From cdf4595a9bd05ee18a7d7cfee4383ad98a542e8d Mon Sep 17 00:00:00 2001
From: Zofia Abramowska <z.abramowska@samsung.com>
Date: Tue, 11 Aug 2015 17:25:28 +0200
Subject: [PATCH] Add script and config for privilege mapping setting

Change-Id: I28d9b62547c5415f7cfc3c5934b75d4b6b6c020f
---
 policy/CMakeLists.txt                 |   1 +
 policy/privilege-mapping.list         | 195 ++++++++++++++++++++++++++++++++++
 policy/security-manager-policy-reload |  14 +++
 3 files changed, 210 insertions(+)
 create mode 100644 policy/privilege-mapping.list

diff --git a/policy/CMakeLists.txt b/policy/CMakeLists.txt
index bd08edc..bb795dd 100644
--- a/policy/CMakeLists.txt
+++ b/policy/CMakeLists.txt
@@ -2,4 +2,5 @@ FILE(GLOB USERTYPE_POLICY_FILES usertype-*.profile)
 INSTALL(FILES ${USERTYPE_POLICY_FILES} DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
 INSTALL(FILES "app-rules-template.smack" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
 INSTALL(FILES "privilege-group.list" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
+INSTALL(FILES "privilege-mapping.list" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
 INSTALL(PROGRAMS security-manager-policy-reload DESTINATION ${BIN_INSTALL_DIR})
diff --git a/policy/privilege-mapping.list b/policy/privilege-mapping.list
new file mode 100644
index 0000000..732165d
--- /dev/null
+++ b/policy/privilege-mapping.list
@@ -0,0 +1,195 @@
+2.3 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read
+2.3 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write
+2.3 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.get
+2.3 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.set
+2.3 3.0 http://tizen.org/privilege/application.info http://tizen.org/privilege/packagemanager.info
+2.3 3.0 http://tizen.org/privilege/application.kill http://tizen.org/privilege/appmanager.kill
+2.3 3.0 http://tizen.org/privilege/application.launch http://tizen.org/privilege/appmanager.launch
+2.3 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read
+2.3 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate
+2.3 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill
+2.3 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/bluetooth.gap http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/bluetooth.health http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/bluetooth.spp http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/bluetoothmanager http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/bookmark.read http://tizen.org/privilege/bookmark.admin
+2.3 3.0 http://tizen.org/privilege/bookmark.write http://tizen.org/privilege/bookmark.admin
+2.3 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read
+2.3 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.read
+2.3 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write
+2.3 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call
+2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read
+2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.read
+2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write
+2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.write
+2.3 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write
+2.3 3.0 http://tizen.org/privilege/content.read http://tizen.org/privilege/content.write
+2.3 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write
+2.3 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/appmanager.launch
+2.3 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/datasharing
+2.3 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download
+2.3 3.0 http://tizen.org/privilege/filesystem.read http://tizen.org/privilege/systemsettings.admin
+2.3 3.0 http://tizen.org/privilege/filesystem.write http://tizen.org/privilege/systemsettings.admin
+2.3 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen
+2.3 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo
+2.3 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime
+2.3 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet
+2.3 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager
+2.3 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led
+2.3 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location
+2.3 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/camera
+2.3 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/recorder
+2.3 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client
+2.3 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server
+2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/email
+2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/message.read
+2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/mediastorage
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/callhistory.read
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/callhistory.write
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/contact.write
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/email
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/message.read
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/message.write
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/mediastorage
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.read
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.write
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.write
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/email
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.read
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.write
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/mediastorage
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/networkbearerselection http://tizen.org/privilege/network.set
+2.3 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin
+2.3 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation
+2.3 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/nfc
+2.3 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/nfc
+2.3 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/nfc
+2.3 3.0 http://tizen.org/privilege/notification.read http://tizen.org/privilege/notification
+2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification
+2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/packagemanager.info
+2.3 3.0 http://tizen.org/privilege/notification.write http://tizen.org/privilege/notification
+2.3 3.0 http://tizen.org/privilege/package.info http://tizen.org/privilege/packagemanager.info
+2.3 3.0 http://tizen.org/privilege/packagemanager.install http://tizen.org/privilege/packagemanager.admin
+2.3 3.0 http://tizen.org/privilege/power http://tizen.org/privilege/display
+2.3 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push
+2.3 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/setting http://tizen.org/privilege/systemsettings.admin
+2.3 3.0 http://tizen.org/privilege/system http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/systeminfo http://tizen.org/privilege/network.get
+2.3 3.0 http://tizen.org/privilege/systeminfo http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage
+2.3 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set
+2.3 3.0 http://tizen.org/privilege/message.read http://tizen.org/privilege/message.read
+2.3 3.0 http://tizen.org/privilege/network.get http://tizen.org/privilege/network.get
+2.3 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet
+2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification
+2.3 3.0 http://tizen.org/privilege/mediastorage http://tizen.org/privilege/mediastorage
+2.3 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server
+2.3 3.0 http://tizen.org/privilege/packagemanager.admin http://tizen.org/privilege/packagemanager.admin
+2.3 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate
+2.3 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager
+2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read
+2.3 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read
+2.3 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push
+2.3 3.0 http://tizen.org/privilege/nfc http://tizen.org/privilege/nfc
+2.3 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/camera
+2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write
+2.3 3.0 http://tizen.org/privilege/message.write http://tizen.org/privilege/message.write
+2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write
+2.3 3.0 http://tizen.org/privilege/datasharing http://tizen.org/privilege/datasharing
+2.3 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage
+2.3 3.0 http://tizen.org/privilege/display http://tizen.org/privilege/display
+2.3 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/appmanager.launch http://tizen.org/privilege/appmanager.launch
+2.3 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download
+2.3 3.0 http://tizen.org/privilege/recorder http://tizen.org/privilege/recorder
+2.3 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write
+2.3 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation
+2.3 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led
+2.3 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read
+2.3 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call
+2.3 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin
+2.3 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen
+2.3 3.0 http://tizen.org/privilege/network.set http://tizen.org/privilege/network.set
+2.3 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set
+2.3 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read
+2.3 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write
+2.3 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location
+2.3 3.0 http://tizen.org/privilege/bookmark.admin http://tizen.org/privilege/bookmark.admin
+2.3 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime
+2.3 3.0 http://tizen.org/privilege/systemsettings.admin http://tizen.org/privilege/systemsettings.admin
+2.3 3.0 http://tizen.org/privilege/packagemanager.info http://tizen.org/privilege/packagemanager.info
+2.3 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client
+2.3 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo
+2.3 3.0 http://tizen.org/privilege/alarm.set http://tizen.org/privilege/alarm.set
+2.3 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill
+2.3 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/alarm.get http://tizen.org/privilege/alarm.get
+2.3 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write
+2.3 3.0 http://tizen.org/privilege/email http://tizen.org/privilege/email
+2.4 3.0 http://tizen.org/privilege/message.read http://tizen.org/privilege/message.read
+2.4 3.0 http://tizen.org/privilege/network.get http://tizen.org/privilege/network.get
+2.4 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet
+2.4 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification
+2.4 3.0 http://tizen.org/privilege/mediastorage http://tizen.org/privilege/mediastorage
+2.4 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server
+2.4 3.0 http://tizen.org/privilege/packagemanager.admin http://tizen.org/privilege/packagemanager.admin
+2.4 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate
+2.4 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager
+2.4 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read
+2.4 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read
+2.4 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push
+2.4 3.0 http://tizen.org/privilege/nfc http://tizen.org/privilege/nfc
+2.4 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/camera
+2.4 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write
+2.4 3.0 http://tizen.org/privilege/message.write http://tizen.org/privilege/message.write
+2.4 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write
+2.4 3.0 http://tizen.org/privilege/datasharing http://tizen.org/privilege/datasharing
+2.4 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage
+2.4 3.0 http://tizen.org/privilege/display http://tizen.org/privilege/display
+2.4 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin
+2.4 3.0 http://tizen.org/privilege/appmanager.launch http://tizen.org/privilege/appmanager.launch
+2.4 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony
+2.4 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download
+2.4 3.0 http://tizen.org/privilege/recorder http://tizen.org/privilege/recorder
+2.4 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write
+2.4 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read
+2.4 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation
+2.4 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led
+2.4 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read
+2.4 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call
+2.4 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin
+2.4 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen
+2.4 3.0 http://tizen.org/privilege/network.set http://tizen.org/privilege/network.set
+2.4 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set
+2.4 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read
+2.4 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write
+2.4 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location
+2.4 3.0 http://tizen.org/privilege/bookmark.admin http://tizen.org/privilege/bookmark.admin
+2.4 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime
+2.4 3.0 http://tizen.org/privilege/systemsettings.admin http://tizen.org/privilege/systemsettings.admin
+2.4 3.0 http://tizen.org/privilege/packagemanager.info http://tizen.org/privilege/packagemanager.info
+2.4 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client
+2.4 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo
+2.4 3.0 http://tizen.org/privilege/alarm.set http://tizen.org/privilege/alarm.set
+2.4 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill
+2.4 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement
+2.4 3.0 http://tizen.org/privilege/alarm.get http://tizen.org/privilege/alarm.get
+2.4 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write
+2.4 3.0 http://tizen.org/privilege/email http://tizen.org/privilege/email
diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload
index 274c49c..b131f4d 100755
--- a/policy/security-manager-policy-reload
+++ b/policy/security-manager-policy-reload
@@ -2,6 +2,8 @@
 
 POLICY_PATH=/usr/share/security-manager/policy
 PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list
+PRIVILEGE_MAPPING=$POLICY_PATH/privilege-mapping.list
+
 DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
 
 # Create default buckets
@@ -70,3 +72,15 @@ do
 done
 echo "COMMIT;"
 ) | sqlite3 "$DB_FILE"
+
+# Load privilege-privilege mappings
+(
+echo "BEGIN;"
+echo "DELETE FROM privilege_mapping;"
+grep -v '^#' "$PRIVILEGE_MAPPING" |
+while read version_from version_to privilege mapping
+do
+    echo "INSERT INTO privilege_mapping_view (version_from_name, version_to_name, privilege_name, privilege_mapping_name) VALUES ('$version_from', '$version_to', '$privilege', '$mapping');"
+done
+echo "COMMIT;"
+) | sqlite3 "$DB_FILE"
-- 
2.7.4