2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
18 * Security Manager library header
21 * @file client-security-manager.cpp
22 * @author Pawel Polawski <p.polawski@samsung.com>
23 * @author Rafal Krypa <r.krypa@samsung.com>
25 * @brief This file contain client side implementation of security-manager API
34 #include <sys/types.h>
36 #include <sys/xattr.h>
37 #include <sys/smack.h>
38 #include <sys/capability.h>
40 #include <dpl/log/log.h>
41 #include <dpl/exception.h>
42 #include <smack-labels.h>
43 #include <message-buffer.h>
44 #include <client-common.h>
45 #include <protocols.h>
46 #include <service_impl.h>
47 #include <file-lock.h>
49 #include <security-manager.h>
52 * Mapping of lib_retcode error codes to theirs strings equivalents
54 static std::map<enum lib_retcode, std::string> lib_retcode_string_map = {
55 {SECURITY_MANAGER_SUCCESS, "Success"},
56 {SECURITY_MANAGER_ERROR_UNKNOWN, "Unknown error"},
57 {SECURITY_MANAGER_ERROR_INPUT_PARAM, "Invalid function parameter was given"},
58 {SECURITY_MANAGER_ERROR_MEMORY, "Memory allocation error"},
59 {SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE, "Incomplete data in application request"},
60 {SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "User does not have sufficient "
61 "rigths to perform an operation"}
65 const char *security_manager_strerror(enum lib_retcode rc)
68 return lib_retcode_string_map.at(rc).c_str();
69 } catch (const std::out_of_range &e) {
70 return "Unknown error code";
75 int security_manager_app_inst_req_new(app_inst_req **pp_req)
78 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
81 *pp_req = new app_inst_req;
82 } catch (std::bad_alloc& ex) {
83 return SECURITY_MANAGER_ERROR_MEMORY;
85 (*pp_req)->uid = geteuid();
87 return SECURITY_MANAGER_SUCCESS;
91 void security_manager_app_inst_req_free(app_inst_req *p_req)
97 int security_manager_app_inst_req_set_uid(app_inst_req *p_req,
101 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
105 return SECURITY_MANAGER_SUCCESS;
109 int security_manager_app_inst_req_set_app_id(app_inst_req *p_req, const char *app_id)
111 if (!p_req || !app_id)
112 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
114 p_req->appId = app_id;
116 return SECURITY_MANAGER_SUCCESS;
120 int security_manager_app_inst_req_set_pkg_id(app_inst_req *p_req, const char *pkg_id)
122 if (!p_req || !pkg_id)
123 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
125 p_req->pkgId = pkg_id;
127 return SECURITY_MANAGER_SUCCESS;
131 int security_manager_app_inst_req_add_privilege(app_inst_req *p_req, const char *privilege)
133 if (!p_req || !privilege)
134 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
136 p_req->privileges.push_back(privilege);
138 return SECURITY_MANAGER_SUCCESS;
142 int security_manager_app_inst_req_add_path(app_inst_req *p_req, const char *path, const int path_type)
144 if (!p_req || !path || (path_type < 0) || (path_type >= SECURITY_MANAGER_ENUM_END))
145 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
147 p_req->appPaths.push_back(std::make_pair(path, path_type));
149 return SECURITY_MANAGER_SUCCESS;
153 int security_manager_app_install(const app_inst_req *p_req)
155 using namespace SecurityManager;
157 return try_catch([&] {
158 //checking parameters
160 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
161 if (p_req->appId.empty() || p_req->pkgId.empty())
162 return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
168 SecurityManager::FileLocker serviceLock(SecurityManager::SERVICE_LOCK_FILE);
169 if ((offlineMode = serviceLock.Locked())) {
170 LogInfo("Working in offline mode.");
171 retval = SecurityManager::ServiceImpl::appInstall(*p_req, geteuid());
173 } catch (const SecurityManager::FileLocker::Exception::Base &e) {
177 MessageBuffer send, recv;
179 //put data into buffer
180 Serialization::Serialize(send, (int)SecurityModuleCall::APP_INSTALL);
181 Serialization::Serialize(send, p_req->appId);
182 Serialization::Serialize(send, p_req->pkgId);
183 Serialization::Serialize(send, p_req->privileges);
184 Serialization::Serialize(send, p_req->appPaths);
185 Serialization::Serialize(send, p_req->uid);
187 //send buffer to server
188 retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
189 if (retval != SECURITY_MANAGER_API_SUCCESS) {
190 LogError("Error in sendToServer. Error code: " << retval);
191 return SECURITY_MANAGER_ERROR_UNKNOWN;
194 //receive response from server
195 Deserialization::Deserialize(recv, retval);
198 case SECURITY_MANAGER_API_SUCCESS:
199 return SECURITY_MANAGER_SUCCESS;
200 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
201 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
202 case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
203 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
205 return SECURITY_MANAGER_ERROR_UNKNOWN;
212 int security_manager_app_uninstall(const app_inst_req *p_req)
214 using namespace SecurityManager;
215 MessageBuffer send, recv;
217 return try_catch([&] {
218 //checking parameters
220 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
221 if (p_req->appId.empty())
222 return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
224 //put data into buffer
225 Serialization::Serialize(send, (int)SecurityModuleCall::APP_UNINSTALL);
226 Serialization::Serialize(send, p_req->appId);
228 //send buffer to server
229 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
230 if (retval != SECURITY_MANAGER_API_SUCCESS) {
231 LogError("Error in sendToServer. Error code: " << retval);
232 return SECURITY_MANAGER_ERROR_UNKNOWN;
235 //receive response from server
236 Deserialization::Deserialize(recv, retval);
237 if (retval != SECURITY_MANAGER_API_SUCCESS)
238 return SECURITY_MANAGER_ERROR_UNKNOWN;
240 return SECURITY_MANAGER_SUCCESS;;
245 int security_manager_get_app_pkgid(char **pkg_id, const char *app_id)
247 using namespace SecurityManager;
248 MessageBuffer send, recv;
250 LogDebug("security_manager_get_app_pkgid() called");
252 return try_catch([&] {
253 //checking parameters
255 if (app_id == NULL) {
256 LogError("security_manager_app_get_pkgid: app_id is NULL");
257 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
260 if (pkg_id == NULL) {
261 LogError("security_manager_app_get_pkgid: pkg_id is NULL");
262 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
265 //put data into buffer
266 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::APP_GET_PKGID));
267 Serialization::Serialize(send, std::string(app_id));
269 //send buffer to server
270 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
271 if (retval != SECURITY_MANAGER_API_SUCCESS) {
272 LogDebug("Error in sendToServer. Error code: " << retval);
273 return SECURITY_MANAGER_ERROR_UNKNOWN;
276 //receive response from server
277 Deserialization::Deserialize(recv, retval);
278 if (retval != SECURITY_MANAGER_API_SUCCESS)
279 return SECURITY_MANAGER_ERROR_UNKNOWN;
281 std::string pkgIdString;
282 Deserialization::Deserialize(recv, pkgIdString);
283 if (pkgIdString.empty()) {
284 LogError("Unexpected empty pkgId");
285 return SECURITY_MANAGER_ERROR_UNKNOWN;
288 *pkg_id = strdup(pkgIdString.c_str());
289 if (*pkg_id == NULL) {
290 LogError("Failed to allocate memory for pkgId");
291 return SECURITY_MANAGER_ERROR_MEMORY;
294 return SECURITY_MANAGER_SUCCESS;
298 static bool setup_smack(const char *label)
300 int labelSize = strlen(label);
302 // Set Smack label for open socket file descriptors
304 std::unique_ptr<DIR, std::function<int(DIR*)>> dir(
305 opendir("/proc/self/fd"), closedir);
307 LogError("Unable to read list of open file descriptors: " <<
309 return SECURITY_MANAGER_ERROR_UNKNOWN;
314 struct dirent *dirEntry = readdir(dir.get());
315 if (dirEntry == nullptr) {
316 if (errno == 0) // NULL return value also signals end of directory
319 LogError("Unable to read list of open file descriptors: " <<
321 return SECURITY_MANAGER_ERROR_UNKNOWN;
324 // Entries with numerical names specify file descriptors, ignore the rest
325 if (!isdigit(dirEntry->d_name[0]))
329 int fd = atoi(dirEntry->d_name);
330 int ret = fstat(fd, &statBuf);
332 LogWarning("fstat failed on file descriptor " << fd << ": " <<
336 if (S_ISSOCK(statBuf.st_mode)) {
337 ret = fsetxattr(fd, XATTR_NAME_SMACKIPIN, label, labelSize, 0);
339 LogError("Setting Smack label failed on file descriptor " <<
340 fd << ": " << strerror(errno));
341 return SECURITY_MANAGER_ERROR_UNKNOWN;
344 ret = fsetxattr(fd, XATTR_NAME_SMACKIPOUT, label, labelSize, 0);
346 LogError("Setting Smack label failed on file descriptor " <<
347 fd << ": " << strerror(errno));
348 return SECURITY_MANAGER_ERROR_UNKNOWN;
353 // Set Smack label of current process
354 smack_set_label_for_self(label);
356 return SECURITY_MANAGER_SUCCESS;
360 int security_manager_set_process_label_from_appid(const char *app_id)
363 std::string appLabel;
365 LogDebug("security_manager_set_process_label_from_appid() called");
367 if (smack_smackfs_path() == NULL)
368 return SECURITY_MANAGER_SUCCESS;
370 if (SecurityManager::generateAppLabel(std::string(app_id), appLabel) == false) {
371 LogError("Failed to generate smack label for appId: " << app_id);
372 return SECURITY_MANAGER_API_ERROR_NO_SUCH_OBJECT;
375 if ((ret = setup_smack(appLabel.c_str())) != SECURITY_MANAGER_SUCCESS) {
376 LogError("Failed to set smack label " << appLabel << " for current process");
380 return SECURITY_MANAGER_SUCCESS;
384 int security_manager_set_process_groups_from_appid(const char *app_id)
386 using namespace SecurityManager;
387 MessageBuffer send, recv;
390 LogDebug("security_manager_set_process_groups_from_appid() called");
392 return try_catch([&] {
393 //checking parameters
395 if (app_id == nullptr) {
396 LogError("app_id is NULL");
397 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
400 //put data into buffer
401 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::APP_GET_GROUPS));
402 Serialization::Serialize(send, std::string(app_id));
404 //send buffer to server
405 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
406 if (retval != SECURITY_MANAGER_API_SUCCESS) {
407 LogDebug("Error in sendToServer. Error code: " << retval);
408 return SECURITY_MANAGER_ERROR_UNKNOWN;
411 //receive response from server
412 Deserialization::Deserialize(recv, retval);
413 if (retval != SECURITY_MANAGER_API_SUCCESS)
414 return SECURITY_MANAGER_ERROR_UNKNOWN;
416 //How many new groups?
418 Deserialization::Deserialize(recv, newGroupsCnt);
420 //And how many groups do we belong to already?
422 ret = getgroups(0, nullptr);
424 LogError("Unable to get list of current supplementary groups: " <<
426 return SECURITY_MANAGER_ERROR_UNKNOWN;
430 //Allocate an array for both old and new groups gids
431 std::unique_ptr<gid_t[]> groups(new gid_t[oldGroupsCnt + newGroupsCnt]);
433 LogError("Memory allocation failed.");
434 return SECURITY_MANAGER_ERROR_MEMORY;
437 //Get the old groups from process
438 ret = getgroups(oldGroupsCnt, groups.get());
440 LogError("Unable to get list of current supplementary groups: " <<
442 return SECURITY_MANAGER_ERROR_UNKNOWN;
445 //Get the new groups from server response
446 for (int i = 0; i < newGroupsCnt; ++i) {
448 Deserialization::Deserialize(recv, gid);
449 groups.get()[oldGroupsCnt + i] = gid;
450 LogDebug("Adding process to group " << gid);
453 //Apply the modified groups list
454 ret = setgroups(oldGroupsCnt + newGroupsCnt, groups.get());
456 LogError("Unable to get list of current supplementary groups: " <<
458 return SECURITY_MANAGER_ERROR_UNKNOWN;
461 return SECURITY_MANAGER_SUCCESS;
466 int security_manager_drop_process_privileges(void)
468 LogDebug("security_manager_drop_process_privileges() called");
471 cap_t cap = cap_init();
473 LogError("Unable to allocate capability object");
474 return SECURITY_MANAGER_ERROR_MEMORY;
477 ret = cap_clear(cap);
479 LogError("Unable to initialize capability object");
481 return SECURITY_MANAGER_ERROR_UNKNOWN;
484 ret = cap_set_proc(cap);
486 LogError("Unable to drop process capabilities");
488 return SECURITY_MANAGER_ERROR_UNKNOWN;
492 return SECURITY_MANAGER_SUCCESS;
496 int security_manager_prepare_app(const char *app_id)
498 LogDebug("security_manager_prepare_app() called");
501 ret = security_manager_set_process_label_from_appid(app_id);
502 if (ret != SECURITY_MANAGER_SUCCESS)
505 ret = security_manager_set_process_groups_from_appid(app_id);
506 if (ret != SECURITY_MANAGER_SUCCESS)
509 ret = security_manager_drop_process_privileges();
514 int security_manager_user_req_new(user_req **pp_req)
517 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
519 *pp_req = new user_req;
520 } catch (std::bad_alloc& ex) {
521 return SECURITY_MANAGER_ERROR_MEMORY;
523 return SECURITY_MANAGER_SUCCESS;
527 void security_manager_user_req_free(user_req *p_req)
533 int security_manager_user_req_set_uid(user_req *p_req, uid_t uid)
536 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
540 return SECURITY_MANAGER_SUCCESS;
544 int security_manager_user_req_set_user_type(user_req *p_req, security_manager_user_type utype)
547 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
549 p_req->utype = static_cast<int>(utype);
551 return SECURITY_MANAGER_SUCCESS;
555 int security_manager_user_add(const user_req *p_req)
557 using namespace SecurityManager;
559 MessageBuffer send, recv;
561 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
562 return try_catch([&] {
565 SecurityManager::FileLocker serviceLock(SecurityManager::SERVICE_LOCK_FILE);
566 if ((offlineMode = serviceLock.Locked())) {
567 LogInfo("Working in offline mode.");
568 retval = SecurityManager::ServiceImpl::userAdd(p_req->uid, p_req->utype, geteuid());
570 } catch (const SecurityManager::FileLocker::Exception::Base &e) {
576 //put data into buffer
577 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_ADD));
579 Serialization::Serialize(send, p_req->uid);
580 Serialization::Serialize(send, p_req->utype);
582 //send buffer to server
583 retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
584 if (retval != SECURITY_MANAGER_API_SUCCESS) {
585 LogError("Error in sendToServer. Error code: " << retval);
586 return SECURITY_MANAGER_ERROR_UNKNOWN;
589 //receive response from server
590 Deserialization::Deserialize(recv, retval);
593 case SECURITY_MANAGER_API_SUCCESS:
594 return SECURITY_MANAGER_SUCCESS;
595 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
596 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
598 return SECURITY_MANAGER_ERROR_UNKNOWN;
604 int security_manager_user_delete(const user_req *p_req)
606 using namespace SecurityManager;
607 MessageBuffer send, recv;
609 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
610 return try_catch([&] {
612 //put data into buffer
613 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_DELETE));
615 Serialization::Serialize(send, p_req->uid);
618 //send buffer to server
619 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
620 if (retval != SECURITY_MANAGER_API_SUCCESS) {
621 LogError("Error in sendToServer. Error code: " << retval);
622 return SECURITY_MANAGER_ERROR_UNKNOWN;
625 //receive response from server
626 Deserialization::Deserialize(recv, retval);
628 case SECURITY_MANAGER_API_SUCCESS:
629 return SECURITY_MANAGER_SUCCESS;
630 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
631 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
633 return SECURITY_MANAGER_ERROR_UNKNOWN;
639 /***************************POLICY***************************************/
642 int security_manager_policy_update_req_new(policy_update_req **pp_req)
645 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
648 *pp_req = new policy_update_req;
649 } catch (std::bad_alloc& ex) {
650 return SECURITY_MANAGER_ERROR_MEMORY;
653 return SECURITY_MANAGER_SUCCESS;
657 void security_manager_policy_update_req_free(policy_update_req *p_req)
663 int security_manager_policy_update_send(policy_update_req *p_req)
665 using namespace SecurityManager;
666 MessageBuffer send, recv;
668 if (p_req == nullptr || p_req->units.size() == 0)
669 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
671 return try_catch([&] {
673 //put request into buffer
674 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::POLICY_UPDATE));
675 Serialization::Serialize(send, p_req->units);
678 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
679 if (retval != SECURITY_MANAGER_API_SUCCESS) {
680 LogError("Error in sendToServer. Error code: " << retval);
681 return SECURITY_MANAGER_ERROR_UNKNOWN;
684 //receive response from server
685 Deserialization::Deserialize(recv, retval);
687 case SECURITY_MANAGER_API_SUCCESS:
688 return SECURITY_MANAGER_SUCCESS;
689 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
690 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
692 return SECURITY_MANAGER_ERROR_UNKNOWN;
697 static inline int security_manager_get_policy_internal(
698 SecurityManager::SecurityModuleCall call_type,
699 policy_entry *p_filter,
700 policy_entry **pp_privs_policy,
703 using namespace SecurityManager;
704 MessageBuffer send, recv;
706 if (pp_privs_policy == nullptr || p_size == nullptr)
707 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
709 return try_catch([&] {
710 //put request into buffer
711 Serialization::Serialize(send, static_cast<int>(call_type));
712 Serialization::Serialize(send, *p_filter);
714 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
715 if (retval != SECURITY_MANAGER_API_SUCCESS) {
716 LogError("Error in sendToServer. Error code: " << retval);
717 return SECURITY_MANAGER_ERROR_UNKNOWN;
719 //receive response from server
720 Deserialization::Deserialize(recv, retval);
722 case SECURITY_MANAGER_API_SUCCESS: {
723 //extract and allocate buffers for privs policy entries
724 size_t entriesCnt = 0;
725 policy_entry **entries = nullptr;
726 Deserialization::Deserialize(recv, entriesCnt);
728 entries = new policy_entry*[entriesCnt]();
729 for (size_t i = 0; i < entriesCnt; ++i)
730 Deserialization::Deserialize(recv, entries[i]);
732 LogError("Error while parsing server response");
733 for (size_t i = 0; i < entriesCnt; ++i)
736 return SECURITY_MANAGER_ERROR_UNKNOWN;
738 *p_size = entriesCnt;
739 pp_privs_policy = entries;
740 return SECURITY_MANAGER_SUCCESS;
742 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
743 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
746 return SECURITY_MANAGER_ERROR_UNKNOWN;
752 int security_manager_get_configured_policy_for_admin(
753 policy_entry *p_filter,
754 policy_entry **pp_privs_policy,
757 return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_ADMIN, p_filter, pp_privs_policy, p_size);
761 int security_manager_get_configured_policy_for_self(
762 policy_entry *p_filter,
763 policy_entry **pp_privs_policy,
766 return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_SELF, p_filter, pp_privs_policy, p_size);
770 int security_manager_get_policy(
771 policy_entry *p_filter,
772 policy_entry **pp_privs_policy,
775 return security_manager_get_policy_internal(SecurityModuleCall::GET_POLICY, p_filter, pp_privs_policy, p_size);
779 int security_manager_policy_entry_new(policy_entry **p_entry)
782 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
785 *p_entry = new policy_entry;
786 } catch (std::bad_alloc& ex) {
787 return SECURITY_MANAGER_ERROR_MEMORY;
790 return SECURITY_MANAGER_SUCCESS;
794 void security_manager_policy_entry_free(policy_entry *p_entry)
800 int security_manager_policy_entry_set_application(policy_entry *p_entry, const char *app_id)
803 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
804 p_entry->appId = app_id;
805 return SECURITY_MANAGER_SUCCESS;
809 int security_manager_policy_entry_set_user(policy_entry *p_entry, const char *user)
812 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
813 p_entry->user = user;
814 return SECURITY_MANAGER_SUCCESS;
818 int security_manager_policy_entry_set_privilege(policy_entry *p_entry, const char *privilege)
821 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
822 p_entry->privilege = privilege;
823 return SECURITY_MANAGER_SUCCESS;
827 int security_manager_policy_entry_set_level(policy_entry *p_entry, const char *policy_level)
830 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
831 p_entry->currentLevel = policy_level;
832 return SECURITY_MANAGER_SUCCESS;
836 int security_manager_policy_entry_admin_set_level(policy_entry *p_entry, const char *policy_level)
839 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
840 p_entry->maxLevel = policy_level;
841 return SECURITY_MANAGER_SUCCESS;
845 int security_manager_policy_update_req_add_entry(policy_update_req *p_req, const policy_entry *p_entry)
847 if (!p_entry || !p_req)
848 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
849 p_req->units.push_back(p_entry);
851 return SECURITY_MANAGER_SUCCESS;
855 const char *security_manager_policy_entry_get_user(policy_entry *p_entry)
858 return strdup(p_entry->user.c_str());
864 const char *security_manager_policy_entry_get_application(policy_entry *p_entry)
867 return strdup(p_entry->appId.c_str());
872 const char *security_manager_policy_entry_get_privilege(policy_entry *p_entry)
875 return strdup(p_entry->privilege.c_str());
880 const char *security_manager_policy_entry_get_level(policy_entry *p_entry)
883 return strdup(p_entry->currentLevel.c_str());
889 const char *security_manager_policy_entry_get_max_level(policy_entry *p_entry)
892 return strdup(p_entry->maxLevel.c_str());
898 void security_manager_policy_entries_free(policy_entry *p_entries, const size_t size)
900 for (size_t i = 0; i < size; i++) {
901 delete &p_entries[i];
907 int security_manager_policy_levels_get(char ***levels, size_t *levels_count)
916 void security_manager_policy_levels_free(char **levels, size_t levels_count)