From: Yunjin Lee <yunjin-.lee@samsung.com>
Date: Fri, 18 Nov 2016 09:54:36 +0000 (+0900)
Subject: Modify to check whether internal privileges are privacy related or not
X-Git-Tag: submit/tizen/20161205.023558~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=fa89d96d927b6ca12c6e4828a7638858e7fbf90c;p=platform%2Fcore%2Fsecurity%2Fprivilege-checker.git

Modify to check whether internal privileges are privacy related or not

- internal privileges mapped by privacy related core privileges are also privacy related.
- remove redundant internal privileges listed in internal_only.list to store them properly.

Change-Id: I561c4b998a90e4d527c5ef38c6c28802bddf33f5
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
---

diff --git a/capi/res/dbspace/core_mapping_db_generator.sh b/capi/res/dbspace/core_mapping_db_generator.sh
index 842b652..fc1333d 100755
--- a/capi/res/dbspace/core_mapping_db_generator.sh
+++ b/capi/res/dbspace/core_mapping_db_generator.sh
@@ -53,7 +53,12 @@ do
 
 	sqlite3 $DB_NAME "insert into privilege_mapping values ( $PROFILE_ID, '$PROFILE', '$PRIVILEGE_NAME','$FROM_API_VERSION', '$TO_API_VERSION', '$MAPPED_PRIVILEGE_NAME')"
 	if [[ $MAPPED_PRIVILEGE_NAME == *"/internal/"* ]]; then
-		sqlite3 .core_privilege_info.db "insert or ignore into valid_privilege_info values ('$MAPPED_PRIVILEGE_NAME', 0, 1)"
+		MAPPED_IS_PRIVACY=`sqlite3 .core_privilege_info.db "select is_privacy from privilege_info where privilege_name='$PRIVILEGE_NAME'"`
+		if [ "$MAPPED_IS_PRIVACY" = "" ]; then
+			sqlite3 .core_privilege_info.db "insert or ignore into valid_privilege_info values ('$MAPPED_PRIVILEGE_NAME', 0, 1)"
+		else
+			sqlite3 .core_privilege_info.db "insert or ignore into valid_privilege_info values ('$MAPPED_PRIVILEGE_NAME', $MAPPED_IS_PRIVACY, 1)"
+		fi
 	else
 		sqlite3 .core_privilege_info.db "insert or ignore into valid_privilege_info values ('$MAPPED_PRIVILEGE_NAME', 0, 0)"
 	fi
diff --git a/capi/res/dbspace/internal_only.list b/capi/res/dbspace/internal_only.list
index ef5d65e..6ef6c69 100644
--- a/capi/res/dbspace/internal_only.list
+++ b/capi/res/dbspace/internal_only.list
@@ -1,19 +1,10 @@
 http://tizen.org/privilege/internal/appdebugging
 http://tizen.org/privilege/internal/buxton
-http://tizen.org/privilege/internal/buxton/account.read
-http://tizen.org/privilege/internal/buxton/camcorder
-http://tizen.org/privilege/internal/buxton/contact.read
-http://tizen.org/privilege/internal/buxton/location
-http://tizen.org/privilege/internal/buxton/message.read
-http://tizen.org/privilege/internal/buxton/network.get
-http://tizen.org/privilege/internal/buxton/nfc
-http://tizen.org/privilege/internal/buxton/nfc.cardemulation
-http://tizen.org/privilege/internal/buxton/readonly
-http://tizen.org/privilege/internal/buxton/telephony
 http://tizen.org/privilege/internal/dbus
 http://tizen.org/privilege/internal/default/partner
 http://tizen.org/privilege/internal/default/platform
 http://tizen.org/privilege/internal/default/public
 http://tizen.org/privilege/internal/inputdevice.block
 http://tizen.org/privilege/internal/usermanagement
+http://tizen.org/privilege/internal/privacymanagement
 http://tizen.org/privilege/notexist
diff --git a/capi/src/privilege_db_manager.c b/capi/src/privilege_db_manager.c
index a4a764b..cf0cfbd 100755
--- a/capi/src/privilege_db_manager.c
+++ b/capi/src/privilege_db_manager.c
@@ -61,10 +61,10 @@ int __initialize_db(char type, sqlite3 ** db, privilege_db_manager_package_type_
 			db_path = PRIVILEGE_INFO_CORE_DB_PATH;
 		break;
 	case 'm':
-		if (package_type == PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE)
-			db_path = PRIVILEGE_MAPPING_CORE_DB_PATH;
-		else
+		if (package_type == PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_WRT)
 			db_path = PRIVILEGE_MAPPING_WRT_DB_PATH;
+		else
+			db_path = PRIVILEGE_MAPPING_CORE_DB_PATH;
 		break;
 	case 'u':
 		db_mode = SQLITE_OPEN_READWRITE;
@@ -285,7 +285,11 @@ int privilege_db_manager_get_mapped_privilege_list(const char *api_version, priv
 	ret = __make_privilege_list_str(privilege_list, &privilege_list_str);
 	TryReturn(ret == 0 && privilege_list_str != NULL, sqlite3_close(db), PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY, "[PRIVILEGE_DB_MANAGER_ERR_OUT_OF_MEMORY] making privilege_list_str for where in query is failed.");
 
-	char *sql = sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where privilege_name in(%s)and(profile_id=%d or profile_id=%d)and from_api_version<=%Q and to_api_version>%Q", privilege_list_str, PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, api_version, api_version);
+	char *sql = NULL;
+	if (api_version == NULL)
+		sql = sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where privilege_name in(%s)and(profile_id=%d or profile_id=%d)", privilege_list_str, PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type);
+	else
+		sql = sqlite3_mprintf("select distinct mapped_privilege_name from privilege_mapping where privilege_name in(%s)and(profile_id=%d or profile_id=%d)and from_api_version<=%Q and to_api_version>%Q", privilege_list_str, PRIVILEGE_DB_MANAGER_PROFILE_TYPE_COMMON, g_privilege_db_manager_profile_type, api_version, api_version);
 	sqlite3_free(privilege_list_str);
 	TryReturn(sql != NULL, __finalize_db(db, stmt, sql), PRIVILEGE_DB_MANAGER_ERR_INVALID_QUERY, "[DB_FAIL] sqlite3_mprintf failed");
 
@@ -560,10 +564,15 @@ int __privilege_db_manager_get_privilege_list_by_privacy(const char* privacy, GL
 		}
 	} while (ret == SQLITE_ROW);
 
-	*privilege_list = temp_privilege_list;
-
 	__finalize_db(db, stmt, sql);
 
+	GList* temp_mapped_privilege_list = NULL;
+	ret = privilege_db_manager_get_mapped_privilege_list(NULL, PRIVILEGE_DB_MANAGER_PACKAGE_TYPE_CORE, temp_privilege_list, &temp_mapped_privilege_list);
+	TryReturn(ret == PRIVILEGE_DB_MANAGER_ERR_NONE && temp_mapped_privilege_list != NULL, g_list_free(temp_privilege_list), ret, "[DB_FAIL] privilege_db_manager_get_mapped_privilege_list failed");
+
+	*privilege_list = temp_mapped_privilege_list;
+	g_list_free(temp_privilege_list);
+
 	return PRIVILEGE_DB_MANAGER_ERR_NONE;
 
 }
diff --git a/test/tc-privilege-info.c b/test/tc-privilege-info.c
index ea7bb56..fd14386 100755
--- a/test/tc-privilege-info.c
+++ b/test/tc-privilege-info.c
@@ -216,6 +216,17 @@ static void __test_privilege_info_is_privacy()
 	}
 	__print_line();
 
+	printf("privilege : http://tizen.org/privilege/internal/buxton/account.read\n");
+	ret = privilege_info_is_privacy("http://tizen.org/privilege/internal/buxton/account.read");
+	if (ret == 1) {
+		success_cnt++;
+		printf("SUCCESS: http://tizen.org/privilege/internal/buxton/account.read is PRIVACY\n");
+	} else {
+		fail_cnt++;
+		printf("Test FAILED. ret = %d\n", ret);
+	}
+	__print_line();
+
 	printf("privilege : http://tizen.org/privilege/internettttt\n");
 	ret = privilege_info_is_privacy("http://tizen.org/privilege/internettttt");
 	if (ret == 0) {
@@ -260,16 +271,16 @@ static void __test_privilege_info_get_privacy_display()
 	privacy_display = NULL;
 
 	printf("NULL param\n");
-    ret = privilege_info_get_privacy_display(NULL, &privacy_display);
-    if(ret == PRVMGR_ERR_INVALID_PARAMETER && privacy_display == NULL) {
-        success_cnt++;
-        printf("SUCCESS\n");
-    } else {
-        fail_cnt++;
-        printf("FAIL: ret = %d, privacy_display = %s\n", ret, privacy_display);
-    }
-
-    free(privacy_display);
+	ret = privilege_info_get_privacy_display(NULL, &privacy_display);
+	if(ret == PRVMGR_ERR_INVALID_PARAMETER && privacy_display == NULL) {
+		success_cnt++;
+		printf("SUCCESS\n");
+	} else {
+		fail_cnt++;
+		printf("FAIL: ret = %d, privacy_display = %s\n", ret, privacy_display);
+	}
+
+	free(privacy_display);
 }
 
 static void __test_privilege_info_get_privacy_list()
@@ -295,8 +306,26 @@ static void __test_privilege_info_get_privilege_list_by_privacy()
 {
 	GList* privilege_list = NULL;
 	GList* l;
-	printf("privacy : ACCOUNT\n");
-	int ret = privilege_info_get_privilege_list_by_privacy("ACCOUNT", &privilege_list);
+	printf("privacy : http://tizen.org/privacy/account\n");
+	int ret = privilege_info_get_privilege_list_by_privacy("http://tizen.org/privacy/account", &privilege_list);
+	if (ret == 0) {
+		success_cnt++;
+		for (l = privilege_list; l != NULL; l = l->next) {
+			char *privilege_name = (char*)l->data;
+			printf("%s\n", privilege_name);
+		}
+	} else {
+		fail_cnt++;
+		printf("Test FAILED\n");
+	}
+
+	if (privilege_list != NULL)
+		gfree(privilege_list);
+
+	__print_line();
+
+	printf("privacy : http://tizen.org/privacy/location\n");
+	ret = privilege_info_get_privilege_list_by_privacy("http://tizen.org/privacy/location", &privilege_list);
 	if (ret == 0) {
 		success_cnt++;
 		for (l = privilege_list; l != NULL; l = l->next) {
@@ -313,8 +342,8 @@ static void __test_privilege_info_get_privilege_list_by_privacy()
 
 	__print_line();
 
-	printf("privacy : USERHISTORY\n");
-	ret = privilege_info_get_privilege_list_by_privacy("USERHISTORY", &privilege_list);
+	printf("privacy : http://tizen.org/privacy/userhistory\n");
+	ret = privilege_info_get_privilege_list_by_privacy("http://tizen.org/privacy/userhistory", &privilege_list);
 	if (ret == 0) {
 		success_cnt++;
 		for (l = privilege_list; l != NULL; l = l->next) {