From 20c5ee3cf09c324fae5784b0db847be18316c2b9 Mon Sep 17 00:00:00 2001
From: "hb.min" <hb.min@samsung.com>
Date: Thu, 14 Mar 2013 01:50:17 +0900
Subject: [PATCH] Add new methods for checking privilege

Change-Id: I090769af6536cc1f6347a63e92111c78aaef3693
Signed-off-by: hb.min <hb.min@samsung.com>
---
 src/Context/InstallationContext.cpp |  8 +++++
 src/Context/InstallationContext.h   |  1 +
 src/Manager/DatabaseManager.cpp     | 23 ++++++++++++--
 src/Step/SignatureStep.cpp          |  6 +++-
 src/XmlHandler/ManifestHandler.cpp  |  6 +++-
 src/XmlHandler/PrivilegeHandler.cpp | 63 ++++++++++++++++++++++++++++++++++---
 src/XmlHandler/PrivilegeHandler.h   |  7 +++--
 7 files changed, 103 insertions(+), 11 deletions(-)

diff --git a/src/Context/InstallationContext.cpp b/src/Context/InstallationContext.cpp
index 2caeffa..4cfc34d 100755
--- a/src/Context/InstallationContext.cpp
+++ b/src/Context/InstallationContext.cpp
@@ -55,6 +55,7 @@ InstallationContext::InstallationContext(void)
 ,__rootCertType(ROOT_CERTIFICATE_NONE)
 ,__pApp2ExtHandle(null)
 ,__pPrivilegeList(null)
+,__pStringPrivilegeList(null)
 ,__pLiveboxDataList(null)
 ,__pContentDataList(null)
 ,__pAuthorCertPath(null)
@@ -84,6 +85,13 @@ InstallationContext::~InstallationContext(void)
 		__pPrivilegeList = null;
 	}
 
+	if (__pStringPrivilegeList)
+	{
+		__pStringPrivilegeList->RemoveAll(true);
+		delete __pStringPrivilegeList;
+		__pStringPrivilegeList = null;
+	}
+
 	if (__pLiveboxDataList)
 	{
 		__pLiveboxDataList->RemoveAll();
diff --git a/src/Context/InstallationContext.h b/src/Context/InstallationContext.h
index da99136..b55ef80 100755
--- a/src/Context/InstallationContext.h
+++ b/src/Context/InstallationContext.h
@@ -117,6 +117,7 @@ public:
 	void* __pApp2ExtHandle;
 
 	Tizen::Base::Collection::ArrayList* __pPrivilegeList;
+	Tizen::Base::Collection::ArrayList* __pStringPrivilegeList;
 	Tizen::Base::Collection::ArrayList* __pLiveboxDataList;
 	Tizen::Base::Collection::ArrayList* __pContentDataList;
 	Tizen::Security::Cert::X509CertificatePath* __pAuthorCertPath;
diff --git a/src/Manager/DatabaseManager.cpp b/src/Manager/DatabaseManager.cpp
index d41eeb4..a1253ff 100755
--- a/src/Manager/DatabaseManager.cpp
+++ b/src/Manager/DatabaseManager.cpp
@@ -119,8 +119,8 @@ DatabaseManager::RegisterPrivilegeInfo(InstallationContext* pContext, Database&
 	String query;
 	PackageId packageId = pContext->__packageId;
 
-	query.Format(1024, L"INSERT INTO PkgPrivileges (ID, PRIVILEGES, HMAC_PPRIVILEGES, CERTIFICATE_TYPE) "
-			"VALUES ((SELECT PkgInfo.UNIQUE_ID FROM PkgInfo WHERE PkgInfo.PKG_ID = '%ls'), ?, ?, ?)", packageId.GetPointer());
+	query.Format(1024, L"INSERT INTO PkgPrivileges (ID, PRIVILEGES, HMAC_PPRIVILEGES, CERTIFICATE_TYPE, STR_PRIVILEGES) "
+			"VALUES ((SELECT PkgInfo.UNIQUE_ID FROM PkgInfo WHERE PkgInfo.PKG_ID = '%ls'), ?, ?, ?, ?)", packageId.GetPointer());
 
 	std::unique_ptr< DbStatement > pStmt(_PackageManagerImpl::CreateStatementN(db, query));
 	TryReturn(pStmt, false, "CreateStatementN() failed. [%s]", GetErrorMessage(GetLastResult()));
@@ -128,6 +128,7 @@ DatabaseManager::RegisterPrivilegeInfo(InstallationContext* pContext, Database&
 	String privileges = pContext->__privileges;
 	String hmacPrivileges = pContext->__hmacPrivileges;
 	int certType = pContext->__certType;
+	ArrayList* pStringPrivilegeList = pContext->__pStringPrivilegeList;
 
 	if (!privileges.IsEmpty())
 	{
@@ -147,6 +148,21 @@ DatabaseManager::RegisterPrivilegeInfo(InstallationContext* pContext, Database&
 		TryReturn(r == E_SUCCESS, false, "BindInt() failed. [%s]", GetErrorMessage(r));
 	}
 
+	if (pStringPrivilegeList != null)
+	{
+		IEnumerator* pEnum = pStringPrivilegeList->GetEnumeratorN();
+		String MergedString;
+		while(pEnum->MoveNext() == E_SUCCESS)
+		{
+			MergedString.Append(*(static_cast<String*>(pEnum->GetCurrent())));
+			MergedString.Append(L"#");
+		}
+		delete pEnum;
+
+		r = pStmt->BindString(3, MergedString);
+		TryReturn(r == E_SUCCESS, false, "BindInt() failed. [%s]", GetErrorMessage(r));
+	}
+
 	std::unique_ptr< DbEnumerator > pEnum(_PackageManagerImpl::ExecuteStatementN(db, pStmt.get()));
 	TryReturn(!IsFailed(GetLastResult()), false, "ExecuteStatementN() failed. [%s]", GetErrorMessage(GetLastResult()));
 
@@ -549,7 +565,8 @@ DatabaseManager::CreatePackageTables(void) const
 							 "( ID                          INTEGER,"
 							 "PRIVILEGES					TEXT,"
 							 "HMAC_PPRIVILEGES		        TEXT,"
-							 "CERTIFICATE_TYPE		INTEGER )");
+							 "CERTIFICATE_TYPE		INTEGER,"
+							 "STR_PRIVILEGES		TEXT )");
 	r = db.ExecuteSql(createQuery, true);
 	TryReturn(r == E_SUCCESS, false, "db.ExecuteSql is failed. [%s]", GetErrorMessage(r));
 	createQuery.Clear();
diff --git a/src/Step/SignatureStep.cpp b/src/Step/SignatureStep.cpp
index 81cb98e..3d83b16 100755
--- a/src/Step/SignatureStep.cpp
+++ b/src/Step/SignatureStep.cpp
@@ -151,6 +151,8 @@ SignatureStep::OnStateRootCert(void)
 	result r = E_SUCCESS;
 	String privileges;
 	String hmacPrivileges;
+	ArrayList stringPrivilegeList;
+	stringPrivilegeList.Construct();
 
 	const ArrayList* pPrivilegeList = __pContext->GetPrivilegeList();
 	RootCertificateType certType = __pContext->__rootCertType;
@@ -159,12 +161,14 @@ SignatureStep::OnStateRootCert(void)
 
 	AppLog("PackageId = [%ls], CertType = [%d], ApiVisibility = [%d]", packageId.GetPointer(), certType, apiVisibility);
 
-	r = PrivilegeHandler::GenerateCipherPrivilege(packageId, *pPrivilegeList, apiVisibility, privileges, hmacPrivileges);
+	r = PrivilegeHandler::GenerateCipherPrivilege(packageId, *pPrivilegeList, apiVisibility, privileges, hmacPrivileges, stringPrivilegeList);
 	TryCatch(!IsFailed(r), error = INSTALLER_ERROR_PRIVILEGE_INVALID, "privMgr.GeneratePrivilegeString() failed");
 
 	__pContext->__privileges = privileges;
 	__pContext->__hmacPrivileges = hmacPrivileges;
 	__pContext->__certType = apiVisibility;
+	__pContext->__pStringPrivilegeList = new ArrayList;
+	__pContext->__pStringPrivilegeList->Construct(stringPrivilegeList);
 
 CATCH:
 	GoNextState();
diff --git a/src/XmlHandler/ManifestHandler.cpp b/src/XmlHandler/ManifestHandler.cpp
index 3e03fbf..c7ae1d7 100755
--- a/src/XmlHandler/ManifestHandler.cpp
+++ b/src/XmlHandler/ManifestHandler.cpp
@@ -635,12 +635,16 @@ ManifestHandler::OnPrivilegesEndElement(void)
 		result r = E_SUCCESS;
 		String privileges;
 		String hmacPrivileges;
+		ArrayList stringPrivilegeList;
+		stringPrivilegeList.Construct(125);
 		PackageId packageId = __pContext->__packageId;
-		r = PrivilegeHandler::GenerateCipherPrivilege(packageId, *__pPrivilegeList, privileges, hmacPrivileges);
+		r = PrivilegeHandler::GenerateCipherPrivilege(packageId, *__pPrivilegeList, privileges, hmacPrivileges, stringPrivilegeList);
 		TryReturn(!IsFailed(r), false, "privMgr.GeneratePrivilegeString() failed");
 
 		__pContext->__privileges = privileges;
 		__pContext->__hmacPrivileges = hmacPrivileges;
+		__pContext->__pStringPrivilegeList = new ArrayList;
+		__pContext->__pStringPrivilegeList->Construct(stringPrivilegeList);
 	}
 
 	__pContext->SetPrivilegeList(__pPrivilegeList);
diff --git a/src/XmlHandler/PrivilegeHandler.cpp b/src/XmlHandler/PrivilegeHandler.cpp
index bddb1e3..c6ff2ad 100755
--- a/src/XmlHandler/PrivilegeHandler.cpp
+++ b/src/XmlHandler/PrivilegeHandler.cpp
@@ -29,6 +29,7 @@
 #include <FBaseInternalTypes.h>
 #include <FSec_AccessControlTypes.h>
 #include <FSec_DeviceKeyGenerator.h>
+#include <FIoFile.h>
 
 #include "InstallerDefs.h"
 #include "PrivilegeHandler.h"
@@ -41,16 +42,60 @@ using namespace Tizen::Base::Utility;
 using namespace Tizen::Security;
 using namespace Tizen::Security::Crypto;
 using namespace Tizen::Text;
+using namespace Tizen::Io;
+
+
+result
+PrivilegeHandler::PickExternalPrivilege(const IList& fullPrivilegeList, IList& normalPrivilegeList, IList& externalPrivilegeList)
+{
+	result r = E_SUCCESS;
+	File file;
+	String externalPrivilege;
+	ArrayList privilegeList;
+
+	r = file.Construct(EXTERNAL_PRIVILEGE_FILE_NAME, "r");
+	TryReturnResultTag(OSP_INSTALLER, r == E_SUCCESS, r, r, "[%s] Propagating.", GetErrorMessage(r));
+
+	privilegeList.Construct();
+
+	while (file.Read(externalPrivilege) == E_SUCCESS)
+	{
+		externalPrivilege.Remove(externalPrivilege.GetLength()-1, 1);
+		privilegeList.Add(new String(externalPrivilege));
+	}
+
+	IEnumerator* pEnum = fullPrivilegeList.GetEnumeratorN();
+
+	while(pEnum->MoveNext() == E_SUCCESS)
+	{
+		String* tempString = static_cast<String*>(pEnum->GetCurrent());
+
+		if (privilegeList.Contains(*tempString))
+		{
+			externalPrivilegeList.Add(new String(*tempString));
+		}
+		else
+		{
+			normalPrivilegeList.Add(new String(*tempString));
+		}
+	}
+
+	delete pEnum;
+	privilegeList.RemoveAll(true);
+	return r;
+}
 
 result
-PrivilegeHandler::GenerateCipherPrivilege(const AppId& appId, const IList& privilegeList, String& encryptedPrivileges, String& checksum)
+PrivilegeHandler::GenerateCipherPrivilege(const AppId& appId, const IList& privilegeList, String& encryptedPrivileges, String& checksum, IList& stringPrivilegeList)
 {
 	result r = E_SUCCESS;
 	byte* pBitwisePrivilege = null;
 	int count = 0;
+	ArrayList normalPrivilegeList;
 
 	encryptedPrivileges.Clear();
 	checksum.Clear();
+	normalPrivilegeList.Construct();
 
 	count = privilegeList.GetCount();
 	if (count == 0)
@@ -58,7 +103,10 @@ PrivilegeHandler::GenerateCipherPrivilege(const AppId& appId, const IList& privi
 		goto CATCH;
 	}
 
-	pBitwisePrivilege = PackPrivilegeN(privilegeList);
+	r = PickExternalPrivilege(privilegeList, normalPrivilegeList, stringPrivilegeList);
+	TryReturnResultTag(OSP_INSTALLER, r == E_SUCCESS, r, r, "[%s] Propagating.", GetErrorMessage(r));
+
+	pBitwisePrivilege = PackPrivilegeN(normalPrivilegeList);
 	TryReturnResultTag(OSP_INSTALLER, pBitwisePrivilege != null, GetLastResult(), GetLastResult(), "[%s] Propagating.", GetErrorMessage(GetLastResult()));
 
 	r = GetEncryptedBitwise(pBitwisePrivilege, encryptedPrivileges);
@@ -76,18 +124,21 @@ CATCH:
 		free(pBitwisePrivilege);
 	}
 
+	normalPrivilegeList.RemoveAll(true);
 	return r;
 }
 
 result
-PrivilegeHandler::GenerateCipherPrivilege(const AppId& appId, const IList& privilegeList, int visibilityLevel, String& encryptedPrivileges, String& checksum)
+PrivilegeHandler::GenerateCipherPrivilege(const AppId& appId, const IList& privilegeList, int visibilityLevel, String& encryptedPrivileges, String& checksum, IList& stringPrivilegeList)
 {
 	result r = E_SUCCESS;
 	byte* pBitwisePrivilege = null;
 	int count = 0;
+	ArrayList normalPrivilegeList;
 
 	encryptedPrivileges.Clear();
 	checksum.Clear();
+	normalPrivilegeList.Construct();
 
 	count = privilegeList.GetCount();
 	if (count == 0)
@@ -95,7 +146,10 @@ PrivilegeHandler::GenerateCipherPrivilege(const AppId& appId, const IList& privi
 		goto CATCH;
 	}
 
-	r = PackPrivilegeN(privilegeList, visibilityLevel, &pBitwisePrivilege);
+	r = PickExternalPrivilege(privilegeList, normalPrivilegeList, stringPrivilegeList);
+	TryReturnResultTag(OSP_INSTALLER, r == E_SUCCESS, r, r, "[%s] Propagating.", GetErrorMessage(r));
+
+	r = PackPrivilegeN(normalPrivilegeList, visibilityLevel, &pBitwisePrivilege);
 	TryReturnResultTag(OSP_INSTALLER, r == E_SUCCESS, r, r, "[%s] Propagating.", GetErrorMessage(r));
 
 	r = GetEncryptedBitwise(pBitwisePrivilege, encryptedPrivileges);
@@ -113,6 +167,7 @@ CATCH:
 		free(pBitwisePrivilege);
 	}
 
+	normalPrivilegeList.RemoveAll(true);
 	return r;
 }
 
diff --git a/src/XmlHandler/PrivilegeHandler.h b/src/XmlHandler/PrivilegeHandler.h
index 90373e6..fd68c18 100644
--- a/src/XmlHandler/PrivilegeHandler.h
+++ b/src/XmlHandler/PrivilegeHandler.h
@@ -36,6 +36,8 @@ namespace Tizen { namespace Base
 class String;
 }}
 
+static const wchar_t EXTERNAL_PRIVILEGE_FILE_NAME[] = L"/usr/share/osp/.external-privilege.ini";
+
 /**
  * @class		PrivilegeHandler
  * @brief		This class represents the class of PrivilegeHandler.
@@ -48,13 +50,14 @@ class PrivilegeHandler
 {
 
 public:
-		static result GenerateCipherPrivilege(const Tizen::App::AppId& appId, const Tizen::Base::Collection::IList& privilegeList, Tizen::Base::String& encryptedPrivileges, Tizen::Base::String& checksum);
-		static result GenerateCipherPrivilege(const Tizen::App::AppId& appId, const Tizen::Base::Collection::IList& privilegeList, int visibilityLevel, Tizen::Base::String& encryptedPrivileges, Tizen::Base::String& checksum);
+		static result GenerateCipherPrivilege(const Tizen::App::AppId& appId, const Tizen::Base::Collection::IList& privilegeList, Tizen::Base::String& encryptedPrivileges, Tizen::Base::String& checksum, Tizen::Base::Collection::IList& stringPrivilege);
+		static result GenerateCipherPrivilege(const Tizen::App::AppId& appId, const Tizen::Base::Collection::IList& privilegeList, int visibilityLevel, Tizen::Base::String& encryptedPrivileges, Tizen::Base::String& checksum, Tizen::Base::Collection::IList& stringPrivilege);
 private:
 		static byte* PackPrivilegeN(const Tizen::Base::Collection::IList& privilegeList);
 		static result PackPrivilegeN(const Tizen::Base::Collection::IList& privilegeList, int visibilityLevel, byte** ppBitwisePrivilege);
 		static result GetEncryptedBitwise(byte* __bitwisePrivilege, Tizen::Base::String& encryptedPrivileges);
 		static result GetChecksum(Tizen::App::AppId appId, byte* __bitwisePrivilege, Tizen::Base::String& checksum);
+		static result PickExternalPrivilege(const Tizen::Base::Collection::IList& fullPrivilegeList, Tizen::Base::Collection::IList& normalPrivilegeList, Tizen::Base::Collection::IList& externalPrivilegeList);
 
 }; // PrivilegeHandler
 
-- 
2.7.4