2 * libprivilege control, rules database
4 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
6 * Contact: Jan Olszak <j.olszak@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
23 * @file rules-db-internals.h
24 * @author Jan Olszak (j.olszak@samsung.com)
26 * @brief This file contains definition of rules database API.
32 #ifndef _RULES_DB_INTERNALS_H_
33 #define _RULES_DB_INTERNALS_H_
38 #define SMACK_APP_LABEL_TEMPLATE "~APP~"
40 // Open database flags:
41 #define RDB_READWRITE_FLAG SQLITE_OPEN_READWRITE | SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_PRIVATECACHE
42 #define RDB_READONLY_FLAG SQLITE_OPEN_READONLY | SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_PRIVATECACHE
44 // Bind function defines:
45 #define RDB_FIRST_PARAM 1 /// Bind to the first parameter
46 #define RDB_SECOND_PARAM 2 /// Bind to the second parameter
48 #define RDB_AUTO_DETERM_SIZE -1 // Determine the size of the
51 #define RDB_FIRST_COLUMN 0
52 #define RDB_SECOND_COLUMN 1
53 #define RDB_THIRD_COLUMN 2
54 #define RDB_FOURTH_COLUMN 3
59 #define RDB_LOG_ENTRY_PARAM(format, ...) C_LOGD("RDB: Entering function %s. Args: " format, __func__, ##__VA_ARGS__)
60 #define RDB_LOG_ENTRY C_LOGD("RDB: Entering function %s", __func__)
64 * Add the label to the temporary table with modified labels.
65 * We use this table to speed up generating modified smack rules.
67 * If label is not in this table, but rule changed
68 * Smack will not get the rule in runtime.
70 * @ingroup RDB internal functions
72 * @param p_db pointer to a SQLite3 database object
73 * @param s_label_name label name
74 * @return PC_OPERATION_SUCCESS on success, error code otherwise
76 int add_modified_label_internal(sqlite3 *p_db, const char *const s_label_name);
80 * Adds label names of applications with the permission to modified labels.
81 * Used when permission is going to change and we're going to change some
82 * accesses granted by this permission.
84 * @ingroup RDB internal functions
86 * @param p_db pointer to a SQLite3 database object
87 * @param i_permission_id id of the permission
88 * @return PC_OPERATION_SUCCESS on success, error code otherwise
90 int add_modified_permission_internal(sqlite3 *p_db, sqlite3_int64 i_permission_id);
94 * Adds label names of the application's folders to the modified labels.
95 * Used during removing application.
97 * @ingroup RDB internal functions
99 * @param p_db pointer to a SQLite3 database object
100 * @param s_app_label_name label of the application
101 * @return PC_OPERATION_SUCCESS on success,
102 * error code otherwise
104 int add_modified_apps_path_internal(sqlite3 *p_db, const char *const s_app_label_name);
108 * Open a connection with the database and perform an initialization.
110 * @ingroup RDB internal functions
112 * @param p_db pointer to a SQLite3 database object
113 * @param b_create_temporary_tables variable denoting if temporary tables should be created
114 * @return PC_OPERATION_SUCCESS on success, error code otherwise
116 int open_rdb_connection(sqlite3 **pp_db, bool b_create_temporary_tables);
120 * Write variables into the query and create a SQLite statement.
121 * One should use the SQLite3 format strings like '%Q'.
123 * For a lot of generic queries use binding.
125 * @ingroup RDB internal functions
127 * @param p_db pointer to a SQLite3 database object
128 * @param pp_stmt buffer for a pointer to the constructed statement
129 * @return PC_OPERATION_SUCCESS on success, error code otherwise
131 int prepare_stmt(sqlite3 *p_db,
132 sqlite3_stmt **pp_stmt,
133 const char *const s_sql,
137 * Check if the label is available for an application.
139 * @ingroup RDB internal functions
141 * @param p_db pointer to a SQLite3 database object
142 * @param s_label_name application's label name
143 * @return PC_OPERATION_SUCCESS when label free
144 * PC_ERR_DB_LABEL_TAKEN when label taken
145 * error code otherwise
147 int check_app_label_internal(sqlite3 *p_db,
148 const char *const s_label_name);
152 * Adds the application to the database.
154 * @ingroup RDB internal functions
156 * @param p_db pointer to a SQLite3 database object
157 * @param s_label_name application's label name
158 * @return PC_OPERATION_SUCCESS on success, error code otherwise
160 int add_app_internal(sqlite3 *p_db,
161 const char *const s_label_name);
165 * Removes the application from the database together with its permissions and paths.
167 * @ingroup RDB internal functions
169 * @param p_db pointer to a SQLite3 database object
170 * @param s_label_name application's label name
171 * @return PC_OPERATION_SUCCESS on success, error code otherwise
173 int remove_app_internal(sqlite3 *p_db,
174 const char *const s_label_name);
178 * Add a path to the database
180 * @ingroup RDB internal functions
182 * @param p_db pointer to a SQLite3 database object
183 * @param s_owner_label_name label name of the paths owner
184 * @param s_path_label_name path's label name
185 * @param s_path the path
186 * @param s_access owner to path label access rights
187 * @param s_access_reverse path label to owner access rights
188 * @param s_type path's type name
189 * @return PC_OPERATION_SUCCESS on success, error code otherwise
191 int add_path_internal(sqlite3 *p_db,
192 const char *const s_owner_label_name,
193 const char *const s_path_label_name,
194 const char *const s_path,
195 const char *const s_access,
196 const char *const s_access_reverse,
197 const char *const s_type);
201 * Add a permission with a given name and of a give type
202 * and return its internal permission id.
204 * @ingroup RDB internal functions
206 * @param p_db pointer to a SQLite3 database object
207 * @param s_permission_name permission name
208 * @param s_permission_type_name permission type name
209 * @return PC_OPERATION_SUCCESS on success, error code otherwise
211 int add_permission_internal(sqlite3 *p_db,
212 const char *const s_permission_name,
213 const char *const s_permission_type_name);
216 * Gets the id of the permission
217 * @param p_db pointer to a SQLite3 database object
218 * @param s_permission_name permission name
219 * @param s_permission_type_name permission type name
220 * @param p_permission_id buffer for the id of the new permission
221 * @return PC_OPERATION_SUCCESS on success, error code otherwise
223 int get_permission_id_internal(sqlite3 *p_db,
224 const char *const s_permission_name,
225 const char *const s_permission_type_name,
226 sqlite3_int64 *p_permission_id);
229 * Adds a list of smack permissions to the database.
230 * s_permision_name has to appear either in the subject or the object of the rule.
232 * @ingroup RDB internal functions
234 * @param p_db pointer to a SQLite3 database object
235 * @param i_permission_id permission id for which we ad permission rules
236 * @param pp_smack_rules a list of smack rules, that we want to apply. Not empty!
237 * @return PC_OPERATION_SUCCESS on success, error code otherwise
239 int add_permission_rules_internal(sqlite3 *p_db,
240 sqlite3_int64 i_permission_id,
241 const char *const *const pp_smack_rules);
246 * Gets the internal app id of an application with a given name.
248 * @ingroup RDB internal functions
250 * @param p_db pointer to a SQLite3 database object
251 * @param pi_app_id pointer to where the app is should be returned
252 * @param s_app_label_name label name of the application
253 * @return PC_OPERATION_SUCCESS on success, error code otherwise
255 int get_app_id_internal(sqlite3 *p_db,
257 const char *const s_app_label_name);
261 * Add a new permission to an application.
263 * @ingroup RDB internal functions
265 * @param p_db pointer to a SQLite3 database object
266 * @param i_app_id application id
267 * @param s_permission_name permission name
268 * @param s_permission_type_name permission type name
269 * @param b_is_volatile_new is the permission volatile
270 * @param b_is_enabled_new is the permission enabled
271 * @return PC_OPERATION_SUCCESS on success, error code otherwise
273 int add_app_permission_internal(sqlite3 *p_db,
275 const char *const s_permission_name,
276 const char *const s_permission_type_name,
277 const bool b_is_volatile_new,
278 const bool b_is_enabled_new);
282 * Enable or disable a permission for a given application.
284 * @ingroup RDB internal functions
286 * @param p_db pointer to a SQLite3 database object
287 * @param i_app_id application id
288 * @param s_permission_name permission name
289 * @param s_permission_type_name permission type name
290 * @param b_is_enabled_new is the permission enabled
291 * @return PC_OPERATION_SUCCESS on success, error code otherwise
293 int switch_app_permission_internal(sqlite3 *p_db,
295 const char *const s_permission_name,
296 const char *const s_permission_type_name,
297 const bool b_is_enabled_new);
301 * Update an existing permission of an application.
303 * @ingroup RDB internal functions
305 * @param p_db pointer to a SQLite3 database object
306 * @param i_app_id application id
307 * @param i_permission_id id of the permission
308 * @param b_is_volatile_new is the permission volatile
309 * @param b_is_enabled_new is the permission enabled
310 * @return PC_OPERATION_SUCCESS on success, error code otherwise
312 int update_app_permission_internal(sqlite3 *p_db,
314 const int i_permission_id,
315 const bool b_is_volatile_new,
316 const bool b_is_enabled_new);
320 * Change a permission for an application.
321 * Function modifies or adds a permission.
323 * @ingroup RDB internal functions
325 * @param p_db pointer to a SQLite3 database object
326 * @param i_app_id application id
327 * @param s_permission_name permission name
328 * @param s_permission_type_name permission type name
329 * @param i_is_volatile_new is the permission volatile
330 * @param i_is_enabled_new is the permission enabled
331 * @return PC_OPERATION_SUCCESS on success, error code otherwise
333 int change_app_permission_internal(sqlite3 *p_db,
335 const char *const s_permission_name,
336 const char *const s_permission_type_name,
337 int i_is_volatile_new,
338 int i_is_enabled_new);
342 * Delete all permissions of the application.
344 * @ingroup RDB internal functions
346 * @param p_db pointer to a SQLite3 database object
347 * @param s_app_label_name applications label name
348 * @return PC_OPERATION_SUCCESS on success, error code otherwise
350 int revoke_app_permissions_internal(sqlite3 *p_db,
351 const char *const s_app_label_name);
355 * Delete all volatile permissions of the application.
357 * @ingroup RDB internal functions
359 * @param p_db pointer to a SQLite3 database object
360 * @param s_app_label_name applications label name
361 * @return PC_OPERATION_SUCCESS on success, error code otherwise
363 int reset_app_permissions_internal(sqlite3 *p_db,
364 const char *const s_app_label_name);
368 * Prepare tables with smack rules.
370 * @ingroup RDB internal functions
372 * @param p_db pointer to a SQLite3 database object
373 * @return PC_OPERATION_SUCCESS on success, error code otherwise
375 int update_rules_in_db(sqlite3 *p_db);
379 * Updates smack rules. Only rules that change are refreshed.
381 * @ingroup RDB internal functions
383 * @param p_db pointer to a SQLite3 database object
384 * @return PC_OPERATION_SUCCESS on success, error code otherwise
386 int update_smack_rules(sqlite3 *p_db);
388 #endif // _RULES_DB_INTERNALS_H_