2 * libprivilege control, rules database
4 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
6 * Contact: Jan Olszak <j.olszak@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
23 * @file rules-db-internals.h
24 * @author Jan Olszak (j.olszak@samsung.com)
26 * @brief This file contains definition of rules database API.
32 #ifndef _RULES_DB_INTERNALS_H_
33 #define _RULES_DB_INTERNALS_H_
38 #define SMACK_APP_LABEL_TEMPLATE "~APP~"
40 // Open database flags:
41 #define RDB_READWRITE_FLAG SQLITE_OPEN_READWRITE | SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_PRIVATECACHE
42 #define RDB_READONLY_FLAG SQLITE_OPEN_READONLY | SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_PRIVATECACHE
44 // Bind function defines:
45 #define RDB_FIRST_PARAM 1 /// Bind to the first parameter
46 #define RDB_SECOND_PARAM 2 /// Bind to the second parameter
48 #define RDB_AUTO_DETERM_SIZE -1 // Determine the size of the
51 #define RDB_FIRST_COLUMN 0
52 #define RDB_SECOND_COLUMN 1
53 #define RDB_THIRD_COLUMN 2
54 #define RDB_FOURTH_COLUMN 3
59 #define RDB_LOG_ENTRY_PARAM(format, ...) C_LOGD("RDB: Entering function %s. Args: " format, __func__, ##__VA_ARGS__)
60 #define RDB_LOG_ENTRY C_LOGD("RDB: Entering function %s", __func__)
64 * Add the label to the temporary table with modified labels.
65 * We use this table to speed up generating modified smack rules.
67 * If label is not in this table, but rule changed
68 * Smack will not get the rule in runtime.
70 * @ingroup RDB internal functions
72 * @param p_db pointer to a SQLite3 database object
73 * @param s_label_name label name
74 * @return PC_OPERATION_SUCCESS on success, error code otherwise
76 int add_modified_label_internal(sqlite3 *p_db, const char *const s_label_name);
80 * Adds label names of applications with the permission to modified labels.
81 * Used when permission is going to change and we're going to change some
82 * accesses granted by this permission.
84 * @ingroup RDB internal functions
86 * @param p_db pointer to a SQLite3 database object
87 * @param i_permission_id id of the permission
88 * @return PC_OPERATION_SUCCESS on success, error code otherwise
90 int add_modified_permission_internal(sqlite3 *p_db, sqlite3_int64 i_permission_id);
93 * Adds label names of the application's folders to the modified labels.
94 * Used during removing application.
96 * @ingroup RDB internal functions
98 * @param p_db pointer to a SQLite3 database object
99 * @param s_app_label_name label of the application
100 * @return PC_OPERATION_SUCCESS on success,
101 * error code otherwise
103 int add_modified_apps_path_internal(sqlite3 *p_db, const char *const s_app_label_name);
105 * Open a connection with the database and perform an initialization.
107 * @ingroup RDB internal functions
109 * @param p_db pointer to a SQLite3 database object
110 * @return PC_OPERATION_SUCCESS on success, error code otherwise
112 int open_rdb_connection(sqlite3 **pp_db);
116 * Write variables into the query and create a SQLite statement.
117 * One should use the SQLite3 format strings like '%Q'.
119 * For a lot of generic queries use binding.
121 * @ingroup RDB internal functions
123 * @param p_db pointer to a SQLite3 database object
124 * @param pp_stmt buffer for a pointer to the constructed statement
125 * @return PC_OPERATION_SUCCESS on success, error code otherwise
127 int prepare_stmt(sqlite3 *p_db,
128 sqlite3_stmt **pp_stmt,
129 const char *const s_sql,
134 * Check if the label is present in the database.
136 * @ingroup RDB internal functions
138 * @param p_db pointer to a SQLite3 database object
139 * @param s_label_name label's name
140 * @return PC_OPERATION_SUCCESS on success, error code otherwise
142 int check_label_internal(sqlite3 *p_db,
143 const char *const s_label_name);
147 * Check if the label is available for an application.
149 * @ingroup RDB internal functions
151 * @param p_db pointer to a SQLite3 database object
152 * @param s_label_name application's label name
153 * @return PC_OPERATION_SUCCESS when label free
154 * PC_ERR_DB_LABEL_TAKEN when label taken
155 * error code otherwise
157 int check_app_label_internal(sqlite3 *p_db,
158 const char *const s_label_name);
162 * Check if permission with a given name and type is available
164 * @ingroup RDB internal functions
166 * @param p_db pointer to a SQLite3 database object
167 * @param s_permission_name permission name
168 * @param s_permission_type_name permission type name
169 * @return PC_OPERATION_SUCCESS on success, error code otherwise
171 int check_permission_internal(sqlite3 *p_db,
172 const char *const s_permission_name,
173 const char *const s_permission_type_name);
177 * Adds the application to the database.
179 * @ingroup RDB internal functions
181 * @param p_db pointer to a SQLite3 database object
182 * @param s_label_name application's label name
183 * @return PC_OPERATION_SUCCESS on success, error code otherwise
185 int add_app_internal(sqlite3 *p_db,
186 const char *const s_label_name);
190 * Removes the application from the database together with its permissions and paths.
192 * @ingroup RDB internal functions
194 * @param p_db pointer to a SQLite3 database object
195 * @param s_label_name application's label name
196 * @return PC_OPERATION_SUCCESS on success, error code otherwise
198 int remove_app_internal(sqlite3 *p_db,
199 const char *const s_label_name);
203 * Add a path to the database
205 * @ingroup RDB internal functions
207 * @param p_db pointer to a SQLite3 database object
208 * @param s_owner_label_name label name of the paths owner
209 * @param s_path_label_name path's label name
210 * @param s_path the path
211 * @param access access rights
212 * @param s_type path's type name
213 * @return PC_OPERATION_SUCCESS on success, error code otherwise
215 int add_path_internal(sqlite3 *p_db,
216 const char *const s_owner_label_name,
217 const char *const s_path_label_name,
218 const char *const s_path,
219 const char *const s_access,
220 const char *const s_type);
224 * Add a permission with a given name and of a give type
225 * and return its internal permission id.
227 * @ingroup RDB internal functions
229 * @param p_db pointer to a SQLite3 database object
230 * @param s_permission_name permission name
231 * @param s_permission_type_name permission type name
232 * @return PC_OPERATION_SUCCESS on success, error code otherwise
234 int add_permission_internal(sqlite3 *p_db,
235 const char *const s_permission_name,
236 const char *const s_permission_type_name);
239 * Gets the id of the permission
240 * @param p_db pointer to a SQLite3 database object
241 * @param s_permission_name permission name
242 * @param s_permission_type_name permission type name
243 * @param p_permission_id buffer for the id of the new permission
244 * @return PC_OPERATION_SUCCESS on success, error code otherwise
246 int get_permission_id_internal(sqlite3 *p_db,
247 const char *const s_permission_name,
248 const char *const s_permission_type_name,
249 sqlite3_int64 *p_permission_id);
252 * Adds a list of smack permissions to the database.
253 * s_permision_name has to appear either in the subject or the object of the rule.
255 * @ingroup RDB internal functions
257 * @param p_db pointer to a SQLite3 database object
258 * @param i_permission_id permission id for which we ad permission rules
259 * @param pp_smack_rules a list of smack rules, that we want to apply. Not empty!
260 * @return PC_OPERATION_SUCCESS on success, error code otherwise
262 int add_permission_rules_internal(sqlite3 *p_db,
263 sqlite3_int64 i_permission_id,
264 const char *const *const pp_smack_rules);
269 * Gets the internal app id of an application with a given name.
271 * @ingroup RDB internal functions
273 * @param p_db pointer to a SQLite3 database object
274 * @param pi_app_id pointer to where the app is should be returned
275 * @param s_app_label_name label name of the application
276 * @return PC_OPERATION_SUCCESS on success, error code otherwise
278 int get_app_id_internal(sqlite3 *p_db,
280 const char *const s_app_label_name);
284 * Divides the rule into subject, object and access strings.
286 * @ingroup RDB internal functions
288 * @param s_rule the string that we parse
289 * @param s_subject buffer for the subject
290 * @param s_object buffer for the object
291 * @param s_access buffer for the access
292 * @return PC_OPERATION_SUCCESS on success, error code otherwise
294 int parse_rule(const char *const s_rule,
301 * Add a new permission to an application.
303 * @ingroup RDB internal functions
305 * @param p_db pointer to a SQLite3 database object
306 * @param i_app_id application id
307 * @param s_permission_name permission name
308 * @param s_permission_type_name permission type name
309 * @param b_is_volatile_new is the permission volatile
310 * @param b_is_enabled_new is the permission enabled
311 * @return PC_OPERATION_SUCCESS on success, error code otherwise
313 int add_app_permission_internal(sqlite3 *p_db,
315 const char *const s_permission_name,
316 const char *const s_permission_type_name,
317 const bool b_is_volatile_new,
318 const bool b_is_enabled_new);
322 * Enable or disable a permission for a given application.
324 * @ingroup RDB internal functions
326 * @param p_db pointer to a SQLite3 database object
327 * @param i_app_id application id
328 * @param s_permission_name permission name
329 * @param s_permission_type_name permission type name
330 * @param b_is_enabled_new is the permission enabled
331 * @return PC_OPERATION_SUCCESS on success, error code otherwise
333 int switch_app_permission_internal(sqlite3 *p_db,
335 const char *const s_permission_name,
336 const char *const s_permission_type_name,
337 const bool b_is_enabled_new);
341 * Update an existing permission of an application.
343 * @ingroup RDB internal functions
345 * @param p_db pointer to a SQLite3 database object
346 * @param i_app_id application id
347 * @param i_permission_id id of the permission
348 * @param b_is_volatile_new is the permission volatile
349 * @param b_is_enabled_new is the permission enabled
350 * @return PC_OPERATION_SUCCESS on success, error code otherwise
352 int update_app_permission_internal(sqlite3 *p_db,
354 const int i_permission_id,
355 const bool b_is_volatile_new,
356 const bool b_is_enabled_new);
360 * Change a permission for an application.
361 * Function modifies or adds a permission.
363 * @ingroup RDB internal functions
365 * @param p_db pointer to a SQLite3 database object
366 * @param i_app_id application id
367 * @param s_permission_name permission name
368 * @param s_permission_type_name permission type name
369 * @param i_is_volatile_new is the permission volatile
370 * @param i_is_enabled_new is the permission enabled
371 * @return PC_OPERATION_SUCCESS on success, error code otherwise
373 int change_app_permission_internal(sqlite3 *p_db,
375 const char *const s_permission_name,
376 const char *const s_permission_type_name,
377 int i_is_volatile_new,
378 int i_is_enabled_new);
382 * Delete all permissions of the application.
384 * @ingroup RDB internal functions
386 * @param p_db pointer to a SQLite3 database object
387 * @param s_app_label_name applications label name
388 * @return PC_OPERATION_SUCCESS on success, error code otherwise
390 int revoke_app_permissions_internal(sqlite3 *p_db,
391 const char *const s_app_label_name);
395 * Delete all volatile permissions of the application.
397 * @ingroup RDB internal functions
399 * @param p_db pointer to a SQLite3 database object
400 * @param s_app_label_name applications label name
401 * @return PC_OPERATION_SUCCESS on success, error code otherwise
403 int reset_app_permissions_internal(sqlite3 *p_db,
404 const char *const s_app_label_name);
408 * Saves present smack rules in a temporary table: history_smack_rule
410 * @ingroup RDB internal functions
412 * @param p_db pointer to a SQLite3 database object
413 * @return PC_OPERATION_SUCCESS on success, error code otherwise
415 int save_smack_rules(sqlite3 *p_db);
419 * Prepare tables with smack rules.
421 * @ingroup RDB internal functions
423 * @param p_db pointer to a SQLite3 database object
424 * @return PC_OPERATION_SUCCESS on success, error code otherwise
426 int update_rules_in_db(sqlite3 *p_db);
430 * Updates smack rules. Only rules that change are refreshed.
432 * @ingroup RDB internal functions
434 * @param p_db pointer to a SQLite3 database object
435 * @return PC_OPERATION_SUCCESS on success, error code otherwise
437 int update_smack_rules(sqlite3 *p_db);
440 #endif // _RULES_DB_INTERNALS_H_