From: Yunjin Lee <yunjin-.lee@samsung.com>
Date: Tue, 21 Jul 2020 02:05:30 +0000 (+0000)
Subject: Revert "Get package cert level if there's no cert level given"
X-Git-Tag: submit/tizen/20200721.035331~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F74%2F238974%2F2;p=platform%2Fcore%2Fsecurity%2Fprivilege-checker.git

Revert "Get package cert level if there's no cert level given"

This reverts commit cd1a5b8fb247a8a40b5a30d97c5089c94c49d3a2.

- Due to the cyclic dependency, privilege-checker can't use cert-svc APIs.
  cert-svc <-> key-manager <-> security-manager <-> privilege-checker

Change-Id: I6a2a289b5c36f07b75e8188c7cc2e7a287b6f09c
---

diff --git a/capi/CMakeLists.txt b/capi/CMakeLists.txt
index 33016a5..bf16a6c 100644
--- a/capi/CMakeLists.txt
+++ b/capi/CMakeLists.txt
@@ -13,7 +13,7 @@ INCLUDE_DIRECTORIES(${INC_DIR})
 SET(pc_requires "glib-2.0")
 
 INCLUDE(FindPkgConfig)
-pkg_check_modules(${fw_name} REQUIRED dlog pkgmgr-info glib-2.0 sqlite3 libtzplatform-config iniparser cert-svc-vcore)
+pkg_check_modules(${fw_name} REQUIRED dlog pkgmgr-info glib-2.0 sqlite3 libtzplatform-config iniparser)
 FOREACH(flag ${${fw_name}_CFLAGS})
 	SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
 ENDFOREACH(flag)
diff --git a/capi/src/privilege_info.c b/capi/src/privilege_info.c
index 8f284fa..3cef4a3 100755
--- a/capi/src/privilege_info.c
+++ b/capi/src/privilege_info.c
@@ -24,9 +24,6 @@
 #include "privilege_info_types.h"
 #include "privilege_private.h"
 
-#include <cert-svc/ccert.h>
-#include <cert-svc/cinstance.h>
-
 #ifdef LOG_TAG
 #undef LOG_TAG
 #define LOG_TAG "PRIVILEGE_INFO"
@@ -473,98 +470,10 @@ static int __get_pkg_type(uid_t uid, const char *pkgid, privilege_manager_packag
 	return 0;
 }
 
-static int __is_preloaded_pkg(const char* pkgid)
-{
-	pkgmgrinfo_pkginfo_h handle;
-
-	int ret = pkgmgrinfo_pkginfo_get_pkginfo(pkgid, &handle);
-	TryReturn(ret == PMINFO_R_OK, , -1, "pkgmgrinfo_pkginfo_get_usr_pkginfo() failed for pkgid <%s>", pkgid);
-
-	bool is_preload = false;
-	ret = pkgmgrinfo_pkginfo_is_preload(handle, &is_preload);
-	TryReturn(ret == PMINFO_R_OK, pkgmgrinfo_pkginfo_destroy_pkginfo(handle), -1, "pkgmgrinfo_pkginfo_is_preload() failed. Failed to check whether %s is preloaded.", pkgid);
-
-	pkgmgrinfo_pkginfo_destroy_pkginfo(handle);
-
-	if (is_preload)
-		return 1;
-	else
-		return 0;
-}
-
-static privilege_manager_visibility_e __get_pkg_cert_level(uid_t uid, const char* pkgid)
-{
-	const char* cert_value;
-	pkgmgrinfo_certinfo_h certinfo;
-
-	int ret = pkgmgrinfo_pkginfo_create_certinfo(&certinfo);
-	TryReturn(ret == PMINFO_R_OK, pkgmgrinfo_pkginfo_destroy_certinfo(certinfo), PRVMGR_PACKAGE_VISIBILITY_NONE, "pkgmgrinfo_pkginfo_create_certinfo() failed. ret = %d", ret);
-
-	ret = pkgmgrinfo_pkginfo_load_certinfo(pkgid, certinfo, uid);
-	TryReturn(ret == PMINFO_R_OK, pkgmgrinfo_pkginfo_destroy_certinfo(certinfo), PRVMGR_PACKAGE_VISIBILITY_NONE, "pkgmgrinfo_pkginfo_load_certinfo() failed. ret = %d", ret);
-
-	ret = pkgmgrinfo_pkginfo_get_cert_value(certinfo, PMINFO_DISTRIBUTOR_ROOT_CERT, &cert_value);
-	TryReturn(ret == PMINFO_R_OK, pkgmgrinfo_pkginfo_destroy_certinfo(certinfo), PRVMGR_PACKAGE_VISIBILITY_NONE, "pkgmgrinfo_pkginfo_get_cert_value() failed. ret = %d", ret);
-
-	if (cert_value == NULL) {
-		pkgmgrinfo_pkginfo_destroy_pkginfo(certinfo);
-		// Check whether the given app is preloaded app
-		// -> Assume preloaded app to have platform level certificate (by appfw's guide)
-		ret = __is_preloaded_pkg(pkgid);
-		if (ret == 1) {
-			ret = PRVMGR_PACKAGE_VISIBILITY_PLATFORM;
-		} else {
-			LOGE("%s is not preloaded app and have no cert value", pkgid);
-			ret = PRVMGR_PACKAGE_VISIBILITY_NONE;
-		}
-		return ret;
-	}
-
-	char* temp_cert = g_strdup(cert_value);
-	TryReturn(temp_cert != NULL, pkgmgrinfo_pkginfo_destroy_certinfo(certinfo), PRVMGR_PACKAGE_VISIBILITY_NONE, "g_strdup() of cert_value failed.");
-
-	pkgmgrinfo_pkginfo_destroy_certinfo(certinfo);
-
-	CertSvcInstance instance;
-	CertSvcCertificate certificate;
-	CertSvcVisibility visibility = CERTSVC_VISIBILITY_PUBLIC;
-
-	ret = certsvc_instance_new(&instance);
-	TryReturn(ret == CERTSVC_SUCCESS, g_free(temp_cert), PRVMGR_PACKAGE_VISIBILITY_NONE, "certsvc_instance_new() failed. ret = %d", ret);
-
-	ret = certsvc_certificate_new_from_memory(instance, (const unsigned char *)temp_cert, strlen(temp_cert), CERTSVC_FORM_DER_BASE64, &certificate);
-	TryReturn(ret == CERTSVC_SUCCESS, g_free(temp_cert); certsvc_instance_free(instance), PRVMGR_PACKAGE_VISIBILITY_NONE, "certsvc_certificate_new_from_memory() failed. ret = %d", ret);
-
-	g_free(temp_cert);
-
-	ret = certsvc_certificate_get_visibility(certificate, &visibility);
-	if (ret != CERTSVC_SUCCESS)
-		LOGE("certsvc_certificate_get_visibility() is failed.");
-
-	certsvc_certificate_free(certificate);
-	certsvc_instance_free(instance);
-
-	if (visibility & CERTSVC_VISIBILITY_PUBLIC)
-		return PRVMGR_PACKAGE_VISIBILITY_PUBLIC;
-	if (visibility & CERTSVC_VISIBILITY_PARTNER)
-		return PRVMGR_PACKAGE_VISIBILITY_PARTNER;
-	if (visibility & CERTSVC_VISIBILITY_PLATFORM)
-		return PRVMGR_PACKAGE_VISIBILITY_PLATFORM;
-	LOGE("cert level is not public/partner/platform");
-	if (visibility & CERTSVC_VISIBILITY_DEVELOPER)
-		LOGD("cert level developer");
-	return PRVMGR_PACKAGE_VISIBILITY_NONE;
-}
-
 int privilege_info_get_privilege_type(uid_t uid, const char* pkgid, privilege_manager_package_type_e package_type, privilege_manager_visibility_e cert_level, const char* privilege, privilege_manager_privilege_type_e *type)
 {
 	TryReturn(pkgid != NULL && privilege != NULL, , PRVMGR_ERR_INVALID_PARAMETER, "[PRVMGR_ERR_INVALID_PARAMETER] pkgid or privilege is NULL");
 
-	if (cert_level == PRVMGR_PACKAGE_VISIBILITY_NONE)
-		cert_level = __get_pkg_cert_level(uid, pkgid);
-
-	TryReturn(cert_level != PRVMGR_PACKAGE_VISIBILITY_NONE, , PRVMGR_ERR_INTERNAL_ERROR, "[PRVMGR_ERR_INTERNAL_ERROR] Can't get %s's cert level", pkgid);
-
 	LOGD("get privilege type for uid: %d, package id: %s, type: %d, cert level: %d, privilege: %s", (int)uid, pkgid, package_type, cert_level, privilege);
 
 	int ret = PRVMGR_ERR_NONE;
diff --git a/packaging/privilege-checker.spec b/packaging/privilege-checker.spec
index a747763..30a26c3 100644
--- a/packaging/privilege-checker.spec
+++ b/packaging/privilege-checker.spec
@@ -36,7 +36,6 @@ BuildRequires:  pkgconfig(pkgmgr-info)
 BuildRequires:  pkgconfig(glib-2.0)
 BuildRequires: pkgconfig(sqlite3)
 BuildRequires: pkgconfig(libtzplatform-config)
-BuildRequires: pkgconfig(cert-svc-vcore)
 Requires: security-config
 Requires: tizen-platform-config
 Requires: pkgmgr