_PRV_PRIVACYMANAGER_READ,
_PRV_PRIVACYMANAGER_WRITE,
_PRV_ANTIVIRUS,
+ _PRV_INTERNET,
_MAX_PRIVILEGE_ENUM
};
{L"privacymanager.read", _PRV_PRIVACYMANAGER_READ},
{L"privacymanager.write", _PRV_PRIVACYMANAGER_WRITE},
{L"antivirus", _PRV_ANTIVIRUS},
+ {L"internet", _PRV_INTERNET},
};
enum _PrivilegeApiVersion
{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER }, // bookmark.write
{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER }, // geolocationpermission.read
{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER }, // geolocationpermission.write
- { Tizen::Base::_API_VISIBILITY_PARTNER }, // lockmanager
+ { Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER }, // lockmanager
{ Tizen::Base::_API_VISIBILITY_PUBLIC }, // shortcut.install
{ Tizen::Base::_API_VISIBILITY_PARTNER }, // appmanager.kill
{ Tizen::Base::_API_VISIBILITY_PARTNER }, // privilegemanager.read
{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER }, // privacymanager.read
{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER }, // privacymanager.write
{ Tizen::Base::_API_VISIBILITY_PARTNER_MANUFACTURER }, // antivirus
+ { Tizen::Base::_API_VISIBILITY_PUBLIC }, // internet
};
enum _PrivilegeLevel
{ _PRV_LEVEL_SYSTEM }, // bookmark.write
{ _PRV_LEVEL_SYSTEM }, // geolocationpermission.read
{ _PRV_LEVEL_SYSTEM }, // geolocationpermission.write
- { _PRV_LEVEL_USER }, // lockmanager
+ { _PRV_LEVEL_SYSTEM }, // lockmanager
{ _PRV_LEVEL_USER }, // shortcut.install
{ _PRV_LEVEL_SYSTEM }, // appmanager.kill
{ _PRV_LEVEL_SYSTEM }, // privilegemanager.read
{ _PRV_LEVEL_SYSTEM }, // privacymanager.read
{ _PRV_LEVEL_SYSTEM }, // privacymanager.write
{ _PRV_LEVEL_SYSTEM }, // antivirus
+ { _PRV_LEVEL_USER }, // internet
};
const int MAX_BITWISE_PRIV_SIZE = (((_MAX_PRIVILEGE_ENUM - 1) / 32) + 1) * 4;
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file FSec_PrivilegeManagerServer.h
+ * @brief This is the header file for the _PrivilegeManagerServer.
+ * This header file contains the declarations of the _PrivilegeManagerServer.
+ */
+
+#ifndef _FSEC_INTERNAL_PRIVILEGE_MANAGER_SERVER_H_
+#define _FSEC_INTERNAL_PRIVILEGE_MANAGER_SERVER_H_
+
+#include <FOspConfig.h>
+
+#include "FSec_AccessControlTypes.h"
+
+namespace Tizen { namespace Base { namespace Collection
+{
+class IList;
+}}}
+
+namespace Tizen { namespace Base
+{
+class String;
+}}
+
+class PrivilegeService;
+
+namespace Tizen { namespace Security
+{
+
+/**
+ * @class _PrivilegeManagerServer
+ * @brief This class provides a way to manage the privilege information.
+ * @since 2.1
+ *
+ * This class provides a way to manage the privilege information for privilege service.
+ *
+ */
+
+class _OSP_EXPORT_ _PrivilegeManagerServer
+{
+
+private:
+
+ _PrivilegeManagerServer(void);
+ virtual ~_PrivilegeManagerServer(void);
+
+ static result RetrievePrivilege(const Tizen::App::AppId& appId, Tizen::Base::String* pEncryptedBitwise, Tizen::Base::String* pHmac, Tizen::Base::Collection::ArrayList*& pPrivilegeList);
+ static result GenerateVisibilityString(Tizen::App::AppId appId, Tizen::Base::String* pEncryptedVisibility, Tizen::Base::String* pHmac);
+ static result GetEncryptedVisibility(int visibility, Tizen::Base::String& encryptedVisibility);
+ static result GetChecksum(Tizen::App::AppId appId, int visibility, Tizen::Base::String& checksum);
+
+private:
+
+ friend class ::PrivilegeService;
+
+}; // _PrivilegeManagerServer
+
+}} // Tizen::Security
+
+#endif // _FSEC_INTERNAL_PRIVILEGE_MANAGER_SERVER_H_
--- /dev/null
+//
+// Open Service Platform
+// Copyright (c) 2013 Samsung Electronics Co., Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the License);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+/**
+ * @file FSec_PrivilegeManagerServer.cpp
+ * @brief This is the implementation for the _PrivilegeManagerServer class.
+ */
+
+#include <stdlib.h>
+#include <pthread.h>
+#include <unique_ptr.h>
+#include <FAppPkg_PackageInfoImpl.h>
+#include <FAppPkg_PackageManagerImpl.h>
+#include <FBaseString.h>
+#include <FBaseSysLog.h>
+#include <FSec_AccessControlTypes.h>
+#include <FSec_PrivilegeManager.h>
+#include <FSecCryptoAesCipher.h>
+#include <FSecCryptoSha1Hmac.h>
+#include <FBase_StringConverter.h>
+#include <FBaseInternalTypes.h>
+#include <FSec_DeviceKeyGenerator.h>
+#include "FSec_PrivilegeManagerServer.h"
+
+using namespace Tizen::App;
+using namespace Tizen::App::Package;
+using namespace Tizen::Base;
+using namespace Tizen::Base::Utility;
+using namespace Tizen::Base::Collection;
+using namespace Tizen::Io;
+using namespace Tizen::Security;
+using namespace Tizen::Security::Crypto;
+
+namespace Tizen { namespace Security
+{
+
+_PrivilegeManagerServer::_PrivilegeManagerServer(void)
+{
+ return;
+}
+
+_PrivilegeManagerServer::~_PrivilegeManagerServer(void)
+{
+ return;
+}
+
+result
+_PrivilegeManagerServer::RetrievePrivilege(const AppId& appId, String* pEncryptedBitwise, String* pHmac, ArrayList*& pPrivilegeList)
+{
+ result r = E_SUCCESS;
+ String encryptedBitwise;
+ String hmac;
+ ArrayList* pPrivilegeStringList = null;
+
+ r = _PrivilegeManager::RetrieveCipherPrivilegeExN(appId, encryptedBitwise, hmac, pPrivilegeStringList);
+ SysTryReturnResult(NID_SEC, r == E_SUCCESS, r, "Propagating.");
+
+ pEncryptedBitwise->Append(encryptedBitwise);
+ pHmac->Append(hmac);
+
+ if (pPrivilegeStringList != null)
+ {
+ IEnumerator* pEnum = null;
+ pEnum = pPrivilegeStringList->GetEnumeratorN();
+ while (pEnum->MoveNext() == E_SUCCESS)
+ {
+ String* tempString = static_cast<String*>(pEnum->GetCurrent());
+ pPrivilegeList->Add(new String(*tempString));
+ }
+
+ delete pEnum;
+
+ pPrivilegeStringList->RemoveAll(true);
+ delete pPrivilegeStringList;
+ }
+
+ return r;
+}
+
+
+result
+_PrivilegeManagerServer::GenerateVisibilityString(AppId appId, String* pEncryptedVisibility, String* pHmac)
+{
+ _PackageInfoImpl infoImpl;
+ result r = E_SUCCESS;
+ int visibility = 0;
+
+ String encryptedVisibility;
+ String checksum;
+
+ r = infoImpl.Construct(appId);
+ if (r == E_PKG_NOT_INSTALLED)
+ {
+ SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
+ return E_DATA_NOT_FOUND;
+ }
+ SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ visibility = infoImpl.GetApiVisibility();
+ SysTryReturnResult(NID_SEC, visibility >= 0, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = GetEncryptedVisibility(visibility, encryptedVisibility);
+ SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = GetChecksum(appId, visibility, checksum);
+ SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ pEncryptedVisibility->Append(encryptedVisibility);
+ pHmac->Append(checksum);
+
+ return r;
+}
+
+result
+_PrivilegeManagerServer::GetEncryptedVisibility(int visibility, String& encryptedVisibility)
+{
+ result r = E_SUCCESS;
+ ISecretKey* pKey = null;
+ ByteBuffer ivByte;
+ ByteBuffer* pEncryptedVisibility = null;
+ ByteBuffer* pTempVisibility = null;
+ AesCipher cipherEnc;
+ const byte ivector[_IV_LEN] = { 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B};
+
+ pTempVisibility = new (std::nothrow) ByteBuffer();
+ SysTryReturnResult(NID_SEC, pTempVisibility != null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
+
+ r = pTempVisibility->Construct(sizeof(int));
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = ivByte.Construct(_IV_LEN);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = ivByte.SetArray(ivector, 0, _IV_LEN);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+ ivByte.Flip();
+
+ r = pTempVisibility->SetArray((byte*)(&visibility), 0, sizeof(int));
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+ pTempVisibility->Flip();
+
+ r = cipherEnc.Construct(L"CBC/128/PKCS7PADDING", CIPHER_ENCRYPT);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ pKey = _DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN);
+ SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = cipherEnc.SetKey(*pKey);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = cipherEnc.SetInitialVector(ivByte);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ pEncryptedVisibility = cipherEnc.EncryptN(*pTempVisibility);
+ SysTryCatch(NID_SEC, pTempVisibility != null, r = E_SYSTEM, E_SYSTEM,
+ "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = StringUtil::EncodeToBase64String(*pEncryptedVisibility, encryptedVisibility);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ // fall through
+
+CATCH:
+
+ delete pTempVisibility;
+ delete pKey;
+ delete pEncryptedVisibility;
+
+ return r;
+}
+
+result
+_PrivilegeManagerServer::GetChecksum(AppId appId, int visibility, String& checksum)
+{
+ result r = E_SUCCESS;
+ byte tempChecksumString[sizeof(int) + MAX_APP_ID_SIZE];
+
+ ISecretKey* pKey = null;
+ ByteBuffer ivByte;
+ ByteBuffer input;
+ IHmac* pHmac = null;
+ ByteBuffer* pChecksumByteBuffer = null;
+ char* pAppId = null;
+
+ pAppId = (char*) _StringConverter::CopyToCharArrayN(appId);
+ SysTryCatch(NID_SEC, pAppId != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ memcpy(tempChecksumString, pAppId, MAX_APP_ID_SIZE);
+ memcpy(tempChecksumString + MAX_APP_ID_SIZE, (byte*)(&visibility), sizeof(int));
+
+ delete[] pAppId;
+ pAppId = null;
+
+ r = input.Construct(MAX_APP_ID_SIZE + sizeof(int));
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + sizeof(int));
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+ input.Flip();
+
+ pHmac = new (std::nothrow) Sha1Hmac();
+ SysTryCatch(NID_SEC, pHmac != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
+
+ pKey = _DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN);
+ SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = pHmac->SetKey(*pKey);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ pChecksumByteBuffer = pHmac->GetHmacN(input);
+ SysTryCatch(NID_SEC, pChecksumByteBuffer != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ r = StringUtil::EncodeToBase64String(*pChecksumByteBuffer, checksum);
+ SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
+
+ // fall through
+
+CATCH:
+
+ delete pKey;
+ delete pHmac;
+ delete pChecksumByteBuffer;
+
+ return r;
+}
+
+
+}} //Tizen::Security