From: Piotr Sawicki <p.sawicki2@partner.samsung.com>
Date: Mon, 3 Jul 2017 14:36:54 +0000 (+0200)
Subject: Implement checkPrivilege()
X-Git-Tag: submit/tizen/20170727.154157~1^2~36
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a0b5a6e670e9fee9e882bc7a499b345b2f28515d;p=platform%2Fcore%2Fsecurity%2Faskuser.git

Implement checkPrivilege()

Change-Id: I91768ce30cced026bc7f15bc5381be5d5df7afc6
---

diff --git a/src/client/impl/ApiInterfaceImpl.cpp b/src/client/impl/ApiInterfaceImpl.cpp
index 1a3ec91..24dfad6 100644
--- a/src/client/impl/ApiInterfaceImpl.cpp
+++ b/src/client/impl/ApiInterfaceImpl.cpp
@@ -21,6 +21,11 @@
  * @brief       The definition of ApiInterfaceImpl.
  */
 
+#include <unistd.h>
+#include <sys/types.h>
+
+#include <log/alog.h>
+#include <policy/Policy.h>
 #include <askuser-notification/ask-user-client-channel.h>
 #include <askuser-notification/ask-user-types.h>
 
@@ -82,8 +87,34 @@ int ApiInterfaceImpl::process(int fd, int events)
 
 askuser_check_result ApiInterfaceImpl::checkPrivilege(const std::string &privilege)
 {
-    // TODO use PolicyFetchRequest
-    (void) privilege;
+    std::string appId = getOwnAppId();
+
+    PolicyEntry filter;
+    filter.setApp(appId);
+    filter.setUser(std::to_string(geteuid()));
+    filter.setPrivilege(privilege);
+
+    PolicyFetchRequest fetch(std::move(filter));
+    auto policies = fetch.fetchPolicy();
+
+    if (policies.size() != 1) {
+        ALOGE("Unusual situation, there are " << policies.size() << " policies for (" << appId << ", " << geteuid() << ", " << privilege << ")");
+        return ASKUSER_CHECK_RESULT_DENY;
+    }
+
+    auto level = policies.front().getLevel();
+
+    if (level == "Allow") {
+        return ASKUSER_CHECK_RESULT_ALLOW;
+    }
+
+    if (level == "Deny") {
+        return ASKUSER_CHECK_RESULT_DENY;
+    }
+
+    if (level == "Ask user") {
+        return ASKUSER_CHECK_RESULT_ASK;
+    }
 
     return ASKUSER_CHECK_RESULT_DENY;
 }
diff --git a/src/common/policy/Policy.cpp b/src/common/policy/Policy.cpp
index 61acd51..f8d4818 100644
--- a/src/common/policy/Policy.cpp
+++ b/src/common/policy/Policy.cpp
@@ -67,6 +67,23 @@ void identifyApp(const std::string &client, std::string &appId, std::string &pkg
     pkgLabel = pkgInfo.pkgLabel();
 }
 
+std::string getOwnAppId()
+{
+    char *pkgName = nullptr;
+    char *appName = nullptr;
+
+    int ret = security_manager_identify_app_from_pid(getpid(), &pkgName, &appName);
+    std::unique_ptr<char, decltype(free)*> pkg_name_p(pkgName, free);
+    std::unique_ptr<char, decltype(free)*> app_name_p(appName, free);
+    throwOnSMError("security_manager_identify_app_from_pid", ret);
+
+    PkgInfo pkgInfo(pkgName, geteuid());
+    if (!appName)
+        return pkgInfo.mainAppId();
+
+    return std::string();
+}
+
 PolicyEntry::PolicyEntry() {
     throwOnSMError("security_manager_policy_entry_new",
                                   security_manager_policy_entry_new(&m_entry));
diff --git a/src/common/policy/Policy.h b/src/common/policy/Policy.h
index f3abb93..0f7aca1 100644
--- a/src/common/policy/Policy.h
+++ b/src/common/policy/Policy.h
@@ -30,6 +30,7 @@ struct policy_update_req;
 namespace AskUser {
 
 void identifyApp(const std::string &client, std::string &appId, std::string &pkgLabel);
+std::string getOwnAppId();
 
 class PolicyEntry {
 public: