* @file privilege_db.h
* @author Krzysztof Sasiak <k.sasiak@samsung.com>
* @author Rafal Krypa <r.krypa@samsung.com>
+ * @author Zofia Abramowska <z.abramowska@samsung.com>
* @version 1.0
* @brief This file contains declaration of the API to privilges database.
*/
const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db");
-enum class QueryType {
+enum class StmtType {
EGetPkgPrivileges,
EGetAppPrivileges,
EAddApplication,
EGetPkgId,
EGetPrivilegeGroups,
EGetUserApps,
- EGetAppsInPkg
+ EGetAppsInPkg,
+ EGetDefaultMappings,
+ EGetPrivilegeMappings,
+ EInsertPrivilegeToMap,
+ EGetPrivilegesMappings,
+ EDeletePrivilegesToMap
};
class PrivilegeDb {
PrivilegeDb(const std::string &path = std::string(PRIVILEGE_DB_PATH));
SecurityManager::DB::SqlConnection *mSqlConnection;
- const std::map<QueryType, const char * const > Queries = {
- { QueryType::EGetPkgPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE pkg_name=? AND uid=? ORDER BY privilege_name"},
- { QueryType::EGetAppPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE app_name=? AND uid=? ORDER BY privilege_name"},
- { QueryType::EAddApplication, "INSERT INTO app_pkg_view (app_name, pkg_name, uid) VALUES (?, ?, ?)" },
- { QueryType::ERemoveApplication, "DELETE FROM app_pkg_view WHERE app_name=? AND uid=?" },
- { QueryType::EAddAppPrivileges, "INSERT INTO app_privilege_view (app_name, uid, privilege_name) VALUES (?, ?, ?)" },
- { QueryType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=? AND uid=?" },
- { QueryType::EPkgIdExists, "SELECT * FROM pkg WHERE name=?" },
- { QueryType::EGetPkgId, " SELECT pkg_name FROM app_pkg_view WHERE app_name = ?" },
- { QueryType::EGetPrivilegeGroups, " SELECT group_name FROM privilege_group_view WHERE privilege_name = ?" },
- { QueryType::EGetUserApps, "SELECT name FROM app WHERE uid=?" },
- { QueryType::EGetAppsInPkg, " SELECT app_name FROM app_pkg_view WHERE pkg_name = ?" },
+ const std::map<StmtType, const char * const > Queries = {
+ { StmtType::EGetPkgPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE pkg_name=? AND uid=? ORDER BY privilege_name"},
+ { StmtType::EGetAppPrivileges, "SELECT DISTINCT privilege_name FROM app_privilege_view WHERE app_name=? AND uid=? ORDER BY privilege_name"},
+ { StmtType::EAddApplication, "INSERT INTO app_pkg_view (app_name, pkg_name, uid) VALUES (?, ?, ?)" },
+ { StmtType::ERemoveApplication, "DELETE FROM app_pkg_view WHERE app_name=? AND uid=?" },
+ { StmtType::EAddAppPrivileges, "INSERT INTO app_privilege_view (app_name, uid, privilege_name) VALUES (?, ?, ?)" },
+ { StmtType::ERemoveAppPrivileges, "DELETE FROM app_privilege_view WHERE app_name=? AND uid=?" },
+ { StmtType::EPkgIdExists, "SELECT * FROM pkg WHERE name=?" },
+ { StmtType::EGetPkgId, " SELECT pkg_name FROM app_pkg_view WHERE app_name = ?" },
+ { StmtType::EGetPrivilegeGroups, " SELECT group_name FROM privilege_group_view WHERE privilege_name = ?" },
+ { StmtType::EGetUserApps, "SELECT name FROM app WHERE uid=?" },
+ { StmtType::EGetDefaultMappings, "SELECT DISTINCT privilege_mapping_name FROM privilege_mapping_view"
+ " WHERE version_from_name=? AND version_to_name=? AND privilege_name IS NULL"},
+ { StmtType::EGetAppsInPkg, " SELECT app_name FROM app_pkg_view WHERE pkg_name = ?" },
+ { StmtType::EGetPrivilegeMappings, " SELECT DISTINCT privilege_mapping_name FROM privilege_mapping_view"
+ " WHERE version_from_name=? AND version_to_name=? AND (privilege_name=? OR privilege_name IS NULL)"},
+ { StmtType::EInsertPrivilegeToMap, " INSERT INTO privilege_to_map(privilege_name) VALUES (?);"},
+ { StmtType::EGetPrivilegesMappings, "SELECT DISTINCT privilege_mapping_name FROM privilege_mapping_view"
+ " WHERE version_from_name=? AND version_to_name=?"
+ " AND privilege_name IN (SELECT privilege_name FROM privilege_to_map)"},
+ { StmtType::EDeletePrivilegesToMap, "DELETE FROM privilege_to_map"},
};
/**
* @param queryType query identifier
* @return reference to prepared, reset query
*/
- DB::SqlConnection::DataCommandAutoPtr & getQuery(QueryType queryType);
+ DB::SqlConnection::DataCommandAutoPtr & getStatement(StmtType queryType);
/**
* Check if pkgId is already registered in database
*/
void GetAppIdsForPkgId (const std::string &pkgId,
std::vector<std::string> &appIds);
+
+ /**
+ * Retrieve default mappings from one version to another
+ *
+ * @param version_from - version of privilege availability
+ * @param version_to - version of mappings availability
+ * @param[out] mappings - vector of privilege mappings
+ * @exception DB::SqlConnection::Exception::InternalError on internal error
+ */
+ void GetDefaultMapping(const std::string &version_from,
+ const std::string &version_to,
+ std::vector<std::string> &mappings);
+ /**
+ * Retrieve privilege mappings from one version to another
+ *
+ * @param version_from - version of privilege availability
+ * @param version_to - version of mappings availability
+ * @param privilege - name of privilege to be mapped
+ * @param[out] mappings - vector of privilege mappings
+ * @exception DB::SqlConnection::Exception::InternalError on internal error
+ */
+ void GetPrivilegeMappings(const std::string &version_from,
+ const std::string &version_to,
+ const std::string &privilege,
+ std::vector<std::string> &mappings);
+ /**
+ * Retrieve mappings of privilege set from one version to another
+ *
+ * @param version_from - version of privilege availability
+ * @param version_to - version of mappings availability
+ * @param privileges - vector of names of privileges to be mapped
+ * @param[out] mappings - vector of privileges mappings
+ * @exception DB::SqlConnection::Exception::InternalError on internal error
+ */
+ void GetPrivilegesMappings(const std::string &version_from,
+ const std::string &version_to,
+ const std::vector<std::string> &privileges,
+ std::vector<std::string> &mappings);
};
} //namespace SecurityManager
}
}
-DB::SqlConnection::DataCommandAutoPtr & PrivilegeDb::getQuery(QueryType queryType)
+DB::SqlConnection::DataCommandAutoPtr & PrivilegeDb::getStatement(StmtType queryType)
{
auto &command = m_commands.at(static_cast<size_t>(queryType));
command->Reset();
bool PrivilegeDb::PkgIdExists(const std::string &pkgId)
{
return try_catch<bool>([&] {
- auto &command = getQuery(QueryType::EPkgIdExists);
+ auto &command = getStatement(StmtType::EPkgIdExists);
command->BindString(1, pkgId);
return command->Step();
});
bool PrivilegeDb::GetAppPkgId(const std::string &appId, std::string &pkgId)
{
return try_catch<bool>([&] {
- auto &command = getQuery(QueryType::EGetPkgId);
+ auto &command = getStatement(StmtType::EGetPkgId);
command->BindString(1, appId);
if (!command->Step()) {
const std::string &pkgId, uid_t uid)
{
try_catch<void>([&] {
- auto &command = getQuery(QueryType::EAddApplication);
+ auto &command = getStatement(StmtType::EAddApplication);
command->BindString(1, appId);
command->BindString(2, pkgId);
command->BindInteger(3, static_cast<unsigned int>(uid));
if (command->Step()) {
LogDebug("Unexpected SQLITE_ROW answer to query: " <<
- Queries.at(QueryType::EAddApplication));
+ Queries.at(StmtType::EAddApplication));
};
LogDebug("Added appId: " << appId << ", pkgId: " << pkgId);
return;
}
- auto &command = getQuery(QueryType::ERemoveApplication);
+ auto &command = getStatement(StmtType::ERemoveApplication);
command->BindString(1, appId);
command->BindInteger(2, static_cast<unsigned int>(uid));
if (command->Step()) {
LogDebug("Unexpected SQLITE_ROW answer to query: " <<
- Queries.at(QueryType::ERemoveApplication));
+ Queries.at(StmtType::ERemoveApplication));
};
LogDebug("Removed appId: " << appId);
std::vector<std::string> ¤tPrivileges)
{
try_catch<void>([&] {
- auto &command = getQuery(QueryType::EGetPkgPrivileges);
+ auto &command = getStatement(StmtType::EGetPkgPrivileges);
command->BindString(1, pkgId);
command->BindInteger(2, static_cast<unsigned int>(uid));
{
try_catch<void>([&] {
DB::SqlConnection::DataCommandAutoPtr &command =
- m_commands.at(static_cast<size_t>(QueryType::EGetAppPrivileges));
+ m_commands.at(static_cast<size_t>(StmtType::EGetAppPrivileges));
command->Reset();
command->BindString(1, appId);
void PrivilegeDb::RemoveAppPrivileges(const std::string &appId, uid_t uid)
{
try_catch<void>([&] {
- auto &command = getQuery(QueryType::ERemoveAppPrivileges);
+ auto &command = getStatement(StmtType::ERemoveAppPrivileges);
command->BindString(1, appId);
command->BindInteger(2, static_cast<unsigned int>(uid));
if (command->Step()) {
LogDebug("Unexpected SQLITE_ROW answer to query: " <<
- Queries.at(QueryType::ERemoveAppPrivileges));
+ Queries.at(StmtType::ERemoveAppPrivileges));
}
LogDebug("Removed all privileges for appId: " << appId);
const std::vector<std::string> &privileges)
{
try_catch<void>([&] {
- auto &command = getQuery(QueryType::EAddAppPrivileges);
+ auto &command = getStatement(StmtType::EAddAppPrivileges);
command->BindString(1, appId);
command->BindInteger(2, static_cast<unsigned int>(uid));
std::vector<std::string> &groups)
{
try_catch<void>([&] {
- auto &command = getQuery(QueryType::EGetPrivilegeGroups);
+ auto &command = getStatement(StmtType::EGetPrivilegeGroups);
command->BindString(1, privilege);
while (command->Step()) {
void PrivilegeDb::GetUserApps(uid_t uid, std::vector<std::string> &apps)
{
try_catch<void>([&] {
- auto &command = getQuery(QueryType::EGetUserApps);
+ auto &command = getStatement(StmtType::EGetUserApps);
command->BindInteger(1, static_cast<unsigned int>(uid));
apps.clear();
while (command->Step()) {
{
try_catch<void>([&] {
DB::SqlConnection::DataCommandAutoPtr &command =
- m_commands.at(static_cast<size_t>(QueryType::EGetAppsInPkg));
+ m_commands.at(static_cast<size_t>(StmtType::EGetAppsInPkg));
command->Reset();
command->BindString(1, pkgId);
});
}
+void PrivilegeDb::GetDefaultMapping(const std::string &version_from,
+ const std::string &version_to,
+ std::vector<std::string> &mappings)
+{
+ try_catch<void>([&] {
+ auto &command = getStatement(StmtType::EGetDefaultMappings);
+ command->BindString(1, version_from);
+ command->BindString(2, version_to);
+
+ mappings.clear();
+ while (command->Step()) {
+ std::string mapping = command->GetColumnString(0);
+ LogDebug("Default Privilege from version " << version_from
+ <<" to version " << version_to << " is " << mapping);
+ mappings.push_back(mapping);
+ }
+ });
+}
+
+void PrivilegeDb::GetPrivilegeMappings(const std::string &version_from,
+ const std::string &version_to,
+ const std::string &privilege,
+ std::vector<std::string> &mappings)
+{
+ try_catch<void>([&] {
+ auto &command = getStatement(StmtType::EGetPrivilegeMappings);
+ command->BindString(1, version_from);
+ command->BindString(2, version_to);
+ command->BindString(3, privilege);
+
+ mappings.clear();
+ while (command->Step()) {
+ std::string mapping = command->GetColumnString(0);
+ LogDebug("Privilege " << privilege << " in version " << version_from
+ <<" has mapping " << mapping << " in version " << version_to);
+ mappings.push_back(mapping);
+ }
+ });
+}
+
+void PrivilegeDb::GetPrivilegesMappings(const std::string &version_from,
+ const std::string &version_to,
+ const std::vector<std::string> &privileges,
+ std::vector<std::string> &mappings)
+{
+ try_catch<void>([&] {
+ auto &deleteCmd = getStatement(StmtType::EDeletePrivilegesToMap);
+ deleteCmd->Step();
+
+ auto & insertCmd = getStatement(StmtType::EInsertPrivilegeToMap);
+ for (auto &privilege : privileges) {
+ if (privilege.empty())
+ continue;
+ insertCmd->BindString(1, privilege);
+ insertCmd->Step();
+ insertCmd->Reset();
+ }
+
+ insertCmd->BindNull(1);
+ insertCmd->Step();
+
+ auto &queryCmd = getStatement(StmtType::EGetPrivilegesMappings);
+ queryCmd->BindString(1, version_from);
+ queryCmd->BindString(2, version_to);
+
+ mappings.clear();
+ while (queryCmd->Step()) {
+ std::string mapping = queryCmd->GetColumnString(0);
+ LogDebug("Privilege set in version " << version_from
+ <<" has mapping " << mapping << " in version " << version_to);
+ mappings.push_back(mapping);
+ }
+ });
+}
+
} //namespace SecurityManager