From: Yunjin Lee <yunjin-.lee@samsung.com>
Date: Thu, 23 Jul 2020 10:31:32 +0000 (+0900)
Subject: Remove unused critical privilege related APIs
X-Git-Tag: submit/tizen/20200806.054000~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=96ec694d55b81e6945a633c63a7054c13f3fb068;p=platform%2Fcore%2Fsecurity%2Fprivilege-checker.git

Remove unused critical privilege related APIs

- There was a requirement at first time but was not used hence remove
all of them.

Change-Id: I6919e6c6a84ed6f20ef719d744ae22c18f279ae0
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
---

diff --git a/capi/include/privilege_db_manager.h b/capi/include/privilege_db_manager.h
index b799de4..52c18ab 100755
--- a/capi/include/privilege_db_manager.h
+++ b/capi/include/privilege_db_manager.h
@@ -313,28 +313,6 @@ int privilege_db_manager_unset_black_list(int uid, privilege_manager_package_typ
  */
 int privilege_db_manager_check_black_list(uid_t uid, privilege_manager_package_type_e pacakge_type, GList *privilege_list);
 
-/**
- * @brief Set application package's critical privilege information
- * @remarks Non-privacy privilege included in the privilege list will be ignored.
- * @remarks Call it with the privilege list before mapping.
- * @remarks @a critical_privilege_list must be released by you.
- * @param [in] uid The uid
- * @param [in] pkgid The package ID
- * @param [in] package_type The package type of the given privilege list
- * @param [in] api_version The api-version of package
- * @param [in] critical_privilege_list The ciritical privilege list
- * @return 0 on success, otherwise a negative error value.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE  Successful.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_BUSY_FAIL DB is busy.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_CONSTRAINT_FAIL SQL constraint violation occured and update failed.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_FULL_FAIL Write could not complete due to the disk is full.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL DB update failed.
- */
-int privilege_db_manager_set_package_critical_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* critical_privilege_list);
-
 /**
  * @brief Set application package's privacy privilege information
  * @remarks Non-privacy privilege included in the privilege list will be ignored.
@@ -358,7 +336,7 @@ int privilege_db_manager_set_package_critical_privilege_info(const uid_t uid, co
 int privilege_db_manager_set_package_privacy_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list);
 
 /**
- * @brief Delete all privacy, critical privilege info of the given application package.
+ * @brief Delete all privacy privilege info of the given application package.
  * @param [in] uid The uid
  * @param [in] pkgid The package ID
  * @return 0 on success, otherwise a negative error value.
@@ -388,22 +366,6 @@ int privilege_db_manager_unset_package_privilege_info(const uid_t uid, const cha
  */
 int privilege_db_manager_is_privacy_requestable(const uid_t uid, const char* pkgid, const char* privilege, privilege_manager_package_type_e pkg_type, bool* is_privacy_requestable);
 
-/**
- * @brief Get is_critical value for thr privilege and package
- * @remarks If the privilege is not a privacy privilege then it will return PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT
- * @param [in]  uid The uid
- * @param [in]  pkgid The package ID
- * @param [in]  privilege The privilege
- * @param [out] is_critical is_critical value
- * @return 0 on success, otherwise a negative error value.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_NONE  Successful.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY Failed to prepare sql query.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY DB not exist.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_CONNECTION_FAIL DB exist but failed to open DB.
- * @retval #PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT No data selected by given qeury.
- */
-int privilege_db_manager_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical);
-
 /**
  * @brief Get all privacy package list of the user
  * @remarks @a package_list must be released by using privilege_db_manager_list_free().
diff --git a/capi/include/privilege_package_info.h b/capi/include/privilege_package_info.h
index b086f91..cdc6e54 100755
--- a/capi/include/privilege_package_info.h
+++ b/capi/include/privilege_package_info.h
@@ -47,24 +47,7 @@ extern "C" {
 EXPORT_API int privilege_package_info_set_privacy_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list);
 
 /**
- * @brief Set critical privilege of the application package.
- * @remarks Non-privacy privilege included in the privilege list will be ignored.
- * @remarks Call it with the privilege list before mapping and include only critical privileges.
- * @remarks @a critical_privilege_list must be released by you.
- * @param [in] uid The uid of the user who's trying to install the application.
- * @param [in] pkgid The package ID
- * @param [in] package_type The package type
- * @param [in] api_version The api-version
- * @param [in] critical_privilege_list The critical privilege list.
- * @return 0 on success, otherwise a negative error value.
- * @retval #PRVMGR_ERR_NONE Successful
- * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
- * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
- */
-EXPORT_API int privilege_package_info_set_critical_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list);
-
-/**
- * @brief Delete all privacy, critical privilege info of the given application package.
+ * @brief Delete all privacy privilege info of the given application package.
  * @param [in] uid The uid of the user who's trying to install the application.
  * @param [in] pkgid The package ID
  * @return 0 on success, otherwise a negative error value.
@@ -86,19 +69,6 @@ EXPORT_API int privilege_package_info_unset_package_privilege_info(const uid_t u
  */
 EXPORT_API int privilege_package_info_is_privacy_requestable(const uid_t uid, const char* pkgid, const char* privilege, bool* is_requestable);
 
-/**
- * @brief Check if the given privilege is critical for the application package.
- * @param [in]  uid The uid
- * @param [in]  pkgid The package ID
- * @param [in]  privilege The privilege to check
- * @param [out] is_critical true if the given privilege is critical, or set to false.
- * @return 0 on success, otherwise a negative error value.
- * @retval #PRVMGR_ERR_NONE Successful
- * @retval #PRVMGR_ERR_INVALID_PARAMETER Invalid parameter
- * @retval #PRVMGR_ERR_INTERNAL_ERROR Internal error
- */
-EXPORT_API int privilege_package_info_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical);
-
 /**
  * @brief Get all privacy package list of the user
  * @param [in]  uid The uid
diff --git a/capi/src/privilege_db_manager.c b/capi/src/privilege_db_manager.c
index 764abb4..c830ffa 100755
--- a/capi/src/privilege_db_manager.c
+++ b/capi/src/privilege_db_manager.c
@@ -865,52 +865,6 @@ int privilege_db_manager_unset_black_list(int uid, privilege_manager_package_typ
 	TRY_FINISH_TRANSACTION(ret, db, stmt, sql);
 }
 
-//TODO: Do insert only. DO NOT determine whether to insert or not in here.
-int privilege_db_manager_set_package_critical_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* critical_privilege_list)
-{
-	sqlite3 *db = NULL;
-	sqlite3_stmt *stmt = NULL;
-	char* sql = NULL;
-	int ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
-
-	TRY_INIT_DB(PRIVILEGE_DB_TYPE_PRIVACY_RW, &db);
-
-	GList* mapped_privilege_list = NULL;
-	ret = privilege_db_manager_get_mapped_privilege_list(api_version, package_type, critical_privilege_list, &mapped_privilege_list);
-	TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE && mapped_privilege_list != NULL, __finalize_db(db, stmt, NULL), PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL, "[DB_FAIL] privilege_db_manager_get_mapped_privilege_list failed");
-
-	TRY_BEGIN_TRANSACTION(db);
-
-	for (GList *l = mapped_privilege_list; l != NULL; l = l->next) {
-		char *privilege_name = (char *)l->data;
-		if (strstr(privilege_name, "/internal/") == NULL) {
-			char * privacy_name = NULL;
-			ret = privilege_db_manager_get_privacy_by_privilege(privilege_name, &privacy_name);
-			if (ret == PRIVILEGE_DB_MANAGER_ERR_NONE && strstr(privacy_name, "N/A") == NULL && privilege_db_manager_is_user_settable(pkgid, privacy_name) == 1) {
-				sql = sqlite3_mprintf("insert or replace into privacy_package (uid, pkg_id, privacy_name, privilege_name, api_version, is_critical) values (%d, %Q, %Q, %Q, %Q, 1)", uid, pkgid, privacy_name, privilege_name, api_version);
-
-				if (__prepare_stmt(db, sql, &stmt) != PRIVILEGE_DB_MANAGER_ERR_NONE) {
-					ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
-					break;
-				}
-
-				if (sqlite3_step(stmt) != SQLITE_DONE) {
-					_LOGE("sqlite3_step() failed. [%s]", sqlite3_errmsg(db));
-					ret = PRIVILEGE_DB_MANAGER_ERR_DB_UPDATE_FAIL;
-					break;
-				}
-
-				SAFE_SQLITE_FREE(sql);
-				SAFE_SQLITE_FINALIZE(stmt);
-			}
-			SAFE_FREE(privacy_name);
-		}
-	}
-	SAFE_G_LIST_FREE_FULL(mapped_privilege_list, free);
-
-	TRY_FINISH_TRANSACTION(ret, db, stmt, sql);
-}
-
 //TODO: Do insert only. DO NOT determine whether to insert or not in here.
 int privilege_db_manager_set_package_privacy_privilege_info(const uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, const char* api_version, GList* privilege_list)
 {
@@ -1018,37 +972,6 @@ int privilege_db_manager_is_privacy_requestable(const uid_t uid, const char* pkg
 	return ret;
 }
 
-int privilege_db_manager_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical)
-{
-	sqlite3 *db = NULL;
-	sqlite3_stmt *stmt = NULL;
-	int ret;
-
-	TRY_INIT_DB(PRIVILEGE_DB_TYPE_PRIVACY_RO, &db);
-
-	char* sql = sqlite3_mprintf("select is_critical from privacy_package where (uid=%d or uid=%d) and pkg_id=%Q and privilege_name=%Q", uid, GLOBAL_USER, pkgid, privilege);
-
-	TRY_PREPARE_STMT(db, sql, &stmt);
-
-	ret = sqlite3_step(stmt);
-	if (ret == SQLITE_ROW) {
-		if (sqlite3_column_int(stmt, 0))
-			*is_critical = true;
-		else
-			*is_critical = false;
-		ret = PRIVILEGE_DB_MANAGER_ERR_NONE;
-	} else if (ret == SQLITE_DONE) {
-		ret = PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT;
-	} else {
-		_LOGE("ret = %d[%s]", ret, sqlite3_errmsg(db));
-		//TODO: add error value for internal error
-	}
-
-	__finalize_db(db, stmt, sql);
-
-	return ret;
-}
-
 int privilege_db_manager_get_all_privacy_package_list(const uid_t uid, GList** package_list)
 {
 	sqlite3 *db = NULL;
diff --git a/capi/src/privilege_package_info.c b/capi/src/privilege_package_info.c
index a404901..9a486c1 100755
--- a/capi/src/privilege_package_info.c
+++ b/capi/src/privilege_package_info.c
@@ -1,5 +1,5 @@
 /*
- * Copyright(c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright(c) 2017-2020 Samsung Electronics Co., Ltd All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0(the License);
  * you may not use this file except in compliance with the License.
@@ -49,17 +49,6 @@ int privilege_package_info_set_privacy_privilege(const uid_t uid, const char* pk
 	return PRVMGR_ERR_NONE;
 }
 
-int privilege_package_info_set_critical_privilege(const uid_t uid, const char* pkgid, privilege_manager_package_type_e pkg_type, const char* api_version, GList* critical_privilege_list)
-{
-	TryReturn(pkgid != NULL && api_version != NULL && critical_privilege_list != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid, api_version, and critical_privilege_list must not be NULL.");
-	int ret = privilege_db_manager_set_package_critical_privilege_info(uid, pkgid, pkg_type, api_version, critical_privilege_list);
-	if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
-		LOGE("privilege_db_manager_set_package_critical_privilege_info failed. ret = %d", ret);
-		return PRVMGR_ERR_INTERNAL_ERROR;
-	}
-	return PRVMGR_ERR_NONE;
-}
-
 int privilege_package_info_unset_package_privilege_info(const uid_t uid, const char* pkgid)
 {
 	if (DISABLE_ASKUSER)
@@ -131,19 +120,6 @@ int privilege_package_info_is_privacy_requestable(const uid_t uid, const char* p
 	return PRVMGR_ERR_NONE;
 }
 
-int privilege_package_info_is_critical_privilege(const uid_t uid, const char* pkgid, const char* privilege, bool* is_critical)
-{
-	TryReturn(pkgid != NULL && privilege != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid and privilege must not be null");
-	int ret = privilege_db_manager_is_critical_privilege(uid, pkgid, privilege, is_critical);
-	if (ret == PRIVILEGE_DB_MANAGER_ERR_NO_EXIST_RESULT) { // CASE: given pkgid have no privacy privileges
-		*is_critical = false;
-	} else if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
-		LOGE("privilege_db_manager_is_ciritical_privilege faild. ret = %d", ret);
-		return PRVMGR_ERR_INTERNAL_ERROR;
-	}
-	return PRVMGR_ERR_NONE;
-}
-
 int privilege_package_info_get_all_privacy_package_list(const uid_t uid, GList** privacy_list)
 {
 	int ret = privilege_db_manager_get_all_privacy_package_list(uid, privacy_list);
diff --git a/test/tc-privilege-package-info.c b/test/tc-privilege-package-info.c
index 4b05f90..59020de 100755
--- a/test/tc-privilege-package-info.c
+++ b/test/tc-privilege-package-info.c
@@ -26,17 +26,6 @@ static void __test_privilege_package_info()
 	__print_result('m', ret);
 	gfree(privilege_list);
 
-	__print_line();
-	__tcinfo(goal, "set 5001, org.test.nativeapp_3 critical privilege set. api_version = 3.0");
-	__privinfo("http://tizen.org/privilege/internet", NULL, NULL);
-	__privinfo("http://tizen.org/privilege/call", NULL, NULL);
-	__privinfo("http://tizen.org/privilege/account.read", NULL, NULL);
-	__privinfo("http://tizen.org/privilege/display", NULL, NULL);
-	ret = privilege_package_info_set_critical_privilege(5001, "org.test.nativeapp_3", PRVMGR_PACKAGE_TYPE_CORE, "3.0", privilege_list);
-	__tcinfo(expect, PRVMGR_ERR_NONE);
-	__print_result('m', ret);
-	gfree(privilege_list);
-
 	/* Web api-version 4.0 */
 	__print_line();
 	__tcinfo(goal, "set 5001, org.test.webapp_4's privacy privilege set. api_version = 4.0");
@@ -54,17 +43,6 @@ static void __test_privilege_package_info()
 	__print_result('m', ret);
 	gfree(privilege_list);
 
-	__print_line();
-	__tcinfo(goal, "set 5001, org.test.webapp_4's critical privilege set. api_version = 4.0");
-	__privinfo("http://tizen.org/privilege/internet", NULL, NULL);
-	__privinfo("http://tizen.org/privilege/messaging.write", NULL, NULL);
-	__privinfo("http://tizen.org/privilege/mediacapture", NULL, NULL);
-	__privinfo("http://tizen.org/privilege/mediastorage", NULL, NULL);
-	ret = privilege_package_info_set_critical_privilege(5001, "org.test.webapp_4", PRVMGR_PACKAGE_TYPE_WRT, "4.0", privilege_list);
-	__tcinfo(expect, PRVMGR_ERR_NONE);
-	__print_result('m', ret);
-	gfree(privilege_list);
-
 	/* Web api-version 5.0 */
 	__print_line();
 	__tcinfo(goal, "set 5001, org.test.webapp_5's privacy privilege set. api_version = 5.0");
@@ -82,75 +60,8 @@ static void __test_privilege_package_info()
 	__print_result('m', ret);
 	gfree(privilege_list);
 
-	__print_line();
-	__tcinfo(goal, "set 5001, org.test.webapp_5's critical privilege set. api_version = 5.0");
-	__privinfo("http://tizen.org/privilege/internet", NULL, NULL);
-	__privinfo("http://tizen.org/privilege/messaging.write", NULL, NULL);
-	__privinfo("http://tizen.org/privilege/mediacapture", NULL, NULL);
-	__privinfo("http://tizen.org/privilege/mediastorage", NULL, NULL);
-	ret = privilege_package_info_set_critical_privilege(5001, "org.test.webapp_5", PRVMGR_PACKAGE_TYPE_WRT, "5.0", privilege_list);
-	__tcinfo(expect, PRVMGR_ERR_NONE);
-	__print_result('m', ret);
-	gfree(privilege_list);
-
-
 	/* Test */
 
-	__print_line();
-	__tcinfo(goal, "see if http://tizen.org/privilege/message.read is critical for uid 5001, org.test.webapp_4");
-	ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp_4", "http://tizen.org/privilege/message.read", &is_requestable);
-	if (is_requestable && ret == PRVMGR_ERR_NONE) {
-		printf_green("\nis critical privilege. SUCCESS\n");
-		success_cnt++;
-	} else {
-		printf_red("\nFAIL\nis requestable = %s, ret = %s\n", is_requestable ? "true" : "false", __get_result_string('m', ret));
-		fail_cnt++;
-	}
-
-	__print_line();
-	__tcinfo(goal, "see if http://tizen.org/privilege/internet is critical for uid 5001, org.test.webapp_4");
-	ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp_4", "http://tizen.org/privilege/internet", &is_requestable);
-	if (!is_requestable && ret == PRVMGR_ERR_NONE) {
-		printf_green("\nis not critical privilege. SUCCESS\n");
-		success_cnt++;
-	} else {
-		printf_red("\nFAIL\nis requestable = %s, ret = %s\n", is_requestable ? "true" : "false", __get_result_string('m', ret));
-		fail_cnt++;
-	}
-
-	__print_line();
-	__tcinfo(goal, "see if http://tizen.org/privilege/message.read is critical for uid 5001, org.test.webapp_5");
-	ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp_5", "http://tizen.org/privilege/message.read", &is_requestable);
-	if (is_requestable && ret == PRVMGR_ERR_NONE) {
-		printf_green("\nis critical privilege. SUCCESS\n");
-		success_cnt++;
-	} else {
-		printf_red("\nFAIL\nis requestable = %s, ret = %s\n", is_requestable ? "true" : "false", __get_result_string('m', ret));
-		fail_cnt++;
-	}
-
-	__print_line();
-	__tcinfo(goal, "see if http://tizen.org/privilege/internet is critical for uid 5001, org.test.webapp_5");
-	ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp_5", "http://tizen.org/privilege/internet", &is_requestable);
-	if (!is_requestable && ret == PRVMGR_ERR_NONE) {
-		printf_green("\nis not critical privilege. SUCCESS\n");
-		success_cnt++;
-	} else {
-		printf_red("\nFAIL\nis requestable = %s, ret = %s\n", is_requestable ? "true" : "false", __get_result_string('m', ret));
-		fail_cnt++;
-	}
-
-	__print_line();
-	__tcinfo(goal, "see if http://tizen.org/privilege/mediastorage is critical for uid 5001, org.test.webapp_5");
-	ret = privilege_package_info_is_critical_privilege(5001, "org.test.webapp_5", "http://tizen.org/privilege/mediastorage", &is_requestable);
-	if (is_requestable && ret == PRVMGR_ERR_NONE) {
-		printf_green("\nis not critical privilege. SUCCESS\n");
-		success_cnt++;
-	} else {
-		printf_red("\nFAIL\nis requestable = %s, ret = %s\n", is_requestable ? "true" : "false", __get_result_string('m', ret));
-		fail_cnt++;
-	}
-
 	__print_line();
 	__tcinfo(goal, "see if uid 5001, api-version=3.0, org.test.nativeapp_3 can request privacy for http://tizen.org/privilege/call");
 	ret = privilege_package_info_is_privacy_requestable(5001, "org.test.nativeapp_3", "http://tizen.org/privilege/call", &is_requestable);
@@ -285,7 +196,6 @@ int main()
 {
 	if (ENABLE_ASKUSER) {
 		__tcinfo(function, "privilege_package_info_set_privacy_privilege");
-		__tcinfo(function, "privilege_package_info_set_ciritical_privilege");
 		__tcinfo(function, "privilege_package_info_unset_package_privilege_info");
 		__tcinfo(function, "privilege_package_info_is_privacy_requestable");
 		__tcinfo(function, "privilege_package_info_is_privacy_requestable_api_version");