From f963289521dece5092299d55fbcf9be4e38b8781 Mon Sep 17 00:00:00 2001 From: Zofia Abramowska Date: Tue, 7 Jul 2015 14:47:19 +0200 Subject: [PATCH 01/16] Add privilege mappings to PrivilegeDb Change-Id: I8ff2a6fd7db7bd61d8d3b43ad3f2e033536843fe --- src/common/include/privilege_db.h | 83 ++++++++++++++++++++++++------ src/common/privilege_db.cpp | 105 ++++++++++++++++++++++++++++++++------ 2 files changed, 158 insertions(+), 30 deletions(-) diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h index 4d73d90..1b3f7a2 100644 --- a/src/common/include/privilege_db.h +++ b/src/common/include/privilege_db.h @@ -23,6 +23,7 @@ * @file privilege_db.h * @author Krzysztof Sasiak * @author Rafal Krypa + * @author Zofia Abramowska * @version 1.0 * @brief This file contains declaration of the API to privilges database. */ @@ -43,7 +44,7 @@ namespace SecurityManager { const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db"); -enum class QueryType { +enum class StmtType { EGetPkgPrivileges, EGetAppPrivileges, EAddApplication, @@ -54,7 +55,12 @@ enum class QueryType { EGetPkgId, EGetPrivilegeGroups, EGetUserApps, - EGetAppsInPkg + EGetAppsInPkg, + EGetDefaultMappings, + EGetPrivilegeMappings, + EInsertPrivilegeToMap, + EGetPrivilegesMappings, + EDeletePrivilegesToMap }; class PrivilegeDb { @@ -71,18 +77,27 @@ private: PrivilegeDb(const std::string &path = std::string(PRIVILEGE_DB_PATH)); SecurityManager::DB::SqlConnection *mSqlConnection; - const std::map Queries = { - { QueryType::EGetPkgPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE pkg_name=? AND uid=? ORDER BY privilege_name"}, - { QueryType::EGetAppPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE app_name=? AND uid=? ORDER BY privilege_name"}, - { QueryType::EAddApplication, "INSERT INTO app_pkg_view (app_name, pkg_name, uid) VALUES (?, ?, ?)" }, - { QueryType::ERemoveApplication, "DELETE FROM app_pkg_view WHERE app_name=? AND uid=?" }, - { QueryType::EAddAppPrivileges, "INSERT INTO app_privilege_view (app_name, uid, privilege_name) VALUES (?, ?, ?)" }, - { QueryType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=? AND uid=?" }, - { QueryType::EPkgIdExists, "SELECT * FROM pkg WHERE name=?" }, - { QueryType::EGetPkgId, " SELECT pkg_name FROM app_pkg_view WHERE app_name = ?" }, - { QueryType::EGetPrivilegeGroups, " SELECT group_name FROM privilege_group_view WHERE privilege_name = ?" }, - { QueryType::EGetUserApps, "SELECT name FROM app WHERE uid=?" }, - { QueryType::EGetAppsInPkg, " SELECT app_name FROM app_pkg_view WHERE pkg_name = ?" }, + const std::map Queries = { + { StmtType::EGetPkgPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE pkg_name=? AND uid=? ORDER BY privilege_name"}, + { StmtType::EGetAppPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE app_name=? AND uid=? ORDER BY privilege_name"}, + { StmtType::EAddApplication, "INSERT INTO app_pkg_view (app_name, pkg_name, uid) VALUES (?, ?, ?)" }, + { StmtType::ERemoveApplication, "DELETE FROM app_pkg_view WHERE app_name=? AND uid=?" }, + { StmtType::EAddAppPrivileges, "INSERT INTO app_privilege_view (app_name, uid, privilege_name) VALUES (?, ?, ?)" }, + { StmtType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=? AND uid=?" }, + { StmtType::EPkgIdExists, "SELECT * FROM pkg WHERE name=?" }, + { StmtType::EGetPkgId, " SELECT pkg_name FROM app_pkg_view WHERE app_name = ?" }, + { StmtType::EGetPrivilegeGroups, " SELECT group_name FROM privilege_group_view WHERE privilege_name = ?" }, + { StmtType::EGetUserApps, "SELECT name FROM app WHERE uid=?" }, + { StmtType::EGetDefaultMappings, "SELECT DISTINCT privilege_mapping_name FROM privilege_mapping_view" + " WHERE version_from_name=? AND version_to_name=? AND privilege_name IS NULL"}, + { StmtType::EGetAppsInPkg, " SELECT app_name FROM app_pkg_view WHERE pkg_name = ?" }, + { StmtType::EGetPrivilegeMappings, " SELECT DISTINCT privilege_mapping_name FROM privilege_mapping_view" + " WHERE version_from_name=? AND version_to_name=? AND (privilege_name=? OR privilege_name IS NULL)"}, + { StmtType::EInsertPrivilegeToMap, " INSERT INTO privilege_to_map(privilege_name) VALUES (?);"}, + { StmtType::EGetPrivilegesMappings, "SELECT DISTINCT privilege_mapping_name FROM privilege_mapping_view" + " WHERE version_from_name=? AND version_to_name=?" + " AND privilege_name IN (SELECT privilege_name FROM privilege_to_map)"}, + { StmtType::EDeletePrivilegesToMap, "DELETE FROM privilege_to_map"}, }; /** @@ -106,7 +121,7 @@ private: * @param queryType query identifier * @return reference to prepared, reset query */ - DB::SqlConnection::DataCommandAutoPtr & getQuery(QueryType queryType); + DB::SqlConnection::DataCommandAutoPtr & getStatement(StmtType queryType); /** * Check if pkgId is already registered in database @@ -255,6 +270,44 @@ public: */ void GetAppIdsForPkgId (const std::string &pkgId, std::vector &appIds); + + /** + * Retrieve default mappings from one version to another + * + * @param version_from - version of privilege availability + * @param version_to - version of mappings availability + * @param[out] mappings - vector of privilege mappings + * @exception DB::SqlConnection::Exception::InternalError on internal error + */ + void GetDefaultMapping(const std::string &version_from, + const std::string &version_to, + std::vector &mappings); + /** + * Retrieve privilege mappings from one version to another + * + * @param version_from - version of privilege availability + * @param version_to - version of mappings availability + * @param privilege - name of privilege to be mapped + * @param[out] mappings - vector of privilege mappings + * @exception DB::SqlConnection::Exception::InternalError on internal error + */ + void GetPrivilegeMappings(const std::string &version_from, + const std::string &version_to, + const std::string &privilege, + std::vector &mappings); + /** + * Retrieve mappings of privilege set from one version to another + * + * @param version_from - version of privilege availability + * @param version_to - version of mappings availability + * @param privileges - vector of names of privileges to be mapped + * @param[out] mappings - vector of privileges mappings + * @exception DB::SqlConnection::Exception::InternalError on internal error + */ + void GetPrivilegesMappings(const std::string &version_from, + const std::string &version_to, + const std::vector &privileges, + std::vector &mappings); }; } //namespace SecurityManager diff --git a/src/common/privilege_db.cpp b/src/common/privilege_db.cpp index 4e30e83..8dca5f6 100644 --- a/src/common/privilege_db.cpp +++ b/src/common/privilege_db.cpp @@ -76,7 +76,7 @@ void PrivilegeDb::initDataCommands() } } -DB::SqlConnection::DataCommandAutoPtr & PrivilegeDb::getQuery(QueryType queryType) +DB::SqlConnection::DataCommandAutoPtr & PrivilegeDb::getStatement(StmtType queryType) { auto &command = m_commands.at(static_cast(queryType)); command->Reset(); @@ -119,7 +119,7 @@ void PrivilegeDb::RollbackTransaction(void) bool PrivilegeDb::PkgIdExists(const std::string &pkgId) { return try_catch([&] { - auto &command = getQuery(QueryType::EPkgIdExists); + auto &command = getStatement(StmtType::EPkgIdExists); command->BindString(1, pkgId); return command->Step(); }); @@ -128,7 +128,7 @@ bool PrivilegeDb::PkgIdExists(const std::string &pkgId) bool PrivilegeDb::GetAppPkgId(const std::string &appId, std::string &pkgId) { return try_catch([&] { - auto &command = getQuery(QueryType::EGetPkgId); + auto &command = getStatement(StmtType::EGetPkgId); command->BindString(1, appId); if (!command->Step()) { @@ -147,14 +147,14 @@ void PrivilegeDb::AddApplication(const std::string &appId, const std::string &pkgId, uid_t uid) { try_catch([&] { - auto &command = getQuery(QueryType::EAddApplication); + auto &command = getStatement(StmtType::EAddApplication); command->BindString(1, appId); command->BindString(2, pkgId); command->BindInteger(3, static_cast(uid)); if (command->Step()) { LogDebug("Unexpected SQLITE_ROW answer to query: " << - Queries.at(QueryType::EAddApplication)); + Queries.at(StmtType::EAddApplication)); }; LogDebug("Added appId: " << appId << ", pkgId: " << pkgId); @@ -171,13 +171,13 @@ void PrivilegeDb::RemoveApplication(const std::string &appId, uid_t uid, return; } - auto &command = getQuery(QueryType::ERemoveApplication); + auto &command = getStatement(StmtType::ERemoveApplication); command->BindString(1, appId); command->BindInteger(2, static_cast(uid)); if (command->Step()) { LogDebug("Unexpected SQLITE_ROW answer to query: " << - Queries.at(QueryType::ERemoveApplication)); + Queries.at(StmtType::ERemoveApplication)); }; LogDebug("Removed appId: " << appId); @@ -190,7 +190,7 @@ void PrivilegeDb::GetPkgPrivileges(const std::string &pkgId, uid_t uid, std::vector ¤tPrivileges) { try_catch([&] { - auto &command = getQuery(QueryType::EGetPkgPrivileges); + auto &command = getStatement(StmtType::EGetPkgPrivileges); command->BindString(1, pkgId); command->BindInteger(2, static_cast(uid)); @@ -207,7 +207,7 @@ void PrivilegeDb::GetAppPrivileges(const std::string &appId, uid_t uid, { try_catch([&] { DB::SqlConnection::DataCommandAutoPtr &command = - m_commands.at(static_cast(QueryType::EGetAppPrivileges)); + m_commands.at(static_cast(StmtType::EGetAppPrivileges)); command->Reset(); command->BindString(1, appId); @@ -225,12 +225,12 @@ void PrivilegeDb::GetAppPrivileges(const std::string &appId, uid_t uid, void PrivilegeDb::RemoveAppPrivileges(const std::string &appId, uid_t uid) { try_catch([&] { - auto &command = getQuery(QueryType::ERemoveAppPrivileges); + auto &command = getStatement(StmtType::ERemoveAppPrivileges); command->BindString(1, appId); command->BindInteger(2, static_cast(uid)); if (command->Step()) { LogDebug("Unexpected SQLITE_ROW answer to query: " << - Queries.at(QueryType::ERemoveAppPrivileges)); + Queries.at(StmtType::ERemoveAppPrivileges)); } LogDebug("Removed all privileges for appId: " << appId); @@ -241,7 +241,7 @@ void PrivilegeDb::UpdateAppPrivileges(const std::string &appId, uid_t uid, const std::vector &privileges) { try_catch([&] { - auto &command = getQuery(QueryType::EAddAppPrivileges); + auto &command = getStatement(StmtType::EAddAppPrivileges); command->BindString(1, appId); command->BindInteger(2, static_cast(uid)); @@ -260,7 +260,7 @@ void PrivilegeDb::GetPrivilegeGroups(const std::string &privilege, std::vector &groups) { try_catch([&] { - auto &command = getQuery(QueryType::EGetPrivilegeGroups); + auto &command = getStatement(StmtType::EGetPrivilegeGroups); command->BindString(1, privilege); while (command->Step()) { @@ -274,7 +274,7 @@ void PrivilegeDb::GetPrivilegeGroups(const std::string &privilege, void PrivilegeDb::GetUserApps(uid_t uid, std::vector &apps) { try_catch([&] { - auto &command = getQuery(QueryType::EGetUserApps); + auto &command = getStatement(StmtType::EGetUserApps); command->BindInteger(1, static_cast(uid)); apps.clear(); while (command->Step()) { @@ -290,7 +290,7 @@ void PrivilegeDb::GetAppIdsForPkgId(const std::string &pkgId, { try_catch([&] { DB::SqlConnection::DataCommandAutoPtr &command = - m_commands.at(static_cast(QueryType::EGetAppsInPkg)); + m_commands.at(static_cast(StmtType::EGetAppsInPkg)); command->Reset(); command->BindString(1, pkgId); @@ -304,4 +304,79 @@ void PrivilegeDb::GetAppIdsForPkgId(const std::string &pkgId, }); } +void PrivilegeDb::GetDefaultMapping(const std::string &version_from, + const std::string &version_to, + std::vector &mappings) +{ + try_catch([&] { + auto &command = getStatement(StmtType::EGetDefaultMappings); + command->BindString(1, version_from); + command->BindString(2, version_to); + + mappings.clear(); + while (command->Step()) { + std::string mapping = command->GetColumnString(0); + LogDebug("Default Privilege from version " << version_from + <<" to version " << version_to << " is " << mapping); + mappings.push_back(mapping); + } + }); +} + +void PrivilegeDb::GetPrivilegeMappings(const std::string &version_from, + const std::string &version_to, + const std::string &privilege, + std::vector &mappings) +{ + try_catch([&] { + auto &command = getStatement(StmtType::EGetPrivilegeMappings); + command->BindString(1, version_from); + command->BindString(2, version_to); + command->BindString(3, privilege); + + mappings.clear(); + while (command->Step()) { + std::string mapping = command->GetColumnString(0); + LogDebug("Privilege " << privilege << " in version " << version_from + <<" has mapping " << mapping << " in version " << version_to); + mappings.push_back(mapping); + } + }); +} + +void PrivilegeDb::GetPrivilegesMappings(const std::string &version_from, + const std::string &version_to, + const std::vector &privileges, + std::vector &mappings) +{ + try_catch([&] { + auto &deleteCmd = getStatement(StmtType::EDeletePrivilegesToMap); + deleteCmd->Step(); + + auto & insertCmd = getStatement(StmtType::EInsertPrivilegeToMap); + for (auto &privilege : privileges) { + if (privilege.empty()) + continue; + insertCmd->BindString(1, privilege); + insertCmd->Step(); + insertCmd->Reset(); + } + + insertCmd->BindNull(1); + insertCmd->Step(); + + auto &queryCmd = getStatement(StmtType::EGetPrivilegesMappings); + queryCmd->BindString(1, version_from); + queryCmd->BindString(2, version_to); + + mappings.clear(); + while (queryCmd->Step()) { + std::string mapping = queryCmd->GetColumnString(0); + LogDebug("Privilege set in version " << version_from + <<" has mapping " << mapping << " in version " << version_to); + mappings.push_back(mapping); + } + }); +} + } //namespace SecurityManager -- 2.7.4 From 4c632f1a4ea797601f4e0286ca026fba0e6a0a7d Mon Sep 17 00:00:00 2001 From: Zofia Abramowska Date: Thu, 16 Jul 2015 13:53:12 +0200 Subject: [PATCH 02/16] Remove libprivilege leftover Change-Id: I8613ab6312eed889138652f5c89e55845e884b82 --- src/common/service_impl.cpp | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index 56d5e1c..873578d 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -309,14 +309,6 @@ int appInstall(const app_inst_req &req, uid_t uid, bool isSlave) return SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED; } - // create null terminated array of strings for permissions - std::unique_ptr pp_permissions(new const char* [req.privileges.size() + 1]); - for (size_t i = 0; i < req.privileges.size(); ++i) { - LogDebug(" Permission = " << req.privileges[i]); - pp_permissions[i] = req.privileges[i].c_str(); - } - pp_permissions[req.privileges.size()] = nullptr; - try { std::vector oldAppPrivileges; -- 2.7.4 From 26771a0424b329f18d2b678def461962a0263935 Mon Sep 17 00:00:00 2001 From: Zofia Abramowska Date: Tue, 7 Jul 2015 12:15:09 +0200 Subject: [PATCH 03/16] Implement serialization of privilege mapping API Change-Id: Ic57758eca88b97485d748ff73267ba23e04efd45 --- src/client/client-security-manager.cpp | 90 +++++++++++++++++++++++++++++++--- src/common/include/protocols.h | 1 + src/server/service/include/service.h | 9 ++++ src/server/service/service.cpp | 17 +++++++ 4 files changed, 111 insertions(+), 6 deletions(-) diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index 48b4594..308da19 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -26,6 +26,8 @@ */ #include +#include +#include #include #include @@ -979,6 +981,68 @@ void security_manager_policy_levels_free(char **levels, size_t levels_count) delete[] levels; } +lib_retcode get_privileges_mapping(const std::string &from_version, + const std::string &to_version, + const std::vector &privileges, + char ***privileges_mappings, + size_t *mappings_count) +{ + using namespace SecurityManager; + MessageBuffer send, recv; + Serialization::Serialize(send, static_cast(SecurityModuleCall::GET_PRIVILEGES_MAPPING)); + Serialization::Serialize(send, from_version); + Serialization::Serialize(send, to_version); + Serialization::Serialize(send, privileges); + + //send buffer to server + int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); + if (retval != SECURITY_MANAGER_API_SUCCESS) { + LogError("Error in sendToServer. Error code: " << retval); + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + //receive response from server + Deserialization::Deserialize(recv, retval); + + switch(retval) { + case SECURITY_MANAGER_API_SUCCESS: + // success - continue + break; + case SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY: + return SECURITY_MANAGER_ERROR_MEMORY; + case SECURITY_MANAGER_API_ERROR_INPUT_PARAM: + return SECURITY_MANAGER_ERROR_INPUT_PARAM; + default: + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + unsigned int count; + Deserialization::Deserialize(recv, count); + LogInfo("Number of privilege mappings: " << count); + size_t i = 0; + auto free_mapping = std::bind(security_manager_privilege_mapping_free, + std::placeholders::_1, std::ref(i)); + std::unique_ptr mappings_ptr(new char *[count], free_mapping); + + for (; i < count; ++i) { + std::string privilege_mapping; + Deserialization::Deserialize(recv, privilege_mapping); + if (privilege_mapping.empty()) { + LogError("Unexpected empty privilege mapping"); + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + mappings_ptr.get()[i] = strdup(privilege_mapping.c_str()); + if (mappings_ptr.get()[i] == nullptr) + return SECURITY_MANAGER_ERROR_MEMORY; + } + + *privileges_mappings = mappings_ptr.release(); + *mappings_count = count; + + return SECURITY_MANAGER_SUCCESS; +} + SECURITY_MANAGER_API int security_manager_get_privileges_mapping(const char *from_version, const char *to_version, @@ -987,16 +1051,30 @@ int security_manager_get_privileges_mapping(const char *from_version, char ***privileges_mappings, size_t *mappings_count) { - (void)to_version; - if (from_version == nullptr || privileges == nullptr || - privileges_mappings == nullptr || mappings_count == nullptr || privileges_count == 0) { + if (from_version == nullptr || privileges_mappings == nullptr || mappings_count == nullptr) { return SECURITY_MANAGER_ERROR_INPUT_PARAM; } - return SECURITY_MANAGER_ERROR_UNKNOWN; + return try_catch([&] { + std::vector privilegesToMap; + if (privileges != nullptr) { + privilegesToMap.reserve(privileges_count); + privilegesToMap.insert(privilegesToMap.end(), privileges, privileges + privileges_count); + } + if (to_version == nullptr) + to_version = ""; + LogDebug("security_manager_get_privileges_mapping() called with :" + " from_version = " << from_version << " to_version = " << to_version << + " privileges_count " << privilegesToMap.size()); + + return get_privileges_mapping(from_version, to_version, privilegesToMap, + privileges_mappings, mappings_count); + + }); } SECURITY_MANAGER_API void security_manager_privilege_mapping_free(char **privileges_mappings, size_t mappings_count) { - (void)privileges_mappings; - (void)mappings_count; + for(size_t i = 0; i < mappings_count; i++) + free(privileges_mappings[i]); + delete [] privileges_mappings; } diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h index 412db07..c0caf45 100644 --- a/src/common/include/protocols.h +++ b/src/common/include/protocols.h @@ -136,6 +136,7 @@ enum class SecurityModuleCall GET_CONF_POLICY_ADMIN, GET_CONF_POLICY_SELF, POLICY_GET_DESCRIPTIONS, + GET_PRIVILEGES_MAPPING, NOOP = 0x90, }; diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h index 765d0d0..371d5fd 100644 --- a/src/server/service/include/service.h +++ b/src/server/service/include/service.h @@ -137,10 +137,19 @@ private: /** * Process getting policies descriptions as strings from Cynara * + * @param recv Raw received data buffer * @param send Raw data buffer to be sent */ void processPolicyGetDesc(MessageBuffer &send); + /** + * Process getting privileges mapping. This retrieves and sends to clinet vector of privileges + * which are mapped to given privileges between two given privilege versions. + * + * @oaran send Raw data buffer to be sent + */ + void processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send); + }; } // namespace SecurityManager diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index a8ff402..7c39bf8 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -154,6 +154,9 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, case SecurityModuleCall::POLICY_GET_DESCRIPTIONS: processPolicyGetDesc(send); break; + case SecurityModuleCall::GET_PRIVILEGES_MAPPING: + processPrivilegesMappings(buffer, send); + break; default: LogError("Invalid call: " << call_type_int); Throw(ServiceException::InvalidAction); @@ -335,4 +338,18 @@ void Service::processPolicyGetDesc(MessageBuffer &send) } } +void Service::processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send) +{ + std::vector privileges; + std::string version_from, version_to; + Deserialization::Deserialize(recv, version_from); + Deserialization::Deserialize(recv, version_to); + Deserialization::Deserialize(recv, privileges); + + int ret = SECURITY_MANAGER_API_SUCCESS; + std::vector mappings; + Serialization::Serialize(send, ret); + Serialization::Serialize(send, mappings); +} + } // namespace SecurityManager -- 2.7.4 From 45f54a2a9ee474abb83060aa2fa16bfbc92e5cd4 Mon Sep 17 00:00:00 2001 From: Zofia Abramowska Date: Wed, 15 Jul 2015 18:03:41 +0200 Subject: [PATCH 04/16] Implement service side of privileges mapping Change-Id: I9e737fc0fd15a3eb248612f84b202d0a397bd35f --- src/common/CMakeLists.txt | 1 + src/common/config.cpp | 40 +++++++++++++++++++++++++++++++++ src/common/include/config.h | 40 +++++++++++++++++++++++++++++++++ src/common/include/service_impl.h | 13 +++++++++++ src/common/service_impl.cpp | 47 +++++++++++++++++++++++++++++++++++++++ src/server/service/service.cpp | 3 ++- 6 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 src/common/config.cpp create mode 100644 src/common/include/config.h diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt index 2994af5..5fdd83d 100644 --- a/src/common/CMakeLists.txt +++ b/src/common/CMakeLists.txt @@ -41,6 +41,7 @@ SET(COMMON_SOURCES ${DPL_PATH}/core/src/string.cpp ${DPL_PATH}/db/src/naive_synchronization_object.cpp ${DPL_PATH}/db/src/sql_connection.cpp + ${COMMON_PATH}/config.cpp ${COMMON_PATH}/connection.cpp ${COMMON_PATH}/cynara.cpp ${COMMON_PATH}/file-lock.cpp diff --git a/src/common/config.cpp b/src/common/config.cpp new file mode 100644 index 0000000..445662b --- /dev/null +++ b/src/common/config.cpp @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Rafal Krypa + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file config.cpp + * @author Zofia Abramowska + * @version 1.0 + * @brief Setting values of Configuration options + */ + +#include + +namespace SecurityManager { + +namespace Config { + +const std::string PRIVILEGE_VERSION = +#ifdef PRIVILEGE_VERSION + PRIVILEGE_VERSION +#else + "3.0" +#endif +; +}; + +} /* namespace SecurityManager */ diff --git a/src/common/include/config.h b/src/common/include/config.h new file mode 100644 index 0000000..742b092 --- /dev/null +++ b/src/common/include/config.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Rafal Krypa + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file config.h + * @author Zofia Abramowska + * @version 1.0 + * @brief Definition of Configuration options + */ + +#ifndef SECURITY_MANAGER_CONFIG_ +#define SECURITY_MANAGER_CONFIG_ + +#include + +namespace SecurityManager { + +namespace Config { + +extern const std::string PRIVILEGE_VERSION; + +}; + +} /* namespace SecurityManager */ + +#endif /* SECURITY_MANAGER_CONFIG_ */ diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h index a973c35..8374233 100644 --- a/src/common/include/service_impl.h +++ b/src/common/include/service_impl.h @@ -169,6 +169,19 @@ int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::strin */ int policyGetDesc(std::vector &descriptions); +/** + * Process getting privileges mappings from one version to another. + * + * @param[in] version_from version to be mapped from + * @param[in] version_to version to be mapped to + * @param[in] privileges vector of privileges to be mapped + * @param[out] mappings mappings of given privileges + */ +int getPrivilegesMappings(const std::string &version_from, + const std::string &version_to, + const std::vector &privileges, + std::vector &mappings); + } /* namespace ServiceImpl */ } /* namespace SecurityManager */ diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index 873578d..503fd62 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -35,6 +35,7 @@ #include #include +#include #include "protocols.h" #include "privilege_db.h" #include "cynara.h" @@ -984,5 +985,51 @@ int policyGetDesc(std::vector &levels) return ret; } +int getPrivilegesMappings(const std::string &version_from, + const std::string &version_to, + const std::vector &privileges, + std::vector &mappings) +{ + int errorRet; + try { + std::string finalVersionTo; + if (version_to.empty()) { + finalVersionTo = Config::PRIVILEGE_VERSION; + } else { + finalVersionTo = version_to; + } + + PrivilegeDb::getInstance().BeginTransaction(); + if (privileges.size() == 0) { + PrivilegeDb::getInstance().GetDefaultMapping(version_from, finalVersionTo, mappings); + } else if ( privileges.size() == 1) { + PrivilegeDb::getInstance().GetPrivilegeMappings(version_from, finalVersionTo, + privileges.front(), mappings); + } else { + PrivilegeDb::getInstance().GetPrivilegesMappings(version_from, finalVersionTo, + privileges, mappings); + } + PrivilegeDb::getInstance().CommitTransaction(); + return SECURITY_MANAGER_API_SUCCESS; + } catch (const PrivilegeDb::Exception::IOError &e) { + LogError("Cannot access application database: " << e.DumpToString()); + errorRet = SECURITY_MANAGER_API_ERROR_SERVER_ERROR; + } catch (const PrivilegeDb::Exception::InternalError &e) { + LogError("Error while getting privilege mapping from database: " << e.DumpToString()); + errorRet = SECURITY_MANAGER_API_ERROR_SERVER_ERROR; + } catch (const std::bad_alloc &e) { + LogError("Memory allocation failed: " << e.what()); + errorRet = SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY; + } catch (const std::exception &e) { + LogError("Some exception thrown : " << e.what()); + errorRet = SECURITY_MANAGER_API_ERROR_UNKNOWN; + } catch (...) { + LogError("Unknown exception thrown"); + errorRet = SECURITY_MANAGER_API_ERROR_UNKNOWN; + } + PrivilegeDb::getInstance().RollbackTransaction(); + return errorRet; +} + } /* namespace ServiceImpl */ } /* namespace SecurityManager */ diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index 7c39bf8..45cdcf3 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -346,8 +346,9 @@ void Service::processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send Deserialization::Deserialize(recv, version_to); Deserialization::Deserialize(recv, privileges); - int ret = SECURITY_MANAGER_API_SUCCESS; std::vector mappings; + int ret = ServiceImpl::getPrivilegesMappings(version_from, version_to, privileges, mappings); + Serialization::Serialize(send, ret); Serialization::Serialize(send, mappings); } -- 2.7.4 From d620cb7aeb0a96050324315373d860e790acb0c8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Oskar=20=C5=9Awitalski?= Date: Thu, 30 Jul 2015 14:14:12 +0200 Subject: [PATCH 05/16] Fix resetting prepared statement Prepared statement should be reset/finalized after making new one, otherwise database will be in BUSY state and locked. Change-Id: I679d3d41b1de406112a93c6d0c73ff0d0aae5d63 --- src/common/include/privilege_db.h | 20 +++++++++++--- src/common/privilege_db.cpp | 55 ++++++++++++++++++++++----------------- 2 files changed, 47 insertions(+), 28 deletions(-) diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h index 1b3f7a2..83fb157 100644 --- a/src/common/include/privilege_db.h +++ b/src/common/include/privilege_db.h @@ -76,6 +76,18 @@ private: */ PrivilegeDb(const std::string &path = std::string(PRIVILEGE_DB_PATH)); + /** + * Wrapper for prepared statement, it will reset statement at destruction. + */ + class StatementWrapper { + public: + StatementWrapper(DB::SqlConnection::DataCommandAutoPtr &ref); + ~StatementWrapper(); + DB::SqlConnection::DataCommand* operator->(); + private: + DB::SqlConnection::DataCommandAutoPtr &m_ref; + }; + SecurityManager::DB::SqlConnection *mSqlConnection; const std::map Queries = { { StmtType::EGetPkgPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE pkg_name=? AND uid=? ORDER BY privilege_name"}, @@ -115,13 +127,13 @@ private: void initDataCommands(); /** - * Return prepared query for given query type. - * The query will be reset before returning. + * Return wrapped prepared query for given query type. + * The query will be reset after wrapper destruction. * * @param queryType query identifier - * @return reference to prepared, reset query + * @return wrapped prepared query */ - DB::SqlConnection::DataCommandAutoPtr & getStatement(StmtType queryType); + StatementWrapper getStatement(StmtType queryType); /** * Check if pkgId is already registered in database diff --git a/src/common/privilege_db.cpp b/src/common/privilege_db.cpp index 8dca5f6..0498f21 100644 --- a/src/common/privilege_db.cpp +++ b/src/common/privilege_db.cpp @@ -76,11 +76,22 @@ void PrivilegeDb::initDataCommands() } } -DB::SqlConnection::DataCommandAutoPtr & PrivilegeDb::getStatement(StmtType queryType) +PrivilegeDb::StatementWrapper::StatementWrapper(DB::SqlConnection::DataCommandAutoPtr &ref) + : m_ref(ref) {} + +PrivilegeDb::StatementWrapper::~StatementWrapper() +{ + m_ref->Reset(); +} + +DB::SqlConnection::DataCommand* PrivilegeDb::StatementWrapper::operator->() +{ + return m_ref.get(); +} + +PrivilegeDb::StatementWrapper PrivilegeDb::getStatement(StmtType queryType) { - auto &command = m_commands.at(static_cast(queryType)); - command->Reset(); - return command; + return StatementWrapper(m_commands.at(static_cast(queryType))); } PrivilegeDb::~PrivilegeDb() @@ -119,7 +130,7 @@ void PrivilegeDb::RollbackTransaction(void) bool PrivilegeDb::PkgIdExists(const std::string &pkgId) { return try_catch([&] { - auto &command = getStatement(StmtType::EPkgIdExists); + auto command = getStatement(StmtType::EPkgIdExists); command->BindString(1, pkgId); return command->Step(); }); @@ -128,7 +139,7 @@ bool PrivilegeDb::PkgIdExists(const std::string &pkgId) bool PrivilegeDb::GetAppPkgId(const std::string &appId, std::string &pkgId) { return try_catch([&] { - auto &command = getStatement(StmtType::EGetPkgId); + auto command = getStatement(StmtType::EGetPkgId); command->BindString(1, appId); if (!command->Step()) { @@ -147,7 +158,7 @@ void PrivilegeDb::AddApplication(const std::string &appId, const std::string &pkgId, uid_t uid) { try_catch([&] { - auto &command = getStatement(StmtType::EAddApplication); + auto command = getStatement(StmtType::EAddApplication); command->BindString(1, appId); command->BindString(2, pkgId); command->BindInteger(3, static_cast(uid)); @@ -171,7 +182,7 @@ void PrivilegeDb::RemoveApplication(const std::string &appId, uid_t uid, return; } - auto &command = getStatement(StmtType::ERemoveApplication); + auto command = getStatement(StmtType::ERemoveApplication); command->BindString(1, appId); command->BindInteger(2, static_cast(uid)); @@ -190,7 +201,7 @@ void PrivilegeDb::GetPkgPrivileges(const std::string &pkgId, uid_t uid, std::vector ¤tPrivileges) { try_catch([&] { - auto &command = getStatement(StmtType::EGetPkgPrivileges); + auto command = getStatement(StmtType::EGetPkgPrivileges); command->BindString(1, pkgId); command->BindInteger(2, static_cast(uid)); @@ -206,10 +217,8 @@ void PrivilegeDb::GetAppPrivileges(const std::string &appId, uid_t uid, std::vector ¤tPrivileges) { try_catch([&] { - DB::SqlConnection::DataCommandAutoPtr &command = - m_commands.at(static_cast(StmtType::EGetAppPrivileges)); + auto command = getStatement(StmtType::EGetAppPrivileges); - command->Reset(); command->BindString(1, appId); command->BindInteger(2, static_cast(uid)); currentPrivileges.clear(); @@ -225,7 +234,7 @@ void PrivilegeDb::GetAppPrivileges(const std::string &appId, uid_t uid, void PrivilegeDb::RemoveAppPrivileges(const std::string &appId, uid_t uid) { try_catch([&] { - auto &command = getStatement(StmtType::ERemoveAppPrivileges); + auto command = getStatement(StmtType::ERemoveAppPrivileges); command->BindString(1, appId); command->BindInteger(2, static_cast(uid)); if (command->Step()) { @@ -241,7 +250,7 @@ void PrivilegeDb::UpdateAppPrivileges(const std::string &appId, uid_t uid, const std::vector &privileges) { try_catch([&] { - auto &command = getStatement(StmtType::EAddAppPrivileges); + auto command = getStatement(StmtType::EAddAppPrivileges); command->BindString(1, appId); command->BindInteger(2, static_cast(uid)); @@ -260,7 +269,7 @@ void PrivilegeDb::GetPrivilegeGroups(const std::string &privilege, std::vector &groups) { try_catch([&] { - auto &command = getStatement(StmtType::EGetPrivilegeGroups); + auto command = getStatement(StmtType::EGetPrivilegeGroups); command->BindString(1, privilege); while (command->Step()) { @@ -274,7 +283,7 @@ void PrivilegeDb::GetPrivilegeGroups(const std::string &privilege, void PrivilegeDb::GetUserApps(uid_t uid, std::vector &apps) { try_catch([&] { - auto &command = getStatement(StmtType::EGetUserApps); + auto command = getStatement(StmtType::EGetUserApps); command->BindInteger(1, static_cast(uid)); apps.clear(); while (command->Step()) { @@ -289,10 +298,8 @@ void PrivilegeDb::GetAppIdsForPkgId(const std::string &pkgId, std::vector &appIds) { try_catch([&] { - DB::SqlConnection::DataCommandAutoPtr &command = - m_commands.at(static_cast(StmtType::EGetAppsInPkg)); + auto command = getStatement(StmtType::EGetAppsInPkg); - command->Reset(); command->BindString(1, pkgId); appIds.clear(); @@ -309,7 +316,7 @@ void PrivilegeDb::GetDefaultMapping(const std::string &version_from, std::vector &mappings) { try_catch([&] { - auto &command = getStatement(StmtType::EGetDefaultMappings); + auto command = getStatement(StmtType::EGetDefaultMappings); command->BindString(1, version_from); command->BindString(2, version_to); @@ -329,7 +336,7 @@ void PrivilegeDb::GetPrivilegeMappings(const std::string &version_from, std::vector &mappings) { try_catch([&] { - auto &command = getStatement(StmtType::EGetPrivilegeMappings); + auto command = getStatement(StmtType::EGetPrivilegeMappings); command->BindString(1, version_from); command->BindString(2, version_to); command->BindString(3, privilege); @@ -350,10 +357,10 @@ void PrivilegeDb::GetPrivilegesMappings(const std::string &version_from, std::vector &mappings) { try_catch([&] { - auto &deleteCmd = getStatement(StmtType::EDeletePrivilegesToMap); + auto deleteCmd = getStatement(StmtType::EDeletePrivilegesToMap); deleteCmd->Step(); - auto & insertCmd = getStatement(StmtType::EInsertPrivilegeToMap); + auto insertCmd = getStatement(StmtType::EInsertPrivilegeToMap); for (auto &privilege : privileges) { if (privilege.empty()) continue; @@ -365,7 +372,7 @@ void PrivilegeDb::GetPrivilegesMappings(const std::string &version_from, insertCmd->BindNull(1); insertCmd->Step(); - auto &queryCmd = getStatement(StmtType::EGetPrivilegesMappings); + auto queryCmd = getStatement(StmtType::EGetPrivilegesMappings); queryCmd->BindString(1, version_from); queryCmd->BindString(2, version_to); -- 2.7.4 From b10063c6aa5307343772800f017ea1267cf33f76 Mon Sep 17 00:00:00 2001 From: Lukasz Wojciechowski Date: Fri, 10 Jul 2015 13:54:21 +0200 Subject: [PATCH 06/16] Fix tzplatform-config linkage tzplatform-config was linked with cmd and service, but wasn't with common and client libraries. In fact it's used only by common library. This patch makes, only common library links with libtzplatform-config. Linkage with binaries is removed. Change-Id: Ia6bee0c47d1e5496c36a5479e19be198e4e1ab9b --- src/cmd/CMakeLists.txt | 1 - src/common/CMakeLists.txt | 1 + src/server/CMakeLists.txt | 1 - 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/cmd/CMakeLists.txt b/src/cmd/CMakeLists.txt index 70556c6..9c0e192 100644 --- a/src/cmd/CMakeLists.txt +++ b/src/cmd/CMakeLists.txt @@ -1,6 +1,5 @@ PKG_CHECK_MODULES(CMD_DEP REQUIRED - libtzplatform-config ) FIND_PACKAGE(Boost REQUIRED COMPONENTS program_options) diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt index 5fdd83d..b3355c2 100644 --- a/src/common/CMakeLists.txt +++ b/src/common/CMakeLists.txt @@ -8,6 +8,7 @@ PKG_CHECK_MODULES(COMMON_DEP db-util cynara-admin cynara-client-async + libtzplatform-config ) FIND_PACKAGE(Boost REQUIRED) diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt index b4efd53..3c3be5d 100644 --- a/src/server/CMakeLists.txt +++ b/src/server/CMakeLists.txt @@ -1,7 +1,6 @@ PKG_CHECK_MODULES(SERVER_DEP REQUIRED libsystemd-daemon - libtzplatform-config cynara-client ) -- 2.7.4 From cdf4595a9bd05ee18a7d7cfee4383ad98a542e8d Mon Sep 17 00:00:00 2001 From: Zofia Abramowska Date: Tue, 11 Aug 2015 17:25:28 +0200 Subject: [PATCH 07/16] Add script and config for privilege mapping setting Change-Id: I28d9b62547c5415f7cfc3c5934b75d4b6b6c020f --- policy/CMakeLists.txt | 1 + policy/privilege-mapping.list | 195 ++++++++++++++++++++++++++++++++++ policy/security-manager-policy-reload | 14 +++ 3 files changed, 210 insertions(+) create mode 100644 policy/privilege-mapping.list diff --git a/policy/CMakeLists.txt b/policy/CMakeLists.txt index bd08edc..bb795dd 100644 --- a/policy/CMakeLists.txt +++ b/policy/CMakeLists.txt @@ -2,4 +2,5 @@ FILE(GLOB USERTYPE_POLICY_FILES usertype-*.profile) INSTALL(FILES ${USERTYPE_POLICY_FILES} DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy) INSTALL(FILES "app-rules-template.smack" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy) INSTALL(FILES "privilege-group.list" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy) +INSTALL(FILES "privilege-mapping.list" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy) INSTALL(PROGRAMS security-manager-policy-reload DESTINATION ${BIN_INSTALL_DIR}) diff --git a/policy/privilege-mapping.list b/policy/privilege-mapping.list new file mode 100644 index 0000000..732165d --- /dev/null +++ b/policy/privilege-mapping.list @@ -0,0 +1,195 @@ +2.3 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read +2.3 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write +2.3 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.get +2.3 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.set +2.3 3.0 http://tizen.org/privilege/application.info http://tizen.org/privilege/packagemanager.info +2.3 3.0 http://tizen.org/privilege/application.kill http://tizen.org/privilege/appmanager.kill +2.3 3.0 http://tizen.org/privilege/application.launch http://tizen.org/privilege/appmanager.launch +2.3 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read +2.3 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate +2.3 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill +2.3 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin +2.3 3.0 http://tizen.org/privilege/bluetooth.gap http://tizen.org/privilege/bluetooth.admin +2.3 3.0 http://tizen.org/privilege/bluetooth.health http://tizen.org/privilege/bluetooth.admin +2.3 3.0 http://tizen.org/privilege/bluetooth.spp http://tizen.org/privilege/bluetooth.admin +2.3 3.0 http://tizen.org/privilege/bluetoothmanager http://tizen.org/privilege/bluetooth.admin +2.3 3.0 http://tizen.org/privilege/bookmark.read http://tizen.org/privilege/bookmark.admin +2.3 3.0 http://tizen.org/privilege/bookmark.write http://tizen.org/privilege/bookmark.admin +2.3 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read +2.3 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.read +2.3 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write +2.3 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call +2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read +2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/contact.read +2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/telephony +2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.read +2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write +2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.read +2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.write +2.3 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read +2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.read +2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write +2.3 3.0 http://tizen.org/privilege/content.read http://tizen.org/privilege/content.write +2.3 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write +2.3 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/appmanager.launch +2.3 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/datasharing +2.3 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download +2.3 3.0 http://tizen.org/privilege/filesystem.read http://tizen.org/privilege/systemsettings.admin +2.3 3.0 http://tizen.org/privilege/filesystem.write http://tizen.org/privilege/systemsettings.admin +2.3 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen +2.3 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo +2.3 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime +2.3 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet +2.3 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager +2.3 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led +2.3 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location +2.3 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/camera +2.3 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/recorder +2.3 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client +2.3 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server +2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/email +2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/message.read +2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/mediastorage +2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/callhistory.read +2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/callhistory.write +2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/contact.read +2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/contact.write +2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/email +2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/message.read +2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/message.write +2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/mediastorage +2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.read +2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.write +2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.read +2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.write +2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/email +2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.read +2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.write +2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/mediastorage +2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/telephony +2.3 3.0 http://tizen.org/privilege/networkbearerselection http://tizen.org/privilege/network.set +2.3 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/secureelement +2.3 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin +2.3 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation +2.3 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/secureelement +2.3 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/nfc +2.3 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/secureelement +2.3 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/nfc +2.3 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/secureelement +2.3 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/nfc +2.3 3.0 http://tizen.org/privilege/notification.read http://tizen.org/privilege/notification +2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification +2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/packagemanager.info +2.3 3.0 http://tizen.org/privilege/notification.write http://tizen.org/privilege/notification +2.3 3.0 http://tizen.org/privilege/package.info http://tizen.org/privilege/packagemanager.info +2.3 3.0 http://tizen.org/privilege/packagemanager.install http://tizen.org/privilege/packagemanager.admin +2.3 3.0 http://tizen.org/privilege/power http://tizen.org/privilege/display +2.3 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push +2.3 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement +2.3 3.0 http://tizen.org/privilege/setting http://tizen.org/privilege/systemsettings.admin +2.3 3.0 http://tizen.org/privilege/system http://tizen.org/privilege/telephony +2.3 3.0 http://tizen.org/privilege/systeminfo http://tizen.org/privilege/network.get +2.3 3.0 http://tizen.org/privilege/systeminfo http://tizen.org/privilege/telephony +2.3 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony +2.3 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage +2.3 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set +2.3 3.0 http://tizen.org/privilege/message.read http://tizen.org/privilege/message.read +2.3 3.0 http://tizen.org/privilege/network.get http://tizen.org/privilege/network.get +2.3 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet +2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification +2.3 3.0 http://tizen.org/privilege/mediastorage http://tizen.org/privilege/mediastorage +2.3 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server +2.3 3.0 http://tizen.org/privilege/packagemanager.admin http://tizen.org/privilege/packagemanager.admin +2.3 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate +2.3 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager +2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read +2.3 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read +2.3 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push +2.3 3.0 http://tizen.org/privilege/nfc http://tizen.org/privilege/nfc +2.3 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/camera +2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write +2.3 3.0 http://tizen.org/privilege/message.write http://tizen.org/privilege/message.write +2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write +2.3 3.0 http://tizen.org/privilege/datasharing http://tizen.org/privilege/datasharing +2.3 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage +2.3 3.0 http://tizen.org/privilege/display http://tizen.org/privilege/display +2.3 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin +2.3 3.0 http://tizen.org/privilege/appmanager.launch http://tizen.org/privilege/appmanager.launch +2.3 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony +2.3 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download +2.3 3.0 http://tizen.org/privilege/recorder http://tizen.org/privilege/recorder +2.3 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write +2.3 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read +2.3 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation +2.3 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led +2.3 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read +2.3 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call +2.3 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin +2.3 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen +2.3 3.0 http://tizen.org/privilege/network.set http://tizen.org/privilege/network.set +2.3 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set +2.3 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read +2.3 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write +2.3 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location +2.3 3.0 http://tizen.org/privilege/bookmark.admin http://tizen.org/privilege/bookmark.admin +2.3 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime +2.3 3.0 http://tizen.org/privilege/systemsettings.admin http://tizen.org/privilege/systemsettings.admin +2.3 3.0 http://tizen.org/privilege/packagemanager.info http://tizen.org/privilege/packagemanager.info +2.3 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client +2.3 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo +2.3 3.0 http://tizen.org/privilege/alarm.set http://tizen.org/privilege/alarm.set +2.3 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill +2.3 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement +2.3 3.0 http://tizen.org/privilege/alarm.get http://tizen.org/privilege/alarm.get +2.3 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write +2.3 3.0 http://tizen.org/privilege/email http://tizen.org/privilege/email +2.4 3.0 http://tizen.org/privilege/message.read http://tizen.org/privilege/message.read +2.4 3.0 http://tizen.org/privilege/network.get http://tizen.org/privilege/network.get +2.4 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet +2.4 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification +2.4 3.0 http://tizen.org/privilege/mediastorage http://tizen.org/privilege/mediastorage +2.4 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server +2.4 3.0 http://tizen.org/privilege/packagemanager.admin http://tizen.org/privilege/packagemanager.admin +2.4 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate +2.4 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager +2.4 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read +2.4 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read +2.4 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push +2.4 3.0 http://tizen.org/privilege/nfc http://tizen.org/privilege/nfc +2.4 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/camera +2.4 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write +2.4 3.0 http://tizen.org/privilege/message.write http://tizen.org/privilege/message.write +2.4 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write +2.4 3.0 http://tizen.org/privilege/datasharing http://tizen.org/privilege/datasharing +2.4 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage +2.4 3.0 http://tizen.org/privilege/display http://tizen.org/privilege/display +2.4 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin +2.4 3.0 http://tizen.org/privilege/appmanager.launch http://tizen.org/privilege/appmanager.launch +2.4 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony +2.4 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download +2.4 3.0 http://tizen.org/privilege/recorder http://tizen.org/privilege/recorder +2.4 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write +2.4 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read +2.4 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation +2.4 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led +2.4 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read +2.4 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call +2.4 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin +2.4 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen +2.4 3.0 http://tizen.org/privilege/network.set http://tizen.org/privilege/network.set +2.4 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set +2.4 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read +2.4 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write +2.4 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location +2.4 3.0 http://tizen.org/privilege/bookmark.admin http://tizen.org/privilege/bookmark.admin +2.4 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime +2.4 3.0 http://tizen.org/privilege/systemsettings.admin http://tizen.org/privilege/systemsettings.admin +2.4 3.0 http://tizen.org/privilege/packagemanager.info http://tizen.org/privilege/packagemanager.info +2.4 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client +2.4 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo +2.4 3.0 http://tizen.org/privilege/alarm.set http://tizen.org/privilege/alarm.set +2.4 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill +2.4 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement +2.4 3.0 http://tizen.org/privilege/alarm.get http://tizen.org/privilege/alarm.get +2.4 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write +2.4 3.0 http://tizen.org/privilege/email http://tizen.org/privilege/email diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload index 274c49c..b131f4d 100755 --- a/policy/security-manager-policy-reload +++ b/policy/security-manager-policy-reload @@ -2,6 +2,8 @@ POLICY_PATH=/usr/share/security-manager/policy PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list +PRIVILEGE_MAPPING=$POLICY_PATH/privilege-mapping.list + DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db # Create default buckets @@ -70,3 +72,15 @@ do done echo "COMMIT;" ) | sqlite3 "$DB_FILE" + +# Load privilege-privilege mappings +( +echo "BEGIN;" +echo "DELETE FROM privilege_mapping;" +grep -v '^#' "$PRIVILEGE_MAPPING" | +while read version_from version_to privilege mapping +do + echo "INSERT INTO privilege_mapping_view (version_from_name, version_to_name, privilege_name, privilege_mapping_name) VALUES ('$version_from', '$version_to', '$privilege', '$mapping');" +done +echo "COMMIT;" +) | sqlite3 "$DB_FILE" -- 2.7.4 From 1f1d17180541c12171fdcbac42260b28baf89831 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 28 Aug 2014 17:44:08 +0200 Subject: [PATCH 08/16] Fix potential buffer overflow error CID: 40674 Change backported from security-server repository. Change-Id: Ifcbd8ebe4ddfa4c04dd000639cab2c60648c3943 Signed-off-by: Rafal Krypa --- src/server/main/socket-manager.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/server/main/socket-manager.cpp b/src/server/main/socket-manager.cpp index 94c54c6..0366186 100644 --- a/src/server/main/socket-manager.cpp +++ b/src/server/main/socket-manager.cpp @@ -484,6 +484,13 @@ int SocketManager::CreateDomainSocketHelp( { int sockfd; + if(desc.serviceHandlerPath.size() >= sizeof(static_cast(0)->sun_path) / + sizeof(decltype(desc.serviceHandlerPath)::value_type)) { + LogError("Service handler path too long: " << desc.serviceHandlerPath.size()); + ThrowMsg(Exception::InitFailed, + "Service handler path too long: " << desc.serviceHandlerPath.size()); + } + if (-1 == (sockfd = socket(AF_UNIX, SOCK_STREAM, 0))) { int err = errno; LogError("Error in socket: " << strerror(err)); -- 2.7.4 From 8014cacc52f716ec424d43938967c21164ea3854 Mon Sep 17 00:00:00 2001 From: Yunjin Lee Date: Wed, 26 Aug 2015 17:48:00 +0900 Subject: [PATCH 09/16] Update privilege list according to the latest privilege set in 2.x Remove deprecated privileges and Add new privileges. Change-Id: I385a61e02bb86a112da1be730e17f4461cf4d049 Signed-off-by: Yunjin Lee --- policy/usertype-admin.profile | 19 +++++++++++++++++-- policy/usertype-guest.profile | 19 +++++++++++++++++-- policy/usertype-normal.profile | 19 +++++++++++++++++-- policy/usertype-system.profile | 19 +++++++++++++++++-- 4 files changed, 68 insertions(+), 8 deletions(-) diff --git a/policy/usertype-admin.profile b/policy/usertype-admin.profile index 40c43e1..f527e86 100644 --- a/policy/usertype-admin.profile +++ b/policy/usertype-admin.profile @@ -4,7 +4,9 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill +* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -26,15 +28,24 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic +* http://tizen.org/privilege/healthinfo +* http://tizen.org/privilege/ime +* http://tizen.org/privilege/imemanager +* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet +* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager -* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable +* http://tizen.org/privilege/mapservice +* http://tizen.org/privilege/mediacontroller.client +* http://tizen.org/privilege/mediacontroller.server +* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write +* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -43,18 +54,22 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin +* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push +* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot +* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemsettings +* http://tizen.org/privilege/systemmonitor * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin +* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set diff --git a/policy/usertype-guest.profile b/policy/usertype-guest.profile index 3d40722..f2dd9b8 100644 --- a/policy/usertype-guest.profile +++ b/policy/usertype-guest.profile @@ -4,7 +4,9 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill +* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -26,15 +28,24 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic +* http://tizen.org/privilege/healthinfo +* http://tizen.org/privilege/ime +* http://tizen.org/privilege/imemanager +* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet +* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager -* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable +* http://tizen.org/privilege/mapservice +* http://tizen.org/privilege/mediacontroller.client +* http://tizen.org/privilege/mediacontroller.server +* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write +* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -43,18 +54,22 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin +* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push +* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot +* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemsettings +* http://tizen.org/privilege/systemmonitor * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin +* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set diff --git a/policy/usertype-normal.profile b/policy/usertype-normal.profile index 365b3f2..e24c183 100644 --- a/policy/usertype-normal.profile +++ b/policy/usertype-normal.profile @@ -4,7 +4,9 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill +* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -26,15 +28,24 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic +* http://tizen.org/privilege/healthinfo +* http://tizen.org/privilege/ime +* http://tizen.org/privilege/imemanager +* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet +* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager -* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable +* http://tizen.org/privilege/mapservice +* http://tizen.org/privilege/mediacontroller.client +* http://tizen.org/privilege/mediacontroller.server +* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write +* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -43,18 +54,22 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin +* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push +* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot +* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemsettings +* http://tizen.org/privilege/systemmonitor * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin +* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set diff --git a/policy/usertype-system.profile b/policy/usertype-system.profile index 2cd6360..0d4c7b0 100644 --- a/policy/usertype-system.profile +++ b/policy/usertype-system.profile @@ -4,7 +4,9 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill +* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -26,15 +28,24 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic +* http://tizen.org/privilege/healthinfo +* http://tizen.org/privilege/ime +* http://tizen.org/privilege/imemanager +* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet +* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager -* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable +* http://tizen.org/privilege/mapservice +* http://tizen.org/privilege/mediacontroller.client +* http://tizen.org/privilege/mediacontroller.server +* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write +* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -43,18 +54,22 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin +* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push +* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot +* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemsettings +* http://tizen.org/privilege/systemmonitor * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin +* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set -- 2.7.4 From e7f796f63565ffbcef91b4bdba6a0a6d112ecabb Mon Sep 17 00:00:00 2001 From: Kim Kidong Date: Wed, 26 Aug 2015 03:32:22 -0700 Subject: [PATCH 10/16] Revert "Update privilege list according to the latest privilege set in 2.x" This reverts commit 8014cacc52f716ec424d43938967c21164ea3854. Change-Id: I0c3df1d8c99986adc87ab9a6546efecf34629613 --- policy/usertype-admin.profile | 19 ++----------------- policy/usertype-guest.profile | 19 ++----------------- policy/usertype-normal.profile | 19 ++----------------- policy/usertype-system.profile | 19 ++----------------- 4 files changed, 8 insertions(+), 68 deletions(-) diff --git a/policy/usertype-admin.profile b/policy/usertype-admin.profile index f527e86..40c43e1 100644 --- a/policy/usertype-admin.profile +++ b/policy/usertype-admin.profile @@ -4,9 +4,7 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set -* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill -* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -28,24 +26,15 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic -* http://tizen.org/privilege/healthinfo -* http://tizen.org/privilege/ime -* http://tizen.org/privilege/imemanager -* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet -* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager +* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable -* http://tizen.org/privilege/mapservice -* http://tizen.org/privilege/mediacontroller.client -* http://tizen.org/privilege/mediacontroller.server -* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write -* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -54,22 +43,18 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin -* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push -* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot -* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemmonitor +* http://tizen.org/privilege/systemsettings * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin -* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set diff --git a/policy/usertype-guest.profile b/policy/usertype-guest.profile index f2dd9b8..3d40722 100644 --- a/policy/usertype-guest.profile +++ b/policy/usertype-guest.profile @@ -4,9 +4,7 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set -* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill -* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -28,24 +26,15 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic -* http://tizen.org/privilege/healthinfo -* http://tizen.org/privilege/ime -* http://tizen.org/privilege/imemanager -* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet -* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager +* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable -* http://tizen.org/privilege/mapservice -* http://tizen.org/privilege/mediacontroller.client -* http://tizen.org/privilege/mediacontroller.server -* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write -* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -54,22 +43,18 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin -* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push -* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot -* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemmonitor +* http://tizen.org/privilege/systemsettings * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin -* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set diff --git a/policy/usertype-normal.profile b/policy/usertype-normal.profile index e24c183..365b3f2 100644 --- a/policy/usertype-normal.profile +++ b/policy/usertype-normal.profile @@ -4,9 +4,7 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set -* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill -* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -28,24 +26,15 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic -* http://tizen.org/privilege/healthinfo -* http://tizen.org/privilege/ime -* http://tizen.org/privilege/imemanager -* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet -* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager +* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable -* http://tizen.org/privilege/mapservice -* http://tizen.org/privilege/mediacontroller.client -* http://tizen.org/privilege/mediacontroller.server -* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write -* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -54,22 +43,18 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin -* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push -* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot -* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemmonitor +* http://tizen.org/privilege/systemsettings * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin -* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set diff --git a/policy/usertype-system.profile b/policy/usertype-system.profile index 0d4c7b0..2cd6360 100644 --- a/policy/usertype-system.profile +++ b/policy/usertype-system.profile @@ -4,9 +4,7 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set -* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill -* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -28,24 +26,15 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic -* http://tizen.org/privilege/healthinfo -* http://tizen.org/privilege/ime -* http://tizen.org/privilege/imemanager -* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet -* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager +* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable -* http://tizen.org/privilege/mapservice -* http://tizen.org/privilege/mediacontroller.client -* http://tizen.org/privilege/mediacontroller.server -* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write -* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -54,22 +43,18 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin -* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push -* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot -* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemmonitor +* http://tizen.org/privilege/systemsettings * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin -* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set -- 2.7.4 From 0b1ae3d7f79c6bb5718b7c255e079f60e6daf319 Mon Sep 17 00:00:00 2001 From: Yunjin Lee Date: Wed, 26 Aug 2015 03:45:48 -0700 Subject: [PATCH 11/16] Revert "Revert "Update privilege list according to the latest privilege set in 2.x"" This reverts commit e7f796f63565ffbcef91b4bdba6a0a6d112ecabb. Change-Id: I5d14578100bd0631679eba84936ce1d8bca8f93e --- policy/usertype-admin.profile | 20 ++++++++++++++++++-- policy/usertype-guest.profile | 20 ++++++++++++++++++-- policy/usertype-normal.profile | 20 ++++++++++++++++++-- policy/usertype-system.profile | 20 ++++++++++++++++++-- 4 files changed, 72 insertions(+), 8 deletions(-) diff --git a/policy/usertype-admin.profile b/policy/usertype-admin.profile index 40c43e1..e8915cc 100644 --- a/policy/usertype-admin.profile +++ b/policy/usertype-admin.profile @@ -4,7 +4,9 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill +* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -26,15 +28,24 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic +* http://tizen.org/privilege/healthinfo +* http://tizen.org/privilege/ime +* http://tizen.org/privilege/imemanager +* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet +* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager -* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable +* http://tizen.org/privilege/mapservice +* http://tizen.org/privilege/mediacontroller.client +* http://tizen.org/privilege/mediacontroller.server +* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write +* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -43,18 +54,23 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin +* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push +* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot +* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemsettings +* http://tizen.org/privilege/systemmonitor * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin +* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set +* http://tizen.org/privilege/notexist diff --git a/policy/usertype-guest.profile b/policy/usertype-guest.profile index 3d40722..13b6013 100644 --- a/policy/usertype-guest.profile +++ b/policy/usertype-guest.profile @@ -4,7 +4,9 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill +* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -26,15 +28,24 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic +* http://tizen.org/privilege/healthinfo +* http://tizen.org/privilege/ime +* http://tizen.org/privilege/imemanager +* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet +* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager -* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable +* http://tizen.org/privilege/mapservice +* http://tizen.org/privilege/mediacontroller.client +* http://tizen.org/privilege/mediacontroller.server +* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write +* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -43,18 +54,23 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin +* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push +* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot +* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemsettings +* http://tizen.org/privilege/systemmonitor * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin +* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set +* http://tizen.org/privilege/notexist diff --git a/policy/usertype-normal.profile b/policy/usertype-normal.profile index 365b3f2..103f13d 100644 --- a/policy/usertype-normal.profile +++ b/policy/usertype-normal.profile @@ -4,7 +4,9 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill +* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -26,15 +28,24 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic +* http://tizen.org/privilege/healthinfo +* http://tizen.org/privilege/ime +* http://tizen.org/privilege/imemanager +* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet +* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager -* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable +* http://tizen.org/privilege/mapservice +* http://tizen.org/privilege/mediacontroller.client +* http://tizen.org/privilege/mediacontroller.server +* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write +* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -43,18 +54,23 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin +* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push +* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot +* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemsettings +* http://tizen.org/privilege/systemmonitor * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin +* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set +* http://tizen.org/privilege/notexist diff --git a/policy/usertype-system.profile b/policy/usertype-system.profile index 2cd6360..3e0abb6 100644 --- a/policy/usertype-system.profile +++ b/policy/usertype-system.profile @@ -4,7 +4,9 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill +* http://tizen.org/privilege/appmanager.kill.bgapp * http://tizen.org/privilege/appmanager.launch * http://tizen.org/privilege/bluetooth * http://tizen.org/privilege/bluetooth.admin @@ -26,15 +28,24 @@ * http://tizen.org/privilege/externalstorage * http://tizen.org/privilege/externalstorage.appdata * http://tizen.org/privilege/haptic +* http://tizen.org/privilege/healthinfo +* http://tizen.org/privilege/ime +* http://tizen.org/privilege/imemanager +* http://tizen.org/privilege/inputgenerator * http://tizen.org/privilege/internet +* http://tizen.org/privilege/keygrab * http://tizen.org/privilege/keymanager -* http://tizen.org/privilege/keymanager.admin * http://tizen.org/privilege/led * http://tizen.org/privilege/location * http://tizen.org/privilege/location.enable +* http://tizen.org/privilege/mapservice +* http://tizen.org/privilege/mediacontroller.client +* http://tizen.org/privilege/mediacontroller.server +* http://tizen.org/privilege/mediahistory.read * http://tizen.org/privilege/mediastorage * http://tizen.org/privilege/message.read * http://tizen.org/privilege/message.write +* http://tizen.org/privilege/minicontrol.provider * http://tizen.org/privilege/network.get * http://tizen.org/privilege/network.profile * http://tizen.org/privilege/network.set @@ -43,18 +54,23 @@ * http://tizen.org/privilege/nfc.cardemulation * http://tizen.org/privilege/notification * http://tizen.org/privilege/packagemanager.admin +* http://tizen.org/privilege/packagemanager.clearcache * http://tizen.org/privilege/packagemanager.info * http://tizen.org/privilege/power * http://tizen.org/privilege/push +* http://tizen.org/privilege/reboot * http://tizen.org/privilege/recorder * http://tizen.org/privilege/screenshot +* http://tizen.org/privilege/secureelement * http://tizen.org/privilege/shortcut -* http://tizen.org/privilege/systemsettings +* http://tizen.org/privilege/systemmonitor * http://tizen.org/privilege/systemsettings.admin * http://tizen.org/privilege/telephony * http://tizen.org/privilege/telephony.admin * http://tizen.org/privilege/tethering.admin * http://tizen.org/privilege/volume.set * http://tizen.org/privilege/web-history.admin +* http://tizen.org/privilege/widget.viewer * http://tizen.org/privilege/wifidirect * http://tizen.org/privilege/window.priority.set +* http://tizen.org/privilege/notexist -- 2.7.4 From 5b67944703dbbbbfc4b2ce59c13ddfa0c00092e4 Mon Sep 17 00:00:00 2001 From: Yunjin Lee Date: Mon, 31 Aug 2015 18:06:00 +0900 Subject: [PATCH 12/16] Update privilege mapping list Change-Id: If17b3aedf5abc9041eb033973a2b9e3b8596b9ef Signed-off-by: Yunjin Lee --- policy/privilege-mapping.list | 352 ++++++++++++++++++++++++++++-------------- 1 file changed, 237 insertions(+), 115 deletions(-) diff --git a/policy/privilege-mapping.list b/policy/privilege-mapping.list index 732165d..49b4743 100644 --- a/policy/privilege-mapping.list +++ b/policy/privilege-mapping.list @@ -1,13 +1,84 @@ +2.2.1 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.get +2.2.1 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.set +2.2.1 3.0 http://tizen.org/privilege/application.info http://tizen.org/privilege/packagemanager.info +2.2.1 3.0 http://tizen.org/privilege/application.launch http://tizen.org/privilege/appmanager.launch +2.2.1 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/notexist +2.2.1 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill +2.2.1 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin +2.2.1 3.0 http://tizen.org/privilege/bluetooth.gap http://tizen.org/privilege/bluetooth.admin +2.2.1 3.0 http://tizen.org/privilege/bluetooth.health http://tizen.org/privilege/bluetooth.admin +2.2.1 3.0 http://tizen.org/privilege/bluetooth.spp http://tizen.org/privilege/bluetooth.admin +2.2.1 3.0 http://tizen.org/privilege/bluetoothmanager http://tizen.org/privilege/bluetooth.admin +2.2.1 3.0 http://tizen.org/privilege/bookmark.read http://tizen.org/privilege/bookmark.admin +2.2.1 3.0 http://tizen.org/privilege/bookmark.write http://tizen.org/privilege/bookmark.admin +2.2.1 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read +2.2.1 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.read +2.2.1 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write +2.2.1 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read +2.2.1 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/contact.read +2.2.1 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/telephony +2.2.1 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.read +2.2.1 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write +2.2.1 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.read +2.2.1 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.write +2.2.1 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read +2.2.1 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.read +2.2.1 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write +2.2.1 3.0 http://tizen.org/privilege/content.read http://tizen.org/privilege/content.write +2.2.1 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write +2.2.1 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/appmanager.launch +2.2.1 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/datasharing +2.2.1 3.0 http://tizen.org/privilege/datasync http://tizen.org/privilege/notexist +2.2.1 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download +2.2.1 3.0 http://tizen.org/privilege/filesystem.read http://tizen.org/privilege/systemsettings.admin +2.2.1 3.0 http://tizen.org/privilege/filesystem.write http://tizen.org/privilege/systemsettings.admin +2.2.1 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/notexist +2.2.1 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location +2.2.1 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/camera +2.2.1 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/recorder +2.2.1 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/email +2.2.1 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/message.read +2.2.1 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/mediastorage +2.2.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.read +2.2.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.write +2.2.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.read +2.2.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.write +2.2.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/email +2.2.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.read +2.2.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.write +2.2.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/mediastorage +2.2.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/telephony +2.2.1 3.0 http://tizen.org/privilege/networkbearerselection http://tizen.org/privilege/network.set +2.2.1 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/secureelement +2.2.1 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin +2.2.1 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/secureelement +2.2.1 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/nfc +2.2.1 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/secureelement +2.2.1 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/nfc +2.2.1 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/secureelement +2.2.1 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/nfc +2.2.1 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification +2.2.1 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/packagemanager.info +2.2.1 3.0 http://tizen.org/privilege/package.info http://tizen.org/privilege/packagemanager.info +2.2.1 3.0 http://tizen.org/privilege/packagemanager.install http://tizen.org/privilege/packagemanager.admin +2.2.1 3.0 http://tizen.org/privilege/power http://tizen.org/privilege/display +2.2.1 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push +2.2.1 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement +2.2.1 3.0 http://tizen.org/privilege/setting http://tizen.org/privilege/systemsettings.admin +2.2.1 3.0 http://tizen.org/privilege/system http://tizen.org/privilege/telephony +2.2.1 3.0 http://tizen.org/privilege/systemmanager http://tizen.org/privilege/telephony +2.2.1 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/notexist +2.2.1 3.0 http://tizen.org/privilege/websetting http://tizen.org/privilege/notexist 2.3 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read 2.3 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write 2.3 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.get 2.3 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.set 2.3 3.0 http://tizen.org/privilege/application.info http://tizen.org/privilege/packagemanager.info -2.3 3.0 http://tizen.org/privilege/application.kill http://tizen.org/privilege/appmanager.kill 2.3 3.0 http://tizen.org/privilege/application.launch http://tizen.org/privilege/appmanager.launch -2.3 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read -2.3 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate +2.3 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/notexist 2.3 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill +2.3 3.0 http://tizen.org/privilege/audiorecorder http://tizen.org/privilege/camera +2.3 3.0 http://tizen.org/privilege/audiorecorder http://tizen.org/privilege/recorder 2.3 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin 2.3 3.0 http://tizen.org/privilege/bluetooth.gap http://tizen.org/privilege/bluetooth.admin 2.3 3.0 http://tizen.org/privilege/bluetooth.health http://tizen.org/privilege/bluetooth.admin @@ -26,6 +97,8 @@ 2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write 2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.read 2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.write +2.3 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/camera +2.3 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/recorder 2.3 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read 2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.read 2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write @@ -33,31 +106,19 @@ 2.3 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write 2.3 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/appmanager.launch 2.3 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/datasharing +2.3 3.0 http://tizen.org/privilege/datasync http://tizen.org/privilege/notexist 2.3 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download 2.3 3.0 http://tizen.org/privilege/filesystem.read http://tizen.org/privilege/systemsettings.admin 2.3 3.0 http://tizen.org/privilege/filesystem.write http://tizen.org/privilege/systemsettings.admin -2.3 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen +2.3 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/notexist 2.3 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo -2.3 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime 2.3 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet -2.3 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager -2.3 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led 2.3 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location 2.3 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/camera 2.3 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/recorder -2.3 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client -2.3 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server 2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/email 2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/message.read 2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/mediastorage -2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/callhistory.read -2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/callhistory.write -2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/contact.read -2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/contact.write -2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/email -2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/message.read -2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/message.write -2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/mediastorage 2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.read 2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.write 2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.read @@ -77,10 +138,8 @@ 2.3 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/nfc 2.3 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/secureelement 2.3 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/nfc -2.3 3.0 http://tizen.org/privilege/notification.read http://tizen.org/privilege/notification 2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification 2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/packagemanager.info -2.3 3.0 http://tizen.org/privilege/notification.write http://tizen.org/privilege/notification 2.3 3.0 http://tizen.org/privilege/package.info http://tizen.org/privilege/packagemanager.info 2.3 3.0 http://tizen.org/privilege/packagemanager.install http://tizen.org/privilege/packagemanager.admin 2.3 3.0 http://tizen.org/privilege/power http://tizen.org/privilege/display @@ -88,108 +147,171 @@ 2.3 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement 2.3 3.0 http://tizen.org/privilege/setting http://tizen.org/privilege/systemsettings.admin 2.3 3.0 http://tizen.org/privilege/system http://tizen.org/privilege/telephony -2.3 3.0 http://tizen.org/privilege/systeminfo http://tizen.org/privilege/network.get -2.3 3.0 http://tizen.org/privilege/systeminfo http://tizen.org/privilege/telephony -2.3 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony -2.3 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage +2.3 3.0 http://tizen.org/privilege/systemmanager http://tizen.org/privilege/telephony +2.3 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/notexist 2.3 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set -2.3 3.0 http://tizen.org/privilege/message.read http://tizen.org/privilege/message.read -2.3 3.0 http://tizen.org/privilege/network.get http://tizen.org/privilege/network.get -2.3 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet -2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification -2.3 3.0 http://tizen.org/privilege/mediastorage http://tizen.org/privilege/mediastorage -2.3 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server -2.3 3.0 http://tizen.org/privilege/packagemanager.admin http://tizen.org/privilege/packagemanager.admin -2.3 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate -2.3 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager -2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read -2.3 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read -2.3 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push -2.3 3.0 http://tizen.org/privilege/nfc http://tizen.org/privilege/nfc -2.3 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/camera -2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write -2.3 3.0 http://tizen.org/privilege/message.write http://tizen.org/privilege/message.write -2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write -2.3 3.0 http://tizen.org/privilege/datasharing http://tizen.org/privilege/datasharing -2.3 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage -2.3 3.0 http://tizen.org/privilege/display http://tizen.org/privilege/display -2.3 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin -2.3 3.0 http://tizen.org/privilege/appmanager.launch http://tizen.org/privilege/appmanager.launch -2.3 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony -2.3 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download -2.3 3.0 http://tizen.org/privilege/recorder http://tizen.org/privilege/recorder -2.3 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write -2.3 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read -2.3 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation -2.3 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led -2.3 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read -2.3 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call -2.3 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin -2.3 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen -2.3 3.0 http://tizen.org/privilege/network.set http://tizen.org/privilege/network.set -2.3 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set -2.3 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read -2.3 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write -2.3 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location -2.3 3.0 http://tizen.org/privilege/bookmark.admin http://tizen.org/privilege/bookmark.admin -2.3 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime -2.3 3.0 http://tizen.org/privilege/systemsettings.admin http://tizen.org/privilege/systemsettings.admin -2.3 3.0 http://tizen.org/privilege/packagemanager.info http://tizen.org/privilege/packagemanager.info -2.3 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client -2.3 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo -2.3 3.0 http://tizen.org/privilege/alarm.set http://tizen.org/privilege/alarm.set -2.3 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill -2.3 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement -2.3 3.0 http://tizen.org/privilege/alarm.get http://tizen.org/privilege/alarm.get -2.3 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write -2.3 3.0 http://tizen.org/privilege/email http://tizen.org/privilege/email -2.4 3.0 http://tizen.org/privilege/message.read http://tizen.org/privilege/message.read -2.4 3.0 http://tizen.org/privilege/network.get http://tizen.org/privilege/network.get -2.4 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet -2.4 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification -2.4 3.0 http://tizen.org/privilege/mediastorage http://tizen.org/privilege/mediastorage -2.4 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server -2.4 3.0 http://tizen.org/privilege/packagemanager.admin http://tizen.org/privilege/packagemanager.admin -2.4 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate -2.4 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager -2.4 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read +2.3 3.0 http://tizen.org/privilege/websetting http://tizen.org/privilege/notexist +2.3.1 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read +2.3.1 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write +2.3.1 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.get +2.3.1 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.set +2.3.1 3.0 http://tizen.org/privilege/application.info http://tizen.org/privilege/packagemanager.info +2.3.1 3.0 http://tizen.org/privilege/application.launch http://tizen.org/privilege/appmanager.launch +2.3.1 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/notexist +2.3.1 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill +2.3.1 3.0 http://tizen.org/privilege/audiorecorder http://tizen.org/privilege/camera +2.3.1 3.0 http://tizen.org/privilege/audiorecorder http://tizen.org/privilege/recorder +2.3.1 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin +2.3.1 3.0 http://tizen.org/privilege/bluetooth.gap http://tizen.org/privilege/bluetooth.admin +2.3.1 3.0 http://tizen.org/privilege/bluetooth.health http://tizen.org/privilege/bluetooth.admin +2.3.1 3.0 http://tizen.org/privilege/bluetooth.spp http://tizen.org/privilege/bluetooth.admin +2.3.1 3.0 http://tizen.org/privilege/bluetoothmanager http://tizen.org/privilege/bluetooth.admin +2.3.1 3.0 http://tizen.org/privilege/bookmark.read http://tizen.org/privilege/bookmark.admin +2.3.1 3.0 http://tizen.org/privilege/bookmark.write http://tizen.org/privilege/bookmark.admin +2.3.1 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read +2.3.1 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.read +2.3.1 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write +2.3.1 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call +2.3.1 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read +2.3.1 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/contact.read +2.3.1 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/telephony +2.3.1 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.read +2.3.1 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write +2.3.1 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.read +2.3.1 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.write +2.3.1 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/camera +2.3.1 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/recorder +2.3.1 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read +2.3.1 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.read +2.3.1 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write +2.3.1 3.0 http://tizen.org/privilege/content.read http://tizen.org/privilege/content.write +2.3.1 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write +2.3.1 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/appmanager.launch +2.3.1 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/datasharing +2.3.1 3.0 http://tizen.org/privilege/datasync http://tizen.org/privilege/notexist +2.3.1 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download +2.3.1 3.0 http://tizen.org/privilege/filesystem.read http://tizen.org/privilege/systemsettings.admin +2.3.1 3.0 http://tizen.org/privilege/filesystem.write http://tizen.org/privilege/systemsettings.admin +2.3.1 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/notexist +2.3.1 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo +2.3.1 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet +2.3.1 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location +2.3.1 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/camera +2.3.1 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/recorder +2.3.1 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/email +2.3.1 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/message.read +2.3.1 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/mediastorage +2.3.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.read +2.3.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.write +2.3.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.read +2.3.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.write +2.3.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/email +2.3.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.read +2.3.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.write +2.3.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/mediastorage +2.3.1 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/telephony +2.3.1 3.0 http://tizen.org/privilege/networkbearerselection http://tizen.org/privilege/network.set +2.3.1 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/secureelement +2.3.1 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin +2.3.1 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation +2.3.1 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/secureelement +2.3.1 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/nfc +2.3.1 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/secureelement +2.3.1 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/nfc +2.3.1 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/secureelement +2.3.1 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/nfc +2.3.1 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification +2.3.1 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/packagemanager.info +2.3.1 3.0 http://tizen.org/privilege/package.info http://tizen.org/privilege/packagemanager.info +2.3.1 3.0 http://tizen.org/privilege/packagemanager.install http://tizen.org/privilege/packagemanager.admin +2.3.1 3.0 http://tizen.org/privilege/power http://tizen.org/privilege/display +2.3.1 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push +2.3.1 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement +2.3.1 3.0 http://tizen.org/privilege/setting http://tizen.org/privilege/systemsettings.admin +2.3.1 3.0 http://tizen.org/privilege/system http://tizen.org/privilege/telephony +2.3.1 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony +2.3.1 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/notexist +2.3.1 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set +2.3.1 3.0 http://tizen.org/privilege/websetting http://tizen.org/privilege/notexist +2.4 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read +2.4 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write +2.4 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.get +2.4 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.set +2.4 3.0 http://tizen.org/privilege/application.info http://tizen.org/privilege/packagemanager.info +2.4 3.0 http://tizen.org/privilege/application.launch http://tizen.org/privilege/appmanager.launch +2.4 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/notexist +2.4 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill +2.4 3.0 http://tizen.org/privilege/audiorecorder http://tizen.org/privilege/camera +2.4 3.0 http://tizen.org/privilege/audiorecorder http://tizen.org/privilege/recorder +2.4 3.0 http://tizen.org/privilege/bluetooth http://tizen.org/privilege/bluetooth +2.4 3.0 http://tizen.org/privilege/bluetoothmanager http://tizen.org/privilege/bluetooth.admin +2.4 3.0 http://tizen.org/privilege/bookmark.read http://tizen.org/privilege/bookmark.admin +2.4 3.0 http://tizen.org/privilege/bookmark.write http://tizen.org/privilege/bookmark.admin 2.4 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read -2.4 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push -2.4 3.0 http://tizen.org/privilege/nfc http://tizen.org/privilege/nfc +2.4 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.read +2.4 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write +2.4 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call +2.4 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read +2.4 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/contact.read +2.4 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/telephony +2.4 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.read +2.4 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write +2.4 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.read +2.4 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.write 2.4 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/camera +2.4 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/recorder +2.4 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read +2.4 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.read 2.4 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write -2.4 3.0 http://tizen.org/privilege/message.write http://tizen.org/privilege/message.write -2.4 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write -2.4 3.0 http://tizen.org/privilege/datasharing http://tizen.org/privilege/datasharing -2.4 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage -2.4 3.0 http://tizen.org/privilege/display http://tizen.org/privilege/display -2.4 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin -2.4 3.0 http://tizen.org/privilege/appmanager.launch http://tizen.org/privilege/appmanager.launch -2.4 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony +2.4 3.0 http://tizen.org/privilege/content.read http://tizen.org/privilege/content.write +2.4 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write +2.4 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/appmanager.launch +2.4 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/datasharing +2.4 3.0 http://tizen.org/privilege/datasync http://tizen.org/privilege/notexist 2.4 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download -2.4 3.0 http://tizen.org/privilege/recorder http://tizen.org/privilege/recorder -2.4 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write -2.4 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read -2.4 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation +2.4 3.0 http://tizen.org/privilege/filesystem.read http://tizen.org/privilege/systemsettings.admin +2.4 3.0 http://tizen.org/privilege/filesystem.write http://tizen.org/privilege/systemsettings.admin +2.4 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/notexist +2.4 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo +2.4 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet +2.4 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime 2.4 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led -2.4 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read -2.4 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call -2.4 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin -2.4 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen -2.4 3.0 http://tizen.org/privilege/network.set http://tizen.org/privilege/network.set -2.4 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set -2.4 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read -2.4 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write 2.4 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location -2.4 3.0 http://tizen.org/privilege/bookmark.admin http://tizen.org/privilege/bookmark.admin -2.4 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime -2.4 3.0 http://tizen.org/privilege/systemsettings.admin http://tizen.org/privilege/systemsettings.admin -2.4 3.0 http://tizen.org/privilege/packagemanager.info http://tizen.org/privilege/packagemanager.info +2.4 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/camera +2.4 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/recorder 2.4 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client -2.4 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo -2.4 3.0 http://tizen.org/privilege/alarm.set http://tizen.org/privilege/alarm.set -2.4 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill +2.4 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server +2.4 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/email +2.4 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/message.read +2.4 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/mediastorage +2.4 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.read +2.4 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.write +2.4 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.read +2.4 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.write +2.4 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/email +2.4 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.read +2.4 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.write +2.4 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/mediastorage +2.4 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/telephony +2.4 3.0 http://tizen.org/privilege/networkbearerselection http://tizen.org/privilege/network.set +2.4 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/secureelement +2.4 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin +2.4 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation +2.4 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/secureelement +2.4 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/nfc +2.4 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/secureelement +2.4 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/nfc +2.4 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/secureelement +2.4 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/nfc +2.4 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification +2.4 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/packagemanager.info +2.4 3.0 http://tizen.org/privilege/package.info http://tizen.org/privilege/packagemanager.info +2.4 3.0 http://tizen.org/privilege/packagemanager.install http://tizen.org/privilege/packagemanager.admin +2.4 3.0 http://tizen.org/privilege/power http://tizen.org/privilege/display +2.4 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push 2.4 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement -2.4 3.0 http://tizen.org/privilege/alarm.get http://tizen.org/privilege/alarm.get -2.4 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write -2.4 3.0 http://tizen.org/privilege/email http://tizen.org/privilege/email +2.4 3.0 http://tizen.org/privilege/setting http://tizen.org/privilege/systemsettings.admin +2.4 3.0 http://tizen.org/privilege/system http://tizen.org/privilege/telephony +2.4 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony +2.4 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/notexist +2.4 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set -- 2.7.4 From 3a0fbcccc9c7f5ef47a05e835b7619e1068f53b9 Mon Sep 17 00:00:00 2001 From: Yunjin Lee Date: Wed, 2 Sep 2015 13:57:50 +0900 Subject: [PATCH 13/16] Update privilege list: Add missing privileges to user buckets and mapping list Change-Id: Ic47dfa9255b4bb5fe3e8e98a2e2d9c06dc475877 Signed-off-by: Yunjin Lee --- policy/privilege-mapping.list | 10 ++++++++++ policy/usertype-admin.profile | 1 + policy/usertype-guest.profile | 1 + policy/usertype-normal.profile | 1 + policy/usertype-system.profile | 1 + 5 files changed, 14 insertions(+) diff --git a/policy/privilege-mapping.list b/policy/privilege-mapping.list index 49b4743..024753b 100644 --- a/policy/privilege-mapping.list +++ b/policy/privilege-mapping.list @@ -148,6 +148,11 @@ 2.3 3.0 http://tizen.org/privilege/setting http://tizen.org/privilege/systemsettings.admin 2.3 3.0 http://tizen.org/privilege/system http://tizen.org/privilege/telephony 2.3 3.0 http://tizen.org/privilege/systemmanager http://tizen.org/privilege/telephony +2.3 3.0 http://tizen.org/privilege/tv.audio http://tizen.org/privilege/notexist +2.3 3.0 http://tizen.org/privilege/tv.channel http://tizen.org/privilege/notexist +2.3 3.0 http://tizen.org/privilege/tv.display http://tizen.org/privilege/notexist +2.3 3.0 http://tizen.org/privilege/tv.inputdevice http://tizen.org/privilege/notexist +2.3 3.0 http://tizen.org/privilege/tv.window http://tizen.org/privilege/notexist 2.3 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/notexist 2.3 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set 2.3 3.0 http://tizen.org/privilege/websetting http://tizen.org/privilege/notexist @@ -313,5 +318,10 @@ 2.4 3.0 http://tizen.org/privilege/setting http://tizen.org/privilege/systemsettings.admin 2.4 3.0 http://tizen.org/privilege/system http://tizen.org/privilege/telephony 2.4 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony +2.4 3.0 http://tizen.org/privilege/tv.audio http://tizen.org/privilege/notexist +2.4 3.0 http://tizen.org/privilege/tv.channel http://tizen.org/privilege/notexist +2.4 3.0 http://tizen.org/privilege/tv.display http://tizen.org/privilege/notexist +2.4 3.0 http://tizen.org/privilege/tv.inputdevice http://tizen.org/privilege/notexist +2.4 3.0 http://tizen.org/privilege/tv.window http://tizen.org/privilege/notexist 2.4 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/notexist 2.4 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set diff --git a/policy/usertype-admin.profile b/policy/usertype-admin.profile index e8915cc..aa4324d 100644 --- a/policy/usertype-admin.profile +++ b/policy/usertype-admin.profile @@ -4,6 +4,7 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/antivirus * http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill * http://tizen.org/privilege/appmanager.kill.bgapp diff --git a/policy/usertype-guest.profile b/policy/usertype-guest.profile index 13b6013..21fdf35 100644 --- a/policy/usertype-guest.profile +++ b/policy/usertype-guest.profile @@ -4,6 +4,7 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/antivirus * http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill * http://tizen.org/privilege/appmanager.kill.bgapp diff --git a/policy/usertype-normal.profile b/policy/usertype-normal.profile index 103f13d..df281ab 100644 --- a/policy/usertype-normal.profile +++ b/policy/usertype-normal.profile @@ -4,6 +4,7 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/antivirus * http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill * http://tizen.org/privilege/appmanager.kill.bgapp diff --git a/policy/usertype-system.profile b/policy/usertype-system.profile index 3e0abb6..8a1aa5e 100644 --- a/policy/usertype-system.profile +++ b/policy/usertype-system.profile @@ -4,6 +4,7 @@ * http://tizen.org/privilege/account.write * http://tizen.org/privilege/alarm.get * http://tizen.org/privilege/alarm.set +* http://tizen.org/privilege/antivirus * http://tizen.org/privilege/apphistory.read * http://tizen.org/privilege/appmanager.kill * http://tizen.org/privilege/appmanager.kill.bgapp -- 2.7.4 From ba5d664e58432f4045bb0d26a99e861eadb0fc81 Mon Sep 17 00:00:00 2001 From: Aleksander Zdyb Date: Fri, 31 Jul 2015 13:05:55 +0200 Subject: [PATCH 14/16] Add security_manager_groups_get() API This function returns array of groups bound to privileges. It's needed by nice-lad to identify resources to be subject of auditing. Change-Id: Ie7a195507a02a30d54f93ffbc351c403f2c83000 --- src/client/client-security-manager.cpp | 80 +++++++++++++++++++++++++++++++++- src/common/include/privilege_db.h | 15 ++++++- src/common/include/protocols.h | 3 +- src/common/include/service_impl.h | 11 ++++- src/common/privilege_db.cpp | 15 ++++++- src/common/service_impl.cpp | 15 ++++++- src/include/security-manager.h | 24 +++++++++- src/server/service/include/service.h | 8 +++- src/server/service/service.cpp | 16 ++++++- 9 files changed, 177 insertions(+), 10 deletions(-) diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index 308da19..62e5663 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Rafal Krypa * @@ -1078,3 +1078,81 @@ void security_manager_privilege_mapping_free(char **privileges_mappings, size_t free(privileges_mappings[i]); delete [] privileges_mappings; } + +SECURITY_MANAGER_API +int security_manager_groups_get(char ***groups, size_t *groups_count) +{ + using namespace SecurityManager; + MessageBuffer send, recv; + if (!groups || !groups_count) + return SECURITY_MANAGER_ERROR_INPUT_PARAM; + return try_catch([&] { + + //put data into buffer + Serialization::Serialize(send, static_cast(SecurityModuleCall::GROUPS_GET)); + + //send buffer to server + int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); + if (retval != SECURITY_MANAGER_API_SUCCESS) { + LogError("Error in sendToServer. Error code: " << retval); + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + //receive response from server + Deserialization::Deserialize(recv, retval); + + switch(retval) { + case SECURITY_MANAGER_API_SUCCESS: + // success - continue + break; + case SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY: + return SECURITY_MANAGER_ERROR_MEMORY; + case SECURITY_MANAGER_API_ERROR_INPUT_PARAM: + return SECURITY_MANAGER_ERROR_INPUT_PARAM; + default: + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + std::vector vgroups; + Deserialization::Deserialize(recv, vgroups); + const auto vgroups_size = vgroups.size(); + LogInfo("Number of groups: " << vgroups_size); + + std::unique_ptr> array( + static_cast(calloc(vgroups_size, sizeof(char *))), + std::bind(security_manager_groups_free, std::placeholders::_1, vgroups_size)); + + if (array == nullptr) + return SECURITY_MANAGER_ERROR_MEMORY; + + for (size_t i = 0; i < vgroups_size; ++i) { + const auto &group = vgroups.at(i); + + if (group.empty()) { + LogError("Unexpected empty group"); + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + array.get()[i] = strdup(group.c_str()); + if (array.get()[i] == nullptr) + return SECURITY_MANAGER_ERROR_MEMORY; + } + + *groups_count = vgroups_size; + *groups = array.release(); + + return SECURITY_MANAGER_SUCCESS; + }); +} + +SECURITY_MANAGER_API +void security_manager_groups_free(char **groups, size_t groups_count) +{ + if (groups == nullptr) + return; + + for (size_t i = 0; i < groups_count; i++) + free(groups[i]); + + free(groups); +} diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h index 83fb157..27f68d6 100644 --- a/src/common/include/privilege_db.h +++ b/src/common/include/privilege_db.h @@ -1,7 +1,7 @@ /* * security-manager, database access * - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Rafal Krypa * @@ -24,6 +24,7 @@ * @author Krzysztof Sasiak * @author Rafal Krypa * @author Zofia Abramowska + * @author Aleksander Zdyb * @version 1.0 * @brief This file contains declaration of the API to privilges database. */ @@ -60,7 +61,8 @@ enum class StmtType { EGetPrivilegeMappings, EInsertPrivilegeToMap, EGetPrivilegesMappings, - EDeletePrivilegesToMap + EDeletePrivilegesToMap, + EGetGroups }; class PrivilegeDb { @@ -110,6 +112,7 @@ private: " WHERE version_from_name=? AND version_to_name=?" " AND privilege_name IN (SELECT privilege_name FROM privilege_to_map)"}, { StmtType::EDeletePrivilegesToMap, "DELETE FROM privilege_to_map"}, + { StmtType::EGetGroups, "SELECT DISTINCT group_name FROM privilege_group_view" }, }; /** @@ -320,6 +323,14 @@ public: const std::string &version_to, const std::vector &privileges, std::vector &mappings); + + /** + * Retrieve list of resource groups + * + * @param[out] grp_names - list of group names + * @exception DB::SqlConnection::Exception::InternalError on internal error + */ + void GetGroups(std::vector &grp_names); }; } //namespace SecurityManager diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h index c0caf45..4031510 100644 --- a/src/common/include/protocols.h +++ b/src/common/include/protocols.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Rafal Krypa * @@ -137,6 +137,7 @@ enum class SecurityModuleCall GET_CONF_POLICY_SELF, POLICY_GET_DESCRIPTIONS, GET_PRIVILEGES_MAPPING, + GROUPS_GET, NOOP = 0x90, }; diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h index 8374233..4444f52 100644 --- a/src/common/include/service_impl.h +++ b/src/common/include/service_impl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Rafal Krypa * @@ -182,6 +182,15 @@ int getPrivilegesMappings(const std::string &version_from, const std::vector &privileges, std::vector &mappings); +/** + * Process getting resources group list. + * + * @param[out] groups empty vector for group strings + * + * @return API return code, as defined in protocols.h + */ +int policyGetGroups(std::vector &groups); + } /* namespace ServiceImpl */ } /* namespace SecurityManager */ diff --git a/src/common/privilege_db.cpp b/src/common/privilege_db.cpp index 0498f21..9997128 100644 --- a/src/common/privilege_db.cpp +++ b/src/common/privilege_db.cpp @@ -1,7 +1,7 @@ /* * security-manager, database access * - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Rafal Krypa * @@ -386,4 +386,17 @@ void PrivilegeDb::GetPrivilegesMappings(const std::string &version_from, }); } +void PrivilegeDb::GetGroups(std::vector &groups) +{ + try_catch([&] { + auto command = getStatement(StmtType::EGetGroups); + + while (command->Step()) { + std::string groupName = command->GetColumnString(0); + LogDebug("Group " << groupName); + groups.push_back(groupName); + }; + }); +} + } //namespace SecurityManager diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index 503fd62..95f09c0 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Rafal Krypa * @@ -1031,5 +1031,18 @@ int getPrivilegesMappings(const std::string &version_from, return errorRet; } +int policyGetGroups(std::vector &groups) { + int ret = SECURITY_MANAGER_API_SUCCESS; + + try { + PrivilegeDb::getInstance().GetGroups(groups); + } catch (const PrivilegeDb::Exception::Base &e) { + LogError("Error while getting groups from database: " << e.DumpToString()); + return SECURITY_MANAGER_API_ERROR_SERVER_ERROR; + } + + return ret; +} + } /* namespace ServiceImpl */ } /* namespace SecurityManager */ diff --git a/src/include/security-manager.h b/src/include/security-manager.h index a96d5e7..3c1304e 100644 --- a/src/include/security-manager.h +++ b/src/include/security-manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Rafal Krypa * @@ -760,6 +760,28 @@ int security_manager_get_privileges_mapping(const char *from_version, * @param[in] mapping_count Number of privileges */ void security_manager_privilege_mapping_free(char **privileges_mappings, size_t mappings_count); + +/** + * This function returns array of groups bound to privileges of file resources. + * + * Caller needs to free memory allocated for the list using + * security_manager_groups_free(). + * + * @param[out] groups pointer to array of strings. + * @param[out] groups_count number of strings in levels array. + * @return API return code or error code. + */ +int security_manager_groups_get(char ***groups, size_t *groups_count); + +/** + * This function frees memory allocated by security_manager_groups_get() + * function. + * + * @param[in] groups array of strings returned by security_manager_groups_get() function. + * @param[in] groups_count size of the groups array + */ +void security_manager_groups_free(char **groups, size_t groups_count); + #ifdef __cplusplus } #endif diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h index 371d5fd..8087899 100644 --- a/src/server/service/include/service.h +++ b/src/server/service/include/service.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Rafal Krypa * @@ -150,6 +150,12 @@ private: */ void processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send); + /** + * Process getting groups bound with privileges + * + * @param send Raw data buffer to be sent + */ + void processGroupsGet(MessageBuffer &send); }; } // namespace SecurityManager diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index 45cdcf3..9409ec8 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Rafal Krypa * @@ -157,6 +157,9 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, case SecurityModuleCall::GET_PRIVILEGES_MAPPING: processPrivilegesMappings(buffer, send); break; + case SecurityModuleCall::GROUPS_GET: + processGroupsGet(send); + break; default: LogError("Invalid call: " << call_type_int); Throw(ServiceException::InvalidAction); @@ -353,4 +356,15 @@ void Service::processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send Serialization::Serialize(send, mappings); } +void Service::processGroupsGet(MessageBuffer &send) +{ + std::vector groups; + int ret = ServiceImpl::policyGetGroups(groups); + + Serialization::Serialize(send, ret); + if (ret == SECURITY_MANAGER_API_SUCCESS) { + Serialization::Serialize(send, groups); + } +} + } // namespace SecurityManager -- 2.7.4 From 9b0469f5a7e71f4506883fc3e7fdde7ca2fe3bb5 Mon Sep 17 00:00:00 2001 From: Rafal Krypa Date: Thu, 30 Jul 2015 18:19:12 +0200 Subject: [PATCH 15/16] Implement and use template methods for serialization of multiple variables Change-Id: I84f0deaa1a8623d1f3cc1039f6b8689a4d9b4ae1 --- src/client/client-security-manager.cpp | 41 ++++++++------------ src/common/include/protocols.h | 7 +--- src/common/master-req.cpp | 66 +++++++++++++++----------------- src/dpl/core/include/dpl/serialization.h | 8 ++++ 4 files changed, 57 insertions(+), 65 deletions(-) diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index 62e5663..a995aa0 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -176,12 +176,8 @@ int security_manager_app_install(const app_inst_req *p_req) MessageBuffer send, recv; //put data into buffer - Serialization::Serialize(send, (int)SecurityModuleCall::APP_INSTALL); - Serialization::Serialize(send, p_req->appId); - Serialization::Serialize(send, p_req->pkgId); - Serialization::Serialize(send, p_req->privileges); - Serialization::Serialize(send, p_req->appPaths); - Serialization::Serialize(send, p_req->uid); + Serialization::Serialize(send, (int)SecurityModuleCall::APP_INSTALL, + p_req->appId, p_req->pkgId, p_req->privileges, p_req->appPaths, p_req->uid); //send buffer to server retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); @@ -223,8 +219,8 @@ int security_manager_app_uninstall(const app_inst_req *p_req) return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE; //put data into buffer - Serialization::Serialize(send, (int)SecurityModuleCall::APP_UNINSTALL); - Serialization::Serialize(send, p_req->appId); + Serialization::Serialize(send, (int)SecurityModuleCall::APP_UNINSTALL, + p_req->appId); //send buffer to server int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); @@ -264,8 +260,8 @@ int security_manager_get_app_pkgid(char **pkg_id, const char *app_id) } //put data into buffer - Serialization::Serialize(send, static_cast(SecurityModuleCall::APP_GET_PKGID)); - Serialization::Serialize(send, std::string(app_id)); + Serialization::Serialize(send, static_cast(SecurityModuleCall::APP_GET_PKGID), + std::string(app_id)); //send buffer to server int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); @@ -411,8 +407,8 @@ int security_manager_set_process_groups_from_appid(const char *app_id) } //put data into buffer - Serialization::Serialize(send, static_cast(SecurityModuleCall::APP_GET_GROUPS)); - Serialization::Serialize(send, std::string(app_id)); + Serialization::Serialize(send, static_cast(SecurityModuleCall::APP_GET_GROUPS), + std::string(app_id)); //send buffer to server int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); @@ -586,10 +582,8 @@ int security_manager_user_add(const user_req *p_req) //server is working //put data into buffer - Serialization::Serialize(send, static_cast(SecurityModuleCall::USER_ADD)); - - Serialization::Serialize(send, p_req->uid); - Serialization::Serialize(send, p_req->utype); + Serialization::Serialize(send, static_cast(SecurityModuleCall::USER_ADD), + p_req->uid, p_req->utype); //send buffer to server retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); @@ -622,10 +616,8 @@ int security_manager_user_delete(const user_req *p_req) return try_catch([&] { //put data into buffer - Serialization::Serialize(send, static_cast(SecurityModuleCall::USER_DELETE)); - - Serialization::Serialize(send, p_req->uid); - + Serialization::Serialize(send, static_cast(SecurityModuleCall::USER_DELETE), + p_req->uid); //send buffer to server int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); @@ -683,8 +675,8 @@ int security_manager_policy_update_send(policy_update_req *p_req) return try_catch([&] { //put request into buffer - Serialization::Serialize(send, static_cast(SecurityModuleCall::POLICY_UPDATE)); - Serialization::Serialize(send, p_req->units); + Serialization::Serialize(send, static_cast(SecurityModuleCall::POLICY_UPDATE), + p_req->units); //send it to server int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); @@ -724,8 +716,9 @@ static inline int security_manager_get_policy_internal( return try_catch([&] { //put request into buffer - Serialization::Serialize(send, static_cast(call_type)); - Serialization::Serialize(send, *p_filter); + Serialization::Serialize(send, static_cast(call_type), + *p_filter); + //send it to server int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); if (retval != SECURITY_MANAGER_API_SUCCESS) { diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h index 4031510..24859d1 100644 --- a/src/common/include/protocols.h +++ b/src/common/include/protocols.h @@ -181,11 +181,8 @@ struct policy_entry : ISerializable { } virtual void Serialize(IStream &stream) const { - Serialization::Serialize(stream, user); - Serialization::Serialize(stream, appId); - Serialization::Serialize(stream, privilege); - Serialization::Serialize(stream, currentLevel); - Serialization::Serialize(stream, maxLevel); + Serialization::Serialize(stream, + user, appId, privilege, currentLevel, maxLevel); } }; diff --git a/src/common/master-req.cpp b/src/common/master-req.cpp index 96555e3..f6526b3 100644 --- a/src/common/master-req.cpp +++ b/src/common/master-req.cpp @@ -38,12 +38,11 @@ int CynaraPolicyUpdate(const std::string &appId, const std::string &uidstr, { int ret; MessageBuffer sendBuf, retBuf; + Serialization::Serialize(sendBuf, - static_cast(MasterSecurityModuleCall::CYNARA_UPDATE_POLICY)); - Serialization::Serialize(sendBuf, appId); - Serialization::Serialize(sendBuf, uidstr); - Serialization::Serialize(sendBuf, oldPkgPrivileges); - Serialization::Serialize(sendBuf, newPkgPrivileges); + static_cast(MasterSecurityModuleCall::CYNARA_UPDATE_POLICY), + appId, uidstr, oldPkgPrivileges, newPkgPrivileges); + ret = sendToServer(MASTER_SERVICE_SOCKET, sendBuf.Pop(), retBuf); if (ret == SECURITY_MANAGER_API_SUCCESS) Deserialization::Deserialize(retBuf, ret); @@ -55,10 +54,11 @@ int CynaraUserInit(const uid_t uidAdded, int userType) { int ret; MessageBuffer sendBuf, retBuf; + Serialization::Serialize(sendBuf, - static_cast(MasterSecurityModuleCall::CYNARA_USER_INIT)); - Serialization::Serialize(sendBuf, uidAdded); - Serialization::Serialize(sendBuf, userType); + static_cast(MasterSecurityModuleCall::CYNARA_USER_INIT), + uidAdded, userType); + ret = sendToServer(MASTER_SERVICE_SOCKET, sendBuf.Pop(), retBuf); if (ret == SECURITY_MANAGER_API_SUCCESS) Deserialization::Deserialize(retBuf, ret); @@ -70,9 +70,11 @@ int CynaraUserRemove(const uid_t uidDeleted) { int ret; MessageBuffer sendBuf, retBuf; + Serialization::Serialize(sendBuf, - static_cast(MasterSecurityModuleCall::CYNARA_USER_REMOVE)); - Serialization::Serialize(sendBuf, uidDeleted); + static_cast(MasterSecurityModuleCall::CYNARA_USER_REMOVE), + uidDeleted); + ret = sendToServer(MASTER_SERVICE_SOCKET, sendBuf.Pop(), retBuf); if (ret == SECURITY_MANAGER_API_SUCCESS) Deserialization::Deserialize(retBuf, ret); @@ -86,10 +88,9 @@ int SmackInstallRules(const std::string &appId, const std::string &pkgId, int ret; MessageBuffer sendBuf, retBuf; Serialization::Serialize(sendBuf, - static_cast(MasterSecurityModuleCall::SMACK_INSTALL_RULES)); - Serialization::Serialize(sendBuf, appId); - Serialization::Serialize(sendBuf, pkgId); - Serialization::Serialize(sendBuf, pkgContents); + static_cast(MasterSecurityModuleCall::SMACK_INSTALL_RULES), + appId, pkgId, pkgContents); + ret = sendToServer(MASTER_SERVICE_SOCKET, sendBuf.Pop(), retBuf); if (ret == SECURITY_MANAGER_API_SUCCESS) Deserialization::Deserialize(retBuf, ret); @@ -102,12 +103,11 @@ int SmackUninstallRules(const std::string &appId, const std::string &pkgId, { int ret; MessageBuffer sendBuf, retBuf; + Serialization::Serialize(sendBuf, - static_cast(MasterSecurityModuleCall::SMACK_UNINSTALL_RULES)); - Serialization::Serialize(sendBuf, appId); - Serialization::Serialize(sendBuf, pkgId); - Serialization::Serialize(sendBuf, pkgContents); - Serialization::Serialize(sendBuf, removePkg); + static_cast(MasterSecurityModuleCall::SMACK_UNINSTALL_RULES), + appId, pkgId, pkgContents, removePkg); + ret = sendToServer(MASTER_SERVICE_SOCKET, sendBuf.Pop(), retBuf); if (ret == SECURITY_MANAGER_API_SUCCESS) Deserialization::Deserialize(retBuf, ret); @@ -122,12 +122,10 @@ int PolicyUpdate(const std::vector &policyEntries, uid_t uid, pid_ { int ret; MessageBuffer sendBuf, retBuf; + Serialization::Serialize(sendBuf, - static_cast(MasterSecurityModuleCall::POLICY_UPDATE)); - Serialization::Serialize(sendBuf, policyEntries); - Serialization::Serialize(sendBuf, uid); - Serialization::Serialize(sendBuf, pid); - Serialization::Serialize(sendBuf, smackLabel); + static_cast(MasterSecurityModuleCall::POLICY_UPDATE), + policyEntries, uid, pid, smackLabel); ret = sendToServer(MASTER_SERVICE_SOCKET, sendBuf.Pop(), retBuf); if (ret == SECURITY_MANAGER_API_SUCCESS) @@ -141,13 +139,10 @@ int GetConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pi { int ret; MessageBuffer sendBuf, retBuf; + Serialization::Serialize(sendBuf, - static_cast(MasterSecurityModuleCall::GET_CONFIGURED_POLICY)); - Serialization::Serialize(sendBuf, forAdmin); - Serialization::Serialize(sendBuf, filter); - Serialization::Serialize(sendBuf, uid); - Serialization::Serialize(sendBuf, pid); - Serialization::Serialize(sendBuf, smackLabel); + static_cast(MasterSecurityModuleCall::GET_CONFIGURED_POLICY), + forAdmin, filter, uid, pid, smackLabel); ret = sendToServer(MASTER_SERVICE_SOCKET, sendBuf.Pop(), retBuf); if (ret == SECURITY_MANAGER_API_SUCCESS) { @@ -164,12 +159,10 @@ int GetPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::strin { int ret; MessageBuffer sendBuf, retBuf; + Serialization::Serialize(sendBuf, - static_cast(MasterSecurityModuleCall::GET_POLICY)); - Serialization::Serialize(sendBuf, filter); - Serialization::Serialize(sendBuf, uid); - Serialization::Serialize(sendBuf, pid); - Serialization::Serialize(sendBuf, smackLabel); + static_cast(MasterSecurityModuleCall::GET_POLICY), + filter, uid, pid, smackLabel); ret = sendToServer(MASTER_SERVICE_SOCKET, sendBuf.Pop(), retBuf); if (ret == SECURITY_MANAGER_API_SUCCESS) { @@ -185,8 +178,9 @@ int PolicyGetDesc(std::vector &descriptions) { int ret; MessageBuffer sendBuf, retBuf; + Serialization::Serialize(sendBuf, - static_cast(MasterSecurityModuleCall::POLICY_GET_DESC)); + static_cast(MasterSecurityModuleCall::POLICY_GET_DESC)); ret = sendToServer(MASTER_SERVICE_SOCKET, sendBuf.Pop(), retBuf); if (ret == SECURITY_MANAGER_API_SUCCESS) { diff --git a/src/dpl/core/include/dpl/serialization.h b/src/dpl/core/include/dpl/serialization.h index bb6602c..4782e1c 100644 --- a/src/dpl/core/include/dpl/serialization.h +++ b/src/dpl/core/include/dpl/serialization.h @@ -211,6 +211,14 @@ struct Serialization { { Serialize(stream, *p); } + + // serialize 'em all + template + static void Serialize(IStream& stream, const T1& first, const T2& second, const Tail&... tail) + { + Serialize(stream, first); + Serialize(stream, second, tail...); + } }; // struct Serialization struct Deserialization { -- 2.7.4 From 1afdb1628d5f84a166aa23ff41d52fe246b9c23a Mon Sep 17 00:00:00 2001 From: Rafal Krypa Date: Mon, 31 Aug 2015 10:50:03 +0200 Subject: [PATCH 16/16] Convert ServiceImpl namespace to a class This class will be used in future patches: - to hold ownership of Cynara and PrivilegeDb objects - to polymorph into basic, slave and off-line versions - to synchronize multiple concurrent clients (multi-threading is coming) Change-Id: I54f0ecda081db17350209c3e56debd91927e364e Signed-off-by: Rafal Krypa --- src/client/client-security-manager.cpp | 4 +- src/common/include/service_impl.h | 323 ++++++++++++++-------------- src/common/service_impl.cpp | 62 +++--- src/server/service/base-service.cpp | 24 +++ src/server/service/include/base-service.h | 15 ++ src/server/service/include/master-service.h | 2 + src/server/service/include/service.h | 2 + src/server/service/master-service.cpp | 11 +- src/server/service/service.cpp | 44 ++-- 9 files changed, 255 insertions(+), 232 deletions(-) diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index a995aa0..3949867 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -171,7 +171,7 @@ int security_manager_app_install(const app_inst_req *p_req) int retval; ClientOffline offlineMode; if (offlineMode.isOffline()) { - retval = SecurityManager::ServiceImpl::appInstall(*p_req, geteuid(), false); + retval = SecurityManager::ServiceImpl().appInstall(*p_req, geteuid(), false); } else { MessageBuffer send, recv; @@ -575,7 +575,7 @@ int security_manager_user_add(const user_req *p_req) int retval; ClientOffline offlineMode; if (offlineMode.isOffline()) { - retval = SecurityManager::ServiceImpl::userAdd(p_req->uid, p_req->utype, geteuid(), + retval = SecurityManager::ServiceImpl().userAdd(p_req->uid, p_req->utype, geteuid(), false); } else { MessageBuffer send, recv; diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h index 4444f52..0b6e3c6 100644 --- a/src/common/include/service_impl.h +++ b/src/common/include/service_impl.h @@ -32,166 +32,171 @@ #include "security-manager.h" namespace SecurityManager { -namespace ServiceImpl { -/** - * Retrieves ID (UID and PID) of peer connected to socket - * - * @param[in] Socket file descriptor - * @param[out] UID of connected peer. Function does not modify the variable if ID retrieval fails. - * @param[out] PID of connected peer. Function does not modify the variable if ID retrieval fails. - * - * @return True if peer ID was successfully retrieved, false otherwise. - */ -bool getPeerID(int sock, uid_t &uid, pid_t &pid); - -/** - * Process application installation request. - * - * @param[in] req installation request - * @param[in] uid id of the requesting user - * @param[in] isSlave Indicates if function should be called under slave mode - * - * @return API return code, as defined in protocols.h - */ -int appInstall(const app_inst_req &req, uid_t uid, bool isSlave); - -/** - * Process application uninstallation request. - * - * @param[in] req uninstallation request - * @param[in] uid id of the requesting user - * @param[in] isSlave Indicates if function should be called under slave mode - * - * @return API return code, as defined in protocols.h - */ -int appUninstall(const std::string &appId, uid_t uid, bool isSlave); - -/** - * Process package id query. - * Retrieves the package id associated with given application id. - * - * @param[in] appId application identifier - * @param[out] pkgId returned package identifier - * - * @return API return code, as defined in protocols.h - */ -int getPkgId(const std::string &appId, std::string &pkgId); - -/** - * Process query for supplementary groups allowed for the application. - * For given appId and uid, calculate allowed privileges that give - * direct access to file system resources. For each permission Cynara will be - * queried. - * Returns set of group ids that are permitted. - * - * @param[in] appId application identifier - * @param[in] uid id of the requesting user - * @param[in] pid id of the requesting process (to construct Cynara session id) - * @param[in] isSlave Indicates if function should be called under slave mode - * @param[out] gids returned set of allowed group ids - * - * @return API return code, as defined in protocols.h - */ -int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave, - std::unordered_set &gids); - -/** - * Process user adding request. - * - * @param[in] uidAdded uid of newly created user - * @param[in] userType type of newly created user - * @param[in] uid uid of requesting user - * @param[in] isSlave Indicates if function should be called under slave mode - * - * @return API return code, as defined in protocols.h - */ -int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave); - -/** - * Process user deletion request. - * - * @param[in] uidDeleted uid of removed user - * @param[in] uid uid of requesting user - * @param[in] isSlave Indicates if function should be called under slave mode - * - * @return API return code, as defined in protocols.h - */ -int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave); - -/** - * Update policy in Cynara - proper privilege: http://tizen.org/privilege/systemsettings.admin - * is needed for this to succeed - * - * @param[in] policyEntries vector of policy chunks with instructions - * @param[in] uid identifier of requesting user - * @param[in] pid PID of requesting process - * @param[in] smackLabel smack label of requesting app - * - * @return API return code, as defined in protocols.h - */ - -int policyUpdate(const std::vector &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel); -/** - * Fetch all configured privileges from user configurable bucket. - * Depending on forAdmin value: personal user policies or admin enforced - * policies are returned. - * - * @param[in] forAdmin determines if user is asking as ADMIN or not - * @param[in] filter filter for limiting the query - * @param[in] uid identifier of queried user - * @param[in] pid PID of requesting process - * @param[out] policyEntries vector of policy entries with result - * - * @return API return code, as defined in protocols.h - */ -int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries); - -/** - * Fetch all privileges for all apps installed for specific user. - * - * @param[in] forAdmin determines if user is asking as ADMIN or not - * @param[in] filter filter for limiting the query - * @param[in] uid identifier of queried user - * @param[in] pid PID of requesting process - * @param[out] policyEntries vector of policy entries with result - * - * @return API return code, as defined in protocols.h - */ -int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries); - -/** - * Process getting policy descriptions list. - * - * @param[in] descriptions empty vector for descriptions strings - * - * @return API return code, as defined in protocols.h - */ -int policyGetDesc(std::vector &descriptions); - -/** - * Process getting privileges mappings from one version to another. - * - * @param[in] version_from version to be mapped from - * @param[in] version_to version to be mapped to - * @param[in] privileges vector of privileges to be mapped - * @param[out] mappings mappings of given privileges - */ -int getPrivilegesMappings(const std::string &version_from, - const std::string &version_to, - const std::vector &privileges, - std::vector &mappings); - -/** - * Process getting resources group list. - * - * @param[out] groups empty vector for group strings - * - * @return API return code, as defined in protocols.h - */ -int policyGetGroups(std::vector &groups); - -} /* namespace ServiceImpl */ +class ServiceImpl { +private: + static uid_t getGlobalUserId(void); + + static void checkGlobalUser(uid_t &uid, std::string &cynaraUserStr); + + static bool isSubDir(const char *parent, const char *subdir); + + static bool getUserAppDir(const uid_t &uid, std::string &userAppDir); + + static bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath); + + static bool getZoneId(std::string &zoneId); + +public: + ServiceImpl(); + virtual ~ServiceImpl(); + + /** + * Process application installation request. + * + * @param[in] req installation request + * @param[in] uid id of the requesting user + * @param[in] isSlave Indicates if function should be called under slave mode + * + * @return API return code, as defined in protocols.h + */ + int appInstall(const app_inst_req &req, uid_t uid, bool isSlave); + + /** + * Process application uninstallation request. + * + * @param[in] req uninstallation request + * @param[in] uid id of the requesting user + * @param[in] isSlave Indicates if function should be called under slave mode + * + * @return API return code, as defined in protocols.h + */ + int appUninstall(const std::string &appId, uid_t uid, bool isSlave); + + /** + * Process package id query. + * Retrieves the package id associated with given application id. + * + * @param[in] appId application identifier + * @param[out] pkgId returned package identifier + * + * @return API return code, as defined in protocols.h + */ + int getPkgId(const std::string &appId, std::string &pkgId); + + /** + * Process query for supplementary groups allowed for the application. + * For given appId and uid, calculate allowed privileges that give + * direct access to file system resources. For each permission Cynara will be + * queried. + * Returns set of group ids that are permitted. + * + * @param[in] appId application identifier + * @param[in] uid id of the requesting user + * @param[in] pid id of the requesting process (to construct Cynara session id) + * @param[in] isSlave Indicates if function should be called under slave mode + * @param[out] gids returned set of allowed group ids + * + * @return API return code, as defined in protocols.h + */ + int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave, + std::unordered_set &gids); + + /** + * Process user adding request. + * + * @param[in] uidAdded uid of newly created user + * @param[in] userType type of newly created user + * @param[in] uid uid of requesting user + * @param[in] isSlave Indicates if function should be called under slave mode + * + * @return API return code, as defined in protocols.h + */ + int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave); + + /** + * Process user deletion request. + * + * @param[in] uidDeleted uid of removed user + * @param[in] uid uid of requesting user + * @param[in] isSlave Indicates if function should be called under slave mode + * + * @return API return code, as defined in protocols.h + */ + int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave); + + /** + * Update policy in Cynara - proper privilege: http://tizen.org/privilege/systemsettings.admin + * is needed for this to succeed + * + * @param[in] policyEntries vector of policy chunks with instructions + * @param[in] uid identifier of requesting user + * @param[in] pid PID of requesting process + * @param[in] smackLabel smack label of requesting app + * + * @return API return code, as defined in protocols.h + */ + + int policyUpdate(const std::vector &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel); + /** + * Fetch all configured privileges from user configurable bucket. + * Depending on forAdmin value: personal user policies or admin enforced + * policies are returned. + * + * @param[in] forAdmin determines if user is asking as ADMIN or not + * @param[in] filter filter for limiting the query + * @param[in] uid identifier of queried user + * @param[in] pid PID of requesting process + * @param[out] policyEntries vector of policy entries with result + * + * @return API return code, as defined in protocols.h + */ + int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries); + + /** + * Fetch all privileges for all apps installed for specific user. + * + * @param[in] forAdmin determines if user is asking as ADMIN or not + * @param[in] filter filter for limiting the query + * @param[in] uid identifier of queried user + * @param[in] pid PID of requesting process + * @param[out] policyEntries vector of policy entries with result + * + * @return API return code, as defined in protocols.h + */ + int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries); + + /** + * Process getting policy descriptions list. + * + * @param[in] descriptions empty vector for descriptions strings + * + * @return API return code, as defined in protocols.h + */ + int policyGetDesc(std::vector &descriptions); + + /** + * Process getting privileges mappings from one version to another. + * + * @param[in] version_from version to be mapped from + * @param[in] version_to version to be mapped to + * @param[in] privileges vector of privileges to be mapped + * @param[out] mappings mappings of given privileges + */ + int getPrivilegesMappings(const std::string &version_from, + const std::string &version_to, + const std::vector &privileges, + std::vector &mappings); + + /** + * Process getting resources group list. + * + * @param[out] groups empty vector for group strings + * + * @return API return code, as defined in protocols.h + */ + int policyGetGroups(std::vector &groups); +}; } /* namespace SecurityManager */ #endif /* _SECURITY_MANAGER_SERVICE_IMPL_ */ diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index 95f09c0..3f959a9 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -48,7 +48,6 @@ #include "master-req.h" namespace SecurityManager { -namespace ServiceImpl { static const std::string ADMIN_PRIVILEGE = "http://tizen.org/privilege/systemsettings.admin"; static const std::string SELF_PRIVILEGE = "http://tizen.org/privilege/systemsettings"; @@ -133,7 +132,15 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr, } } // end of anonymous namespace -static uid_t getGlobalUserId(void) +ServiceImpl::ServiceImpl() +{ +} + +ServiceImpl::~ServiceImpl() +{ +} + +uid_t ServiceImpl::getGlobalUserId(void) { static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER); return globaluid; @@ -144,7 +151,7 @@ static uid_t getGlobalUserId(void) * @param uid peer's uid - may be changed during process * @param cynaraUserStr string to which cynara user parameter will be put */ -static void checkGlobalUser(uid_t &uid, std::string &cynaraUserStr) +void ServiceImpl::checkGlobalUser(uid_t &uid, std::string &cynaraUserStr) { static uid_t globaluid = getGlobalUserId(); if (uid == 0 || uid == globaluid) { @@ -154,7 +161,8 @@ static void checkGlobalUser(uid_t &uid, std::string &cynaraUserStr) cynaraUserStr = std::to_string(static_cast(uid)); } } -static inline bool isSubDir(const char *parent, const char *subdir) + +bool ServiceImpl::isSubDir(const char *parent, const char *subdir) { while (*parent && *subdir) if (*parent++ != *subdir++) @@ -163,21 +171,7 @@ static inline bool isSubDir(const char *parent, const char *subdir) return (*subdir == '/'); } -bool getPeerID(int sock, uid_t &uid, pid_t &pid) -{ - struct ucred cr; - socklen_t len = sizeof(cr); - - if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) { - uid = cr.uid; - pid = cr.pid; - return true; - } - - return false; -} - -static bool getUserAppDir(const uid_t &uid, std::string &userAppDir) +bool ServiceImpl::getUserAppDir(const uid_t &uid, std::string &userAppDir) { struct tzplatform_context *tz_ctx = nullptr; @@ -207,7 +201,7 @@ static bool getUserAppDir(const uid_t &uid, std::string &userAppDir) return true; } -static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath) +bool ServiceImpl::installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath) { std::string userHome; std::string userAppDir; @@ -258,7 +252,7 @@ static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, b return true; } -static inline bool getZoneId(std::string &zoneId) +bool ServiceImpl::getZoneId(std::string &zoneId) { if (!getZoneIdFromPid(getpid(), zoneId)) { LogError("Failed to get zone ID from current PID"); @@ -274,7 +268,7 @@ static inline bool getZoneId(std::string &zoneId) return true; } -int appInstall(const app_inst_req &req, uid_t uid, bool isSlave) +int ServiceImpl::appInstall(const app_inst_req &req, uid_t uid, bool isSlave) { std::vector addedPermissions; std::vector removedPermissions; @@ -408,7 +402,7 @@ int appInstall(const app_inst_req &req, uid_t uid, bool isSlave) return SECURITY_MANAGER_API_SUCCESS; } -int appUninstall(const std::string &appId, uid_t uid, bool isSlave) +int ServiceImpl::appUninstall(const std::string &appId, uid_t uid, bool isSlave) { std::string pkgId; std::string smackLabel; @@ -519,7 +513,7 @@ int appUninstall(const std::string &appId, uid_t uid, bool isSlave) return SECURITY_MANAGER_API_SUCCESS; } -int getPkgId(const std::string &appId, std::string &pkgId) +int ServiceImpl::getPkgId(const std::string &appId, std::string &pkgId) { LogDebug("appId: " << appId); @@ -538,7 +532,7 @@ int getPkgId(const std::string &appId, std::string &pkgId) return SECURITY_MANAGER_API_SUCCESS; } -int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave, +int ServiceImpl::getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave, std::unordered_set &gids) { // FIXME Temporary solution, see below @@ -616,7 +610,7 @@ int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave, return SECURITY_MANAGER_API_SUCCESS; } -int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave) +int ServiceImpl::userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave) { if (uid != 0) return SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED; @@ -639,7 +633,7 @@ int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave) return SECURITY_MANAGER_API_SUCCESS; } -int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave) +int ServiceImpl::userDelete(uid_t uidDeleted, uid_t uid, bool isSlave) { int ret = SECURITY_MANAGER_API_SUCCESS; if (uid != 0) @@ -675,7 +669,7 @@ int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave) return ret; } -int policyUpdate(const std::vector &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel) +int ServiceImpl::policyUpdate(const std::vector &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel) { enum { NOT_CHECKED, @@ -735,7 +729,7 @@ int policyUpdate(const std::vector &policyEntries, uid_t uid, pid_ return SECURITY_MANAGER_API_SUCCESS; } -int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, +int ServiceImpl::getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries) { try { @@ -845,7 +839,7 @@ int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pi return SECURITY_MANAGER_API_SUCCESS; } -int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries) +int ServiceImpl::getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector &policyEntries) { try { std::string uidStr = std::to_string(uid); @@ -962,7 +956,7 @@ int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::strin return SECURITY_MANAGER_API_SUCCESS; } -int policyGetDesc(std::vector &levels) +int ServiceImpl::policyGetDesc(std::vector &levels) { int ret = SECURITY_MANAGER_API_SUCCESS; @@ -985,7 +979,7 @@ int policyGetDesc(std::vector &levels) return ret; } -int getPrivilegesMappings(const std::string &version_from, +int ServiceImpl::getPrivilegesMappings(const std::string &version_from, const std::string &version_to, const std::vector &privileges, std::vector &mappings) @@ -1031,7 +1025,8 @@ int getPrivilegesMappings(const std::string &version_from, return errorRet; } -int policyGetGroups(std::vector &groups) { +int ServiceImpl::policyGetGroups(std::vector &groups) +{ int ret = SECURITY_MANAGER_API_SUCCESS; try { @@ -1044,5 +1039,4 @@ int policyGetGroups(std::vector &groups) { return ret; } -} /* namespace ServiceImpl */ } /* namespace SecurityManager */ diff --git a/src/server/service/base-service.cpp b/src/server/service/base-service.cpp index 519c46a..32360cb 100644 --- a/src/server/service/base-service.cpp +++ b/src/server/service/base-service.cpp @@ -22,6 +22,10 @@ * @brief Implementation of security-manager base service. */ +#include +#include +#include + #include #include @@ -35,6 +39,26 @@ BaseService::BaseService() { } +bool BaseService::getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel) +{ + struct ucred cr; + socklen_t len = sizeof(cr); + + if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) { + char *smk; + ssize_t ret = smack_new_label_from_socket(sock, &smk); + if (ret < 0) + return false; + smackLabel = smk; + uid = cr.uid; + pid = cr.pid; + free(smk); + return true; + } + + return false; +} + void BaseService::accept(const AcceptEvent &event) { LogDebug("Accept event. ConnectionID.sock: " << event.connectionID.sock << diff --git a/src/server/service/include/base-service.h b/src/server/service/include/base-service.h index b2d06f3..5acb212 100644 --- a/src/server/service/include/base-service.h +++ b/src/server/service/include/base-service.h @@ -29,6 +29,7 @@ #include #include #include +#include namespace SecurityManager { @@ -58,9 +59,23 @@ public: void close(const CloseEvent &event); protected: + ServiceImpl serviceImpl; + ConnectionInfoMap m_connectionInfoMap; /** + * Retrieves ID (UID and PID) of peer connected to socket + * + * @param[in] sock Socket file descriptor + * @param[out] uid PID of connected peer. + * @param[out] pid PID of connected peer. + * @param[out] smackLabel Smack label of connected peer. + * + * @return True if peer ID was successfully retrieved, false otherwise. + */ + bool getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel); + + /** * Handle request from a client * * @param conn Socket connection information diff --git a/src/server/service/include/master-service.h b/src/server/service/include/master-service.h index 627cce9..177b5a9 100644 --- a/src/server/service/include/master-service.h +++ b/src/server/service/include/master-service.h @@ -26,6 +26,7 @@ #define _SECURITY_MANAGER_MASTER_SERVICE_ #include "base-service.h" +#include "service_impl.h" namespace SecurityManager { @@ -44,6 +45,7 @@ public: ServiceDescriptionVector GetServiceDescription(); private: + ServiceImpl serviceImpl; /** * Handle request from a client diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h index 8087899..30d6b0f 100644 --- a/src/server/service/include/service.h +++ b/src/server/service/include/service.h @@ -26,6 +26,7 @@ #define _SECURITY_MANAGER_SERVICE_ #include "base-service.h" +#include "service_impl.h" namespace SecurityManager { @@ -45,6 +46,7 @@ public: private: const bool m_isSlave; + ServiceImpl serviceImpl; /** * Handle request from a client diff --git a/src/server/service/master-service.cpp b/src/server/service/master-service.cpp index f018abb..2440419 100644 --- a/src/server/service/master-service.cpp +++ b/src/server/service/master-service.cpp @@ -65,8 +65,9 @@ bool MasterService::processOne(const ConnectionID &conn, MessageBuffer &buffer, uid_t uid; pid_t pid; + std::string smackLabel; - if (!ServiceImpl::getPeerID(conn.sock, uid, pid)) { + if (!getPeerID(conn.sock, uid, pid, smackLabel)) { LogError("Closing socket because of error: unable to get peer's uid and pid"); m_serviceManager->Close(conn); return false; @@ -249,7 +250,7 @@ void MasterService::processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &se Deserialization::Deserialize(buffer, pid); Deserialization::Deserialize(buffer, smackLabel); - ret = ServiceImpl::policyUpdate(policyEntries, uid, pid, smackLabel); + ret = serviceImpl.policyUpdate(policyEntries, uid, pid, smackLabel); Serialization::Serialize(send, ret); } @@ -269,7 +270,7 @@ void MasterService::processGetConfiguredPolicy(MessageBuffer &buffer, MessageBuf Deserialization::Deserialize(buffer, pid); Deserialization::Deserialize(buffer, smackLabel); - ret = ServiceImpl::getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries); + ret = serviceImpl.getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) Serialization::Serialize(send, policyEntries); @@ -294,7 +295,7 @@ void MasterService::processGetPolicy(MessageBuffer &buffer, MessageBuffer &send) Deserialization::Deserialize(buffer, pid); Deserialization::Deserialize(buffer, smackLabel); - ret = ServiceImpl::getPolicy(filter, uid, pid, smackLabel, policyEntries);*/ + ret = serviceImpl.getPolicy(filter, uid, pid, smackLabel, policyEntries);*/ Serialization::Serialize(send, ret); /*if (ret == SECURITY_MANAGER_API_SUCCESS) Serialization::Serialize(send, policyEntries);*/ @@ -305,7 +306,7 @@ void MasterService::processPolicyGetDesc(MessageBuffer &send) int ret = SECURITY_MANAGER_API_ERROR_SERVER_ERROR; std::vector descriptions; - ret = ServiceImpl::policyGetDesc(descriptions); + ret = serviceImpl.policyGetDesc(descriptions); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) Serialization::Serialize(send, descriptions); diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index 9409ec8..994acd1 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -64,26 +64,6 @@ GenericSocketService::ServiceDescriptionVector Service::GetServiceDescription() }; } -static bool getPeerID(int sock, uid_t &uid, pid_t &pid, std::string &smackLabel) -{ - struct ucred cr; - socklen_t len = sizeof(cr); - - if (!getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cr, &len)) { - char *smk; - ssize_t ret = smack_new_label_from_socket(sock, &smk); - if (ret < 0) - return false; - smackLabel = smk; - uid = cr.uid; - pid = cr.pid; - free(smk); - return true; - } - - return false; -} - bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, InterfaceID interfaceID) { @@ -200,7 +180,7 @@ void Service::processAppInstall(MessageBuffer &buffer, MessageBuffer &send, uid_ Deserialization::Deserialize(buffer, req.privileges); Deserialization::Deserialize(buffer, req.appPaths); Deserialization::Deserialize(buffer, req.uid); - Serialization::Serialize(send, ServiceImpl::appInstall(req, uid, m_isSlave)); + Serialization::Serialize(send, serviceImpl.appInstall(req, uid, m_isSlave)); } void Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid) @@ -208,7 +188,7 @@ void Service::processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, ui std::string appId; Deserialization::Deserialize(buffer, appId); - Serialization::Serialize(send, ServiceImpl::appUninstall(appId, uid, m_isSlave)); + Serialization::Serialize(send, serviceImpl.appUninstall(appId, uid, m_isSlave)); } void Service::processGetPkgId(MessageBuffer &buffer, MessageBuffer &send) @@ -218,7 +198,7 @@ void Service::processGetPkgId(MessageBuffer &buffer, MessageBuffer &send) int ret; Deserialization::Deserialize(buffer, appId); - ret = ServiceImpl::getPkgId(appId, pkgId); + ret = serviceImpl.getPkgId(appId, pkgId); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) Serialization::Serialize(send, pkgId); @@ -231,7 +211,7 @@ void Service::processGetAppGroups(MessageBuffer &buffer, MessageBuffer &send, ui int ret; Deserialization::Deserialize(buffer, appId); - ret = ServiceImpl::getAppGroups(appId, uid, pid, m_isSlave, gids); + ret = serviceImpl.getAppGroups(appId, uid, pid, m_isSlave, gids); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) { Serialization::Serialize(send, static_cast(gids.size())); @@ -250,7 +230,7 @@ void Service::processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t u Deserialization::Deserialize(buffer, uidAdded); Deserialization::Deserialize(buffer, userType); - ret = ServiceImpl::userAdd(uidAdded, userType, uid, m_isSlave); + ret = serviceImpl.userAdd(uidAdded, userType, uid, m_isSlave); Serialization::Serialize(send, ret); } @@ -261,7 +241,7 @@ void Service::processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_ Deserialization::Deserialize(buffer, uidRemoved); - ret = ServiceImpl::userDelete(uidRemoved, uid, m_isSlave); + ret = serviceImpl.userDelete(uidRemoved, uid, m_isSlave); Serialization::Serialize(send, ret); } @@ -275,7 +255,7 @@ void Service::processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &send, ui if (m_isSlave) { ret = MasterReq::PolicyUpdate(policyEntries, uid, pid, smackLabel); } else { - ret = ServiceImpl::policyUpdate(policyEntries, uid, pid, smackLabel); + ret = serviceImpl.policyUpdate(policyEntries, uid, pid, smackLabel); } Serialization::Serialize(send, ret); } @@ -290,7 +270,7 @@ void Service::processGetConfiguredPolicy(MessageBuffer &buffer, MessageBuffer &s if (m_isSlave) { ret = MasterReq::GetConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries); } else { - ret = ServiceImpl::getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, + ret = serviceImpl.getConfiguredPolicy(forAdmin, filter, uid, pid, smackLabel, policyEntries); } @@ -311,7 +291,7 @@ void Service::processGetPolicy(MessageBuffer &buffer, MessageBuffer &send, uid_t if (m_isSlave) { ret = MasterReq::GetPolicy(filter, uid, pid, smackLabel, policyEntries); } else { - ret = ServiceImpl::getPolicy(filter, uid, pid, smackLabel, policyEntries); + ret = serviceImpl.getPolicy(filter, uid, pid, smackLabel, policyEntries); } Serialization::Serialize(send, ret); @@ -329,7 +309,7 @@ void Service::processPolicyGetDesc(MessageBuffer &send) if (m_isSlave) { ret = MasterReq::PolicyGetDesc(descriptions); } else { - ret = ServiceImpl::policyGetDesc(descriptions); + ret = serviceImpl.policyGetDesc(descriptions); } Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) { @@ -350,7 +330,7 @@ void Service::processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send Deserialization::Deserialize(recv, privileges); std::vector mappings; - int ret = ServiceImpl::getPrivilegesMappings(version_from, version_to, privileges, mappings); + int ret = serviceImpl.getPrivilegesMappings(version_from, version_to, privileges, mappings); Serialization::Serialize(send, ret); Serialization::Serialize(send, mappings); @@ -359,7 +339,7 @@ void Service::processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send void Service::processGroupsGet(MessageBuffer &send) { std::vector groups; - int ret = ServiceImpl::policyGetGroups(groups); + int ret = serviceImpl.policyGetGroups(groups); Serialization::Serialize(send, ret); if (ret == SECURITY_MANAGER_API_SUCCESS) { -- 2.7.4