From: Yunjin Lee Date: Wed, 22 Mar 2017 07:53:47 +0000 (+0900) Subject: Add API to see if the applciation is on the privacy white list X-Git-Tag: accepted/tizen/common/20170322.154129^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d4347c7eb21a6e4251977489f5b616a325700e91;p=platform%2Fcore%2Fsecurity%2Fprivilege-checker.git Add API to see if the applciation is on the privacy white list Change-Id: Ic274c314ee3cf94e554fafcc8d315c16f6681fc4 Signed-off-by: Yunjin Lee --- diff --git a/capi/include/privilege_db_manager.h b/capi/include/privilege_db_manager.h index 53c514b..66dd40c 100755 --- a/capi/include/privilege_db_manager.h +++ b/capi/include/privilege_db_manager.h @@ -90,6 +90,8 @@ int privilege_db_manager_is_preloaded(const char* pkgid); /* privilege should be privacy privilege */ int privilege_db_manager_is_privacy_white_list(const char* pkgid, const char* privilege); +int privilege_db_manager_is_privacy_white_list_application(const char* pkgid); + int privilege_db_manager_is_user_settable(const char* pkgid, const char* privacy); int __privilege_db_manager_get_privacy_list(GList** privacy_list); diff --git a/capi/include/privilege_info.h b/capi/include/privilege_info.h index 9197cb9..a8dc7ec 100644 --- a/capi/include/privilege_info.h +++ b/capi/include/privilege_info.h @@ -161,6 +161,13 @@ EXPORT_API int privilege_info_is_user_settable(const char *pkgid, const char *pr EXPORT_API int privilege_info_get_privilege_type(uid_t uid, const char* pkgid, const char* privilege, privilege_manager_privilege_type_e *type); /** + * @brief Determines whether the given package id is on the privacy white list + * @param [in] pkgid The pkgid of application + * @return 1 if true(=given pkgid is listed on the privacy white list), 0 if false, and -1 on error + */ +EXPORT_API int privilege_info_is_privacy_white_list_application(const char* pkgid); + +/** * @brief Gets all privacy list. * @remarks @a privacy_list must be released with g_list_free() by you. * @param [out] privacy_list The privacy list diff --git a/capi/src/privilege_db_manager.c b/capi/src/privilege_db_manager.c index fad3e02..e1ef570 100755 --- a/capi/src/privilege_db_manager.c +++ b/capi/src/privilege_db_manager.c @@ -608,6 +608,38 @@ int privilege_db_manager_is_privacy_white_list(const char* pkgid, const char* pr return res; } +int privilege_db_manager_is_privacy_white_list_application(const char* pkgid) +{ + if (DISABLE_ASKUSER) + return 1; + + if (access(ASKUSER_RUNTIME_DISABLE_PATH, F_OK) == 0) { + _LOGD("aksuser is disabled in rum-time."); + return 1; + } + + sqlite3 *db = NULL; + sqlite3_stmt *stmt = NULL; + int ret = __initialize_db(PRIVILEGE_DB_TYPE_INFO, &db, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE); + TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE, , ret, "[PRIVILEGE_DB_MANAGER] DB INITIALIZE FAIL"); + + char *sql = sqlite3_mprintf("select distinct pkg_id from privacy_whitelist where pkg_id=%Q", pkgid); + TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed"); + + ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL); + TryReturn(ret == SQLITE_OK, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db)); + + ret = sqlite3_step(stmt); + TryReturn(ret == SQLITE_DONE || ret == SQLITE_ROW, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_step failed : %s", sqlite3_errmsg(db)); + + __finalize_db(db, stmt, sql); + + if (ret == SQLITE_ROW) + return 1; + + return 0; +} + int privilege_db_manager_is_user_settable(const char* pkgid, const char* privacy) { if (DISABLE_ASKUSER) diff --git a/capi/src/privilege_info.c b/capi/src/privilege_info.c index c513f65..33081ee 100755 --- a/capi/src/privilege_info.c +++ b/capi/src/privilege_info.c @@ -566,6 +566,22 @@ int privilege_info_is_privacy2(const char* label, const char* privilege) } } +int privilege_info_is_privacy_white_list_application(const char* pkgid) +{ + if (DISABLE_ASKUSER) + return 1; + + if (access(ASKUSER_RUNTIME_DISABLE_PATH, F_OK) == 0) { + LOGD("askuser is disabled in run-time."); + return 1; + } + TryReturn(pkgid != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER pkgid is NULL"); + int ret = privilege_db_manager_is_privacy_white_list_application(pkgid); + if(ret == 1 || ret == 0) + return ret; + return -1; +} + int privilege_info_get_privilege_type(uid_t uid, const char* pkgid, const char* privilege, privilege_manager_privilege_type_e *type) { TryReturn(pkgid != NULL && privilege != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid or privilege is NULL"); diff --git a/test/tc-privilege-info.c b/test/tc-privilege-info.c index a5361c9..ee94f5a 100755 --- a/test/tc-privilege-info.c +++ b/test/tc-privilege-info.c @@ -742,7 +742,7 @@ void __test_privilege_info_is_user_settable() } else { fail_cnt++; __color_to_red(); - printf("fail. ret = %d", ret); + printf("fail. ret = %d\n", ret); __color_to_origin(); } @@ -759,7 +759,7 @@ void __test_privilege_info_is_user_settable() } else { fail_cnt++; __color_to_red(); - printf("fail. ret = %d", ret); + printf("fail. ret = %d\n", ret); __color_to_origin(); } @@ -776,7 +776,7 @@ void __test_privilege_info_is_user_settable() } else { fail_cnt++; __color_to_red(); - printf("fail. ret = %d", ret); + printf("fail. ret = %d\n", ret); __color_to_origin(); } @@ -793,10 +793,66 @@ void __test_privilege_info_is_user_settable() } else { fail_cnt++; __color_to_red(); - printf("fail. ret = %d", ret); + printf("fail. ret = %d\n", ret); + __color_to_origin(); + } + __print_line(); +} + +void __test_privilege_info_is_privacy_white_list_application() +{ + int ret = 0; + __print_line(); + printf("pkgid = org.tizen.test\n"); + ret = privilege_info_is_privacy_white_list_application("org.tizen.test"); + printf("expect return value = 0, returned value = %d\n", ret); + if (ret == 0) { + success_cnt++; + __color_to_green(); + printf("success\n"); + __color_to_origin(); + } else { + fail_cnt++; + __color_to_red(); + printf("fail. ret = %d\n", ret); + __color_to_origin(); + } + __print_line(); + + printf("pkgid = ise-default\n"); + ret = privilege_info_is_privacy_white_list_application("ise-default"); + printf("expect return value = 1, returned value = %d\n", ret); + + if (ret == 1) { + success_cnt++; + __color_to_green(); + printf("success\n"); + __color_to_origin(); + } else { + fail_cnt++; + __color_to_red(); + printf("fail. ret = %d\n", ret); __color_to_origin(); } + __print_line(); + + printf("pkgid = ise-defaulttt\n"); + ret = privilege_info_is_privacy_white_list_application("ise-defaulttt"); + printf("expect return value = 0, returned value = %d\n", ret); + + if (ret == 0) { + success_cnt++; + __color_to_green(); + printf("success\n"); + __color_to_origin(); + } else { + fail_cnt++; + __color_to_red(); + printf("fail. ret = %d", ret); + __color_to_origin(); + } + } @@ -843,6 +899,9 @@ int main() __tcinfo(function, "privilege_info_is_user_settable"); __test_privilege_info_is_user_settable(); + __tcinfo(function, "privilege_info_is_privacy_white_list_application"); + __test_privilege_info_is_privacy_white_list_application(); + __color_to_green(); printf("Test Complete\n"); printf("success : %d, ", success_cnt);