static int
Checker_check_int(Checker *self, PyObject *object, PyObject *name)
{
PyObject *permission=NULL;
int operator;
/* permission = self._permission_func(name) */
if (self->getperms)
permission = PyDict_GetItem(self->getperms, name);
/* if permission is not None: */
if (permission != NULL)
{
/* if permission is CheckerPublic: */
/* return # Public */
if (permission == CheckerPublic)
return 0;
if (checkPermission(permission, object, name) < 0)
return -1;
return 0;
}
operator = (PyString_Check(name)
&& PyString_AS_STRING(name)[0] == '_'
&& PyString_AS_STRING(name)[1] == '_');
if (operator)
{
/* elif name in _available_by_default: */
/* return */
int ic = PySequence_Contains(_available_by_default, name);
if (ic < 0)
return -1;
if (ic)
return 0;
/* if name != '__iter__' or hasattr(object, name): */
/* __traceback_supplement__ = (TracebackSupplement, object) */
/* raise ForbiddenAttribute, (name, object) */
if (strcmp("__iter__", PyString_AS_STRING(name)) == 0
&& ! PyObject_HasAttr(object, name))
/* We want an attr error if we're asked for __iter__ and we don't
have it. We'll get one by allowing the access. */
return 0;
}
{
PyObject *args;
args = Py_BuildValue("OO", name, object);
if (args != NULL)
{
PyErr_SetObject(ForbiddenAttribute, args);
Py_DECREF(args);
}
return -1;
}
}
bool NotificationPresenterImpl::show(Notification* notification)
{
ASSERT(notification);
ASSERT(notification->scriptExecutionContext());
RefPtr<Notification> n = notification;
if (m_notifications.contains(n))
return false;
if (checkPermission(notification->scriptExecutionContext()) != NotificationPresenter::PermissionAllowed)
return false;
String uuid = createCanonicalUUIDString();
m_notifications.add(n, uuid);
String message;
if (n->isHTML()) {
// FIXME: Load and display HTML content.
message = n->url().string();
} else {
// FIXME: Strip the content into one line.
message = n->contents().title() + ": " + n->contents().body();
}
m_platformPresenter->show(std::string(uuid.utf8().data()), std::string(message.utf8().data()));
return true;
}
/* def check_setattr(self, object, name): */
static PyObject *
Checker_check_setattr(Checker *self, PyObject *args)
{
PyObject *object, *name, *permission=NULL;
if (!PyArg_ParseTuple(args, "OO", &object, &name))
return NULL;
/* permission = self._permission_func(name) */
if (self->setperms)
permission = PyDict_GetItem(self->setperms, name);
/* if permission is not None: */
if (permission != NULL)
{
/* if permission is CheckerPublic: */
/* return # Public */
if (permission != CheckerPublic
&& checkPermission(permission, object, name) < 0)
return NULL;
Py_INCREF(Py_None);
return Py_None;
}
/* __traceback_supplement__ = (TracebackSupplement, object) */
/* raise ForbiddenAttribute, (name, object) */
args = Py_BuildValue("OO", name, object);
if (args != NULL)
{
PyErr_SetObject(ForbiddenAttribute, args);
Py_DECREF(args);
}
return NULL;
}
MojErr MojDbKind::update(MojObject* newObj, const MojObject* oldObj, MojDbOp op, MojDbReq& req, bool checkSchema)
{
MojLogTrace(s_log);
MojErr err = checkPermission(op, req);
MojErrCheck(err);
err = req.curKind(this);
MojErrCheck(err);
#if defined(TESTDBKIND)
MojString s;
MojErr e2;
if (oldObj) {
e2 = oldObj->toJson(s);
MojLogInfo(s_log, _T("Kind_Update_OldObj: %s ;\n"), s.data());
}
if (newObj) {
e2 = newObj->toJson(s);
MojLogInfo(s_log, _T("Kind_Update_NewObj: %s ;\n"), s.data());
}
#endif
if (newObj) {
// add the _backup property if not set
if (m_backup && !newObj->contains(MojDb::SyncKey)) {
err = newObj->putBool(MojDb::SyncKey, true);
MojErrCheck(err);
}
// TEMPORARY!!! This should be done in pre-update to also check parent kinds
// warning message comes from preUpdate
if(checkSchema)
{
MojSchema::Result res;
err = m_schema.validate(*newObj, res);
MojErrCheck(err);
if (!res.valid())
{
MojErrThrowMsg(MojErrSchemaValidation, _T("schema validation failed for kind '%s': %s"),
m_id.data(), res.msg().data());
}
}
}
// update revSets and validate schema
err = preUpdate(newObj, oldObj, req);
MojErrCheck(err);
// update indexes
MojVector<MojDbKind*> kindVec;
MojInt32 idxcount = 0;
err = updateIndexes(newObj, oldObj, req, op, kindVec, idxcount);
MojLogInfo(s_log, _T("Kind_UpdateIndexes_End: %s; supers = %zu; indexcount = %zu; updated = %d \n"), this->id().data(),
m_supers.size(), m_indexes.size(), idxcount);
MojErrCheck(err);
return MojErrNone;
}
void NotificationPresenterClientQt::requestPermission(ScriptExecutionContext* context, PassRefPtr<NotificationPermissionCallback> callback)
{
if (dumpNotification)
printf("DESKTOP NOTIFICATION PERMISSION REQUESTED: %s\n", QString(context->securityOrigin()->toString()).toUtf8().constData());
NotificationClient::Permission permission = checkPermission(context);
if (permission != NotificationClient::PermissionNotAllowed) {
if (callback)
callback->handleEvent(Notification::permissionString(permission));
return;
}
QHash<ScriptExecutionContext*, CallbacksInfo >::iterator iter = m_pendingPermissionRequests.find(context);
if (iter != m_pendingPermissionRequests.end())
iter.value().m_callbacks.append(callback);
else {
RefPtr<NotificationPermissionCallback> cb = callback;
CallbacksInfo info;
info.m_frame = toFrame(context);
info.m_callbacks.append(cb);
if (toPage(context) && toFrame(context)) {
m_pendingPermissionRequests.insert(context, info);
toPage(context)->notificationsPermissionRequested(toFrame(context));
}
}
}
bool
HostFolder::remove(const std::string &name)
{
auto hostPath = mPath.join(name);
auto winPath = platform::toWinApiString(hostPath.path());
auto child = findChild(name);
if (!child) {
// File / Directory does not exist, nothing to do
return true;
}
if (!checkPermission(Permissions::Write)) {
return false;
}
auto removed = false;
if (child->type() == NodeType::FileNode) {
removed = !!DeleteFileW(winPath.c_str());
} else if (child->type() == NodeType::FolderNode) {
removed = !!RemoveDirectoryW(winPath.c_str());
}
if (removed) {
mVirtual.deleteChild(child);
}
return removed;
}
Node *
HostFolder::addFolder(const std::string &name)
{
auto hostPath = mPath.join(name);
auto winPath = platform::toWinApiString(hostPath.path());
auto child = findChild(name);
if (child) {
if (child->type() == NodeType::FolderNode) {
return child;
}
return nullptr;
}
if (!checkPermission(Permissions::Write)) {
return nullptr;
}
if (_wmkdir(winPath.c_str())) {
return nullptr;
}
return registerFolder(hostPath, name);
}
bool checkCallingPermission(const String16& permission, int32_t* outPid, int32_t* outUid)
{
IPCThreadState* ipcState = IPCThreadState::self();
pid_t pid = ipcState->getCallingPid();
uid_t uid = ipcState->getCallingUid();
if (outPid) *outPid = pid;
if (outUid) *outUid = uid;
return checkPermission(permission, pid, uid);
}
AudioSystem::device_connection_state AudioPolicyService::getDeviceConnectionState(AudioSystem::audio_devices device,
const char *device_address)
{
if (mpPolicyManager == NULL) {
return AudioSystem::DEVICE_STATE_UNAVAILABLE;
}
if (!checkPermission()) {
return AudioSystem::DEVICE_STATE_UNAVAILABLE;
}
return mpPolicyManager->getDeviceConnectionState(device, device_address);
}
status_t AudioPolicyService::setRingerMode(uint32_t mode, uint32_t mask)
{
if (mpPolicyManager == NULL) {
return NO_INIT;
}
if (!checkPermission()) {
return PERMISSION_DENIED;
}
mpPolicyManager->setRingerMode(mode, mask);
return NO_ERROR;
}
status_t MediaRecorderClient::setAudioSource(int as)
{
LOGV("setAudioSource(%d)", as);
if (!checkPermission(recordAudioPermission)) {
return PERMISSION_DENIED;
}
Mutex::Autolock lock(mLock);
if (mRecorder == NULL) {
LOGE("recorder is not initialized");
return NO_INIT;
}
return mRecorder->setAudioSource((audio_source_t)as);
}
status_t AudioPolicyService::getStreamVolumeIndex(AudioSystem::stream_type stream, int *index)
{
if (mpPolicyManager == NULL) {
return NO_INIT;
}
if (!checkPermission()) {
return PERMISSION_DENIED;
}
if (stream < 0 || stream >= AudioSystem::NUM_STREAM_TYPES) {
return BAD_VALUE;
}
return mpPolicyManager->getStreamVolumeIndex(stream, index);
}
AudioSystem::forced_config AudioPolicyService::getForceUse(AudioSystem::force_use usage)
{
if (mpPolicyManager == NULL) {
return AudioSystem::FORCE_NONE;
}
if (!checkPermission()) {
return AudioSystem::FORCE_NONE;
}
if (usage < 0 || usage >= AudioSystem::NUM_FORCE_USE) {
return AudioSystem::FORCE_NONE;
}
return mpPolicyManager->getForceUse(usage);
}
status_t MediaRecorderClient::setVideoSource(int vs)
{
LOGV("setVideoSource(%d)", vs);
if (!checkPermission(cameraPermission)) {
return PERMISSION_DENIED;
}
Mutex::Autolock lock(mLock);
if (mRecorder == NULL) {
LOGE("recorder is not initialized");
return NO_INIT;
}
return mRecorder->setVideoSource((video_source)vs);
}
status_t AudioPolicyService::initStreamVolume(AudioSystem::stream_type stream,
int indexMin,
int indexMax)
{
if (mpPolicyManager == NULL) {
return NO_INIT;
}
if (!checkPermission()) {
return PERMISSION_DENIED;
}
if (stream < 0 || stream >= AudioSystem::NUM_STREAM_TYPES) {
return BAD_VALUE;
}
mpPolicyManager->initStreamVolume(stream, indexMin, indexMax);
return NO_ERROR;
}
MojErr MojDbKind::find(MojDbCursor& cursor, MojDbWatcher* watcher, MojDbReq& req, MojDbOp op)
{
MojLogTrace(s_log);
MojErr err = checkPermission(op, req);
MojErrCheck(err);
const MojDbQuery& query = cursor.query();
MojDbIndex* index = indexForQuery(query);
if (index == NULL)
MojErrThrow(MojErrDbNoIndexForQuery);
cursor.m_dbIndex = index;
MojLogInfo(s_log, _T("Dbkind_find: Kind: %s, UsingIndex: %s, order: %s, limit: %d \n"), m_id.data(), index->name().data(),
query.order().data(), (int)query.limit());
err = index->find(cursor, watcher, req);
MojErrCheck(err);
return MojErrNone;
}
status_t AudioPolicyService::setForceUse(AudioSystem::force_use usage, AudioSystem::forced_config config)
{
if (mpPolicyManager == NULL) {
return NO_INIT;
}
if (!checkPermission()) {
return PERMISSION_DENIED;
}
if (usage < 0 || usage >= AudioSystem::NUM_FORCE_USE) {
return BAD_VALUE;
}
if (config < 0 || config >= AudioSystem::NUM_FORCE_CONFIG) {
return BAD_VALUE;
}
LOGV("setForceUse() tid %d", gettid());
Mutex::Autolock _l(mLock);
mpPolicyManager->setForceUse(usage, config);
return NO_ERROR;
}
void BaseMainPage::navigatorPageAt(int index, bool force)
{
if(index < 0 || index >=4)
return;
if(!checkPermission() && !force)
return;
changeNavigator(index);
QList<int> navigatorPageIndex;
navigatorPageIndex.append(RUNPAGE_INDEX);
navigatorPageIndex.append(RUNPARAMPAGE_INDEX);
navigatorPageIndex.append(SETUPPAGE_INDEX);
navigatorPageIndex.append(DEBUGPRESS_INDEX);
ui.bottomWidget->changeNavigatorDisp(index);//改变导航栏显示;
changePage(navigatorPageIndex.at(index));
}
status_t BnPermissionController::onTransact(
uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
//printf("PermissionController received: "); data.print();
switch(code) {
case CHECK_PERMISSION_TRANSACTION: {
CHECK_INTERFACE(IPermissionController, data, reply);
String16 permission = data.readString16();
int32_t pid = data.readInt32();
int32_t uid = data.readInt32();
bool res = checkPermission(permission, pid, uid);
// write exception
reply->writeInt32(0);
reply->writeInt32(res ? 1 : 0);
return NO_ERROR;
} break;
default:
return BBinder::onTransact(code, data, reply, flags);
}
}
status_t AudioPolicyService::setPhoneState(int state)
{
if (mpPolicyManager == NULL) {
return NO_INIT;
}
if (!checkPermission()) {
return PERMISSION_DENIED;
}
if (state < 0 || state >= AudioSystem::NUM_MODES) {
return BAD_VALUE;
}
LOGV("setPhoneState() tid %d", gettid());
// TODO: check if it is more appropriate to do it in platform specific policy manager
AudioSystem::setMode(state);
Mutex::Autolock _l(mLock);
mpPolicyManager->setPhoneState(state);
return NO_ERROR;
}
bool Permission::doCheckPermission(pid_t pid, uid_t uid) const
{
if ((uid == 0) || (pid == mPid)) {
// root and ourselves is always okay
return true;
} else {
// see if we already granted this permission for this uid
Mutex::Autolock _l(mLock);
if (mGranted.indexOf(uid) >= 0)
return true;
}
bool granted = checkPermission(mPermissionName, pid, uid);
if (granted) {
Mutex::Autolock _l(mLock);
// no need to check again, the old item will be replaced if it is
// already there.
mGranted.add(uid);
}
return granted;
}
status_t AudioPolicyService::setDeviceConnectionState(AudioSystem::audio_devices device,
AudioSystem::device_connection_state state,
const char *device_address)
{
if (mpPolicyManager == NULL) {
return NO_INIT;
}
if (!checkPermission()) {
return PERMISSION_DENIED;
}
if (!AudioSystem::isOutputDevice(device) && !AudioSystem::isInputDevice(device)) {
return BAD_VALUE;
}
if (state != AudioSystem::DEVICE_STATE_AVAILABLE && state != AudioSystem::DEVICE_STATE_UNAVAILABLE) {
return BAD_VALUE;
}
LOGV("setDeviceConnectionState() tid %d", gettid());
Mutex::Autolock _l(mLock);
return mpPolicyManager->setDeviceConnectionState(device, state, device_address);
}
bool NotificationPresenterImpl::show(Notification* n)
{
if (NotificationPresenter::PermissionAllowed != checkPermission(n->scriptExecutionContext()))
return false;
RefPtr<Notification> notification = n;
if (m_notifications.contains(notification))
return false;
String uuid = createCanonicalUUIDString();
m_notifications.add(notification, uuid);
String message;
if (notification->isHTML())
// FIXME: load and display HTML content
message = notification->url().string();
else
message = notification->contents().title() + ": " + notification->contents().body(); // FIXME: strip to one line
m_platformPresenter->show(std::string(uuid.utf8().data()), std::string(message.utf8().data()));
return true;
}
bool
HostFolder::remove(const std::string &name)
{
auto hostPath = mPath.join(name);
auto child = findChild(name);
if (!child) {
// File / Directory does not exist, nothing to do
return true;
}
if (!checkPermission(Permissions::Write)) {
return false;
}
if (remove(hostPath.path().c_str())) {
return false;
}
mVirtual.deleteChild(child);
return true;
}
MojErr MojDbKind::drop(MojDbReq& req)
{
MojLogTrace(s_log);
MojErr err = checkPermission(OpKindUpdate, req);
MojErrCheck(err);
err = req.curKind(this);
MojErrCheck(err);
// drop indexes
MojErr errAcc = MojErrNone;
for (IndexVec::ConstIterator i = m_indexes.begin();
i != m_indexes.end(); ++i) {
errAcc = dropIndex(i->get(), req);
MojErrAccumulate(err, errAcc);
}
m_indexes.clear();
// remove self from super/sub kinds
errAcc = close();
MojErrAccumulate(err, errAcc);
return err;
}
void
NotificationManager::addNotification(const Compositor::NotificationData& data)
{
ILOG_TRACE_F(ILX_NOTIFICATIONMAN);
// check if origin is allowed to push notifications.
if (!checkPermission(data))
return;
// create a new notification.
Notification* notification = new Notification(data, _compositor);
Size s = notification->preferredSize();
notification->setGeometry(_compositor->width() - 400, 10, 400, s.height());
_compositor->addWidget(notification);
notification->bringToFront();
if (replacePending(notification) || replaceActive(notification))
return;
pthread_mutex_lock(&_pendingMutex);
_pending.push_back(notification);
pthread_mutex_unlock(&_pendingMutex);
// arrangeNotifications(s.height());
}
String Notification::permission(ExecutionContext* context)
{
return permissionString(checkPermission(context));
}
status_t BnFingerprintDaemon::onTransact(uint32_t code, const Parcel& data, Parcel* reply,
uint32_t flags) {
switch(code) {
case AUTHENTICATE: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const uint64_t sessionId = data.readInt64();
const uint32_t groupId = data.readInt32();
const int32_t ret = authenticate(sessionId, groupId);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
};
case CANCEL_AUTHENTICATION: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const int32_t ret = stopAuthentication();
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
}
case ENROLL: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const ssize_t tokenSize = data.readInt32();
const uint8_t* token = static_cast<const uint8_t *>(data.readInplace(tokenSize));
const int32_t groupId = data.readInt32();
const int32_t timeout = data.readInt32();
const int32_t ret = enroll(token, tokenSize, groupId, timeout);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
}
case CANCEL_ENROLLMENT: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const int32_t ret = stopEnrollment();
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
}
case PRE_ENROLL: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const uint64_t ret = preEnroll();
reply->writeNoException();
reply->writeInt64(ret);
return NO_ERROR;
}
case POST_ENROLL: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const int32_t ret = postEnroll();
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
}
case REMOVE: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const int32_t fingerId = data.readInt32();
const int32_t groupId = data.readInt32();
const int32_t ret = remove(fingerId, groupId);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
}
case ENUMERATE: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const int32_t ret = enumerate();
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
}
case GET_AUTHENTICATOR_ID: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const uint64_t ret = getAuthenticatorId();
reply->writeNoException();
reply->writeInt64(ret);
return NO_ERROR;
}
case SET_ACTIVE_GROUP: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const int32_t group = data.readInt32();
const ssize_t pathSize = data.readInt32();
const uint8_t* path = static_cast<const uint8_t *>(data.readInplace(pathSize));
const int32_t ret = setActiveGroup(group, path, pathSize);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
}
case OPEN_HAL: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const int64_t ret = openHal();
reply->writeNoException();
reply->writeInt64(ret);
return NO_ERROR;
}
case CLOSE_HAL: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
const int32_t ret = closeHal();
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
}
case INIT: {
CHECK_INTERFACE(IFingerprintDaemon, data, reply);
if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) {
return PERMISSION_DENIED;
}
sp<IFingerprintDaemonCallback> callback =
interface_cast<IFingerprintDaemonCallback>(data.readStrongBinder());
init(callback);
reply->writeNoException();
return NO_ERROR;
}
default:
return BBinder::onTransact(code, data, reply, flags);
}
};
status_t BnPermissionController::onTransact(
uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
switch(code) {
case CHECK_PERMISSION_TRANSACTION: {
CHECK_INTERFACE(IPermissionController, data, reply);
String16 permission = data.readString16();
int32_t pid = data.readInt32();
int32_t uid = data.readInt32();
bool res = checkPermission(permission, pid, uid);
reply->writeNoException();
reply->writeInt32(res ? 1 : 0);
return NO_ERROR;
} break;
case NOTE_OP_TRANSACTION: {
CHECK_INTERFACE(IPermissionController, data, reply);
String16 op = data.readString16();
int32_t uid = data.readInt32();
String16 packageName = data.readString16();
int32_t res = noteOp(op, uid, packageName);
reply->writeNoException();
reply->writeInt32(res);
return NO_ERROR;
} break;
case GET_PACKAGES_FOR_UID_TRANSACTION: {
CHECK_INTERFACE(IPermissionController, data, reply);
int32_t uid = data.readInt32();
Vector<String16> packages;
getPackagesForUid(uid, packages);
reply->writeNoException();
size_t size = packages.size();
reply->writeInt32(size);
for (size_t i = 0; i < size; i++) {
reply->writeString16(packages[i]);
}
return NO_ERROR;
} break;
case IS_RUNTIME_PERMISSION_TRANSACTION: {
CHECK_INTERFACE(IPermissionController, data, reply);
String16 permission = data.readString16();
const bool res = isRuntimePermission(permission);
reply->writeNoException();
reply->writeInt32(res ? 1 : 0);
return NO_ERROR;
} break;
case GET_PACKAGE_UID_TRANSACTION: {
CHECK_INTERFACE(IPermissionController, data, reply);
String16 package = data.readString16();
int flags = data.readInt32();
const int uid = getPackageUid(package, flags);
reply->writeNoException();
reply->writeInt32(uid);
return NO_ERROR;
} break;
default:
return BBinder::onTransact(code, data, reply, flags);
}
}
PermissionManager::Result PermissionManager::checkPermission(const Character* character, std::string permission)
{
return checkPermission(character->getAccountLevel(), permission);
}
