summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjk7744.park <jk7744.park@samsung.com>2015-10-24 16:22:53 +0900
committerjk7744.park <jk7744.park@samsung.com>2015-10-24 16:22:53 +0900
commitf709d2887a77e89ba37765c90285c3a82d323547 (patch)
tree2c378eff41333da862f045a8f7df7f3e116567b3
parent52a4f7f9e6b9d2fe295cf62f63e2b52d54576ee6 (diff)
downloaddata-control-accepted/tizen_2.4_mobile.tar.gz
data-control-accepted/tizen_2.4_mobile.tar.bz2
data-control-accepted/tizen_2.4_mobile.zip
-rwxr-xr-xinclude/data_control_internal.h9
-rwxr-xr-xinclude/data_control_map.h1
-rw-r--r--packaging/capi-data-control.spec6
-rw-r--r--src/CMakeLists.txt2
-rw-r--r--src/data_control_internal.c88
-rw-r--r--src/data_control_log.h1
-rw-r--r--src/data_control_map.c44
-rw-r--r--src/data_control_provider.c155
-rw-r--r--src/data_control_sql.c44
9 files changed, 148 insertions, 202 deletions
diff --git a/include/data_control_internal.h b/include/data_control_internal.h
index 08b205e..838788b 100755
--- a/include/data_control_internal.h
+++ b/include/data_control_internal.h
@@ -24,16 +24,13 @@
extern "C" {
#endif
-typedef enum {
- PRIVILEGE_DATA_SHARING,
- PRIVILEGE_APP_MANAGER_LAUNCH
-} privilege_type;
-
int convert_to_tizen_error(datacontrol_error_e error);
-int check_privilege(privilege_type type);
int data_control_error(data_control_error_e error,
const char *function, const char *description);
+int data_control_consumer_check_privilege();
+int data_control_provider_check_privilege();
+
#ifdef __cplusplus
}
#endif
diff --git a/include/data_control_map.h b/include/data_control_map.h
index ff71990..822d185 100755
--- a/include/data_control_map.h
+++ b/include/data_control_map.h
@@ -312,6 +312,7 @@ int data_control_map_unregister_response_cb(data_control_h provider);
* @remarks If you want to use this api, you must add privileges.
* @remarks If the length of value list associated with the @a key is larger than 20, this API only returns the first 20 values.
* @remarks The following example demonstrates how to use the %data_control_map_get() method.
+ * @remarks If the length of value list associated with the key is larger than 20, value list only include first 20 values.
*
* @code
*
diff --git a/packaging/capi-data-control.spec b/packaging/capi-data-control.spec
index 10e60f3..57ce520 100644
--- a/packaging/capi-data-control.spec
+++ b/packaging/capi-data-control.spec
@@ -1,7 +1,7 @@
Name: capi-data-control
Summary: Data Control managed library
-Version: 1.2.2.3
-Release: 2
+Version: 1.2.3.2
+Release: 1
Group: Application Framework/Libraries
License: Apache-2.0
Source0: %{name}-%{version}.tar.gz
@@ -9,10 +9,10 @@ Source1001: %{name}.manifest
BuildRequires: cmake
BuildRequires: pkgconfig(bundle)
BuildRequires: pkgconfig(data-control)
-BuildRequires: pkgconfig(libsmack)
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(capi-base-common)
+BuildRequires: pkgconfig(security-privilege-checker)
# runtime requires
Requires: data-control
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 80091ba..93041bf 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -15,7 +15,7 @@ SET (${this_target}_SOURCE_FILES
data_control_provider.c
)
-SET(requires "data-control dlog glib-2.0 capi-base-common bundle libsmack")
+SET(requires "data-control dlog glib-2.0 capi-base-common bundle security-privilege-checker")
INCLUDE(FindPkgConfig)
pkg_check_modules(${this_target} REQUIRED ${requires})
diff --git a/src/data_control_internal.c b/src/data_control_internal.c
index aa039ce..e6cb126 100644
--- a/src/data_control_internal.c
+++ b/src/data_control_internal.c
@@ -20,9 +20,9 @@
#include <glib.h>
#include <unistd.h>
-#include <sys/smack.h>
#include <sys/types.h>
#include <fcntl.h>
+#include <privilege_checker.h>
#include "data_control_internal.h"
#ifdef LOG_TAG
@@ -34,6 +34,10 @@
#define _LOGE(fmt, arg...) LOGE(fmt,##arg)
#define _LOGD(fmt, arg...) LOGD(fmt, ##arg)
+#define TIZEN_PRIVILEGE_DATA_CONTROL_SHARING "http://tizen.org/privilege/datasharing"
+#define TIZEN_PRIVILEGE_APP_MANAGER_LAUNCH "http://tizen.org/privilege/appmanager.launch"
+#define TIZEN_PRIVILEGE_DATA_CONTROL_CONSUMER "http://tizen.org/privilege/datacontrol.consumer"
+
static const char *data_control_error_to_string(data_control_error_e error)
{
switch (error) {
@@ -89,66 +93,38 @@ int data_control_error(data_control_error_e error,
return error;
}
-
-int check_privilege(privilege_type type)
+int data_control_consumer_check_privilege()
{
- int fd = 0;
- int ret = 0;
- char subject_label[SMACK_LABEL_LEN + 1] = "";
-
- fd = open("/proc/self/attr/current", O_RDONLY);
- if (fd < 0) {
- _LOGE("open [%d] failed!", errno);
- return DATA_CONTROL_ERROR_IO_ERROR;
+ int retval;
+
+ retval = privilege_checker_check_privilege(TIZEN_PRIVILEGE_DATA_CONTROL_CONSUMER);
+ if (retval != PRIVILEGE_CHECKER_ERR_NONE) {
+ _LOGD("%s is not declared. This might be native application", TIZEN_PRIVILEGE_DATA_CONTROL_CONSUMER);
+ } else {
+ return DATA_CONTROL_ERROR_NONE;
}
- ret = read(fd, subject_label, SMACK_LABEL_LEN);
- if (ret < 0) {
- _LOGE("read [%d] failed!", errno);
- close(fd);
- return DATA_CONTROL_ERROR_IO_ERROR;
+ retval = privilege_checker_check_privilege(TIZEN_PRIVILEGE_DATA_CONTROL_SHARING);
+ if (retval != PRIVILEGE_CHECKER_ERR_NONE) {
+ return data_control_error(DATA_CONTROL_ERROR_PERMISSION_DENIED, __FUNCTION__, "failed to allow privilege");
}
- close(fd);
-
- _LOGD("subject_label : %s", subject_label);
- if (type == PRIVILEGE_DATA_SHARING) {
- ret = smack_have_access(subject_label,
- "security-server::api-open-for-privileged", "rw");
- if (ret == 1) {
- _LOGD("permission allowed");
- return DATA_CONTROL_ERROR_NONE;
- } else if (ret == -1) {
- _LOGE("smack_have_access() fail");
- return DATA_CONTROL_ERROR_IO_ERROR;
- } else if (ret == 0) {
- _LOGD("permission denied");
- return DATA_CONTROL_ERROR_PERMISSION_DENIED;
- }
- } else if (type == PRIVILEGE_APP_MANAGER_LAUNCH) {
- ret = smack_have_access(subject_label, "aul::launch", "x");
- if (ret == 1) {
- _LOGD("permission allowed");
- return DATA_CONTROL_ERROR_NONE;
- } else if (ret == -1) {
- _LOGE("smack_have_access() fail");
- return DATA_CONTROL_ERROR_IO_ERROR;
- } else if (ret == 0) {
- _LOGD("permission denied");
- return DATA_CONTROL_ERROR_PERMISSION_DENIED;
- }
- ret = smack_have_access(subject_label, "app-svc::db", "rwxa");
- if (ret == 1) {
- _LOGD("permission allowed");
- return DATA_CONTROL_ERROR_NONE;
- } else if (ret == -1) {
- _LOGE("smack_have_access() fail");
- return DATA_CONTROL_ERROR_IO_ERROR;
- } else if (ret == 0) {
- _LOGD("permission denied");
- return DATA_CONTROL_ERROR_PERMISSION_DENIED;
- }
+ retval = privilege_checker_check_privilege(TIZEN_PRIVILEGE_APP_MANAGER_LAUNCH);
+ if (retval != PRIVILEGE_CHECKER_ERR_NONE) {
+ return data_control_error(DATA_CONTROL_ERROR_PERMISSION_DENIED, __FUNCTION__, "failed to allow privilege");
+ }
+
+ return DATA_CONTROL_ERROR_NONE;
+}
+
+int data_control_provider_check_privilege()
+{
+ int retval;
+
+ retval = privilege_checker_check_privilege(TIZEN_PRIVILEGE_DATA_CONTROL_SHARING);
+ if (retval != PRIVILEGE_CHECKER_ERR_NONE) {
+ return data_control_error(DATA_CONTROL_ERROR_PERMISSION_DENIED, __FUNCTION__, "failed to allow privilege");
}
- return DATA_CONTROL_ERROR_IO_ERROR;
+ return DATA_CONTROL_ERROR_NONE;
}
diff --git a/src/data_control_log.h b/src/data_control_log.h
index 29165fc..50b2544 100644
--- a/src/data_control_log.h
+++ b/src/data_control_log.h
@@ -35,5 +35,6 @@
#define _SECURE_LOGE(fmt, arg...) SECURE_LOGE(fmt, ##arg)
#define _SECURE_LOGI(fmt, arg...) SECURE_LOGI(fmt, ##arg)
+#define _SECURE_LOGD(fmt, arg...) SECURE_LOGD(fmt, ##arg)
#endif /* __TIZEN_APPFW_DATA_CONTROL_LOG_H__ */
diff --git a/src/data_control_map.c b/src/data_control_map.c
index c2c3924..25e8b1c 100644
--- a/src/data_control_map.c
+++ b/src/data_control_map.c
@@ -183,14 +183,9 @@ data_control_map_get(data_control_h provider, const char *key, int *request_id)
{
int retval;
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
+ retval = data_control_consumer_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
- }
-
- retval = check_privilege(PRIVILEGE_APP_MANAGER_LAUNCH);
- if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
return convert_to_tizen_error(datacontrol_map_get((datacontrol_h)provider, key, request_id));
@@ -206,14 +201,9 @@ data_control_map_get_with_page(data_control_h provider, const char *key, int *re
return DATA_CONTROL_ERROR_INVALID_PARAMETER;
}
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
+ retval = data_control_consumer_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
- }
-
- retval = check_privilege(PRIVILEGE_APP_MANAGER_LAUNCH);
- if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
return convert_to_tizen_error(datacontrol_map_get_with_page((datacontrol_h)provider, key, request_id, page_number, count_per_page));
@@ -224,15 +214,11 @@ data_control_map_set(data_control_h provider, const char *key, const char *old_v
{
int retval;
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
+ retval = data_control_consumer_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
- retval = check_privilege(PRIVILEGE_APP_MANAGER_LAUNCH);
- if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
- }
return convert_to_tizen_error(datacontrol_map_set((datacontrol_h)provider, key, old_value, new_value, request_id));
}
@@ -241,14 +227,9 @@ data_control_map_add(data_control_h provider, const char *key, const char *value
{
int retval;
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
- if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
- }
-
- retval = check_privilege(PRIVILEGE_APP_MANAGER_LAUNCH);
+ retval = data_control_consumer_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
return convert_to_tizen_error(datacontrol_map_add((datacontrol_h)provider, key, value, request_id));
@@ -259,14 +240,9 @@ data_control_map_remove(data_control_h provider, const char *key, const char *va
{
int retval;
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
- if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
- }
-
- retval = check_privilege(PRIVILEGE_APP_MANAGER_LAUNCH);
+ retval = data_control_consumer_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
return convert_to_tizen_error(datacontrol_map_remove((datacontrol_h)provider, key, value, request_id));
diff --git a/src/data_control_provider.c b/src/data_control_provider.c
index 995cd3e..7582337 100644
--- a/src/data_control_provider.c
+++ b/src/data_control_provider.c
@@ -134,9 +134,9 @@ data_control_provider_sql_register_cb(data_control_provider_sql_cb *callback, vo
{
int retval;
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
+ retval = data_control_provider_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
if (!callback)
@@ -165,9 +165,9 @@ data_control_provider_map_register_cb(data_control_provider_map_cb *callback, vo
{
int retval;
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
+ retval = data_control_provider_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
if (!callback)
@@ -254,9 +254,12 @@ static void bundle_foreach_cb(const char *key, const int type, const bundle_keyv
EXPORT_API char*
data_control_provider_create_insert_statement(data_control_h provider, bundle *insert_map)
{
+ char *return_val = NULL;
+
int row_count = bundle_get_count(insert_map);
if (provider == NULL || row_count == 0)
{
+ _LOGE("Invalid parameter.");
set_last_result(DATA_CONTROL_ERROR_INVALID_PARAMETER);
return NULL;
}
@@ -264,6 +267,7 @@ data_control_provider_create_insert_statement(data_control_h provider, bundle *i
key_val_pair *cols = (key_val_pair *) calloc(sizeof(key_val_pair), 1);
if (cols == NULL)
{
+ _LOGE("Failed to allocate memory.");
set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
return NULL;
}
@@ -273,17 +277,19 @@ data_control_provider_create_insert_statement(data_control_h provider, bundle *i
cols->keys = (char **) calloc(sizeof(char *), row_count);
if (cols->keys == NULL)
{
- free(cols);
+ _LOGE("Failed to allocate memory.");
set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
+ free(cols);
return NULL;
}
cols->vals = (char **) calloc(sizeof(char *), row_count);
if (cols->vals == NULL)
{
+ _LOGE("Failed to allocate memory.");
+ set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
free(cols->keys);
free(cols);
- set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
return NULL;
}
@@ -294,54 +300,53 @@ data_control_provider_create_insert_statement(data_control_h provider, bundle *i
data_control_sql_get_data_id(provider, &data_id);
int sql_len = INSERT_STMT_CONST_LEN + strlen(data_id) + (row_count - 1) * 4 + (cols->length) + 1;
-
- _LOGI("SQL statement length: %d", sql_len);
+ _SECURE_LOGD("SQL statement length: %d", sql_len);
char* sql = (char *) calloc(sizeof(char), sql_len);
if (sql == NULL)
{
- free(data_id);
- free(cols->keys);
- free(cols->vals);
- free(cols);
+ _LOGE("Failed to allocate memory.");
set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
- return NULL;
+ return_val = NULL;
+ goto error;
}
- memset(sql, 0, sql_len);
- sprintf(sql, "INSERT INTO %s (", data_id);
- free(data_id);
+ snprintf(sql, sql_len, "INSERT INTO %s (", data_id);
for(index = 0; index < row_count - 1; index++)
{
- strcat(sql, cols->keys[index]);
- strcat(sql, ", ");
+ strncat(sql, cols->keys[index], sql_len - strlen(sql));
+ strncat(sql, ", ", sql_len - strlen(sql));
}
- strcat(sql, cols->keys[index]);
- strcat(sql, ") VALUES (");
+ strncat(sql, cols->keys[index], sql_len - strlen(sql));
+ strncat(sql, ") VALUES (", sql_len - strlen(sql));
for(index = 0; index < row_count - 1; index++)
{
- strcat(sql, cols->vals[index]);
- strcat(sql, ", ");
+ strncat(sql, cols->vals[index], sql_len - strlen(sql));
+ strncat(sql, ", ", sql_len - strlen(sql));
}
- strcat(sql, cols->vals[index]);
- strcat(sql, ")");
+ strncat(sql, cols->vals[index], sql_len - strlen(sql));
+ strncat(sql, ")", sql_len - strlen(sql));
- _LOGI("SQL statement is: %s", sql);
+ _SECURE_LOGI("SQL statement is: %s", sql);
+ return_val = sql;
+error:
for(index = 0; index < row_count; index++)
{
free(cols->keys[index]);
free(cols->vals[index]);
}
+
free(cols->keys);
free(cols->vals);
free(cols);
+ free(data_id);
- return sql;
+ return return_val;
}
EXPORT_API char*
@@ -360,25 +365,28 @@ data_control_provider_create_delete_statement(data_control_h provider, const cha
int cond_len = (where != NULL) ? (WHERE_COND_CONST_LEN + strlen(where)) : 0;
int sql_len = DELETE_STMT_CONST_LEN + strlen(data_id) + cond_len + 1;
- _LOGI("SQL statement length: %d", sql_len);
+ _SECURE_LOGD("SQL statement length: %d", sql_len);
char* sql = (char *) calloc(sizeof(char), sql_len);
if (sql == NULL)
{
- free(data_id);
+ _LOGE("Failed to allocate memory.");
set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
+ free(data_id);
return NULL;
}
memset(sql, 0, sql_len);
- sprintf(sql, "DELETE FROM %s", data_id);
+ snprintf(sql, sql_len, "DELETE FROM %s", data_id);
if (where)
{
- strcat(sql, " WHERE ");
- strcat(sql, where);
+
+ strncat(sql, " WHERE ", sql_len - strlen(sql));
+ strncat(sql, where, sql_len - strlen(sql));
+
}
- _LOGI("SQL statement is: %s", sql);
+ _SECURE_LOGI("SQL statement is: %s", sql);
free(data_id);
return sql;
@@ -387,9 +395,11 @@ data_control_provider_create_delete_statement(data_control_h provider, const cha
EXPORT_API char*
data_control_provider_create_update_statement(data_control_h provider, bundle *update_map, const char *where)
{
+ char *return_val = NULL;
int row_count = bundle_get_count(update_map);
if (provider == NULL || row_count == 0)
{
+ _LOGE("Invalid parameter.");
set_last_result(DATA_CONTROL_ERROR_INVALID_PARAMETER);
return NULL;
}
@@ -397,6 +407,7 @@ data_control_provider_create_update_statement(data_control_h provider, bundle *u
key_val_pair *cols = (key_val_pair *) calloc(sizeof(key_val_pair), 1);
if (cols == NULL)
{
+ _LOGE("Failed to allocate memory.");
set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
return NULL;
}
@@ -406,16 +417,18 @@ data_control_provider_create_update_statement(data_control_h provider, bundle *u
cols->keys = (char **) calloc(sizeof(char *), row_count);
if (cols->keys == NULL)
{
- free(cols);
+ _LOGE("Failed to allocate memory.");
set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
+ free(cols);
return NULL;
}
cols->vals = (char **) calloc(sizeof(char *), row_count);
if (cols->vals == NULL)
{
+ _LOGE("Failed to allocate memory.");
+ set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
free(cols->keys);
free(cols);
- set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
return NULL;
}
@@ -428,53 +441,53 @@ data_control_provider_create_update_statement(data_control_h provider, bundle *u
int cond_len = (where != NULL) ? (WHERE_COND_CONST_LEN + strlen(where)) : 0;
int sql_len = UPDATE_STMT_CONST_LEN + strlen(data_id) + (cols->length) + (row_count - 1) * 5 + cond_len + 1;
- _LOGI("SQL statement length: %d", sql_len);
+ _SECURE_LOGD("SQL statement length: %d", sql_len);
char* sql = (char *) calloc(sizeof(char), sql_len);
if (sql == NULL)
{
- free(data_id);
- free(cols->keys);
- free(cols->vals);
- free(cols);
+ _LOGE("Failed to allocate memory.");
set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
- return NULL;
+ return_val = NULL;
+ goto error;
}
- memset(sql, 0, sql_len);
- sprintf(sql, "UPDATE %s SET ", data_id);
- free(data_id);
+ snprintf(sql, sql_len, "UPDATE %s SET ", data_id);
for(index = 0; index < row_count - 1; index++)
{
- strcat(sql, cols->keys[index]);
- strcat(sql, " = ");
- strcat(sql, cols->vals[index]);
- strcat(sql, ", ");
+ strncat(sql, cols->keys[index], sql_len - strlen(sql));
+ strncat(sql, " = ", sql_len - strlen(sql));
+ strncat(sql, cols->vals[index], sql_len - strlen(sql));
+ strncat(sql, ", ", sql_len - strlen(sql));
}
- strcat(sql, cols->keys[index]);
- strcat(sql, " = ");
- strcat(sql, cols->vals[index]);
+ strncat(sql, cols->keys[index], sql_len - strlen(sql));
+ strncat(sql, " = ", sql_len - strlen(sql));
+ strncat(sql, cols->vals[index], sql_len - strlen(sql));
if (where)
{
- strcat(sql, " WHERE ");
- strcat(sql, where);
+ strncat(sql, " WHERE ", sql_len - strlen(sql));
+ strncat(sql, where, sql_len - strlen(sql));
}
- _LOGI("SQL statement is: %s", sql);
+ _SECURE_LOGI("SQL statement is: %s", sql);
+ return_val = sql;
+error:
for(index = 0; index < row_count; index++)
{
free(cols->keys[index]);
free(cols->vals[index]);
}
+
free(cols->keys);
free(cols->vals);
free(cols);
+ free(data_id);
- return sql;
+ return return_val;
}
EXPORT_API char*
@@ -484,6 +497,7 @@ data_control_provider_create_select_statement(data_control_h provider, const cha
int col_name_length = 0;
if (provider == NULL)
{
+ _LOGE("Invalid parameter.");
set_last_result(DATA_CONTROL_ERROR_INVALID_PARAMETER);
return NULL;
}
@@ -511,47 +525,50 @@ data_control_provider_create_select_statement(data_control_h provider, const cha
int order_len = (order != NULL) ? (ORDER_CLS_CONST_LEN + strlen(order)) : 0;
int sql_len = SELECT_STMT_CONST_LEN + col_name_length + strlen(data_id) + cond_len + order_len + 1;
- _LOGI("SQL statement length: %d", sql_len);
+ _SECURE_LOGD("SQL statement length: %d", sql_len);
char* sql = (char *) calloc(sizeof(char), sql_len);
if (sql == NULL)
{
- free(data_id);
+ _LOGE("Failed to allocate memory.");
set_last_result(DATA_CONTROL_ERROR_OUT_OF_MEMORY);
+ free(data_id);
return NULL;
}
memset(sql, 0, sql_len);
- strcpy(sql, "SELECT ");
+ strncpy(sql, "SELECT ", sql_len);
if (!column_list)
{
- strcat(sql, "*");
+ strncat(sql, "*", sql_len - strlen(sql));
}
else
{
for (index = 0; index < column_count - 1; index++)
{
- strcat(sql, column_list[index]);
- strcat(sql, ", ");
+ strncat(sql, column_list[index], sql_len - strlen(sql));
+ strncat(sql, ", ", sql_len - strlen(sql));
}
- strcat(sql, column_list[index]);
+ strncat(sql, column_list[index], sql_len - strlen(sql));
}
- strcat(sql, " FROM ");
- strcat(sql, data_id);
+ strncat(sql, " FROM ", sql_len - strlen(sql));
+ strncat(sql, data_id, sql_len - strlen(sql));
if (where)
{
- strcat(sql, " WHERE ");
- strcat(sql, where);
+ strncat(sql, " WHERE ", sql_len - strlen(sql));
+ strncat(sql, where, sql_len - strlen(sql));
+
}
if (order)
{
- strcat(sql, " ORDER BY ");
- strcat(sql, order);
+ strncat(sql, " ORDER BY ", sql_len - strlen(sql));
+ strncat(sql, order, sql_len - strlen(sql));
+
}
- _LOGI("SQL statement is: %s", sql);
+ _SECURE_LOGI("SQL statement is: %s", sql);
free(data_id);
return sql;
@@ -564,6 +581,7 @@ data_control_provider_match_provider_id(data_control_h provider, const char *pro
char* prov_id = NULL;
if(provider == NULL || provider_id == NULL)
{
+ _LOGE("Invalid parameter.");
set_last_result(DATA_CONTROL_ERROR_INVALID_PARAMETER);
return false;
}
@@ -594,6 +612,7 @@ data_control_provider_match_data_id(data_control_h provider, const char *data_id
char* data = NULL;
if(provider == NULL || data_id == NULL)
{
+ _LOGE("Invalid parameter.");
set_last_result(DATA_CONTROL_ERROR_INVALID_PARAMETER);
return false;
}
diff --git a/src/data_control_sql.c b/src/data_control_sql.c
index d62daed..e1c03e7 100644
--- a/src/data_control_sql.c
+++ b/src/data_control_sql.c
@@ -181,14 +181,9 @@ data_control_sql_insert(data_control_h provider, const bundle* insert_data, int
{
int retval;
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
+ retval = data_control_consumer_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
- }
-
- retval = check_privilege(PRIVILEGE_APP_MANAGER_LAUNCH);
- if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
return datacontrol_sql_insert((datacontrol_h)provider, insert_data, request_id);
@@ -199,14 +194,9 @@ data_control_sql_delete(data_control_h provider, const char *where, int *request
{
int retval;
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
+ retval = data_control_consumer_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
- }
-
- retval = check_privilege(PRIVILEGE_APP_MANAGER_LAUNCH);
- if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
return datacontrol_sql_delete((datacontrol_h)provider, where, request_id);
@@ -217,14 +207,9 @@ data_control_sql_select(data_control_h provider, char **column_list, int column_
{
int retval;
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
- if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
- }
-
- retval = check_privilege(PRIVILEGE_APP_MANAGER_LAUNCH);
+ retval = data_control_consumer_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
return datacontrol_sql_select((datacontrol_h)provider, column_list, column_count, where, order, request_id);
@@ -239,14 +224,10 @@ data_control_sql_select_with_page(data_control_h provider, char **column_list, i
{
return DATA_CONTROL_ERROR_INVALID_PARAMETER;
}
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
- if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
- }
- retval = check_privilege(PRIVILEGE_APP_MANAGER_LAUNCH);
+ retval = data_control_consumer_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
return datacontrol_sql_select_with_page((datacontrol_h)provider, column_list, column_count, where, order, page_number, count_per_page, request_id);
@@ -258,14 +239,9 @@ data_control_sql_update(data_control_h provider, const bundle* update_data, cons
{
int retval;
- retval = check_privilege(PRIVILEGE_DATA_SHARING);
- if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
- }
-
- retval = check_privilege(PRIVILEGE_APP_MANAGER_LAUNCH);
+ retval = data_control_consumer_check_privilege();
if (retval != DATA_CONTROL_ERROR_NONE) {
- return data_control_error(retval, __FUNCTION__, "failed to allow privilege");
+ return retval;
}
return datacontrol_sql_update((datacontrol_h)provider, update_data, where, request_id);