From: Yunjin Lee <yunjin-.lee@samsung.com>
Date: Wed, 4 Jan 2017 06:20:44 +0000 (+0900)
Subject: Handle black list check error properly
X-Git-Tag: submit/tizen_3.0/20170115.225845~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e17c957e703a16775b301c9b4401c0657e45aefe;p=platform%2Fcore%2Fsecurity%2Fprivilege-checker.git

Handle black list check error properly

Change-Id: I5756f03a099e67dc31f321d99eeaf12cd0c4a1e6
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
---

diff --git a/capi/src/privilege_db_manager.c b/capi/src/privilege_db_manager.c
index 661d81d..434c3ac 100755
--- a/capi/src/privilege_db_manager.c
+++ b/capi/src/privilege_db_manager.c
@@ -157,21 +157,23 @@ int privilege_db_manager_check_black_list(int uid, privilege_db_manager_package_
 	int count = 0;
 
 	ret = __initialize_db(PRIVILEGE_DB_TYPE_POLICY_RO, &db, package_type);
-	if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE)
-		return ret;
+	if (ret != PRIVILEGE_DB_MANAGER_ERR_NONE) {
+		_LOGE("db initialize failed. ret = %d", ret);
+		return -ret;
+	}
 
 	char *privilege_list_str = NULL;
 	ret = __make_privilege_list_str(privilege_list, &privilege_list_str);
 	_LOGD("check black list with uid = %d, package_type = %d, privilege_list = %s", uid, package_type, privilege_list_str);
 	char *sql = sqlite3_mprintf("select distinct privilege_name from prevent_list where privilege_name in(%s)and uid=%d and package_type=%d", privilege_list_str, uid, package_type);
 	sqlite3_free(privilege_list_str);
-	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
+	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), -PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 
 	ret = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, NULL);
 	if (ret != SQLITE_OK) {
 		_LOGE("[DB_FAIL] fail to prepare database : %s", sqlite3_errmsg(db));
 		__finalize_db(db, stmt, sql);
-		return PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
+		return -PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY;
 	}
 
 	do {
diff --git a/capi/src/privilege_manager.c b/capi/src/privilege_manager.c
index 741d76a..a3ef4f2 100755
--- a/capi/src/privilege_manager.c
+++ b/capi/src/privilege_manager.c
@@ -272,11 +272,14 @@ int privilege_manager_verify_privilege(uid_t uid, const char *api_version, privi
 
 	/* Check black list */
 	ret = privilege_db_manager_check_black_list(uid, package_type, privilege_list);
-	if (ret == PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY) {
+	if (ret == -PRIVILEGE_DB_MANAGER_ERR_DB_NOENTRY) {
 		_LOGE("[FAIL TO CALL FUNCTION] black list policy db cannot be found");
 	} else if (ret > 0) {
 		*error_message = strdup("[PRVMGR_ERR_USING_BANNED_PRIVILEGE] Application manifest contains banned privilege(s) declared by the DPM");
 		return PRVMGR_ERR_USING_BANNED_PRIVILEGE;
+	} else if (ret < 0) {
+		_LOGE("privilege_db_manager_check_black_list failed. ret = %d", ret);
+		return PRVMGR_ERR_INTERNAL_ERROR;
 	}
 
 	/* Get valid privilege list */