4 * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
6 * Contact: Jayoun Lee <airjany@samsung.com>, Sewook Park <sewook7.park@samsung.com>, Jaeho Lee <jaeho81.lee@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
27 #include "menu_db_util.h"
28 #include "simple_util.h"
30 #define MIDA_DB_PATH "/opt/dbspace/.mida.db"
31 #define QUERY_MAXLEN 4096
32 #define BUF_MAX_LEN 1024
34 #define MIDA_TBL_NAME "mida"
35 #define MIDA_F_PKGNAME "pkg_name"
36 #define MIDA_F_MIMETYPE "mime_type"
38 #define SVC_TBL_NAME "svc"
39 #define SVC_F_PKGNAME "pkg_name"
40 #define SVC_F_SVCNAME "svc_name"
42 #define SYSSVC_TBL_NAME "system_svc"
43 #define SYSSVC_F_SVCNAME "svc_name"
45 static sqlite3 *mida_db = NULL;
48 static int _exec(sqlite3 *db, char *query);
49 static int _init(void);
50 static int __fini(void);
51 static int __delete_all(const char *tbl_name);
52 static int __delete_with_field(const char *tbl_name, const char *f_name,
53 const char *val, int equal);
54 static int __count_with_field(const char *tbl_name, const char *f_name,
55 const char *val, int equal);
56 static char *__get_with_field(const char *tbl_name, const char *get_f_name,
57 const char *f_name, const char *val, int equal);
58 static int __doubt_sql_injection(const char *str);
64 * param[in] db handler
65 * param[in] query query
66 * return This method returns 0 (SUCCESS) or -1 (FAIL)
68 static int _exec(sqlite3 *db, char *query)
73 retvm_if(db == NULL, -1, "DB handler is null");
75 rc = sqlite3_exec(db, query, NULL, 0, &errmsg);
77 if (rc != SQLITE_OK) {
78 _D("Query: [%s]", query);
79 _E("SQL error: %s\n", errmsg);
90 static int _init(void)
95 _D("Already initialized\n");
99 rc = sqlite3_open(MIDA_DB_PATH, &mida_db);
101 _E("Can't open database: %s", sqlite3_errmsg(mida_db));
104 /* Enable persist journal mode */
105 rc = sqlite3_exec(mida_db, "PRAGMA journal_mode = PERSIST", NULL, NULL,
107 if (SQLITE_OK != rc) {
108 _D("Fail to change journal mode\n");
114 sqlite3_close(mida_db);
118 static int __fini(void)
121 sqlite3_close(mida_db);
127 static int __delete_all(const char *tbl_name)
132 _sqlbuf = sqlite3_mprintf("DELETE FROM %s;", tbl_name);
133 rc = _exec(mida_db, _sqlbuf);
134 sqlite3_free(_sqlbuf);
139 static int __delete_with_field(const char *tbl_name, const char *f_name,
140 const char *val, int equal)
142 char tmp_val[BUF_MAX_LEN];
147 _sqlbuf = sqlite3_mprintf("DELETE FROM %s WHERE %s = '%s';",
148 tbl_name, f_name, val);
150 snprintf(tmp_val, BUF_MAX_LEN, "%%%s%%", val);
151 _sqlbuf = sqlite3_mprintf("DELETE FROM %s WHERE %s like '%s';",
152 tbl_name, f_name, tmp_val);
155 rc = _exec(mida_db, _sqlbuf);
156 sqlite3_free(_sqlbuf);
161 static int __count_with_field(const char *tbl_name, const char *f_name,
162 const char *val, int equal)
164 char tmp_val[BUF_MAX_LEN];
167 char **db_result = NULL;
174 _sqlbuf = sqlite3_mprintf(
175 "SELECT COUNT(*) FROM %s WHERE %s = '%s';",
176 tbl_name, f_name, val);
178 snprintf(tmp_val, BUF_MAX_LEN, "%%%s%%", val);
179 _sqlbuf = sqlite3_mprintf(
180 "SELECT COUNT(*) FROM %s WHERE %s like '%s';", tbl_name,
184 rc = sqlite3_get_table(mida_db, _sqlbuf, &db_result, &nrows, &ncols,
186 if (rc == -1 || nrows == 0) {
187 _D("get count = 0 or fail");
188 sqlite3_free_table(db_result);
189 sqlite3_free(_sqlbuf);
192 cnt = atoi(db_result[1]);
193 sqlite3_free_table(db_result);
194 sqlite3_free(_sqlbuf);
200 static char *__get_with_field(const char *tbl_name, const char *get_f_name,
201 const char *f_name, const char *val, int equal)
203 char tmp_val[BUF_MAX_LEN];
210 _sqlbuf = sqlite3_mprintf("SELECT %s FROM %s WHERE %s = ?;",
211 get_f_name, tbl_name, f_name);
214 _sqlbuf = sqlite3_mprintf("SELECT %s FROM %s WHERE %s like ?;",
215 get_f_name, tbl_name, f_name);
217 if (_sqlbuf == NULL) {
218 _D("Failed to print the SQL query\n");
222 if (sqlite3_prepare_v2(mida_db, _sqlbuf,
223 -1, &stmt, NULL) != SQLITE_OK) {
224 _D("Failed to prepare the SQL stmt\n");
225 sqlite3_free(_sqlbuf);
230 ret = sqlite3_bind_text(stmt, 1, val, -1, SQLITE_STATIC);
232 snprintf(tmp_val, BUF_MAX_LEN, "%%%s%%", val);
233 ret = sqlite3_bind_text(stmt, 1, tmp_val, -1, SQLITE_STATIC);
235 if (ret != SQLITE_OK) {
236 _D("Failed to bind %s with SQL stmt\n", val);
240 if (sqlite3_step(stmt) == SQLITE_ROW) {
241 if (sqlite3_column_text(stmt, 0)) {
242 res = strdup((char *)sqlite3_column_text(stmt, 0));
247 sqlite3_finalize(stmt);
248 sqlite3_free(_sqlbuf);
252 static int __doubt_sql_injection(const char *str)
261 /* check " , ' , ; */
263 token = strtok_r(tmp, "\"';", &saveptr);
268 if (strcmp(str, token) != 0)
282 rc = __delete_all(MIDA_TBL_NAME);
288 int mida_delete_with_pkgname(const char *pkg_name)
292 retvm_if(pkg_name == NULL, -1,
293 "Invalid argument: data to delete is NULL\n");
297 rc = __delete_with_field(MIDA_TBL_NAME, MIDA_F_PKGNAME, pkg_name, 1);
303 int mida_delete_with_mimetype(const char *mime_type)
307 retvm_if(mime_type == NULL, -1,
308 "Invalid argument: data to delete is NULL\n");
312 rc = __delete_with_field(MIDA_TBL_NAME, MIDA_F_MIMETYPE, mime_type, 0);
318 int mida_add_app(const char *mime_type, const char *pkg_name)
324 retvm_if(mime_type == NULL, -1, "Mime type is null\n");
325 retvm_if(pkg_name == NULL, -1, "Package name is null\n");
327 if (__doubt_sql_injection(mime_type))
333 cnt = __count_with_field(MIDA_TBL_NAME, MIDA_F_MIMETYPE, mime_type, 0);
336 SECURE_LOGD("Inserting (%s, %s)", pkg_name, mime_type);
338 _sqlbuf = sqlite3_mprintf(
339 "INSERT INTO %s (%s,%s) values (\"%s\", \"%s\");",
340 MIDA_TBL_NAME, MIDA_F_PKGNAME, MIDA_F_MIMETYPE,
341 pkg_name, mime_type);
343 rc = _exec(mida_db, _sqlbuf);
344 sqlite3_free(_sqlbuf);
346 SECURE_LOGD("Setting %s for %s", pkg_name, mime_type);
348 _sqlbuf = sqlite3_mprintf(
349 "UPDATE %s SET %s = '%s' where %s = '%s';",
350 MIDA_TBL_NAME, MIDA_F_PKGNAME, pkg_name,
351 MIDA_F_MIMETYPE, mime_type);
353 rc = _exec(mida_db, _sqlbuf);
354 sqlite3_free(_sqlbuf);
358 _E("fail to insert or update\n");
364 char *mida_get_app(const char *mime_type)
368 if (mime_type == NULL)
371 if (__doubt_sql_injection(mime_type))
377 __get_with_field(MIDA_TBL_NAME, MIDA_F_PKGNAME, MIDA_F_MIMETYPE,
390 rc = __delete_all(SVC_TBL_NAME);
396 int svc_delete_with_pkgname(const char *pkg_name)
400 retvm_if(pkg_name == NULL, -1,
401 "Invalid argument: data to delete is NULL\n");
405 rc = __delete_with_field(SVC_TBL_NAME, SVC_F_PKGNAME, pkg_name, 1);
411 int svc_delete_with_svcname(const char *svc_name)
415 retvm_if(svc_name == NULL, -1,
416 "Invalid argument: data to delete is NULL\n");
420 rc = __delete_with_field(SVC_TBL_NAME, SVC_F_SVCNAME, svc_name, 0);
426 int svc_add_app(const char *svc_name, const char *pkg_name)
432 retvm_if(svc_name == NULL, -1, "Service name is null\n");
433 retvm_if(pkg_name == NULL, -1, "Package name is null\n");
435 if (__doubt_sql_injection(svc_name))
441 cnt = __count_with_field(SVC_TBL_NAME, SVC_F_SVCNAME, svc_name, 0);
445 SECURE_LOGD("Inserting (%s, %s)", pkg_name, svc_name);
446 _sqlbuf = sqlite3_mprintf(
447 "INSERT INTO %s (%s,%s) values (\"%s\", \"%s\");",
448 SVC_TBL_NAME, SVC_F_PKGNAME, SVC_F_SVCNAME, pkg_name,
451 rc = _exec(mida_db, _sqlbuf);
452 sqlite3_free(_sqlbuf);
455 SECURE_LOGD("Setting %s for %s", pkg_name, svc_name);
456 _sqlbuf = sqlite3_mprintf(
457 "UPDATE %s SET %s = '%s' where %s = '%s';",
458 SVC_TBL_NAME, SVC_F_PKGNAME, pkg_name,
459 SVC_F_SVCNAME, svc_name);
461 rc = _exec(mida_db, _sqlbuf);
462 sqlite3_free(_sqlbuf);
466 _E("fail to insert or update\n");
472 char *svc_get_app(const char *svc_name)
476 if (svc_name == NULL)
479 if (__doubt_sql_injection(svc_name))
485 __get_with_field(SVC_TBL_NAME, SVC_F_PKGNAME, SVC_F_SVCNAME,
492 int is_supported_svc(const char *svc_name)
497 retvm_if(svc_name == NULL, 0, "Service name is null\n");
499 if (__doubt_sql_injection(svc_name))
505 cnt = __count_with_field(SYSSVC_TBL_NAME,
506 SYSSVC_F_SVCNAME, svc_name, 0);
511 SECURE_LOGD("%s is not supported.", svc_name);