From: Inkyun Kil <inkyun.kil@samsung.com>
Date: Thu, 30 Aug 2018 07:26:30 +0000 (+0900)
Subject: Check if appcontrol is valid on the sender side
X-Git-Tag: submit/tizen/20190208.015210~23
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9cc8eb33fd39f5c76b715a19ec4147eac01d7994;p=platform%2Fcore%2Fappfw%2Fcapmgr.git

Check if appcontrol is valid on the sender side

Change-Id: Ie13ef3c4bdb2b3929d4b0abafc2b6e5bb5ae047c
Signed-off-by: Inkyun Kil <inkyun.kil@samsung.com>
---

diff --git a/src/common/appcontrol_manager.cc b/src/common/appcontrol_manager.cc
index 25cfd0a..8eadf89 100644
--- a/src/common/appcontrol_manager.cc
+++ b/src/common/appcontrol_manager.cc
@@ -9,7 +9,10 @@
 #include <bundle.h>
 
 #include <map>
+#include <vector>
 
+#include "common/capability.h"
+#include "common/db_manager.h"
 #include "common/utils/logging.h"
 
 namespace {
@@ -59,6 +62,36 @@ bool AppControlManager::LaunchApplication(const unsigned char* bundle_data,
   return true;
 }
 
+bool AppControlManager::CheckRemoteAppControl(const std::string& device_id,
+    const unsigned char* appcontrol, size_t len) {
+  bundle* b = bundle_decode(appcontrol, len);
+  if (!b) {
+    LOG(ERROR) << "Invalid bundle data!";
+    return false;
+  }
+
+  const char* appid_cstr = aul_svc_get_appid(b);
+  if (!appid_cstr) {
+    LOG(ERROR) << "Failed to get appid!";
+    bundle_free(b);
+    return false;
+  }
+
+  std::string appid(appid_cstr);
+  std::vector<Capability> cap_list = DBManager::SelectCapabilites(device_id);
+  for (auto& cap : cap_list) {
+    if (appid == cap.appid()) {
+      LOG(INFO) << "Found the appcontrol!";
+      bundle_free(b);
+      return true;
+    }
+  }
+
+  LOG(ERROR) << "Invalid appcontrol!";
+  bundle_free(b);
+  return false;
+}
+
 int AppControlManager::AulHandler(aul_type type, bundle* kb, void* data) {
   return 0;
 }
diff --git a/src/common/appcontrol_manager.h b/src/common/appcontrol_manager.h
index 8ab9027..b069d35 100644
--- a/src/common/appcontrol_manager.h
+++ b/src/common/appcontrol_manager.h
@@ -14,8 +14,10 @@
 #include <boost/signals2.hpp>
 
 #include <functional>
+#include <string>
 
 #include "common/capability.h"
+#include "common/capability_manager.h"
 
 namespace capmgr {
 
@@ -33,6 +35,8 @@ class AppControlManager {
   }
   bool LaunchApplication(const unsigned char* bundle_data, size_t len,
       void* data);
+  bool CheckRemoteAppControl(const std::string& device_id,
+      const unsigned char* appcontrol, size_t len);
 
  private:
   class AppControlReplyHandler {
diff --git a/src/common/db_manager.cc b/src/common/db_manager.cc
index 65996af..bddf225 100644
--- a/src/common/db_manager.cc
+++ b/src/common/db_manager.cc
@@ -64,6 +64,9 @@ const char kQueryInsertCap[] =
 const char kQueryDeleteCap[] =
     "DELETE FROM capabilities WHERE device_id=? AND operation=? AND uri=? AND "
     "  mime=? AND appid=?";
+const char kQuerySelectCap[] =
+    "SELECT operation, uri, mime, appid, pkgid FROM capabilities "
+    "WHERE device_id=?";
 const char kQueryInsertRemoteApp[] =
     "INSERT INTO remote_app_info (device_id, appid, pkgid, label, version) "
     "VALUES (?, ?, ?, ?, ?)";
@@ -252,6 +255,35 @@ bool DBManager::DeleteCapability(const std::string& device_id,
   return true;
 }
 
+std::vector<Capability> DBManager::SelectCapabilites(
+      const std::string& device_id) {
+  auto guard = Instance().sql_conn_->GetTransactionGuard();
+  std::shared_ptr<SQLStatement> stmt = Instance().sql_conn_->PrepareStatement(
+      kQuerySelectCap);
+  if (!stmt) {
+    LOG(ERROR) << "Failed to prepare statement";
+    return {};
+  }
+
+  if (!stmt->BindString(1, device_id))
+    return {};
+
+  std::vector<Capability> cap_list;
+  while (stmt->Step() == SQLStatement::StepResult::ROW) {
+    int idx = 0;
+    std::string operation = stmt->GetColumnString(idx++);
+    std::string uri = stmt->GetColumnString(idx++);
+    std::string mime = stmt->GetColumnString(idx++);
+    std::string appid = stmt->GetColumnString(idx++);
+    std::string pkgid = stmt->GetColumnString(idx++);
+
+    Capability cap(operation, uri, mime, appid, pkgid);
+    cap_list.push_back(cap);
+  }
+
+  return cap_list;
+}
+
 bool DBManager::InsertRemotePackage(const std::string& device_id,
     const RemotePackageInfo& remote_pkg_info) {
   auto guard = Instance().sql_conn_->GetTransactionGuard();
diff --git a/src/common/db_manager.h b/src/common/db_manager.h
index b9b2ba5..b1f7f60 100644
--- a/src/common/db_manager.h
+++ b/src/common/db_manager.h
@@ -29,6 +29,8 @@ class DBManager {
       const std::vector<Capability>& caps);
   static bool DeleteCapability(const std::string& device_id,
       const Capability& cap);
+  static std::vector<Capability> SelectCapabilites(
+      const std::string& device_id);
   static bool InsertRemotePackage(const std::string& device_id,
     const RemotePackageInfo& remote_pkg_info);
   static bool DeleteRemotePackage(const std::string& device_id,
diff --git a/src/common/mdg_manager.cc b/src/common/mdg_manager.cc
index b27d85f..075f06b 100755
--- a/src/common/mdg_manager.cc
+++ b/src/common/mdg_manager.cc
@@ -677,6 +677,10 @@ void MDGManager::ExchangeCapabilities() {
 
 int MDGManager::SendAppControl(const std::string& device_id,
     const unsigned char* appcontrol, size_t len) {
+  if (!AppControlManager::GetAppControlManager().CheckRemoteAppControl(
+      device_id, appcontrol, len))
+    return -1;
+
   return SendData(device_id, Command::SEND_APPCONTROL, appcontrol, len);
 }