Security/Tizen 2.X privacy-manager

From Tizen Wiki
Jump to: navigation, search

Overview

Privacy manager overview

An operator of a commercial application/website that collects personally identifiable information shall conspicuously post its privacy policy. Information which can be used to contact, locate, or identify an individual by itself or combined with other information is called personally identifiable information(PII). First and last name, social security number, e-mail address, phone number, and any other information a person's identity reasonably ascertainable from are included in PII.

Privacy manager provides ways to check and handle settings of privacy related privileges of applications. This module provides functions to:

  • Check whether privacy settings of the package using APIs related to PII is enabled.
  • Get/add/remove/update privacy related information of packages.
  • Reflect privacy changes to the system.

Interaction Flow

  • Installation
    1. Installer gets privilege list of application package to be installed from config.xml or tizen-manifest file
    2. Installer request Privacy manager to store privacy information with the full privilege list of the application
    3. Privacy manager inserts package ID and its privacy information into privacy DB
  • Change privacy settings
    1. An user changes privacy setting of an application at setting app
    2. Setting app calls Privacy manager API
    3. Privacy manager reflects privacy changes to privacy DB and broadcast event
    4. Privacy manager calls Security server API to enable/disable related smack rules
  • Check privacy settings
    1. API using privacy related privileges are called then it calls Privacy manager API to check whether the caller application has proper permission to launch it
    2. Privacy manager checks privacy information and return the result value

APIs

Privacy manager provides APIs to check privacy setting of application package. In usual, privacy_checker_check_by_privilege() is called by privacy-related APIs to check whether application invoke the API has proper enabled privileges. privacy_checker_check_package_by_privilege() is called by services when application made privacy-related request to the service. In privacy checking, service process or preloaded applications are handled as exception case.

  • int privacy_checker_initialize(const char* package_id);
    Initialize privacy checker.
    Required header:
    <privacy_checker_client.h>
    Required pc:
    privacy-manager-client
    Remarks:
    post: privacy_checker_finalize must be called to finalize
    Parameters:
    [in] package_id The ID of the pacakge to check
    Returns:
    return PRIV_MGR_ERROR_SUCCESS on success, otherwise a negative error value
    Return values:
    PRIV_MGR_ERROR_SUCCESS Successful
    PRIV_MGR_ERROR_INVALID_PARAMETER Invalid parameter
    PRIV_MGR_ERROR_SYSTEM_ERROR Failed to initialize

  • int privacy_checker_finalize(void);
    Finalize privacy checker.
    Required header:
    <privacy_checker_client.h>
    Required pc:
    privacy-manager-client
    Returns:
    return 0 on success.
    Return values:
    PRIV_MGR_ERROR_SUCCESS Successful

  • int privacy_checker_check_by_privacy(const char* privacy_id);
    Checks privacy is enabled or not by privacy id
    Required header:
    <privacy_checker_client.h>
    Required pc:
    privacy-manager-client
    Remarks:
    pre :privacy_checker_initialize must be called to initialize
    post: privacy_checker_finalize must be called to finalize
    Parameters:
    [in] privacy_id The ID of privacy
    Returns:
    return PRIV_MGR_ERROR_SUCCESS if the privacy is enabled else PRIV_MGR_ERROR_USER_NOT_CONSENTED, otherwise a negative error value
    Return values:
    PRIV_MGR_ERROR_SUCCESS Successful
    PRIV_MGR_ERROR_NOT_INITIALIZED Privacy chcker is not initialized
    PRIV_MGR_ERROR_DB_ERROR DB operation failed
    PRIV_MGR_ERROR_USER_NOT_CONSENTED The privacy of the package disabled

  • int privacy_checker_check_by_privilege(const char* privilege_id);
    Checks privacy is enabled or not by privilege id
    Required header:
    <privacy_checker_client.h>
    Required pc:
    privacy-manager-client
    Remarks:
    This API initialize privacy checker for the first time
    Caller can free resource by calling privacy_checker_finalize() after calling this API otherwise, finalize while library unloading
    Parameters:
    [in] privilege_id The ID of the privilege
    Returns:
    return PRIV_MGR_ERROR_SUCCESS if the privacy is enabled else PRIV_MGR_ERROR_USER_NOT_CONSENTED, otherwise a negative error value
    Return values:
    PRIV_MGR_ERROR_SUCCESS Successful
    PRIV_MGR_ERROR_NOT_INITIALIZED Privacy chcker is not initialized
    PRIV_MGR_ERROR_DB_FAILED DB operation failed
    PRIV_MGR_ERROR_INVALID_PARAMETER invalid parameter
    PRIV_MGR_ERROR_USER_NOT_CONSENTED The privacy of the package disabled

  • int privacy_checker_check_package_by_privilege(const char* package_id, const char* privilege_id);
    Check privacy is enabled or not by privilege id of the package
    Required header:
    <privacy_checker_client.h>
    Required pc:
    privacy-manager-client
    Remarks:
    post: privacy_checker_finalize must be called to finalize
    Parameters:
    [in] package_id The ID of the pacakge
    [in] privacy_id The ID of the privacy
    Returns:
    return PRIV_MGR_ERROR_SUCCESS if the privacy is enabled else PRIV_MGR_ERROR_USER_NOT_CONSENTED, otherwise a negative error value
    Return values:
    PRIV_MGR_ERROR_SUCCESS Successful
    PRIV_MGR_ERROR_DB_FAILED DB operation failed
    PRIV_MGR_ERROR_INVALID_PARAMETER invalid parameter
    PRIV_MGR_ERROR_USER_NOT_CONSENTED The privacy of the package disabled

Example)
int privacy_check()
{
  const char* PRIVILEGE_ID =  "http://tizen.org/privilege/location";

  int ret =  privacy_checker_check_by_privilege(PRIVILEGE_ID);
  if (ret != PRIV_MGR_ERROR_SUCCESS) {
     ...
     // return fail
  }
  // return success
  ret = privacy_checker_finalize(); 

  if (ret != PRIV_MGR_ERROR_SUCCESS) {
    ...
    // return fail
   }
   // return success
}

DB Schema

privacylist.db

/opt/dbspace/.privacylist.db

  • Table PrivacyInfo: defines privacy.
    • PRIVACY_ID
      Privacy name
      Format: http://tizen.org/privacy/{privacy}
      ex) http://tizen.org/privacy/location
    • FEATURE
      Privacy related feature. Features supported by the target are described in /etc/config/model-config.xml. If some feature required by privacy related APIs are not supported by the target then privacy check will fail.
      Format: http://tizen.org/feature/{feature}
      ex) http://tizen.org/feature/location
PRIVACY_ID FEATURE
http://tizen.org/privacy/calendar {null}
http://tizen.org/privacy/callhistory {null}
http://tizen.org/privacy/contact {null}
http://tizen.org/privacy/location tizen.org/feature/location
http://tizen.org/privacy/messaging {null}
Privacy ID and feature required by the Privacy in Tizen 2.3
  • Table PrivilgeToPrivacyTable defines privilege-to-privacy mapping.
    • PRIVILEGE_ID
      Privilege name
      ex) http://tizen.org/privilege/location
    • PRIVACY_ID
      Privacy name
      ex) http://tizen.org/privacy/location
PRIVACY_ID PRIVILEGE_ID
http://tizen.org/privacy/calendar http://tizen.org/privilege/calendar.read
http://tizen.org/privilege/calendar.write
http://tizen.org/privacy/callhistory http://tizen.org/privilege/callhistory.read
http://tizen.org/privilege/callhistory.write
http://tizen.org/privacy/contact http://tizen.org/privilege/contact.read
http://tizen.org/privilege/contact.write
http://tizen.org/privilege/userprofile.read
http://tizen.org/privilege/userprofile.write
http://tizen.org/privacy/location http://tizen.org/privilege/location
http://tizen.org/privacy/messaging http://tizen.org/privilege/messaging.email
http://tizen.org/privilege/messaging.mms
http://tizen.org/privilege/messaging.read
http://tizen.org/privilege/messaging.send
http://tizen.org/privilege/messaging.sms
http://tizen.org/privilege/messaging.write
http://tizen.org/privilege/message.read
http://tizen.org/privilege/message.write
Privilege to privacy mapping in Tizen 2.3

privacy.db

/opt/dbspace/.privacy.db

  • Table PackageInfo contains package information.
    • PKG_ID
      Package ID. Primary key.
    • IS_SET
      Indicates whether package is set or not. Boolean value.
  • Table PrivacyInfo stores package privacy setting information.
    • PKG_ID
      Package ID. Reference to PackageInfo table. Foreign key.
    • PRIVACY_ID
      Privacy name
    • IS_ENABLED
      Indicates whether the privacy setting of the package is enabled or not