4 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
6 * Contact: Rafal Krypa <r.krypa@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
29 #include <sys/smack.h>
30 #include "privilege-control.h"
36 #define LOG_TAG "PRIVILEGE_CONTROL"
39 // conditional log macro for dlogutil (debug)
40 #ifdef DLOG_DEBUG_ENABLED
41 #define C_LOGD(...) SLOGD(__VA_ARGS__)
42 #define SECURE_C_LOGD(...) SECURE_SLOGD(__VA_ARGS__)
44 #define C_LOGD(...) do { } while(0)
45 #define SECURE_C_LOGD(...) do { } while(0)
46 #endif //DLOG_DEBUG_ENABLED
48 // conditional log macro for dlogutil (warning)
49 #ifdef DLOG_WARN_ENABLED
50 #define C_LOGW(...) SLOGW(__VA_ARGS__)
51 #define SECURE_C_LOGW(...) SECURE_SLOGW(__VA_ARGS__)
53 #define C_LOGW(...) do { } while(0)
54 #define SECURE_C_LOGW(...) do { } while(0)
55 #endif //DLOG_WARN_ENABLED
57 // conditional log macro for dlogutil (error)
58 #ifdef DLOG_ERROR_ENABLED
59 #define C_LOGE(...) SLOGE(__VA_ARGS__)
60 #define SECURE_C_LOGE(...) SECURE_SLOGE(__VA_ARGS__)
62 #define C_LOGE(...) do { } while(0)
63 #define SECURE_C_LOGE(...) do { } while(0)
64 #endif //DLOG_ERROR_ENABLED
66 /* for SECURE_LOG* purpose */
74 #define LOG_(id, prio, tag, fmt, arg...) \
75 ( __dlog_print(id, prio, tag, "%s: %s(%d) > " fmt, __MODULE__, __func__, __LINE__, ##arg))
77 #define SECURE_LOG_(id, prio, tag, fmt, arg...) \
78 (_SECURE_ ? ( __dlog_print(id, prio, tag, "%s: %s(%d) > [SECURE_LOG] " fmt, __MODULE__, __func__, __LINE__, ##arg)) : (0))
80 #define SECURE_LOGD(format, arg...) SECURE_LOG_(LOG_ID_MAIN, DLOG_DEBUG, LOG_TAG, format, ##arg)
81 #define SECURE_LOGI(format, arg...) SECURE_LOG_(LOG_ID_MAIN, DLOG_INFO, LOG_TAG, format, ##arg)
82 #define SECURE_LOGW(format, arg...) SECURE_LOG_(LOG_ID_MAIN, DLOG_WARN, LOG_TAG, format, ##arg)
83 #define SECURE_LOGE(format, arg...) SECURE_LOG_(LOG_ID_MAIN, DLOG_ERROR, LOG_TAG, format, ##arg)
84 /****************************/
88 void fclosep(FILE **f);
89 void fts_closep(FTS **f);
90 #define AUTO_FREE __attribute__ ((cleanup(freep))) = NULL
91 #define AUTO_CLOSE __attribute__ ((cleanup(closep))) = -1
92 #define AUTO_FCLOSE __attribute__ ((cleanup(fclosep))) = NULL
93 #define AUTO_FTS_CLOSE __attribute__ ((cleanup(fts_closep))) = NULL
95 #define SMACK_RULES_DIR "/opt/etc/smack-app/accesses.d/"
96 #define SMACK_STARTUP_RULES_FILE "/opt/etc/smack-app-early/accesses.d/rules"
97 #define SMACK_LOADED_APP_RULES "/var/run/smack-app/"
99 #define SMACK_APP_LABEL_TEMPLATE "~APP~"
100 #define SMACK_SHARED_DIR_LABEL_TEMPLATE "~APP_SHARED_DIR~"
103 int smack_label_is_valid(const char* smack_label);
105 int load_smack_from_file(const char* app_id, struct smack_accesses** smack, int *fd, char** path);
106 int load_smack_from_file_early(const char* app_id, struct smack_accesses** smack, int *fd, char** path);
107 int smack_mark_file_name(const char *app_id, char **path);
108 bool file_exists(const char* path);
109 int smack_file_name(const char* app_id, char** path);
110 int have_smack(void);
111 int base_name_from_perm(const char *perm, char **name);
113 /* TODO: implement this function correctly using compilation flags for both Tizen IVI and Mobile */
115 * Generate Smack label for an application basing on its pkg_id.
116 * Caller is responsible for freeing the returned label.
118 * Currently this function always returns label: "User", param is not used
120 * @param pkg_id application identifier
121 * @return generated label (currently it is ALWAYS "User"), NULL on failure.
123 const char* generate_app_label(const char *pkg_id);
126 * Set EXEC label on executable file or symlink to executable file
128 * @param label label to be set
129 * @param path link to exec file or symbolic link to exec file
130 * @return PC_OPERATION_SUCCESS on success,
131 * error code otherwise
133 int set_exec_label(const char *label, const char *path);
137 * Get the permission family type name.
139 * @ingroup RDB internal functions
141 * @param app_type type of the application
142 * @return PC_OPERATION_SUCCESS on success,
143 * error code otherwise
145 const char* app_type_name(app_type_t app_type);
148 * Get the permission type name
150 * @ingroup RDB internal functions
152 * @param app_type type of the application
153 * @return PC_OPERATION_SUCCESS on success,
154 * error code otherwise
156 const char* app_type_group_name(app_type_t app_type);
159 * Get the app path type name as stored in the database.
161 * This returns valid names only if paths of the given type are stored in the database.
162 * Otherwise NULL is returned.
164 * @ingroupd RDB itnernal functions
166 * @param app_path_type type of the application's path
167 * @return name of the application's path or NULL if no matching type was found
169 const char* app_path_type_name(app_path_type_t app_path_type);
172 * Divide a Smack rule into subject, object and access
174 * @ingroup RDB internal functions
176 * @param s_rule the rule
177 * @param s_subject buffer for the subject
178 * @param s_object buffer for the object
179 * @param s_access buffer for the access
180 * @return PC_OPERATION_SUCCESS on success,
181 * error code otherwise
183 int tokenize_rule(const char *const s_rule,
189 * Check if the label is a wildcard.
191 * @ingroup RDB internal functions
193 * @param s_label the label
194 * @return is the label a wildcard?
196 bool is_wildcard(const char *const s_label);
199 * Divides the rule into subject, object and access strings.
201 * @ingroup RDB internal functions
203 * @param s_rule the string that we parse
204 * @param s_label buffer for the label
205 * @param s_access buffer for the access
206 * @param pi_is_reverse buffer for the is_reversed
207 * @return PC_OPERATION_SUCCESS on success,
208 * error code otherwise
210 int parse_rule(const char *const s_rule,
216 * Validate if all rules in the array can be parsed.
218 * @param pp_permissions_list array of permissions to check
219 * @return PC_OPERATION_SUCCESS on success,
220 * error code otherwise
222 int validate_all_rules(const char *const *const pp_permissions_list);
224 #endif /* COMMON_H_ */