2 * libprivilege control, rules database
4 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
6 * Contact: Jan Olszak <j.olszak@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
25 * @author Jan Olszak (j.olszak@samsung.com)
27 * @brief This file contains definition of rules database API.
33 #include "privilege-control.h" // For error codes
36 #define RDB_PATH "/opt/dbspace/.rules-db.db3"
39 * Starts a session with the database.
42 * @ingroup RDB API functions
44 * @return PC_OPERATION_SUCCESS on success,
45 * error code otherwise
47 int rdb_modification_start(void);
51 * Finishes the session with the database.
52 * Commits or rollbacks.
54 * @ingroup RDB API functions
55 * @return PC_OPERATION_SUCCESS on success,
56 * error code of the session otherwise
58 int rdb_modification_finish(void);
62 * Rollbacks last transaction and finishes session
65 * @ingroup RDB API functions
66 * @return PC_OPERATION_SUCCESS on success,
67 * error code otherwise
69 int rdb_modification_rollback(void);
73 * Add application label to the database.
74 * If label present: do nothing.
76 * @ingroup RDB API functions
78 * @param s_label_name s_label_name application label
79 * @return PC_OPERATION_SUCCESS on success,
80 * error code otherwise
82 int rdb_add_application(const char *const s_label_name);
86 * Remove application label from the table.
87 * Used during uninstalling application.
89 * @ingroup RDB API functions
91 * @param s_label_name application's label name
92 * @return PC_OPERATION_SUCCESS on success,
93 * error code otherwise
95 int rdb_remove_application(const char *const s_label_name);
99 * Add a path to the database.
101 * @ingroup RDB API functions
103 * @param s_owner_label_name owner application's label name
104 * @param s_path_label_name path's label name
105 * @param s_path the path
106 * @param s_access owner to path label access rights
107 * @param s_access_reverse path label to owner access rights
108 * @param s_type type of path
109 * @return PC_OPERATION_SUCCESS on success,
110 * error code otherwise
112 int rdb_add_path(const char *const s_owner_label_name,
113 const char *const s_path_label_name,
114 const char *const s_path,
115 const char *const s_access,
116 const char *const s_access_reverse,
117 const char *const s_type);
121 * Add permission with the given name and type and add smack rules.
123 * @ingroup RDB API functions
125 * @param s_permission_name new permission's name
126 * @param s_permission_type_name new permission's type
127 * @param pp_smack_rules a table of smack accesses to apply
128 * @return PC_OPERATION_SUCCESS on success,
129 * error code otherwise
131 int rdb_add_permission_rules(const char *const s_permission_name,
132 const char *const s_permission_type_name,
133 const char *const *const pp_smack_rules);
137 * Enable permissions from the list.
138 * If there were no such permissions, we adds them.
139 * One can't change permissions from non volatile to volatile,
140 * One can change permissions from volatile to non volatile,
141 * but it's suspicious...
143 * @ingroup RDB API functions
145 * @param s_app_label_name application's label name
146 * @param i_permission_type permission's type id
147 * @param pp_permissions_list array of permissions to parse
148 * @param b_is_volatile are the new permissions volatile
149 * @return PC_OPERATION_SUCCESS on success,
150 * error code otherwise
152 int rdb_enable_app_permissions(const char *const s_app_label_name,
153 const app_type_t i_permission_type,
154 const char *const *const pp_permissions_list,
155 const bool b_is_volatile);
159 * Disable permissions from the list.
161 * @ingroup RDB API functions
163 * @param s_app_label_name application's label name
164 * @param i_permission_type permission's type id
165 * @param pp_permissions_list array of permissions to parse
166 * @return PC_OPERATION_SUCCESS on success,
167 * error code otherwise
169 int rdb_disable_app_permissions(const char *const s_app_label_name,
170 const app_type_t i_permission_type,
171 const char *const *const pp_permissions_list);
175 * Revokes all permissions from the application by.
176 * deleting all permissions from app_permission table.
178 * @ingroup RDB API functions
180 * @param s_app_label_name application's label name
181 * @return PC_OPERATION_SUCCESS on success,
182 * error code otherwise
184 int rdb_revoke_app_permissions(const char *const s_app_label_name);
188 * Revokes all volatile permissions from the application by.
189 * deleting all permissions from app_permission table.
191 * @ingroup RDB API functions
193 * @param s_app_label_name application's label name
194 * @return PC_OPERATION_SUCCESS on success,
195 * error code otherwise
197 int rdb_reset_app_permissions(const char *const s_app_label_name);
200 #endif /*_RULES_DB_H_*/