY_DB_PATH="${TZ_SYS_DB}/.policy.db") +ADD_DEFINITIONS(-DPRIVILEGE_PRIVACY_DB_PATH="${TZ_SYS_DB}/.privacy.db") ADD_DEFINITIONS(-DASKUSER_RUNTIME_DISABLE_PATH="${TZ_SYS_SHARE}/askuser_disable") SET(ROOT_DIR ${CMAKE_SOURCE_DIR}/cmake_build_tmp/output) SET(LOCALE_ROOT_PATH "${ROOT_DIR}/target/generic/root/usr/share/locale") diff --git a/capi/include/privilege_db_manager.h b/capi/include/privilege_db_manager.h index b3f7376..90f999a 100755 --- a/capi/include/privilege_db_manager.h +++ b/capi/include/privilege_db_manager.h @@ -18,6 +18,7 @@ #define __PRIVILEGE_DB_MANAGER_H #include +#include #include "privilege_manager_types.h" #ifdef __cplusplus @@ -249,6 +250,10 @@ int privilege_db_manager_get_black_list(privilege_manager_policy_type_e policy_t * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query. * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist. * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL Write could not complete due to the disk is full. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed. */ int privilege_db_manager_set_black_list(privilege_manager_policy_type_e policy_type, int uid, privilege_manager_package_type_e pacakge_type, GList *privilege_list); @@ -263,6 +268,9 @@ int privilege_db_manager_set_black_list(privilege_manager_policy_type_e policy_t * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query. * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist. * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed. */ int privilege_db_manager_unset_black_list(privilege_manager_policy_type_e policy_type, int uid, privilege_manager_package_type_e package_type, GList *privilege_list); @@ -280,6 +288,154 @@ int privilege_db_manager_unset_black_list(privilege_manager_policy_type_e policy */ int privilege_db_manager_check_black_list(uid_t uid, privilege_manager_package_type_e pacakge_type, GList *privilege_list); +/** + * @brief Set application package's critical privilege information + * @remarks Non-privacy privilege included in the privilege list will be ignored. + * @remarks Call it with the privilege list before mapping. + * @remarks @a critical_privilege_list must be released by you. + * @param [in] uid The uid + * @param [in] pkgid The package ID + * @param [in] package_type The package type of the given privilege list + * @param [in] api_version The api-version of package + * @param [in] is_privacy_requestable Indicates if the application package can request privacy + * @param [in] critical_privilege_list The ciritical privilege list + * @return 0 on success, otherwise a negative error value. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful. + * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist. + * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL Write could not complete due to the disk is full. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed. + */ +int privilege_db_manager_set_package_critical_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, bool is_privacy_requestable, GList* critical_privilege_list); + +/** + * @brief Set application package's privacy privilege information + * @remarks Non-privacy privilege included in the privilege list will be ignored. + * @remarks Call it with the privilege list before mapping. + * @remarks @a privilege_list must be released by you. + * @param [in] uid The uid + * @param [in] pkgid The package ID + * @param [in] package_type The package type of the given privilege list + * @param [in] api_version The api-version of the package + * @param [in] is_privacy_requestable Indicates if the application package can request privacy + * @param [in] privilege_list The privacy privilege list + * @return 0 on success, otherwise a negative error value. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful. + * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist. + * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL Write could not complete due to the disk is full. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed. + */ +int privilege_db_manager_set_package_privacy_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, bool is_privacy_requestable, GList* privilege_list); + +/** + * @brief Delete all privacy, critical privilege info of the given application package. + * @param [in] uid The uid + * @param [in] pkgid The package ID + * @return 0 on success, otherwise a negative error value. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful. + * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist. + * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed. + */ +int privilege_db_manager_unset_package_privilege_info(const uid_t uid, const char* pkgid); + +/** + * @brief Get is_privacy_requestable value of the package + * @remarks If the package have no privacy privilege then it will return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT + * @param [in] uid The uid + * @param [in] pkgid The package ID + * @param [out] is_privacy_requestable is_privacy_requestable value + * @return 0 on success, otherwise a negative error value. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful. + * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist. + * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury. + */ +int privilege_db_manager_is_privacy_requestable(const uid_t uid, const char* pkgid, bool* is_privacy_requestable); + +/** + * @brief Get is_critical value for thr privilege and package + * @remarks If the privilege is not a privacy privilege then it will return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT + * @param [in] uid The uid + * @param [in] pkgid The package ID + * @param [in] privilege The privilege + * @param [out] is_critical is_critical value + * @return 0 on success, otherwise a negative error value. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful. + * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist. + * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury. + */ +int privilege_db_manager_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical); + +/** + * @brief Get all privacy package list of the user + * @param [in] uid The uid + * @param [out] package_list The package list + * @return 0 on success, otherwise a negative error value. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful. + * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist. + * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury. + */ +int privilege_db_manager_get_all_privacy_package_list(const uid_t uid, GList** package_list); + +/** + * @brief Get privacy list of the application package + * @param [in] uid The uid + * @param [in] pkgid The package ID + * @param [out] privacy_list The privacy list + * @return 0 on success, otherwise a negative error value. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful. + * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist. + * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury. + */ +int privilege_db_manager_get_privacy_list_by_pkgid(const uid_t uid, const char* pkgid, GList** privacy_list); + +/** + * @brief Get package list with the given privacy + * @param [in] uid The uid + * @param [in] privacy The privacy name + * @param [out] package_list The package list + * @return 0 on success, otherwise a negative error value. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful. + * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist. + * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury. + */ +int privilege_db_manager_get_package_list_by_privacy(const uid_t uid, const char* privacy, GList** package_list); + +/** + * @brief Get package's privilege list related to the given privacy + * @param [in] uid The uid + * @param [in] pkgid The package id + * @param [in] privacy The privacy name + * @param [out] privilege_list The privilege list + * @return 0 on success, otherwise a negative error value. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE Successful. + * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query. + * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist. + * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB. + * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury. + */ +int privilege_db_manager_get_privilege_list_by_pkgid_and_privacy(const uid_t uid, const char* pkgid, const char* privacy, GList** privilege_list); + #ifdef __cplusplus } #endif diff --git a/capi/include/privilege_package_info.h b/capi/include/privilege_package_info.h new file mode 100755 index 0000000..4c7cf4c --- /dev/null +++ b/capi/include/privilege_package_info.h @@ -0,0 +1,166 @@ +/* + * Copyright(c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0(the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an AS IS BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __TIZEN_SECURITY_PRIVILEGE_PACKAGE_INFO_H +#define __TIZEN_SECURITY_PRIVILEGE_PACKAGE_INFO_H + +#ifndef EXPORT_API +#define EXPORT_API __attribute__((__visibility__("default"))) +#endif + +#include +#include +#include "privilege_manager_types.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Set privacy privilege of the application package. + * @remarks Non-privacy privilege included in the privilege list will be ignored. + * @remarks Call it with the privilege list before mapping. + * @remarks @a privilege_list must be released by you. + * @param [in] uid The uid of the user who's trying to install the application. + * @param [in] pkgid The package ID + * @param [in] package_type The package type + * @param [in] api_version The api-version + * @param [in] privilege_list The privilege list. + * @return 0 on success, otherwise a negative error value. + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_package_info_set_privacy_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list); + +/** + * @brief Set critical privilege of the application package. + * @remarks Non-privacy privilege included in the privilege list will be ignored. + * @remarks Call it with the privilege list before mapping and include only critical privileges. + * @remarks @a critical_privilege_list must be released by you. + * @param [in] uid The uid of the user who's trying to install the application. + * @param [in] pkgid The package ID + * @param [in] package_type The package type + * @param [in] api_version The api-version + * @param [in] critical_privilege_list The critical privilege list. + * @return 0 on success, otherwise a negative error value. + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_package_info_set_critical_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list); + +/** + * @brief Delete all privacy, critical privilege info of the given application package. + * @param [in] uid The uid of the user who's trying to install the application. + * @param [in] pkgid The package ID + * @return 0 on success, otherwise a negative error value. + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_package_info_unset_package_privilege_info(const uid_t uid, const char* pkgid); + +/** + * @brief See if the application package's api-version is privacy requestable or not. + * @param [in] uid The uid of the user who's trying to install the application. + * @param [in] pkgid The package ID + * @param [out] is_requestable Indicates whether the given package is privacy requestable(true) or not(false). If the given package have no privacy privilege then it is set to false. + * @return 0 on success, otherwise a negative error value. + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_package_info_is_privacy_requestable(const uid_t uid, const char* pkgid, bool* is_requestable); + +/** + * @brief See if the given api-version is privacy requestable api-version. + * @param [in] api_version The api-version + * @param [out] is_requestable Indicates whether the given api-version is privacy requestable(true) or not(false). + * @return 0 on success, otherwise a negative error value. + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_package_info_is_privacy_requestable_api_version(const char* api_version, bool* is_requestable); + +/** + * @brief Check if the given privilege is critical for the application package. + * @param [in] uid The uid + * @param [in] pkgid The package ID + * @param [in] privilege The privilege to check + * @param [out] is_critical true if the given privilege is critical, or set to false. + * @return 0 on success, otherwise a negative error value. + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_package_info_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical); + +/** + * @brief Get all privacy package list of the user + * @param [in] uid The uid + * @param [out] package_list The package list + * @return 0 on success, otherwise a negative error value. + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_package_info_get_all_privacy_package_list(const uid_t uid, GList** package_list); + +/** + * @brief Get privacy list of the application package + * @param [in] uid The uid + * @param [in] pkgid The package ID + * @param [out] privacy_list The privacy list + * @return 0 on success, otherwise a negative error value. + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_package_info_get_privacy_list_by_pkgid(const uid_t uid, const char* pkgid, GList** privacy_list); + +/** + * @brief Get list of application packages with the given privacy related privileges + * @param [in] uid The uid + * @param [in] privacy The privacy name + * @param [out] package_list The application package list. + * @return 0 on success, otherwise a negative error value. + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_package_info_get_package_list_by_privacy(const uid_t uid, const char* privacy, GList** package_list); + +/** + * @brief Get the application package's privilege list related to the given privacy. + * @param [in] uid The uid + * @param [in] pkgid The package ID + * @param [in] privacy The privacy name + * @param [out] package_list The application package list. + * @return 0 on success, otherwise a negative error value. + * @retval #PRVMGR_ERR_NONE Successful + * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter + * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error + */ +EXPORT_API int privilege_package_info_get_privilege_list_by_pkgid_and_privacy(const uid_t uid, const char* pkgid, const char* privacy, GList** privilege_list); + +#ifdef __cplusplus +} +#endif + +#endif /* __TIZEN_SECURITY_PRIVILEGE_PACKAGE_INFO_H */ + diff --git a/capi/include/privilege_private.h b/capi/include/privilege_private.h index cfe4768..0d22c72 100644 --- a/capi/include/privilege_private.h +++ b/capi/include/privilege_private.h @@ -1,5 +1,5 @@ /* - * Copyright(c)2016 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright(c) 2016-2017 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0(the License); * you may not use this file except in compliance with the License. @@ -25,18 +25,26 @@ extern "C" { #define INI_KEYWORD_PROFILE "General:Profile" typedef enum { - PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON = 0, - PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE = 1, - PRIVILEGE_DB_MANAGER_PROFILE_TYPE_WEARABLE = 2, - PRIVILEGE_DB_MANAGER_PROFILE_TYPE_TV = 3, - PRIVILEGE_DB_MANAGER_PROFILE_TYPE_UNKNOWN = 0xff, -} privilege_db_manager_profile_type_e; -extern privilege_db_manager_profile_type_e get_priv_profile(); -#define ENABLE_ASKUSER ((get_priv_profile() == PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE) || \ - (get_priv_profile() == PRIVILEGE_DB_MANAGER_PROFILE_TYPE_WEARABLE)) + PRIVILEGE_PROFILE_TYPE_COMMON = 0, + PRIVILEGE_PROFILE_TYPE_MOBILE = 1, + PRIVILEGE_PROFILE_TYPE_WEARABLE = 2, + PRIVILEGE_PROFILE_TYPE_TV = 3, + PRIVILEGE_PROFILE_TYPE_UNKNOWN = 0xff, +} privilege_profile_type_e; + +extern privilege_profile_type_e get_priv_profile(); + +#define g_privilege_profile_type (get_priv_profile()) + +#define ENABLE_ASKUSER ((g_privilege_profile_type == PRIVILEGE_PROFILE_TYPE_MOBILE) || \ + (g_privilege_profile_type == PRIVILEGE_PROFILE_TYPE_WEARABLE)) #define DISABLE_ASKUSER (!ENABLE_ASKUSER) +typedef u_int32_t api_version_code_t; +extern int __get_api_version_code(const char* api_version, api_version_code_t* api_version_code); + +#define PRIVACY_REQUESTABLE_API_VERSION "4.0" #ifdef __cplusplus } diff --git a/capi/res/dbspace/CMakeLists.txt b/capi/res/dbspace/CMakeLists.txt index c3126ef..bb1a333 100644 --- a/capi/res/dbspace/CMakeLists.txt +++ b/capi/res/dbspace/CMakeLists.txt @@ -3,44 +3,45 @@ SET(WRT_PRIVILEGE_DB ".wrt_privilege_info.db") SET(CORE_PRIVILEGE_MAPPING_DB ".core_privilege_mapping.db") SET(WRT_PRIVILEGE_MAPPING_DB ".wrt_privilege_mapping.db") SET(POLICY_DB ".policy.db") +SET(PRIVACY_DB ".privacy.db") SET(CORE_PRIVILEGE_DB_MOBILE ".core_privilege_info.mobile.db") SET(WRT_PRIVILEGE_DB_MOBILE ".wrt_privilege_info.mobile.db") SET(CORE_PRIVILEGE_MAPPING_DB_MOBILE ".core_privilege_mapping.mobile.db") SET(WRT_PRIVILEGE_MAPPING_DB_MOBILE ".wrt_privilege_mapping.mobile.db") -SET(POLICY_DB_MOBILE ".policy.mobile.db") SET(CORE_PRIVILEGE_DB_TV ".core_privilege_info.tv.db") SET(WRT_PRIVILEGE_DB_TV ".wrt_privilege_info.tv.db") SET(CORE_PRIVILEGE_MAPPING_DB_TV ".core_privilege_mapping.tv.db") SET(WRT_PRIVILEGE_MAPPING_DB_TV ".wrt_privilege_mapping.tv.db") -SET(POLICY_DB_TV ".policy.tv.db") SET(CORE_PRIVILEGE_DB_WEARABLE ".core_privilege_info.wearable.db") SET(WRT_PRIVILEGE_DB_WEARABLE ".wrt_privilege_info.wearable.db") SET(CORE_PRIVILEGE_MAPPING_DB_WEARABLE ".core_privilege_mapping.wearable.db") SET(WRT_PRIVILEGE_MAPPING_DB_WEARABLE ".wrt_privilege_mapping.wearable.db") -SET(POLICY_DB_WEARABLE ".policy.wearable.db") # Create TV DB / WEARABLE DB / MOBILE DB ADD_CUSTOM_COMMAND( - OUTPUT ${CORE_PRIVILEGE_DB_TV} ${WRT_PRIVILEGE_DB_TV} ${CORE_PRIVILEGE_MAPPING_DB_TV} ${WRT_PRIVILEGE_MAPPING_DB_TV} ${POLICY_DB_TV} - ${CORE_PRIVILEGE_DB_WEARABLE} ${WRT_PRIVILEGE_DB_WEARABLE} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE} ${POLICY_DB_WEARABLE} - ${CORE_PRIVILEGE_DB_MOBILE} ${WRT_PRIVILEGE_DB_MOBILE} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE} ${POLICY_DB_MOBILE} - COMMAND ./tv_core_db_generator.sh && ./tv_wrt_db_generator.sh && ./tv_core_mapping_db_generator.sh && ./tv_wrt_mapping_db_generator.sh && ./policy_db_generator.sh && - mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_TV} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_TV} && mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_TV} && - mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_TV} && mv ${POLICY_DB} ${POLICY_DB_TV} && mv ${POLICY_DB}-journal ${POLICY_DB_TV}-journal && - ./core_db_generator.sh wearable && ./wrt_db_generator.sh wearable && ./core_mapping_db_generator.sh wearable && ./wrt_mapping_db_generator.sh wearable && ./policy_db_generator.sh && - mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_WEARABLE} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_WEARABLE} && mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} && - mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE} && mv ${POLICY_DB} ${POLICY_DB_WEARABLE} && mv ${POLICY_DB}-journal ${POLICY_DB_WEARABLE}-journal && - ./core_db_generator.sh mobile && ./wrt_db_generator.sh mobile && ./core_mapping_db_generator.sh mobile && ./wrt_mapping_db_generator.sh mobile && ./policy_db_generator.sh && - mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_MOBILE} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_MOBILE} && mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} && - mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE} && mv ${POLICY_DB} ${POLICY_DB_MOBILE} && mv ${POLICY_DB}-journal ${POLICY_DB_MOBILE}-journal + OUTPUT ${POLICY_DB} ${PRIVACY_DB} + ${CORE_PRIVILEGE_DB_TV} ${WRT_PRIVILEGE_DB_TV} ${CORE_PRIVILEGE_MAPPING_DB_TV} ${WRT_PRIVILEGE_MAPPING_DB_TV} + ${CORE_PRIVILEGE_DB_WEARABLE} ${WRT_PRIVILEGE_DB_WEARABLE} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE} + ${CORE_PRIVILEGE_DB_MOBILE} ${WRT_PRIVILEGE_DB_MOBILE} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE} + COMMAND ./policy_db_generator.sh && ./privacy_db_generator.sh && + ./tv_core_db_generator.sh && ./tv_wrt_db_generator.sh && ./tv_core_mapping_db_generator.sh && ./tv_wrt_mapping_db_generator.sh && + mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_TV} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_TV} && + mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_TV} && mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_TV} && + ./core_db_generator.sh wearable && ./wrt_db_generator.sh wearable && ./core_mapping_db_generator.sh wearable && ./wrt_mapping_db_generator.sh wearable && + mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_WEARABLE} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_WEARABLE} && + mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} && mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE} && + ./core_db_generator.sh mobile && ./wrt_db_generator.sh mobile && ./core_mapping_db_generator.sh mobile && ./wrt_mapping_db_generator.sh mobile && + mv ${CORE_PRIVILEGE_DB} ${CORE_PRIVILEGE_DB_MOBILE} && mv ${WRT_PRIVILEGE_DB} ${WRT_PRIVILEGE_DB_MOBILE} && + mv ${CORE_PRIVILEGE_MAPPING_DB} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} && mv ${WRT_PRIVILEGE_MAPPING_DB} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE} ) -ADD_CUSTOM_TARGET(privilege-db ALL DEPENDS ${CORE_PRIVILEGE_DB_TV} ${WRT_PRIVILEGE_DB_TV} ${CORE_PRIVILEGE_MAPPING_DB_TV} ${WRT_PRIVILEGE_MAPPING_DB_TV} ${POLICY_DB_TV} - ${CORE_PRIVILEGE_DB_WEARABLE} ${WRT_PRIVILEGE_DB_WEARABLE} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE} ${POLICY_DB_WEARABLE} - ${CORE_PRIVILEGE_DB_MOBILE} ${WRT_PRIVILEGE_DB_MOBILE} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE} ${POLICY_DB_MOBILE} +ADD_CUSTOM_TARGET(privilege-db ALL DEPENDS ${POLICY_DB} ${PRIVACY_DB} + ${CORE_PRIVILEGE_DB_TV} ${WRT_PRIVILEGE_DB_TV} ${CORE_PRIVILEGE_MAPPING_DB_TV} ${WRT_PRIVILEGE_MAPPING_DB_TV} + ${CORE_PRIVILEGE_DB_WEARABLE} ${WRT_PRIVILEGE_DB_WEARABLE} ${CORE_PRIVILEGE_MAPPING_DB_WEARABLE} ${WRT_PRIVILEGE_MAPPING_DB_WEARABLE} + ${CORE_PRIVILEGE_DB_MOBILE} ${WRT_PRIVILEGE_DB_MOBILE} ${CORE_PRIVILEGE_MAPPING_DB_MOBILE} ${WRT_PRIVILEGE_MAPPING_DB_MOBILE} ) INSTALL(FILES ${CORE_PRIVILEGE_DB_TV} ${WRT_PRIVILEGE_DB_TV} ${CORE_PRIVILEGE_MAPPING_DB_TV} ${WRT_PRIVILEGE_MAPPING_DB_TV} @@ -49,8 +50,6 @@ INSTALL(FILES ${CORE_PRIVILEGE_DB_TV} ${WRT_PRIVILEGE_DB_TV} ${CORE_PRIVILEGE_MA DESTINATION ${DATADIR}/privilege-manager/ ) -INSTALL(FILES ${POLICY_DB_TV} ${POLICY_DB_TV}-journal DESTINATION ${TZ_SYS_DB}/) -INSTALL(FILES ${POLICY_DB_WEARABLE} ${POLICY_DB_WEARABLE}-journal DESTINATION ${TZ_SYS_DB}/) -INSTALL(FILES ${POLICY_DB_MOBILE} ${POLICY_DB_MOBILE}-journal DESTINATION ${TZ_SYS_DB}/) +INSTALL(FILES ${POLICY_DB} ${POLICY_DB}-journal ${PRIVACY_DB} ${PRIVACY_DB}-journal DESTINATION ${TZ_SYS_DB}/) INSTALL(PROGRAMS policy_db_updater.sh DESTINATION ${DATADIR}/privilege-manager/) diff --git a/capi/res/dbspace/privacy_db_generator.sh b/capi/res/dbspace/privacy_db_generator.sh new file mode 100755 index 0000000..36cb246 --- /dev/null +++ b/capi/res/dbspace/privacy_db_generator.sh @@ -0,0 +1,11 @@ +#!/bin/bash +PATH="/usr/bin:/bin:/usr/sbin:/sbin" +DB_NAME=".privacy.db" + +rm $DB_NAME 2> /dev/null +echo "Creating $DB_NAME ..." +touch $DB_NAME + +echo "Creating PRIVACY_PACKAGE table ..." +sqlite3 $DB_NAME "CREATE TABLE PRIVACY_PACKAGE (PKG_ID TEXT not null, UID NUMERIC not null, PRIVACY_NAME TEXT not null, PRIVILEGE_NAME TEXT not null, IS_CRITICAL NUMERIC not null, API_VERSION TEXT not null, IS_PRIVACY_REQUESTABLE NUMERIC not null, UNIQUE(PKG_ID, UID, PRIVILEGE_NAME));" + diff --git a/capi/src/privilege_db_manager.c b/capi/src/privilege_db_manager.c index ef20771..376b8d9 100755 --- a/capi/src/privilege_db_manager.c +++ b/capi/src/privilege_db_manager.c @@ -16,12 +16,14 @@ #include "privilege_db_manager.h" #include "privilege_private.h" +#include "privilege_manager_types.h" #include #include #include #include #include #include +#include #ifdef __TIZEN__ #include @@ -44,9 +46,9 @@ #endif #include -privilege_db_manager_profile_type_e get_priv_profile() +privilege_profile_type_e get_priv_profile() { - static privilege_db_manager_profile_type_e saved = 0xff; + static privilege_profile_type_e saved = 0xff; if (__builtin_expect(saved == 0xff, 0)) { char *val = NULL; @@ -54,7 +56,7 @@ privilege_db_manager_profile_type_e get_priv_profile() if (dic == NULL) { /* if there is no .ini file, let's assume it's mobile (the default as recommended by Yunjin Lee) */ - saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE; + saved = PRIVILEGE_PROFILE_TYPE_MOBILE; return saved; } @@ -64,27 +66,26 @@ privilege_db_manager_profile_type_e get_priv_profile() switch (*val) { case 'm': case 'M': - saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE; + saved = PRIVILEGE_PROFILE_TYPE_MOBILE; break; case 'w': case 'W': - saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_WEARABLE; + saved = PRIVILEGE_PROFILE_TYPE_WEARABLE; break; case 't': case 'T': - saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_TV; + saved = PRIVILEGE_PROFILE_TYPE_TV; break; default: // common or ivi or unknown ==> Mobile as the default recommended by Yunjin Lee - saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE; + saved = PRIVILEGE_PROFILE_TYPE_MOBILE; } iniparser_freedict(dic); } else { - saved = PRIVILEGE_DB_MANAGER_PROFILE_TYPE_MOBILE; + saved = PRIVILEGE_PROFILE_TYPE_MOBILE; } } return saved; } -#define g_privilege_db_manager_profile_type (get_priv_profile()) #define TryReturn(condition, expr, returnValue, ...) \ if (!(condition)) { \ @@ -127,6 +128,11 @@ int __initialize_db(privilege_db_type_e type, sqlite3 ** db, privilege_manager_p case PRIVILEGE_DB_TYPE_POLICY_RO: db_path = PRIVILEGE_POLICY_DB_PATH; break; + case PRIVILEGE_DB_TYPE_PRIVACY_RW: + db_mode = SQLITE_OPEN_READWRITE; + case PRIVILEGE_DB_TYPE_PRIVACY_RO: + db_path = PRIVILEGE_PRIVACY_DB_PATH; + break; default: _LOGE("Undefined db initialize mode!"); return PRIVILEGE_DB_MANAGER_ERR_INVALID_TYPE; @@ -144,7 +150,7 @@ int __initialize_db(privilege_db_type_e type, sqlite3 ** db, privilege_manager_p return PRIVILEGE_DB_MANAGER_ERR_NONE; } -void __finalize_db(sqlite3 * db, sqlite3_stmt * stmt, char* sql) +void __finalize_db(sqlite3 *db, sqlite3_stmt *stmt, char* sql) { if (stmt != NULL) sqlite3_finalize(stmt); @@ -171,24 +177,22 @@ int __make_privilege_list_str(GList *privilege_list, char** privilege_list_str) return 0; } -int __get_db_error(int ret) +static void __get_db_error(int *ret) { - _LOGE("[PRIVILEGE_DB_MANAGER_ERR_DB_FAIL] %s", sqlite3_errstr(ret)); - switch (ret) { + _LOGE("[PRIVILEGE_DB_MANAGER_ERR_DB_FAIL] %s", sqlite3_errstr(*ret)); + switch (*ret) { case SQLITE_BUSY: - ret = PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL; + *ret = PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL; break; case SQLITE_CONSTRAINT: - ret = PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL; + *ret = PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL; break; case SQLITE_FULL: - ret = PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL; + *ret = PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL; break; default: - ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL; + *ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL; } - - return ret; } int privilege_db_manager_check_black_list(uid_t uid, privilege_manager_package_type_e package_type, GList* privilege_list) @@ -212,11 +216,7 @@ int privilege_db_manager_check_black_list(uid_t uid, privilege_manager_package_t TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); do { ret = sqlite3_step(stmt); @@ -237,7 +237,7 @@ int privilege_db_manager_get_privilege_list(const char *api_version, privilege_m int ret; char *changed_to_version = NULL; - if (g_privilege_db_manager_profile_type == PRIVILEGE_DB_MANAGER_PROFILE_TYPE_TV) { + if (g_privilege_profile_type == PRIVILEGE_PROFILE_TYPE_TV) { changed_to_version = strdup("CHANGED_TO_2_4_0"); } else { if (strncmp(api_version, "2.3.1", strlen("2.3.1")) == 0) @@ -257,16 +257,12 @@ int privilege_db_manager_get_privilege_list(const char *api_version, privilege_m GList *temp_privilege_list = NULL; - char *sql = sqlite3_mprintf("select privilege_name, privilege_level_id, %s, api_version_issued, api_version_expired from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d", changed_to_version, PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type); + char *sql = sqlite3_mprintf("select privilege_name, privilege_level_id, %s, api_version_issued, api_version_expired from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d", changed_to_version, PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type); free(changed_to_version); TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); do { ret = sqlite3_step(stmt); @@ -341,16 +337,12 @@ int privilege_db_manager_get_mapped_privilege_list(const char *api_version, priv ret = __make_privilege_list_str(privilege_list, &privilege_list_str); TryReturn(ret == 0 && privilege_list_str != NULL, sqlite3_close(db), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] making privilege_list_str for where in query is failed."); - char *sql = sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where privilege_name in(%s)and(profile_id=%d or profile_id=%d)and from_api_version<=%Q and to_api_version>%Q", privilege_list_str, PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, api_version, api_version); + char *sql = sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where privilege_name in(%s)and(profile_id=%d or profile_id=%d)and from_api_version<=%Q and to_api_version>%Q", privilege_list_str, PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, api_version, api_version); sqlite3_free(privilege_list_str); TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); do { ret = sqlite3_step(stmt); @@ -377,11 +369,7 @@ int privilege_db_manager_get_privacy_display(const char *privacy_name, char **pr char *sql = sqlite3_mprintf("select privacy_display from privacy_info where privacy_name=%Q", privacy_name); TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); ret = sqlite3_step(stmt); if (ret == SQLITE_ROW) { @@ -410,18 +398,14 @@ int privilege_db_manager_get_privilege_display(privilege_manager_package_type_e if (api_version == NULL) { /* api_version == NULL then get display name regardless of api version */ - sql = sqlite3_mprintf("select privilege_display from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q", PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name); + sql = sqlite3_mprintf("select privilege_display from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q", PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type, privilege_name); } else { - sql = sqlite3_mprintf("select privilege_display from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q and api_version_expired>%Q", PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name, api_version, api_version); + sql = sqlite3_mprintf("select privilege_display from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q and api_version_expired>%Q", PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type, privilege_name, api_version, api_version); } TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); ret = sqlite3_step(stmt); if (ret == SQLITE_ROW) { @@ -450,17 +434,13 @@ int privilege_db_manager_get_privilege_description(privilege_manager_package_typ char *sql = NULL; if (api_version == NULL) - sql = sqlite3_mprintf("select privilege_description from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q", PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name); + sql = sqlite3_mprintf("select privilege_description from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q", PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type, privilege_name); else - sql = sqlite3_mprintf("select privilege_description from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q and api_version_expired>%Q", PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name, api_version, api_version); + sql = sqlite3_mprintf("select privilege_description from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q and api_version_expired>%Q", PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type, privilege_name, api_version, api_version); TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); ret = sqlite3_step(stmt); if (ret == SQLITE_ROW) { @@ -488,15 +468,11 @@ int privilege_db_manager_get_privilege_group_id(privilege_manager_package_type_e return ret; char *sql = sqlite3_mprintf("select privilege_group_id from privilege_info where(profile_id=%d or profile_id=%d)and package_type_id=%d and privilege_name=%Q and api_version_issued<=%Q", - PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, package_type, privilege_name, api_version, api_version); + PRIVILEGE_PROFILE_TYPE_COMMON, g_privilege_profile_type, package_type, privilege_name, api_version, api_version); TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); ret = sqlite3_step(stmt); if (ret == SQLITE_ROW) { @@ -683,11 +659,7 @@ int privilege_db_manager_get_privacy_list(GList **privacy_list) char *sql = sqlite3_mprintf("select DISTINCT privacy_name from privilege_info where is_privacy=1 order by privacy_name"); TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); GList* temp_privacy_list = NULL; do { @@ -717,11 +689,7 @@ int privilege_db_manager_get_privilege_list_by_privacy(const char* privacy, GLis char *sql = sqlite3_mprintf("select distinct privilege_name from valid_privilege_info where is_privacy=1 and privacy_name=%Q", privacy); TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); GList* temp_privilege_list = NULL; do { @@ -751,11 +719,7 @@ int privilege_db_manager_get_privacy_by_privilege(const char* privilege, char** char *sql = sqlite3_mprintf("select privacy_name from valid_privilege_info where privilege_name=%Q", privilege); TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); ret = sqlite3_step(stmt); if (ret == SQLITE_ROW) { *privacy_name = strdup((char*)sqlite3_column_text(stmt, 0)); @@ -780,11 +744,7 @@ int privilege_db_manager_get_privacy_id_by_privilege(const char* privilege, int char *sql = sqlite3_mprintf("select privacy_id from privacy_info where privacy_name=(select privacy_name from valid_privilege_info where privilege_name=%Q)", privilege); TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); ret = sqlite3_step(stmt); if (ret == SQLITE_ROW) { int tmp = (int)sqlite3_column_int(stmt, 0); @@ -811,11 +771,7 @@ int privilege_db_manager_get_privacy_id(const char* privacy, int *privacy_id) char *sql = sqlite3_mprintf("select privacy_id from privacy_info where privacy_name=%Q", privacy); TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); ret = sqlite3_step(stmt); if (ret == SQLITE_ROW) { int tmp = (int)sqlite3_column_int(stmt, 0); @@ -847,11 +803,7 @@ int privilege_db_manager_get_black_list(privilege_manager_policy_type_e policy_t sql = sqlite3_mprintf("select privilege_name from %Q where uid=%d and package_type=%d", __get_policy_table(policy_type), uid, package_type); TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); GList *temp_privilege_list = NULL; do { @@ -892,15 +844,10 @@ int privilege_db_manager_set_black_list(privilege_manager_policy_type_e policy_t sql = sqlite3_mprintf("insert or ignore into %Q (uid, package_type, privilege_name) values (%d, %d, %Q)", __get_policy_table(policy_type), uid, package_type, privilege_name); TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); ret = sqlite3_step(stmt); if (ret != SQLITE_DONE) { - __get_db_error(ret); + __get_db_error(&ret); sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); __finalize_db(db, stmt, sql); return ret; @@ -933,15 +880,10 @@ int privilege_db_manager_unset_black_list(privilege_manager_policy_type_e policy sql = sqlite3_mprintf("delete from %Q where uid=%d and package_type=%d and privilege_name=%Q", __get_policy_table(policy_type), uid, package_type, privilege_name); TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); - if (ret != SQLITE_OK) { - _LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); - sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); - __finalize_db(db, stmt, sql); - return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY; - } + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); ret = sqlite3_step(stmt); if (ret != SQLITE_DONE) { - __get_db_error(ret); + __get_db_error(&ret); sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); __finalize_db(db, stmt, sql); return ret; @@ -953,3 +895,316 @@ int privilege_db_manager_unset_black_list(privilege_manager_policy_type_e policy __finalize_db(db, stmt, NULL); return PRIVILEGE_DB_MANAGER_ERR_NONE; } + +int privilege_db_manager_set_package_critical_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, bool is_privacy_requestable, GList* critical_privilege_list) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RW, &db, package_type); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + + GList* mapped_privilege_list = NULL; + ret = privilege_db_manager_get_mapped_privilege_list(api_version, package_type, critical_privilege_list, &mapped_privilege_list); + TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE && mapped_privilege_list != NULL, __finalize_db(db, stmt, NULL), PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL, "[DB_FAIL] privilege_db_manager_get_mapped_privilege_list failed"); + + sqlite3_exec(db, "BEGIN IMMEDIATE TRANSACTION", NULL, NULL, NULL); + GList *l = NULL; + for (l = mapped_privilege_list; l != NULL; l = l->next) { + char *privilege_name = (char *)l->data; + if (strstr(privilege_name, "/internal/") == NULL) { + char* sql = NULL; + char * privacy_name = NULL; + ret = privilege_db_manager_get_privacy_by_privilege(privilege_name, &privacy_name); + if (ret == PRIVILEGE_DB_MANAGER_ERR_NONE && privacy_name != NULL && strstr(privacy_name, "N/A") == NULL) { + sql = sqlite3_mprintf("insert or replace into privacy_package (uid, pkg_id, privacy_name, privilege_name, api_version, is_privacy_requestable, is_critical) values (%d, %Q, %Q, %Q, %Q, %d, 1)", uid, pkgid, privacy_name, privilege_name, api_version, is_privacy_requestable); + _LOGD("sql: %s", sql); + TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); g_list_free_full(mapped_privilege_list, free); free(privacy_name); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + TryReturn(ret == SQLITE_OK, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); g_list_free_full(mapped_privilege_list, free); free(privacy_name); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); + ret = sqlite3_step(stmt); + if (ret != SQLITE_DONE) { + __get_db_error(&ret); + sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); + g_list_free_full(mapped_privilege_list, free); + free(privacy_name); + __finalize_db(db, stmt, sql); + return ret; + } + sqlite3_free(sql); + } + if (privacy_name != NULL) + free(privacy_name); + } + } + g_list_free_full(mapped_privilege_list, free); + + sqlite3_exec(db, "COMMIT TRANSACTION", NULL, NULL, NULL); + __finalize_db(db, stmt, NULL); + return PRIVILEGE_DB_MANAGER_ERR_NONE; +} + +int privilege_db_manager_set_package_privacy_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, bool is_privacy_requestable, GList* privilege_list) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RW, &db, package_type); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + GList* mapped_privilege_list = NULL; + ret = privilege_db_manager_get_mapped_privilege_list(api_version, package_type, privilege_list, &mapped_privilege_list); + TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE && mapped_privilege_list != NULL, __finalize_db(db, stmt, NULL), PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL, "[DB_FAIL] privilege_db_manager_get_mapped_privilege_list failed"); + + sqlite3_exec(db, "BEGIN IMMEDIATE TRANSACTION", NULL, NULL, NULL); + GList *l = NULL; + for (l = mapped_privilege_list; l != NULL; l = l->next) { + char *privilege_name = (char *)l->data; + if (strstr(privilege_name, "/internal/") == NULL) { + char* sql = NULL; + char * privacy_name = NULL; + ret = privilege_db_manager_get_privacy_by_privilege(privilege_name, &privacy_name); + if (ret == PRIVILEGE_DB_MANAGER_ERR_NONE && privacy_name != NULL && strstr(privacy_name, "N/A") == NULL) { + sql = sqlite3_mprintf("insert or ignore into privacy_package (uid, pkg_id, privacy_name, privilege_name, api_version, is_privacy_requestable, is_critical) values (%d, %Q, %Q, %Q, %Q, %d, 0)", uid, pkgid, privacy_name, privilege_name, api_version, is_privacy_requestable); + _LOGD("sql: %s", sql); + TryReturn(sql != NULL, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); g_list_free_full(mapped_privilege_list, free); free(privacy_name); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + TryReturn(ret == SQLITE_OK, sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); g_list_free_full(mapped_privilege_list, free); free(privacy_name); __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); + ret = sqlite3_step(stmt); + if (ret != SQLITE_DONE) { + __get_db_error(&ret); + sqlite3_exec(db, "ROLLBACK TRANSACTION", NULL, NULL, NULL); + g_list_free_full(mapped_privilege_list, free); + free(privacy_name); + __finalize_db(db, stmt, sql); + return ret; + } + sqlite3_free(sql); + } + if (privacy_name != NULL) + free(privacy_name); + } + } + g_list_free_full(mapped_privilege_list, free); + + sqlite3_exec(db, "COMMIT TRANSACTION", NULL, NULL, NULL); + __finalize_db(db, stmt, NULL); + return PRIVILEGE_DB_MANAGER_ERR_NONE; +} + +int privilege_db_manager_unset_package_privilege_info(const uid_t uid, const char* pkgid) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RW, &db, PRVMGR_PACKAGE_TYPE_NONE); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + + char* sql = NULL; + sql = sqlite3_mprintf("delete from privacy_package where pkg_id = %Q and uid = %d", pkgid, uid); + TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); + ret = sqlite3_step(stmt); + if (ret != SQLITE_DONE) { + __get_db_error(&ret); + } else { + ret = PRIVILEGE_DB_MANAGER_ERR_NONE; + } + + __finalize_db(db, stmt, sql); + return ret; +} + +int privilege_db_manager_is_privacy_requestable(const uid_t uid, const char* pkgid, bool* is_privacy_requestable) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + + char* sql = sqlite3_mprintf("select is_privacy_requestable from privacy_package where uid=%d and pkg_id=%Q", uid, pkgid); + TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); + _LOGD("sql: %s", sql); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); + + ret = sqlite3_step(stmt); + if (ret == SQLITE_ROW) { + if (sqlite3_column_int(stmt, 0)) + *is_privacy_requestable = true; + else + *is_privacy_requestable = false; + } else if (ret == SQLITE_DONE) { + __finalize_db(db, stmt, sql); + return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT; + } else { + _LOGE("ret = %d, %s", ret, sqlite3_errmsg(db)); + __finalize_db(db, stmt, sql); + return ret; + } + + __finalize_db(db, stmt, sql); + + return PRIVILEGE_DB_MANAGER_ERR_NONE; + + +} +int privilege_db_manager_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + + char* sql = sqlite3_mprintf("select is_critical from privacy_package where uid=%d and pkg_id=%Q and privilege_name=%Q", uid, pkgid, privilege); + TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); + _LOGD("sql: %s", sql); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); + + ret = sqlite3_step(stmt); + if (ret == SQLITE_ROW) { + if (sqlite3_column_int(stmt, 0)) + *is_critical = true; + else + *is_critical = false; + } else if (ret == SQLITE_DONE) { + __finalize_db(db, stmt, sql); + return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT; + } else { + _LOGE("ret = %d, %s", ret, sqlite3_errmsg(db)); + __finalize_db(db, stmt, sql); + return ret; + } + + __finalize_db(db, stmt, sql); + + return PRIVILEGE_DB_MANAGER_ERR_NONE; + +} + +int privilege_db_manager_get_all_privacy_package_list(const uid_t uid, GList** package_list) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + + char *sql = sqlite3_mprintf("select distinct pkg_id from privacy_package where uid=%d", uid); + TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); + + GList* temp_package_list = NULL; + do { + ret = sqlite3_step(stmt); + if (ret == SQLITE_ROW) { + char *pkgid = strdup((char *)sqlite3_column_text(stmt, 0)); + temp_package_list = g_list_append(temp_package_list, pkgid); + } + } while (ret == SQLITE_ROW); + + __finalize_db(db, stmt, sql); + + *package_list = temp_package_list; + if (temp_package_list == NULL) + return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT; + + return PRIVILEGE_DB_MANAGER_ERR_NONE; +} + +int privilege_db_manager_get_privacy_list_by_pkgid(const uid_t uid, const char* pkgid, GList** privacy_list) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + + char *sql = sqlite3_mprintf("select distinct privacy_name from privacy_package where uid=%d and pkg_id=%Q", uid, pkgid); + TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); + + GList* temp_privacy_list = NULL; + do { + ret = sqlite3_step(stmt); + if (ret == SQLITE_ROW) { + char *privacy_name = strdup((char *)sqlite3_column_text(stmt, 0)); + temp_privacy_list = g_list_append(temp_privacy_list, privacy_name); + } + } while (ret == SQLITE_ROW); + + __finalize_db(db, stmt, sql); + + *privacy_list = temp_privacy_list; + if (temp_privacy_list == NULL) + return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT; + + return PRIVILEGE_DB_MANAGER_ERR_NONE; +} +int privilege_db_manager_get_package_list_by_privacy(const uid_t uid, const char* privacy, GList** package_list) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + + char *sql = sqlite3_mprintf("select distinct pkg_id from privacy_package where uid=%d and privacy_name=%Q", uid, privacy); + TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); + + GList* temp_package_list = NULL; + do { + ret = sqlite3_step(stmt); + if (ret == SQLITE_ROW) { + char *pkgid = strdup((char *)sqlite3_column_text(stmt, 0)); + temp_package_list = g_list_append(temp_package_list, pkgid); + } + } while (ret == SQLITE_ROW); + + __finalize_db(db, stmt, sql); + + *package_list = temp_package_list; + if (temp_package_list == NULL) + return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT; + + return PRIVILEGE_DB_MANAGER_ERR_NONE; + +} +int privilege_db_manager_get_privilege_list_by_pkgid_and_privacy(const uid_t uid, const char* pkgid, const char* privacy, GList** privilege_list) +{ + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db, PRVMGR_PACKAGE_TYPE_NONE); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) + return ret; + + char *sql = sqlite3_mprintf("select distinct privilege_name from privacy_package where uid=%d and pkg_id=%Q and privacy_name=%Q", uid, pkgid, privacy); + TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database: %s", sqlite3_errmsg(db)); + + GList* temp_privilege_list = NULL; + do { + ret = sqlite3_step(stmt); + if (ret == SQLITE_ROW) { + char *privilege_name = strdup((char *)sqlite3_column_text(stmt, 0)); + temp_privilege_list = g_list_append(temp_privilege_list, privilege_name); + } + } while (ret == SQLITE_ROW); + + __finalize_db(db, stmt, sql); + + *privilege_list = temp_privilege_list; + if (temp_privilege_list == NULL) + return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT; + + return PRIVILEGE_DB_MANAGER_ERR_NONE; + +} diff --git a/capi/src/privilege_manager.c b/capi/src/privilege_manager.c index 316df97..7fccaa2 100755 --- a/capi/src/privilege_manager.c +++ b/capi/src/privilege_manager.c @@ -26,6 +26,7 @@ #include "privilege_db_manager.h" #include "privilege_manager.h" #include "privilege_manager_types.h" +#include "privilege_private.h" #ifdef __TIZEN__ #include @@ -51,9 +52,7 @@ return returnValue; \ } -typedef u_int32_t api_version_code_t; - -static int __get_api_version_code(const char *api_version, api_version_code_t *api_version_code) +int __get_api_version_code(const char *api_version, api_version_code_t *api_version_code) { TryReturn(api_version != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] api_version is NULL"); diff --git a/capi/src/privilege_package_info.c b/capi/src/privilege_package_info.c new file mode 100755 index 0000000..62afa5c --- /dev/null +++ b/capi/src/privilege_package_info.c @@ -0,0 +1,164 @@ +/* + * Copyright(c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0(the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an AS IS BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include "privilege_db_manager.h" +#include "privilege_private.h" +#include "privilege_package_info.h" + +#ifdef LOG_TAG +#undef LOG_TAG +#define LOG_TAG "PRIVILEGE_PACKAGE_INFO" +#endif + +#define TryReturn(condition, expr, returnValue, ...) \ + if (!(condition)) { \ + LOGE(__VA_ARGS__); \ + expr; \ + return returnValue; \ + } + +static int __is_privacy_requestable_api_version(const char* api_version) +{ + api_version_code_t api_version_code; + api_version_code_t privacy_requestable_api_version_code; + int ret = __get_api_version_code(api_version, &api_version_code); + TryReturn(ret == PRVMGR_ERR_NONE, , -1, "[PRVMGR_ERR_INTERNAL_ERROR] __get_api_version_code failed. ret = %d", ret); + ret = __get_api_version_code(PRIVACY_REQUESTABLE_API_VERSION, &privacy_requestable_api_version_code); + TryReturn(ret == PRVMGR_ERR_NONE, , -1, "[PRVMGR_ERR_INTERNAL_ERROR] __get_api_version_code failed. ret = %d", ret); + if (api_version_code < privacy_requestable_api_version_code) + return 0; + + return 1; +} + +int privilege_package_info_set_privacy_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e pkg_type, const char* api_version, GList* privilege_list) +{ + TryReturn(pkgid != NULL && api_version != NULL && privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid, api_version, and privilege_list must not be NULL."); + int is_privacy_requestable = __is_privacy_requestable_api_version(api_version); + TryReturn(is_privacy_requestable == 1 || is_privacy_requestable == 0, , PRVMGR_ERR_INTERNAL_ERROR, "[PRVMGR_ERR_INTERNAL_ERROR] fail to get is_privacy_requestable value."); + int ret = privilege_db_manager_set_package_privacy_privilege_info(uid, pkgid, pkg_type, api_version, is_privacy_requestable, privilege_list); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) { + LOGE("privilege_db_manager_set_package_privacy_privilege_info failed. ret = %d", ret); + return PRVMGR_ERR_INTERNAL_ERROR; + } + return PRVMGR_ERR_NONE; +} + +int privilege_package_info_set_critical_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e pkg_type, const char* api_version, GList* critical_privilege_list) +{ + TryReturn(pkgid != NULL && api_version != NULL && critical_privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid, api_version, and critical_privilege_list must not be NULL."); + int is_privacy_requestable = __is_privacy_requestable_api_version(api_version); + TryReturn(is_privacy_requestable == 1 || is_privacy_requestable == 0, , PRVMGR_ERR_INTERNAL_ERROR, "[PRVMGR_ERR_INTERNAL_ERROR] fail to get is_privacy_requestable value."); + int ret = privilege_db_manager_set_package_critical_privilege_info(uid, pkgid, pkg_type, api_version, is_privacy_requestable, critical_privilege_list); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) { + LOGE("privilege_db_manager_set_package_critical_privilege_info failed. ret = %d", ret); + return PRVMGR_ERR_INTERNAL_ERROR; + } + return PRVMGR_ERR_NONE; +} + +int privilege_package_info_unset_package_privilege_info(const uid_t uid, const char* pkgid) +{ + TryReturn(pkgid != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid must not be NULL."); + int ret = privilege_db_manager_unset_package_privilege_info(uid, pkgid); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) { + LOGE("privilege_db_manager_unset_package_privilege_info failed. ret = %d", ret); + return PRVMGR_ERR_INTERNAL_ERROR; + } + return PRVMGR_ERR_NONE; +} + +int privilege_package_info_is_privacy_requestable(const uid_t uid, const char* pkgid, bool* is_requestable) +{ + TryReturn(pkgid != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid must not be NULL."); + int ret = privilege_db_manager_is_privacy_requestable(uid, pkgid, is_requestable); + if (ret == PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) { // CASE: given pkgid have no privacy privileges + *is_requestable = false; + } else if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) { + LOGE("privilege_db_manager_is_privacy_requestable_package failed. ret = %d", ret); + return PRVMGR_ERR_INTERNAL_ERROR; + } + return PRVMGR_ERR_NONE; +} +int privilege_package_info_is_privacy_requestable_api_version(const char* api_version, bool* is_requestable) +{ + TryReturn(api_version != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] api_version must not be NULL"); + int is_privacy_requestable = __is_privacy_requestable_api_version(api_version); + if (is_privacy_requestable == 1) + *is_requestable = true; + else if (is_privacy_requestable == 0) + *is_requestable = false; + else + return PRVMGR_ERR_INTERNAL_ERROR; + return PRVMGR_ERR_NONE; +} + +int privilege_package_info_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical) +{ + TryReturn(pkgid != NULL && privilege != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid and privilege must not be null"); + int ret = privilege_db_manager_is_critical_privilege(uid, pkgid, privilege, is_critical); + if (ret == PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) { // CASE: given pkgid have no privacy privileges + *is_critical = false; + } else if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) { + LOGE("privilege_db_manager_is_ciritical_privilege faild. ret = %d", ret); + return PRVMGR_ERR_INTERNAL_ERROR; + } + return PRVMGR_ERR_NONE; +} + +int privilege_package_info_get_all_privacy_package_list(const uid_t uid, GList** privacy_list) +{ + int ret = privilege_db_manager_get_all_privacy_package_list(uid, privacy_list); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE && ret != PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) { + LOGE("privilege_db_manager_get_all_privacy_package_list failed. ret = %d", ret); + return PRVMGR_ERR_INTERNAL_ERROR; + } + return PRVMGR_ERR_NONE; +} + +int privilege_package_info_get_privacy_list_by_pkgid(const uid_t uid, const char* pkgid, GList** privacy_list) +{ + TryReturn(pkgid != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid must not be null"); + int ret = privilege_db_manager_get_privacy_list_by_pkgid(uid, pkgid, privacy_list); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE && ret != PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) { + LOGE("privilege_db_manager_get_privacy_list_by_pkgid failed. ret = %d", ret); + return PRVMGR_ERR_INTERNAL_ERROR; + } + return PRVMGR_ERR_NONE; +} +int privilege_package_info_get_package_list_by_privacy(const uid_t uid, const char* privacy, GList** package_list) +{ + TryReturn(privacy != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] privacy must not be null"); + int ret = privilege_db_manager_get_package_list_by_privacy(uid, privacy, package_list); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE && ret != PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) { + LOGE("privilege_db_manager_get_package_list_by_privacy failed. ret = %d", ret); + return PRVMGR_ERR_INTERNAL_ERROR; + } + return PRVMGR_ERR_NONE; +} +int privilege_package_info_get_privilege_list_by_pkgid_and_privacy(const uid_t uid, const char* pkgid, const char* privacy, GList** privilege_list) +{ + TryReturn(pkgid != NULL && privacy != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid and privacy must not be null"); + int ret = privilege_db_manager_get_privilege_list_by_pkgid_and_privacy(uid, pkgid, privacy, privilege_list); + if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE && ret != PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) { + LOGE("privilege_db_manager_get_privilege_list_by_pkgid_and_privacy failed. ret = %d", ret); + return PRVMGR_ERR_INTERNAL_ERROR; + } + return PRVMGR_ERR_NONE; +} diff --git a/packaging/privilege-checker.spec b/packaging/privilege-checker.spec index cf7af90..c5815f3 100644 --- a/packaging/privilege-checker.spec +++ b/packaging/privilege-checker.spec @@ -146,15 +146,11 @@ sed "s|@PROFILE@|tv|" privilege-checker.ini > %{buildroot}%{_sysconfdir}/privile sed "s|@PROFILE@|wearable|" privilege-checker.ini > %{buildroot}%{_sysconfdir}/privilege-checker.ini.wearable sed "s|@PROFILE@|mobile|" privilege-checker.ini > %{buildroot}%{_sysconfdir}/privilege-checker.ini.mobile - - %if "%{?build_type}" != "NO_DB" mv %{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.mobile.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_info.db mv %{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.mobile.db %{buildroot}%{_datadir}/privilege-manager/.core_privilege_mapping.db mv %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.mobile.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_info.db mv %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.mobile.db %{buildroot}%{_datadir}/privilege-manager/.wrt_privilege_mapping.db -mv %{buildroot}/%{TZ_SYS_DB}/.policy.mobile.db %{buildroot}/%{TZ_SYS_DB}/.policy.db -mv %{buildroot}/%{TZ_SYS_DB}/.policy.mobile.db-journal %{buildroot}/%{TZ_SYS_DB}/.policy.db-journal %endif %find_lang privilege @@ -164,6 +160,8 @@ mv %{buildroot}/%{TZ_SYS_DB}/.policy.mobile.db-journal %{buildroot}/%{TZ_SYS_DB} %if "%{?build_type}" != "NO_DB" chsmack -a System %{TZ_SYS_DB}/.policy.db chsmack -a System %{TZ_SYS_DB}/.policy.db-journal +chsmack -a System::Shared %{TZ_SYS_DB}/.privacy.db +chsmack -a System::Shared %{TZ_SYS_DB}/.privacy.db-journal %endif %{_datadir}/privilege-manager/policy_db_updater.sh @@ -183,6 +181,8 @@ chsmack -a System %{TZ_SYS_DB}/.policy.db-journal %attr(700,root,root) %{_datadir}/privilege-manager/policy_db_updater.sh %config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.db %config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.db-journal +%config(noreplace) %attr(0664, root, app_fw) /%{TZ_SYS_DB}/.privacy.db +%config(noreplace) %attr(0664, root, app_fw) /%{TZ_SYS_DB}/.privacy.db-journal %endif %manifest packaging/security-privilege-manager.manifest %license LICENSE.APLv2 @@ -190,6 +190,7 @@ chsmack -a System %{TZ_SYS_DB}/.policy.db-journal %post -n security-privilege-manager-extension-mobile mv %{_sysconfdir}/privilege-checker.ini.mobile %{_sysconfdir}/privilege-checker.ini + %files -n security-privilege-manager-extension-mobile %license LICENSE.APLv2 %{_sysconfdir}/privilege-checker.ini.mobile @@ -200,11 +201,6 @@ mv %{_datadir}/privilege-manager/.core_privilege_info.tv.db %{_datadir}/privileg mv %{_datadir}/privilege-manager/.core_privilege_mapping.tv.db %{_datadir}/privilege-manager/.core_privilege_mapping.db mv %{_datadir}/privilege-manager/.wrt_privilege_info.tv.db %{_datadir}/privilege-manager/.wrt_privilege_info.db mv %{_datadir}/privilege-manager/.wrt_privilege_mapping.tv.db %{_datadir}/privilege-manager/.wrt_privilege_mapping.db -mv /%{TZ_SYS_DB}/.policy.tv.db /%{TZ_SYS_DB}/.policy.db -mv /%{TZ_SYS_DB}/.policy.tv.db-journal /%{TZ_SYS_DB}/.policy.db-journal - -chsmack -a System %{TZ_SYS_DB}/.policy.db -chsmack -a System %{TZ_SYS_DB}/.policy.db-journal %endif mv %{_sysconfdir}/privilege-checker.ini.tv %{_sysconfdir}/privilege-checker.ini @@ -214,8 +210,6 @@ mv %{_sysconfdir}/privilege-checker.ini.tv %{_sysconfdir}/privilege-checker.ini %{_datadir}/privilege-manager/.core_privilege_mapping.tv.db %{_datadir}/privilege-manager/.wrt_privilege_info.tv.db %{_datadir}/privilege-manager/.wrt_privilege_mapping.tv.db -%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.tv.db -%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.tv.db-journal %endif %manifest packaging/security-privilege-manager.manifest %license LICENSE.APLv2 @@ -227,11 +221,6 @@ mv %{_datadir}/privilege-manager/.core_privilege_info.wearable.db %{_datadir}/pr mv %{_datadir}/privilege-manager/.core_privilege_mapping.wearable.db %{_datadir}/privilege-manager/.core_privilege_mapping.db mv %{_datadir}/privilege-manager/.wrt_privilege_info.wearable.db %{_datadir}/privilege-manager/.wrt_privilege_info.db mv %{_datadir}/privilege-manager/.wrt_privilege_mapping.wearable.db %{_datadir}/privilege-manager/.wrt_privilege_mapping.db -mv /%{TZ_SYS_DB}/.policy.wearable.db /%{TZ_SYS_DB}/.policy.db -mv /%{TZ_SYS_DB}/.policy.wearable.db-journal /%{TZ_SYS_DB}/.policy.db-journal - -chsmack -a System %{TZ_SYS_DB}/.policy.db -chsmack -a System %{TZ_SYS_DB}/.policy.db-journal %endif mv %{_sysconfdir}/privilege-checker.ini.wearable %{_sysconfdir}/privilege-checker.ini @@ -241,8 +230,6 @@ mv %{_sysconfdir}/privilege-checker.ini.wearable %{_sysconfdir}/privilege-checke %{_datadir}/privilege-manager/.core_privilege_mapping.wearable.db %{_datadir}/privilege-manager/.wrt_privilege_info.wearable.db %{_datadir}/privilege-manager/.wrt_privilege_mapping.wearable.db -%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.wearable.db -%config(noreplace) %attr(0660, root, security_fw) /%{TZ_SYS_DB}/.policy.wearable.db-journal %endif %manifest packaging/security-privilege-manager.manifest %license LICENSE.APLv2 @@ -257,6 +244,7 @@ mv %{_sysconfdir}/privilege-checker.ini.wearable %{_sysconfdir}/privilege-checke %{_bindir}/tc-privilege-manager %{_bindir}/tc-privilege-info %{_bindir}/tc-privilege-black-list +%{_bindir}/tc-privilege-package-info %files -n privilege-verifier %license LICENSE.APLv2 diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 8902346..197ff3a 100755 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -7,12 +7,14 @@ SET(TC1_NAME tc-privilege-db-manager) SET(TC2_NAME tc-privilege-manager) SET(TC3_NAME tc-privilege-info) SET(TC4_NAME tc-privilege-black-list) +SET(TC5_NAME tc-privilege-package-info) SET(TC_COMMON_SRCS ${TC_COMMON}.c) SET(TC1_SRCS ${TC1_NAME}.c ${TC_COMMON_SRCS}) SET(TC2_SRCS ${TC2_NAME}.c ${TC_COMMON_SRCS}) SET(TC3_SRCS ${TC3_NAME}.c ${TC_COMMON_SRCS}) SET(TC4_SRCS ${TC4_NAME}.c ${TC_COMMON_SRCS}) +SET(TC5_SRCS ${TC5_NAME}.c ${TC_COMMON_SRCS}) INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/capi/include) INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/test) @@ -35,13 +37,16 @@ ADD_EXECUTABLE(${TC1_NAME} ${TC1_SRCS}) ADD_EXECUTABLE(${TC2_NAME} ${TC2_SRCS}) ADD_EXECUTABLE(${TC3_NAME} ${TC3_SRCS}) ADD_EXECUTABLE(${TC4_NAME} ${TC4_SRCS}) +ADD_EXECUTABLE(${TC5_NAME} ${TC5_SRCS}) TARGET_LINK_LIBRARIES(${TC1_NAME} "security-privilege-manager") TARGET_LINK_LIBRARIES(${TC2_NAME} "security-privilege-manager") TARGET_LINK_LIBRARIES(${TC3_NAME} "security-privilege-manager") TARGET_LINK_LIBRARIES(${TC4_NAME} "security-privilege-manager") +TARGET_LINK_LIBRARIES(${TC5_NAME} "security-privilege-manager") INSTALL(TARGETS ${TC1_NAME} DESTINATION /usr/bin) INSTALL(TARGETS ${TC2_NAME} DESTINATION /usr/bin) INSTALL(TARGETS ${TC3_NAME} DESTINATION /usr/bin) INSTALL(TARGETS ${TC4_NAME} DESTINATION /usr/bin) +INSTALL(TARGETS ${TC5_NAME} DESTINATION /usr/bin) diff --git a/test/tc-common.c b/test/tc-common.c index 97eaadb..a6aa275 100755 --- a/test/tc-common.c +++ b/test/tc-common.c @@ -234,6 +234,15 @@ void __print_privilege_list(GList * privilege_list) } } +void __print_glist(GList* glist) +{ + GList *l; + for (l = glist; l != NULL; l = l->next) { + char *text = (char *)l->data; + printf("%s\n", text); + } +} + bool __check_result(int result) { if (expected_result == result) diff --git a/test/tc-common.h b/test/tc-common.h index 3c9df68..bd4305b 100755 --- a/test/tc-common.h +++ b/test/tc-common.h @@ -63,6 +63,7 @@ void __tcinfo(tcinfo_type_e type, ...); void __privinfo(char *name, char *level, char *comment); void __print_privilege_list(GList * privilege_list); +void __print_glist(GList *glist); bool __check_result(int result); bool __count_result(int result); diff --git a/test/tc-privilege-package-info.c b/test/tc-privilege-package-info.c new file mode 100755 index 0000000..9e6423e --- /dev/null +++ b/test/tc-privilege-package-info.c @@ -0,0 +1,216 @@ +#include +#include +#include +#include + +static void __test_privilege_package_info() +{ + int ret = 0; + bool is_requestable; + + gfree(privilege_list); + __print_line(); + __tcinfo(goal, "set 5001, org.test.nativeapp privacy privilege set. api_version = 3.0"); + __privinfo("http://tizen.org/privilege/internet", NULL, NULL); + __privinfo("http://tizen.org/privilege/call", NULL, NULL); + __privinfo("http://tizen.org/privilege/bookmark.admin", NULL, NULL); + __privinfo("http://tizen.org/privilege/keygrab", NULL, NULL); + __privinfo("http://tizen.org/privilege/account.read", NULL, NULL); + __privinfo("http://tizen.org/privilege/account.write", NULL, NULL); + __privinfo("http://tizen.org/privilege/display", NULL, NULL); + ret = privilege_package_info_set_privacy_privilege(5001, "org.test.nativeapp", PRVMGR_PACKAGE_TYPE_CORE, "3.0", privilege_list); + __tcinfo(expect, PRVMGR_ERR_NONE); + __print_result('m', ret); + gfree(privilege_list); + + __print_line(); + __tcinfo(goal, "set 5001, org.test.nativeapp critical privilege set. api_version = 3.0"); + __privinfo("http://tizen.org/privilege/internet", NULL, NULL); + __privinfo("http://tizen.org/privilege/call", NULL, NULL); + __privinfo("http://tizen.org/privilege/account.read", NULL, NULL); + __privinfo("http://tizen.org/privilege/display", NULL, NULL); + ret = privilege_package_info_set_critical_privilege(5001, "org.test.nativeapp", PRVMGR_PACKAGE_TYPE_CORE, "3.0", privilege_list); + __tcinfo(expect, PRVMGR_ERR_NONE); + __print_result('m', ret); + gfree(privilege_list); + + __print_line(); + __tcinfo(goal, "set 5001, org.test.webapp's privacy privilege set. api_version = 4.0"); + __privinfo("http://tizen.org/privilege/internet", NULL, NULL); + __privinfo("http://tizen.org/privilege/call", NULL, NULL); + __privinfo("http://tizen.org/privilege/bookmark.read", NULL, NULL); + __privinfo("http://tizen.org/privilege/mediacapture", NULL, NULL); + __privinfo("http://tizen.org/privilege/account.read", NULL, NULL); + __privinfo("http://tizen.org/privilege/download", NULL, NULL); + __privinfo("http://tizen.org/privilege/messaging.write", NULL, NULL); + ret = privilege_package_info_set_privacy_privilege(5001, "org.test.webapp", PRVMGR_PACKAGE_TYPE_WRT, "4.0", privilege_list); + __tcinfo(expect, PRVMGR_ERR_NONE); + __print_result('m', ret); + gfree(privilege_list); + + __print_line(); + __tcinfo(goal, "set 5001, org.test.webapp's critical privilege set. api_version = 4.0"); + __privinfo("http://tizen.org/privilege/internet", NULL, NULL); + __privinfo("http://tizen.org/privilege/messaging.write", NULL, NULL); + __privinfo("http://tizen.org/privilege/mediacapture", NULL, NULL); + __privinfo("http://tizen.org/privilege/download", NULL, NULL); + ret = privilege_package_info_set_critical_privilege(5001, "org.test.webapp", PRVMGR_PACKAGE_TYPE_WRT, "4.0", privilege_list); + __tcinfo(expect, PRVMGR_ERR_NONE); + __print_result('m', ret); + gfree(privilege_list); + + __print_line(); + __tcinfo(goal, "see if http://tizen.org/privilege/message.read is critical for uid 5001, org.test.webapp"); + ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp", "http://tizen.org/privilege/message.read", &is_requestable); + if (is_requestable && ret == PRVMGR_ERR_NONE) { + __color_to_green(); + printf("\nis critical privilege. SUCCESS\n"); + success_cnt++; + __color_to_origin(); + } else { + __color_to_red(); + printf("\nFAIL\n"); + fail_cnt++; + __color_to_origin(); + } + + __print_line(); + __tcinfo(goal, "see if http://tizen.org/privilege/internet is critical for uid 5001, org.test.webapp"); + ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp", "http://tizen.org/privilege/internet", &is_requestable); + if (!is_requestable && ret == PRVMGR_ERR_NONE) { + __color_to_green(); + printf("\nis not critical privilege. SUCCESS\n"); + success_cnt++; + __color_to_origin(); + } else { + __color_to_red(); + printf("\nFAIL\n"); + fail_cnt++; + __color_to_origin(); + } + + + __print_line(); + __tcinfo(goal, "see if uid 5001, org.test.nativeapp is privacy requestable"); + ret = privilege_package_info_is_privacy_requestable(5001, "org.test.nativeapp", &is_requestable); + if (is_requestable) { + __color_to_red(); + printf("\nFAIL\n"); + fail_cnt++; + __color_to_origin(); + } else if (ret == PRVMGR_ERR_NONE) { + __color_to_green(); + printf("\nis old app. SUCCESS\n"); + success_cnt++; + __color_to_origin(); + } else { + __color_to_red(); + printf("\nFAIL\n"); + fail_cnt++; + __color_to_origin(); + } + + __print_line(); + __tcinfo(goal, "see if uid 5001, org.test.webapp is privacy requestable"); + ret = privilege_package_info_is_privacy_requestable(5001, "org.test.webapp", &is_requestable); + if (is_requestable && ret == PRVMGR_ERR_NONE) { + __color_to_green(); + printf("\nis privacy requestable app. SUCCESS\n"); + success_cnt++; + __color_to_origin(); + } else { + __color_to_red(); + printf("FAIL!!!!!!!!!!!!!!!!!!!!!!\n"); + fail_cnt++; + __color_to_origin(); + } + + __print_line(); + __tcinfo(goal, "get privacy list of org.test.nativeapp"); + GList* tmp_list = NULL; + ret = privilege_package_info_get_privacy_list_by_pkgid(5001, "org.test.nativeapp", &tmp_list); + __tcinfo(expect, PRVMGR_ERR_NONE); + __print_result('m', ret); + if (tmp_list != NULL) { + __print_glist(tmp_list); + gfree(tmp_list); + } + + __print_line(); + __tcinfo(goal, "get list of packaes with bookmark privacy"); + ret = privilege_package_info_get_package_list_by_privacy(5001, "http://tizen.org/privacy/bookmark", &tmp_list); + __tcinfo(expect, PRVMGR_ERR_NONE); + __print_result('m', ret); + if (tmp_list != NULL) { + __print_glist(tmp_list); + gfree(tmp_list); + } + + __print_line(); + __tcinfo(goal, "get list of packaes with camera privacy"); + ret = privilege_package_info_get_package_list_by_privacy(5001, "http://tizen.org/privacy/camera", &tmp_list); + __tcinfo(expect, PRVMGR_ERR_NONE); + __print_result('m', ret); + if (tmp_list != NULL) { + __print_glist(tmp_list); + gfree(tmp_list); + } + + __print_line(); + __tcinfo(goal, "get privilege list of org.test.nativeapp's account privacy"); + ret = privilege_package_info_get_privilege_list_by_pkgid_and_privacy(5001, "org.test.nativeapp", "http://tizen.org/privacy/account", &tmp_list); + __tcinfo(expect, PRVMGR_ERR_NONE); + __print_result('m', ret); + if (tmp_list != NULL) { + __print_glist(tmp_list); + gfree(tmp_list); + } + + __print_line(); + __tcinfo(goal, "get all privacy package list of uid 5001"); + ret = privilege_package_info_get_all_privacy_package_list(5001, &tmp_list); + __tcinfo(expect, PRVMGR_ERR_NONE); + __print_result('m', ret); + if (tmp_list != NULL) { + __print_glist(tmp_list); + gfree(tmp_list); + } + + __print_line(); + __tcinfo(goal, "unset 5001, org.test.nativeapp's package privilege info."); + ret = privilege_package_info_unset_package_privilege_info(5001, "org.test.nativeapp"); + __tcinfo(expect, PRVMGR_ERR_NONE); + __print_result('m', ret); + + __print_line(); + __tcinfo(goal, "unset 5001, org.test.webapp's package privilege info."); + ret = privilege_package_info_unset_package_privilege_info(5001, "org.test.webapp"); + __tcinfo(expect, PRVMGR_ERR_NONE); + __print_result('m', ret); + __print_line(); + +} + +int main() +{ + + __tcinfo(function, "privilege_package_info_set_privacy_privilege"); + __tcinfo(function, "privilege_package_info_set_ciritical_privilege"); + __tcinfo(function, "privilege_package_info_unset_package_privilege_info"); + __tcinfo(function, "privilege_package_info_is_privacy_requestable"); + __tcinfo(function, "privilege_package_info_is_privacy_requestable_api_version"); + __tcinfo(function, "privilege_package_info_get_privacy_list_by_pkgid"); + __tcinfo(function, "privilege_package_info_get_package_list_by_privacy"); + __tcinfo(function, "privilege_package_info_get_privilege_list_by_pkgid_and_privacy"); + __test_privilege_package_info(); + + __color_to_green(); + printf("Test Complete\n"); + printf("success : %d, ", success_cnt); + + __color_to_red(); + printf("fail : %d\n", fail_cnt); + __color_to_origin(); + + return 0; +} diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt index 54ed43b..30f42e7 100755 --- a/tool/CMakeLists.txt +++ b/tool/CMakeLists.txt @@ -22,6 +22,7 @@ ADD_DEFINITIONS(-DPRIVILEGE_INFO_WRT_DB_PATH="wrt_privilege_info.db") ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_CORE_DB_PATH="core_privilege_mapping.db") ADD_DEFINITIONS(-DPRIVILEGE_MAPPING_WRT_DB_PATH="wrt_privilege_mapping.db") ADD_DEFINITIONS(-DPRIVILEGE_POLICY_DB_PATH="policy.db") +ADD_DEFINITIONS(-DPRIVILEGE_PRIVACY_DB_PATH="${TZ_SYS_DB}/.privacy.db") ADD_DEFINITIONS(-DASKUSER_RUNTIME_DISABLE_PATH="${TZ_SYS_SHARE}/askuser_disable") SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}")