FOREIGN KEY (pkg_id) REFERENCES pkg (pkg_id)
);
-CREATE TABLE IF NOT EXISTS permission (
-permission_id INTEGER PRIMARY KEY,
+CREATE TABLE IF NOT EXISTS privilege (
+privilege_id INTEGER PRIMARY KEY,
name VARCHAR NOT NULL ,
UNIQUE (name)
);
-CREATE TABLE IF NOT EXISTS app_permission (
+CREATE TABLE IF NOT EXISTS app_privilege (
app_id INTEGER NOT NULL,
-permission_id INTEGER NOT NULL ,
-PRIMARY KEY (app_id, permission_id),
+privilege_id INTEGER NOT NULL ,
+PRIMARY KEY (app_id, privilege_id),
FOREIGN KEY (app_id) REFERENCES app (app_id)
-FOREIGN KEY (permission_id) REFERENCES permission (permission_id)
+FOREIGN KEY (privilege_id) REFERENCES privilege (privilege_id)
);
-CREATE TABLE IF NOT EXISTS permission_gid (
-permission_id INTEGER NOT NULL,
+CREATE TABLE IF NOT EXISTS privilege_gid (
+privilege_id INTEGER NOT NULL,
gid INTEGER NOT NULL,
-PRIMARY KEY (permission_id, gid),
-FOREIGN KEY (permission_id) REFERENCES permission (permission_id)
+PRIMARY KEY (privilege_id, gid),
+FOREIGN KEY (privilege_id) REFERENCES privilege (privilege_id)
);
-DROP VIEW IF EXISTS app_permission_view;
-CREATE VIEW app_permission_view AS
+DROP VIEW IF EXISTS app_privilege_view;
+CREATE VIEW app_privilege_view AS
SELECT
- app_permission.app_id as app_id,
+ app_privilege.app_id as app_id,
app.name as app_name,
app.pkg_id as pkg_id,
pkg.name as pkg_name,
- app_permission.permission_id as permission_id,
- permission.name as permission_name
-FROM app_permission
+ app_privilege.privilege_id as privilege_id,
+ privilege.name as privilege_name
+FROM app_privilege
LEFT JOIN app USING (app_id)
LEFT JOIN pkg USING (pkg_id)
-LEFT JOIN permission USING (permission_id);
+LEFT JOIN privilege USING (privilege_id);
DROP VIEW IF EXISTS app_pkg_view;
CREATE VIEW app_pkg_view AS
FROM app
LEFT JOIN pkg USING (pkg_id);
-DROP TRIGGER IF EXISTS app_permission_view_insert_trigger;
-CREATE TRIGGER app_permission_view_insert_trigger
-INSTEAD OF INSERT ON app_permission_view
+DROP TRIGGER IF EXISTS app_privilege_view_insert_trigger;
+CREATE TRIGGER app_privilege_view_insert_trigger
+INSTEAD OF INSERT ON app_privilege_view
BEGIN
INSERT OR IGNORE INTO pkg(name) VALUES (NEW.pkg_name);
- INSERT OR IGNORE INTO permission(name) VALUES (NEW.permission_name);
+ INSERT OR IGNORE INTO privilege(name) VALUES (NEW.privilege_name);
INSERT OR IGNORE INTO app(pkg_id, name) VALUES ((SELECT pkg_id FROM pkg WHERE name=NEW.pkg_name), NEW.app_name);
- INSERT OR IGNORE INTO app_permission(app_id, permission_id) VALUES
- ((SELECT app_id FROM app WHERE name=NEW.app_name), (SELECT permission_id FROM permission WHERE name=NEW.permission_name));
+ INSERT OR IGNORE INTO app_privilege(app_id, privilege_id) VALUES
+ ((SELECT app_id FROM app WHERE name=NEW.app_name), (SELECT privilege_id FROM privilege WHERE name=NEW.privilege_name));
END;
-DROP TRIGGER IF EXISTS app_permission_view_delete_trigger;
-CREATE TRIGGER app_permission_view_delete_trigger
-INSTEAD OF DELETE ON app_permission_view
+DROP TRIGGER IF EXISTS app_privilege_view_delete_trigger;
+CREATE TRIGGER app_privilege_view_delete_trigger
+INSTEAD OF DELETE ON app_privilege_view
BEGIN
- DELETE FROM app_permission WHERE app_id=OLD.app_id AND permission_id=OLD.permission_id;
+ DELETE FROM app_privilege WHERE app_id=OLD.app_id AND privilege_id=OLD.privilege_id;
END;
DROP TRIGGER IF EXISTS app_pkg_view_insert_trigger;
namespace SecurityManager {
-typedef std::vector<std::string> TPermissionsList;
+typedef std::vector<std::string> TPrivilegesList;
enum class QueryType {
- EGetPkgPermissions,
+ EGetPkgPrivileges,
EAddApplication,
ERemoveApplication,
- EAddAppPermissions,
- ERemoveAppPermissions,
+ EAddAppPrivileges,
+ ERemoveAppPrivileges,
EPkgIdExists,
};
private:
SecurityManager::DB::SqlConnection *mSqlConnection;
const std::map<QueryType, const char * const > Queries = {
- { QueryType::EGetPkgPermissions, "SELECT permission_name FROM app_permission_view WHERE pkg_name=?"},
+ { QueryType::EGetPkgPrivileges, "SELECT privilege_name FROM app_privilege_view WHERE pkg_name=?"},
{ QueryType::EAddApplication, "INSERT INTO app_pkg_view (app_name, pkg_name) VALUES (?, ?)" },
{ QueryType::ERemoveApplication, "DELETE FROM app_pkg_view WHERE app_name=? AND pkg_name=?" },
- { QueryType::EAddAppPermissions, "INSERT INTO app_permission_view (app_name, pkg_name, permission_name) VALUES (?, ?, ?)" },
- { QueryType::ERemoveAppPermissions, "DELETE FROM app_permission_view WHERE app_name=? AND pkg_name=? AND permission_name=?" },
+ { QueryType::EAddAppPrivileges, "INSERT INTO app_privilege_view (app_name, pkg_name, privilege_name) VALUES (?, ?, ?)" },
+ { QueryType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=? AND pkg_name=? AND privilege_name=?" },
{ QueryType::EPkgIdExists, "SELECT * FROM pkg WHERE name=?" }
};
*
* @param appId - application identifier
* @param pkgId - package identifier
- * @param[out] currentPermissions - list of current permissions assigned to tuple (appId, pkgId)
+ * @param[out] currentPrivileges - list of current privileges assigned to tuple (appId, pkgId)
* @exception DB::SqlConnection::Exception::InternalError on internal error
*/
- void GetPkgPermissions(const std::string &pkgId,
- TPermissionsList ¤tPermission);
+ void GetPkgPrivileges(const std::string &pkgId,
+ TPrivilegesList ¤tPrivileges);
public:
class Exception
bool &pkgIdIsNoMore);
/**
- * Update permissions belonging to tuple (appId, pkgId)
+ * Update privileges belonging to tuple (appId, pkgId)
*
* @param appId - application identifier
* @param pkgId - package identifier
- * @param permissions - list of permissions to assign
- * @param[out] addedPermissions - return list of added permissions
- * @param[out] removedPermissions - return list of removed permissions
+ * @param privileges - list of privileges to assign
+ * @param[out] addedPrivileges - return list of added privileges
+ * @param[out] removedPrivileges - return list of removed privileges
* @exception DB::SqlConnection::Exception::InternalError on internal error
*/
- void UpdatePermissions(const std::string &appId,
- const std::string &pkgId, const TPermissionsList &permissions,
- TPermissionsList &addedPermissions,
- TPermissionsList &removedPermissions);
+ void UpdatePrivileges(const std::string &appId,
+ const std::string &pkgId, const TPrivilegesList &privileges,
+ TPrivilegesList &addedPrivileges,
+ TPrivilegesList &removedPrivileges);
};
});
}
-void PrivilegeDb::GetPkgPermissions(const std::string &pkgId,
- TPermissionsList ¤tPermissions)
+void PrivilegeDb::GetPkgPrivileges(const std::string &pkgId,
+ TPrivilegesList ¤tPrivileges)
{
try_catch<void>([&] {
DB::SqlConnection::DataCommandAutoPtr command =
mSqlConnection->PrepareDataCommand(
- Queries.at(QueryType::EGetPkgPermissions));
+ Queries.at(QueryType::EGetPkgPrivileges));
command->BindString(1, pkgId.c_str());
while (command->Step()) {
- std::string permission = command->GetColumnString(0);
- LogPedantic ("Got permission: "<< permission);
- currentPermissions.push_back(permission);
+ std::string privilege = command->GetColumnString(0);
+ LogPedantic ("Got privilege: "<< privilege);
+ currentPrivileges.push_back(privilege);
};
});
}
-void PrivilegeDb::UpdatePermissions(const std::string &appId,
- const std::string &pkgId, const TPermissionsList &permissions,
- TPermissionsList &addedPermissions,
- TPermissionsList &removedPermissions)
+void PrivilegeDb::UpdatePrivileges(const std::string &appId,
+ const std::string &pkgId, const TPrivilegesList &privileges,
+ TPrivilegesList &addedPrivileges,
+ TPrivilegesList &removedPrivileges)
{
try_catch<void>([&] {
DB::SqlConnection::DataCommandAutoPtr command;
- TPermissionsList curPermissions = TPermissionsList();
- GetPkgPermissions(pkgId, curPermissions);
+ TPrivilegesList curPrivileges = TPrivilegesList();
+ GetPkgPrivileges(pkgId, curPrivileges);
//Data compilation
- std::set<std::string> permissionsSet = std::set<
- std::string>(permissions.begin(), permissions.end());
- std::set<std::string> curPermissionsSet = std::set<
- std::string>(curPermissions.begin(), curPermissions.end());
-
- std::list < std::string > tmpPermissions = std::list < std::string
- > (permissions.begin(), permissions.end());
- tmpPermissions.merge (std::list < std::string
- >(curPermissions.begin(), curPermissions.end()));
- tmpPermissions.unique ();
-
- for (auto permission : tmpPermissions) {
- if ((SET_CONTAINS(permissionsSet, permission)) && !(SET_CONTAINS(curPermissionsSet, permission))) {
- addedPermissions.push_back(permission);
+ std::set<std::string> privilegesSet = std::set<
+ std::string>(privileges.begin(), privileges.end());
+ std::set<std::string> curPrivilegesSet = std::set<
+ std::string>(curPrivileges.begin(), curPrivileges.end());
+
+ std::list < std::string > tmpPrivileges = std::list < std::string
+ > (privileges.begin(), privileges.end());
+ tmpPrivileges.merge (std::list < std::string
+ >(curPrivileges.begin(), curPrivileges.end()));
+ tmpPrivileges.unique ();
+
+ for (auto privilege : tmpPrivileges) {
+ if ((SET_CONTAINS(privilegesSet, privilege)) && !(SET_CONTAINS(curPrivilegesSet, privilege))) {
+ addedPrivileges.push_back(privilege);
}
- if (!(SET_CONTAINS(permissionsSet, permission)) && (SET_CONTAINS(curPermissionsSet, permission))) {
- removedPermissions.push_back(permission);
+ if (!(SET_CONTAINS(privilegesSet, privilege)) && (SET_CONTAINS(curPrivilegesSet, privilege))) {
+ removedPrivileges.push_back(privilege);
}
}
- //adding missing permissions
- for (auto addedPermission : addedPermissions) {
+ //adding missing privileges
+ for (auto addedPrivilege : addedPrivileges) {
command = mSqlConnection->PrepareDataCommand(
- Queries.at(QueryType::EAddAppPermissions));
+ Queries.at(QueryType::EAddAppPrivileges));
command->BindString(1, appId.c_str());
command->BindString(2, pkgId.c_str());
- command->BindString(3, addedPermission.c_str());
+ command->BindString(3, addedPrivilege.c_str());
if (command->Step())
LogPedantic("Unexpected SQLITE_ROW answer to query: " <<
- Queries.at(QueryType::EAddAppPermissions));
+ Queries.at(QueryType::EAddAppPrivileges));
command->Reset();
LogPedantic(
- "Added appId: " << appId << ", pkgId: " << pkgId << ", permission: " << addedPermission);
+ "Added appId: " << appId << ", pkgId: " << pkgId << ", privilege: " << addedPrivilege);
}
- //removing unwanted permissions
- for (auto removedPermission : removedPermissions) {
+ //removing unwanted privileges
+ for (auto removedPrivilege : removedPrivileges) {
command = mSqlConnection->PrepareDataCommand(
- Queries.at(QueryType::ERemoveAppPermissions));
+ Queries.at(QueryType::ERemoveAppPrivileges));
command->BindString(1, appId.c_str());
command->BindString(2, pkgId.c_str());
- command->BindString(3, removedPermission.c_str());
+ command->BindString(3, removedPrivilege.c_str());
if (command->Step())
LogPedantic("Unexpected SQLITE_ROW answer to query: " <<
- Queries.at(QueryType::EAddAppPermissions));
+ Queries.at(QueryType::EAddAppPrivileges));
LogPedantic(
- "Removed appId: " << appId << ", pkgId: " << pkgId << ", permission: " << removedPermission);
+ "Removed appId: " << appId << ", pkgId: " << pkgId << ", privilege: " << removedPrivilege);
}
});
}
projects / platform / core / security / security-manager.git / commitdiff