From bd6b9f99186995d70c57024209a9532134f6357e Mon Sep 17 00:00:00 2001
From: "hb.min" <hb.min@samsung.com>
Date: Wed, 10 Apr 2013 01:15:42 +0900
Subject: [PATCH] Add privacy check method

Change-Id: I892f9bfaf95d8ac420943cec23553a0910036ea1
Signed-off-by: hb.min <hb.min@samsung.com>
---
 src/security/FSec_AccessController.cpp     |  78 +++++++++++++++++++
 src/security/inc/FSec_AccessControlTypes.h | 120 +++++++++++++++++++++++++++++
 src/security/inc/FSec_AccessController.h   |   3 +
 3 files changed, 201 insertions(+)

diff --git a/src/security/FSec_AccessController.cpp b/src/security/FSec_AccessController.cpp
index 83afac4..a7d1390 100644
--- a/src/security/FSec_AccessController.cpp
+++ b/src/security/FSec_AccessController.cpp
@@ -29,13 +29,16 @@
 #include <FBaseSysLog.h>
 #include <FBaseString.h>
 #include <FBaseColArrayList.h>
+#include <FBase_StringConverter.h>
 #include <FIoFile.h>
 #include <FIo_IpcClient.h>
+#include <privacy_checker_client.h>
 #include "FSec_AccessController.h"
 #include "FSec_PrivilegeManager.h"
 #include "FSec_PrivilegeManagerMessage.h"
 #include "FSec_PrivilegeInfo.h"
 
+
 using namespace Tizen::App;
 using namespace Tizen::App::Package;
 using namespace Tizen::Base;
@@ -125,6 +128,9 @@ _AccessController::CheckSystemPrivilege(const PackageId& packageId, _Privilege p
 		goto CATCH;
 	}
 
+	r = CheckPrivacy(packageId, privilege);
+	SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
+
 	return r;
 
 CATCH:
@@ -198,6 +204,9 @@ _AccessController::CheckSystemPrivilege(const PackageId& packageId, _Privilege p
 		}
 	}
 
+	r = CheckPrivacy(packageId, privilege2);
+	SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
+
 	return r;
 
 CATCH:
@@ -264,6 +273,9 @@ _AccessController::CheckPrivilege(const PackageId& packageId, const String& priv
 		goto CATCH;
 	}
 
+	r = CheckPrivacy(packageId, privilege);
+	SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
+
 	return r;
 
 CATCH:
@@ -387,6 +399,9 @@ _AccessController::CheckUserPrivilege(_Privilege privilege)
 		}
 	}
 
+	r = CheckPrivacy(packageId, privilege);
+	SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
+
 	return r;
 
 CATCH:
@@ -468,6 +483,9 @@ _AccessController::CheckUserPrivilege(_Privilege privilege1, _Privilege privileg
 		}
 	}
 
+	r = CheckPrivacy(packageId, privilege2);
+	SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
+
 	return r;
 
 CATCH:
@@ -543,8 +561,12 @@ _AccessController::CheckPrivilege(const String& privilege)
 			r = E_PRIVILEGE_DENIED;
 			goto CATCH;
 		}
+
 	}
 
+	r = CheckPrivacy(packageId, privilege);
+	SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_USER_NOT_CONSENTED, "The user blocks an application from calling the method.");
+
 	return r;
 
 CATCH:
@@ -557,4 +579,60 @@ CATCH:
 	return r;
 }
 
+result
+_AccessController::CheckPrivacy(const PackageId & packageId, _Privilege privilege)
+{
+	result r = E_SUCCESS;
+	int ret = PRIV_MGR_ERROR_SUCCESS;
+
+	if (privacyListTable[privilege][_PRV_API_VER_2_0] != true)
+	{
+		return r;
+	}
+
+	std::unique_ptr<char[]> pPackageId(null);
+	pPackageId.reset(_StringConverter::CopyToCharArrayN(packageId));
+	SysTryReturnResult(NID_SEC, pPackageId != null, E_SYSTEM, "An unexpected system error occurred.");
+
+	std::unique_ptr<char[]> pPrivilegeId(null);
+	String privilegeId(L"http://tizen.org/privilege/");
+	privilegeId.Append(privilegeListTable[privilege].privilegeString);
+
+	pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(privilegeId));
+	SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
+
+	ret = privacy_checker_check_package_by_privilege(pPackageId.get(), pPrivilegeId.get());
+	if (ret != PRIV_MGR_ERROR_SUCCESS)
+	{
+		r = E_USER_NOT_CONSENTED;
+		SysLog(NID_SEC, "Result : FALSE [Privacy]");
+	}
+
+	return r;
+}
+
+result
+_AccessController::CheckPrivacy(const PackageId & packageId, const String& privilege)
+{
+	result r = E_SUCCESS;
+	int ret = PRIV_MGR_ERROR_SUCCESS;
+
+	std::unique_ptr<char[]> pPackageId(null);
+	pPackageId.reset(_StringConverter::CopyToCharArrayN(packageId));
+	SysTryReturnResult(NID_SEC, pPackageId != null, E_SYSTEM, "An unexpected system error occurred.");
+
+	std::unique_ptr<char[]> pPrivilegeId(null);
+	pPrivilegeId.reset(_StringConverter::CopyToCharArrayN(privilege));
+	SysTryReturnResult(NID_SEC, pPrivilegeId != null, E_SYSTEM, "An unexpected system error occurred.");
+
+	ret = privacy_checker_check_package_by_privilege(pPackageId.get(), pPrivilegeId.get());
+	if (ret != PRIV_MGR_ERROR_SUCCESS)
+	{
+		r = E_USER_NOT_CONSENTED;
+		SysLog(NID_SEC, "Result : FALSE [Privacy]");
+	}
+
+	return r;
+}
+
 }} //Tizen::Security
diff --git a/src/security/inc/FSec_AccessControlTypes.h b/src/security/inc/FSec_AccessControlTypes.h
index 876f131..aeae5c7 100644
--- a/src/security/inc/FSec_AccessControlTypes.h
+++ b/src/security/inc/FSec_AccessControlTypes.h
@@ -530,6 +530,126 @@ const static _PrivilegeLevel privilegeLevelListTable[_MAX_PRIVILEGE_ENUM][_PRV_A
 	{ _PRV_LEVEL_USER },	// networkbearerselection
 };
 
+const static bool privacyListTable[_MAX_PRIVILEGE_ENUM][_PRV_API_VER_MAX] =
+{
+	{ false },	// alarm
+	{ false },	// application.kill
+	{ false },	// application.launch
+	{ false },	// appmanager.launch
+	{ false },	// appsetting
+	{ false },	// appusage
+	{ false },	// audiomanager.route
+	{ false },	// audiomanager.session
+	{ false },	// audiomanager.voipsession
+	{ false },	// audiorecorder
+	{ true },	// bluetooth.admin
+	{ true },	// bluetooth.gap
+	{ true },	// bluetooth.health
+	{ true },	// bluetooth.opp
+	{ true },	// bluetooth.spp
+	{ true },	// bluetoothmanager
+	{ true },	// calendar.read
+	{ true },	// calendar.write
+	{ false },	// callforward
+	{ false },	// callhistory.read
+	{ false },	// callhistory.write
+	{ false },	// camera
+	{ false },	// cellbroadcast
+	{ false },	// certificate.read
+	{ false },	// certificate.write
+	{ true },	// contact.read
+	{ true },	// contact.write
+	{ false },	// content.read
+	{ false },	// content.write
+	{ false },	// customnetaccount
+	{ true },	// dns
+	{ true },	// download
+	{ false },	// drmservice
+	{ true },	// http
+	{ false },	// ime
+	{ false },	// imemanager
+	{ false },	// inputmanager
+	{ true },	// location
+	{ true },	// messaging.email
+	{ true },	// messaging.mms
+	{ true },	// messaging.sms
+	{ false },	// network.account
+	{ true },	// network.connection
+	{ false },	// network.statistics.read
+	{ false },	// network.statistics.write
+	{ false },	// networkmanager
+	{ true },	// nfc.admin
+	{ false },	// nfc.cardemulation
+	{ true },	// nfc.common
+	{ true },	// nfc.p2p
+	{ true },	// nfc.tag
+	{ false },	// notification
+	{ false },	// notificationmanager
+	{ false },	// packageinfo
+	{ false },	// packagelicensemanager
+	{ false },	// packagemanager.install
+	{ false },	// packagesetting
+	{ false },	// platforminfo
+	{ false },	// power
+	{ true },	// push
+	{ false },	// setting
+	{ false },	// smstrigger
+	{ true },	// socket
+	{ false },	// systeminfo
+	{ false },	// systemsetting.read
+	{ false },	// systemsetting.write
+	{ false },	// telephonymanager
+	{ false },	// uimanager
+	{ false },	// useridentity
+	{ false },	// vibrator
+	{ false },	// videorecorder
+	{ false },	// wappush
+	{ false },	// web.privacy
+	{ true },	// web.service
+	{ false },	// wifi.admin
+	{ false },	// wifi.read
+	{ true },	// wifi.wifidirect.admin
+	{ true },	// wifi.wifidirect.read
+	{ false },	// wifimanager
+	{ false },	// appwidgetprovider.install
+	{ true },	// account.read
+	{ true },	// account.write
+	{ true },	// userprofile.read
+	{ true },	// userprofile.write
+	{ false },	// telephony
+	{ false },	// netstatisticsmanager
+	{ false },	// network.statistics
+	{ false },	// nfcmanager
+	{ false },	// bookmark.read
+	{ false },	// bookmark.write
+	{ false },	// geolocationpermission.read
+	{ false },	// geolocationpermission.write
+	{ false },	// lockmanager
+	{ false },	// shortcut.install
+	{ false },	// appmanager.kill
+	{ false },	// privilegemanager.read
+	{ false },	// privacymanager.read
+	{ false },	// privacymanager.write
+	{ false },	// antivirus
+	{ true },	// internet
+	{ true },	// messaging.read
+	{ true },	// messaging.write
+	{ false },	// package.info
+	{ false },	// packagemanager.info
+	{ false },	// packagemanager.setting
+	{ false },	// system
+	{ false },	// systemmanager
+	{ false },	// settingmanager.read
+	{ false },	// settingmanager.write
+	{ false },	// appmanager.certificate
+	{ false },	// datacontrol.consumer
+	{ false },	// datasync
+	{ false },	// filesystem.read
+	{ false },	// filesystem.write
+	{ false },	// messageport
+	{ false },	// networkbearerselection
+};
+
 const int MAX_BITWISE_PRIV_SIZE = (((_MAX_PRIVILEGE_ENUM - 1) / 32) + 1) * 4;
 const int MAX_APP_ID_SIZE = 10;
 const int MAX_CACHE_SIZE = 20;
diff --git a/src/security/inc/FSec_AccessController.h b/src/security/inc/FSec_AccessController.h
index 5199621..438bd61 100644
--- a/src/security/inc/FSec_AccessController.h
+++ b/src/security/inc/FSec_AccessController.h
@@ -149,6 +149,9 @@ private:
 	_AccessController(const _AccessController& rhs);
 	_AccessController& operator =(const _AccessController& rhs);
 
+	static result CheckPrivacy(const Tizen::App::PackageId& packageId, _Privilege privilege);
+	static result CheckPrivacy(const Tizen::App::PackageId& packageId, const Tizen::Base::String& privilege);
+
 	static void Initialize(void);
 
 	static _PrivilegeManager* __pPrivilegeManager;
-- 
2.7.4