diff options
author | Zofia Abramowska <z.abramowska@samsung.com> | 2016-09-02 18:35:53 +0200 |
---|---|---|
committer | Zofia Abramowska <z.abramowska@samsung.com> | 2016-09-21 12:55:19 +0200 |
commit | 22166d42563a83b33cbae44efee2c4d48a2013e9 (patch) | |
tree | 793381e67452f985c96bf9dc8b85dba3ee164323 | |
parent | b2354a2f438d80b10206a80cc0ada1c9733e7d5d (diff) | |
download | security-manager-22166d42563a83b33cbae44efee2c4d48a2013e9.tar.gz security-manager-22166d42563a83b33cbae44efee2c4d48a2013e9.tar.bz2 security-manager-22166d42563a83b33cbae44efee2c4d48a2013e9.zip |
Add is hybrid flag to application install request
"IsHybrid" is introduced to distinguish between different
types of packages. Hybrid package assumes, that applications
inside it can have different privileges, so they should be
labeled separately. Any other package will have all applications
labeled the same and label will be generated from package name.
This commit does not yet interpret this flag, apart from db,
From now on db will accept only applications from the same package,
which have the same setting of isHybrid flag.
Change-Id: Ic94d2147fa9684279d8b8a41ad6ee99b555cd766
-rw-r--r-- | db/db.sql | 16 | ||||
-rw-r--r-- | db/updates/update-db-to-v8.sql | 7 | ||||
-rw-r--r-- | src/client/client-security-manager.cpp | 14 | ||||
-rw-r--r-- | src/common/include/privilege_db.h | 7 | ||||
-rw-r--r-- | src/common/include/protocols.h | 1 | ||||
-rw-r--r-- | src/common/privilege_db.cpp | 6 | ||||
-rw-r--r-- | src/common/service_impl.cpp | 3 | ||||
-rw-r--r-- | src/include/app-manager.h | 13 | ||||
-rw-r--r-- | src/server/service/service.cpp | 1 |
9 files changed, 58 insertions, 10 deletions
@@ -4,13 +4,14 @@ PRAGMA auto_vacuum = NONE; BEGIN EXCLUSIVE TRANSACTION; -PRAGMA user_version = 7; +PRAGMA user_version = 8; CREATE TABLE IF NOT EXISTS pkg ( pkg_id INTEGER PRIMARY KEY, name VARCHAR NOT NULL, author_id INTEGER, shared_ro INTEGER NOT NULL DEFAULT 0, +is_hybrid INTEGER NOT NULL DEFAULT 0, UNIQUE (name) FOREIGN KEY (author_id) REFERENCES author (author_id) ); @@ -71,7 +72,8 @@ SELECT app.version as version, pkg.author_id, pkg.name as pkg_name, - author.name as author_name + author.name as author_name, + pkg.is_hybrid FROM user_app LEFT JOIN app USING (app_id) LEFT JOIN pkg USING (pkg_id) @@ -98,10 +100,16 @@ BEGIN AND NEW.author_name IS NOT NULL AND author_name!=NEW.author_name); + SELECT RAISE(ABORT, 'Hybrid flag set differently for existing package') + WHERE EXISTS (SELECT 1 FROM user_app_pkg_view + WHERE is_hybrid!=NEW.is_hybrid + AND pkg_name=NEW.pkg_name); + INSERT OR IGNORE INTO author(name) VALUES (NEW.author_name); - INSERT OR IGNORE INTO pkg(name, author_id) VALUES ( + INSERT OR IGNORE INTO pkg(name, author_id, is_hybrid) VALUES ( NEW.pkg_name, - (SELECT author_id FROM author WHERE name=NEW.author_name)); + (SELECT author_id FROM author WHERE name=NEW.author_name), + NEW.is_hybrid); -- If pkg have already existed with empty author do update it UPDATE pkg SET author_id=(SELECT author_id FROM author WHERE name=NEW.author_name) diff --git a/db/updates/update-db-to-v8.sql b/db/updates/update-db-to-v8.sql new file mode 100644 index 00000000..08f23783 --- /dev/null +++ b/db/updates/update-db-to-v8.sql @@ -0,0 +1,7 @@ +BEGIN EXCLUSIVE TRANSACTION; + +PRAGMA user_version = 8; + +ALTER TABLE pkg ADD is_hybrid INTEGER NOT NULL DEFAULT 0; + +COMMIT TRANSACTION; diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index e5cc93f7..6cf0c351 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -208,6 +208,17 @@ int security_manager_app_inst_req_set_install_type(app_inst_req *p_req, const en } SECURITY_MANAGER_API +int security_manager_app_inst_req_set_hybrid(app_inst_req *p_req) +{ + if (!p_req) + return SECURITY_MANAGER_ERROR_INPUT_PARAM; + + p_req->isHybrid = true; + + return SECURITY_MANAGER_SUCCESS; +} + +SECURITY_MANAGER_API int security_manager_app_install(const app_inst_req *p_req) { using namespace SecurityManager; @@ -237,7 +248,8 @@ int security_manager_app_install(const app_inst_req *p_req) p_req->uid, p_req->tizenVersion, p_req->authorName, - p_req->installationType); + p_req->installationType, + p_req->isHybrid); //send buffer to server retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h index 1068699c..8e7f8018 100644 --- a/src/common/include/privilege_db.h +++ b/src/common/include/privilege_db.h @@ -104,7 +104,8 @@ private: SecurityManager::DB::SqlConnection *mSqlConnection; const std::map<StmtType, const char * const > Queries = { - { StmtType::EAddApplication, "INSERT INTO user_app_pkg_view (app_name, pkg_name, uid, version, author_name) VALUES (?, ?, ?, ?, ?)" }, + { StmtType::EAddApplication, "INSERT INTO user_app_pkg_view (app_name, pkg_name, uid, version, author_name, is_hybrid)" + " VALUES (?, ?, ?, ?, ?, ?)" }, { StmtType::ERemoveApplication, "DELETE FROM user_app_pkg_view WHERE app_name=? AND uid=?" }, { StmtType::EPkgNameExists, "SELECT count(*) FROM pkg WHERE name=?" }, { StmtType::EAppNameExists, "SELECT count(*) FROM app WHERE name=?" }, @@ -252,6 +253,7 @@ public: * @param uid - user identifier for whom application is going to be installed * @param targetTizenVer - target tizen version for application * @param author - author identifier + * @param isHybrid - hybrid flag setting * @exception DB::SqlConnection::Exception::InternalError on internal error * @exception DB::SqlConnection::Exception::ConstraintError on constraint violation */ @@ -260,7 +262,8 @@ public: const std::string &pkgName, uid_t uid, const std::string &targetTizenVer, - const std::string &authorId); + const std::string &authorId, + bool isHybrid); /** * Remove an application from the database diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h index 9493cf98..a8eb4afb 100644 --- a/src/common/include/protocols.h +++ b/src/common/include/protocols.h @@ -43,6 +43,7 @@ struct app_inst_req { std::string tizenVersion; std::string authorName; int installationType = SM_APP_INSTALL_NONE; + bool isHybrid = false; }; struct user_req { diff --git a/src/common/privilege_db.cpp b/src/common/privilege_db.cpp index 895da45c..75763459 100644 --- a/src/common/privilege_db.cpp +++ b/src/common/privilege_db.cpp @@ -195,7 +195,8 @@ void PrivilegeDb::AddApplication( const std::string &pkgName, uid_t uid, const std::string &targetTizenVer, - const std::string &authorName) + const std::string &authorName, + bool isHybrid) { try_catch<void>([&] { auto command = getStatement(StmtType::EAddApplication); @@ -204,10 +205,11 @@ void PrivilegeDb::AddApplication( command->BindInteger(3, static_cast<unsigned int>(uid)); command->BindString(4, targetTizenVer); authorName.empty() ? command->BindNull(5) : command->BindString(5, authorName); + command->BindInteger(6, isHybrid ? 1 : 0); if (command->Step()) { LogDebug("Unexpected SQLITE_ROW answer to query: " << - Queries.at(StmtType::EAddApplication)); + Queries.at(StmtType::EAddApplication)); }; LogDebug("Added appName: " << appName << ", pkgName: " << pkgName); diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index fad26cc8..188cde50 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -524,7 +524,8 @@ int ServiceImpl::appInstall(const Credentials &creds, app_inst_req &&req) PrivilegeDb::getInstance().BeginTransaction(); - PrivilegeDb::getInstance().AddApplication(req.appName, req.pkgName, req.uid, req.tizenVersion, req.authorName); + PrivilegeDb::getInstance().AddApplication(req.appName, req.pkgName, req.uid, + req.tizenVersion, req.authorName, req.isHybrid); /* Get all application ids in the package to generate rules withing the package */ PrivilegeDb::getInstance().GetPkgApps(req.pkgName, pkgContents); PrivilegeDb::getInstance().GetPkgAuthorId(req.pkgName, authorId); diff --git a/src/include/app-manager.h b/src/include/app-manager.h index d05d451b..04b8688a 100644 --- a/src/include/app-manager.h +++ b/src/include/app-manager.h @@ -132,6 +132,19 @@ int security_manager_app_inst_req_set_author_id(app_inst_req *p_req, const char int security_manager_app_inst_req_set_install_type(app_inst_req *p_req, const enum app_install_type type); /** + * This function is used to flag package as hybrid. This must be done consequently for every + * application installed in package - if first application installed sets this flag, others also + * must set it, otherwise installation will fail, the same applies to non-hybrid packages - + * if first application doesn't set this flag, then no other application for this package can set + * it, otherwise its installation will fail. + * + * \param[in] p_req Pointer handling app_inst_req structure + * \return API return code or error code + * + */ +int security_manager_app_inst_req_set_hybrid(app_inst_req *p_req); + +/** * This function is used to install application based on * using filled up app_inst_req data structure * diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index 394bf42a..5e57f7a0 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -187,6 +187,7 @@ void Service::processAppInstall(MessageBuffer &buffer, MessageBuffer &send, cons Deserialization::Deserialize(buffer, req.tizenVersion); Deserialization::Deserialize(buffer, req.authorName); Deserialization::Deserialize(buffer, req.installationType); + Deserialization::Deserialize(buffer, req.isHybrid); Serialization::Serialize(send, serviceImpl.appInstall(creds, std::move(req))); } |