From 66e811199bab212673f71d8b5a6e43e2308ccc0e Mon Sep 17 00:00:00 2001
From: Hyunwoo Kim <hwlove.kim@samsung.com>
Date: Wed, 10 Apr 2013 01:04:30 +0900
Subject: [PATCH] Check privacy and modify fingerprint list

Change-Id: I97e5c0e27f85f5092bc738048213d565358a5c77
Signed-off-by: Hyunwoo Kim <hwlove.kim@samsung.com>
---
 ace/CMakeLists.txt            |  2 +-
 ace_client/src/CMakeLists.txt |  4 ++++
 ace_client/src/ace_client.cpp | 44 +++++++++++++++++++++++++++++++++++++++++++
 etc/fingerprint_list.xml      | 36 ++---------------------------------
 packaging/wrt-security.spec   |  4 ++++
 5 files changed, 55 insertions(+), 35 deletions(-)

diff --git a/ace/CMakeLists.txt b/ace/CMakeLists.txt
index 99c5281..02006e4 100644
--- a/ace/CMakeLists.txt
+++ b/ace/CMakeLists.txt
@@ -37,7 +37,7 @@ ADD_CUSTOM_COMMAND( OUTPUT .ace.db
   COMMAND rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db
   COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h -I${PROJECT_SOURCE_DIR}/ace/orm -E ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h | grep --invert-match "^#" > ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql
   COMMAND sqlite3 ${CMAKE_CURRENT_BINARY_DIR}/.ace.db ".read ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql" || rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db
-  DEPENDS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db
+  DEPENDS ACE_DB_CHECKSUM_HEADER ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db
   )
 
 ADD_CUSTOM_COMMAND( OUTPUT .ace.db-journal
diff --git a/ace_client/src/CMakeLists.txt b/ace_client/src/CMakeLists.txt
index 4a46d91..e4e32c3 100644
--- a/ace_client/src/CMakeLists.txt
+++ b/ace_client/src/CMakeLists.txt
@@ -4,6 +4,10 @@ PKG_CHECK_MODULES(ACE_CLIENT_DEPS
     dpl-efl
     dpl-event-efl
     dpl-dbus-efl
+    privacy-manager-client
+    capi-appfw-app-manager
+    capi-appfw-package-manager
+    capi-security-privacy-manager
     REQUIRED
     )
 
diff --git a/ace_client/src/ace_client.cpp b/ace_client/src/ace_client.cpp
index 3c4d086..f9ecc16 100644
--- a/ace_client/src/ace_client.cpp
+++ b/ace_client/src/ace_client.cpp
@@ -40,6 +40,11 @@
 #include <attribute_facade.h>
 #include <ace/Request.h>
 
+#include <app_manager.h>
+#include <package_manager.h>
+#include <privacy_checker_client.h>
+#include <privacy_manager.h>
+
 // ACE tests need to use mock implementations
 #ifdef ACE_CLIENT_TESTS
 
@@ -95,6 +100,7 @@ class AceThinClientImpl {
   protected:
     bool containsNetworkDevCap(const AceRequest &ace_request);
     bool checkFeatureList(const AceRequest& ace_request);
+    bool checkPrivacy(const AceRequest& ace_request);
   private:
     WebRuntimeImpl* m_wrt;
     ResourceInformationImpl* m_res;
@@ -194,6 +200,41 @@ bool AceThinClientImpl::checkFeatureList(const AceRequest& ace_request)
     return false;
 }
 
+bool AceThinClientImpl::checkPrivacy(const AceRequest& ace_request)
+{
+    pid_t pid;
+    int res;
+    char* app_id;
+    char* pkg_id;
+
+    pid = getpid();
+
+    LogInfo("pid : " << pid);
+
+    res = app_manager_get_app_id(pid, &app_id);
+    if (res != APP_MANAGER_ERROR_NONE) {
+        LogError("Unknown app id : " << res);
+        return ACE_INTERNAL_ERROR;
+    }
+
+    LogInfo("app_id : " << app_id);
+    res = package_manager_get_package_id_by_app_id(app_id, &pkg_id);
+    if (res != PACKAGE_MANAGER_ERROR_NONE) {
+        LogError("Unknown package id : " << res);
+        return ACE_INTERNAL_ERROR;
+    }
+
+    LogInfo("pkg_id : " << pkg_id);
+ 
+    for (size_t i = 0; i< ace_request.apiFeatures.count; ++i) {
+        res = privacy_checker_check_package_by_privilege(pkg_id, ace_request.apiFeatures.apiFeature[i]);
+        LogInfo(" privilege : " << ace_request.apiFeatures.apiFeature[i] << " : " << (res == PRIV_MGR_ERROR_SUCCESS) ? "true" : "false");
+        if (res != PRIV_MGR_ERROR_SUCCESS)
+            return false;
+    }
+
+    return true;
+}
 bool AceThinClientImpl::checkFunctionCall(const AceRequest& ace_request)
 {
     LogInfo("Enter");
@@ -424,6 +465,9 @@ bool AceThinClientImpl::checkFunctionCall(const AceRequest& ace_request)
             result = askUser(popupType, ace_request, request);
         }
     }
+    if (result)
+        result = checkPrivacy(ace_request);
+
     LogInfo("Result: " << (result ? "GRANTED" : "DENIED"));
     return result;
 }
diff --git a/etc/fingerprint_list.xml b/etc/fingerprint_list.xml
index 3881f72..e614758 100644
--- a/etc/fingerprint_list.xml
+++ b/etc/fingerprint_list.xml
@@ -1,39 +1,7 @@
 <CertificateSet>
-    <CertificateDomain name="wacpublisher">                                                           <!-- this domain is used to verify author-signatures -->
-        <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
-        <FingerprintSHA1>A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2</FingerprintSHA1><!-- wac.publisher.pem -->
-        <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
+    <CertificateDomain name="tizen-developer">                                                            <!-- used to verify tizen widgets -->
         <FingerprintSHA1>2B:A0:20:7D:40:90:1D:00:04:89:60:00:3B:DE:34:89:21:BE:D4:4F</FingerprintSHA1><!-- tizen-developer-root-ca.pem -->
-        <FingerprintSHA1>D4:C0:91:D8:DE:C4:16:D2:44:0E:AA:B6:E4:CD:F8:AD:6A:F4:36:4C</FingerprintSHA1><!-- tizen-developers-root.pem -->
-    </CertificateDomain>
-    <CertificateDomain name="wacroot">
-        <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
-        <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
-        <FingerprintSHA1>A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1</FingerprintSHA1><!-- wac.root.production.pem -->
-        <FingerprintSHA1>8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A</FingerprintSHA1><!-- wac.root.preproduction.pem -->
-        <FingerprintSHA1>84:A8:85:67:1C:D9:A9:C9:8C:7C:C3:BC:7F:EB:A6:7D:44:94:D9:8F</FingerprintSHA1><!-- tizen-distributor-root-ca-public.pem -->
-    </CertificateDomain>
-    <CertificateDomain name="developer">
-        <FingerprintSHA1>4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38</FingerprintSHA1><!-- operator.root.cert.pem internal tests-->
-    </CertificateDomain>
-    <CertificateDomain name="wacmember">
-    </CertificateDomain>
-    <CertificateDomain name="tizenmember">                                                            <!-- used to verify tizen widgets -->
-        <FingerprintSHA1>67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85</FingerprintSHA1><!-- tizen-distributor-root-ca-partner.pem -->
-        <FingerprintSHA1>04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE</FingerprintSHA1><!-- tizen-distributor-root-ca-public.pem -->
-        <FingerprintSHA1>2A:74:E8:CF:9E:0F:C3:D9:80:48:8B:E7:86:F7:83:49:91:11:E1:E0</FingerprintSHA1><!-- tizen-distributor-root-ca-patner-manufacturer.pem -->
-        <FingerprintSHA1>B0:5F:40:43:71:1F:11:BC:9A:6A:62:FA:DA:92:54:79:92:16:11:DF</FingerprintSHA1><!-- tizen-distributor-root-ca-patner-operator.pem -->
-        <FingerprintSHA1>AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E</FingerprintSHA1><!-- tizen.root.preproduction.cert.pem for internal test of SDK -->
-        <FingerprintSHA1>FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD</FingerprintSHA1><!-- orange.production.pem - hash from it is encoded on sim cards -->
-        <FingerprintSHA1>A1:3F:15:2E:93:EB:80:36:F5:E0:BD:DA:8E:A5:4B:38:8A:6A:EB:E6</FingerprintSHA1><!-- tizen-public-class-root-authority.pem -->
-        <FingerprintSHA1>5A:C1:18:AC:6E:C7:EA:27:59:7D:5F:5A:1D:19:85:3D:A2:95:D5:18</FingerprintSHA1><!-- tizen-public-class-developer-root.pem -->
-        <FingerprintSHA1>94:A1:ED:C3:2F:CB:FD:6A:EE:3E:7E:1A:53:F1:55:34:36:01:E9:3F</FingerprintSHA1><!-- tizen-partner-class-root-authority.pem -->
-        <FingerprintSHA1>DE:F9:4F:17:12:3A:CD:0D:42:7B:A2:C8:95:42:67:2B:50:8F:B6:FF</FingerprintSHA1><!-- tizen-partner-class-developer-root.pem -->
-        <FingerprintSHA1>92:05:15:EE:A4:7A:EC:36:ED:41:9D:F8:F6:46:00:F4:A4:FB:16:74</FingerprintSHA1><!-- tizen-platform-class-root-authority.pem -->
-        <FingerprintSHA1>76:9F:5B:68:84:D0:21:92:5D:0C:1E:94:40:EC:D5:4E:21:2F:5A:43</FingerprintSHA1><!-- tizen-platform-class-developer-root.pem -->
-    </CertificateDomain>
-    <CertificateDomain name="orangelegacy">
-        <FingerprintSHA1>FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD</FingerprintSHA1><!-- orange.production.pem - This certificate requires special treatment during verification process -->
+        <FingerprintSHA1>D4:C0:91:D8:DE:C4:16:D2:44:0E:AA:B6:E4:CD:F8:AD:6A:F4:36:4C</FingerprintSHA1><!-- tizen-developers-root.pem -->    
     </CertificateDomain>
     <CertificateDomain name="tizen-public">
         <FingerprintSHA1>04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE</FingerprintSHA1><!-- tizen-distributor-root-ca-public.pem -->
diff --git a/packaging/wrt-security.spec b/packaging/wrt-security.spec
index d470d61..7ee3ff5 100644
--- a/packaging/wrt-security.spec
+++ b/packaging/wrt-security.spec
@@ -23,6 +23,10 @@ BuildRequires: pkgconfig(libpcrecpp)
 BuildRequires: pkgconfig(icu-i18n)
 BuildRequires: pkgconfig(libsoup-2.4)
 BuildRequires: pkgconfig(xmlsec1)
+BuildRequires: pkgconfig(capi-appfw-app-manager)
+BuildRequires: pkgconfig(capi-appfw-package-manager)
+BuildRequires: pkgconfig(privacy-manager-client)
+BuildRequires: pkgconfig(capi-security-privacy-manager)
 
 %description
 Wrt security daemon and utilities.
-- 
2.7.4