2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
18 * Security Manager library header
21 * @file client-security-manager.cpp
22 * @author Pawel Polawski <p.polawski@samsung.com>
23 * @author Rafal Krypa <r.krypa@samsung.com>
25 * @brief This file contain client side implementation of security-manager API
34 #include <sys/types.h>
36 #include <sys/xattr.h>
37 #include <sys/smack.h>
38 #include <sys/capability.h>
40 #include <dpl/log/log.h>
41 #include <dpl/exception.h>
42 #include <smack-labels.h>
43 #include <message-buffer.h>
44 #include <client-common.h>
45 #include <protocols.h>
46 #include <service_impl.h>
47 #include <connection.h>
49 #include <security-manager.h>
50 #include <client-offline.h>
52 static const char *EMPTY = "";
55 * Mapping of lib_retcode error codes to theirs strings equivalents
57 static std::map<enum lib_retcode, std::string> lib_retcode_string_map = {
58 {SECURITY_MANAGER_SUCCESS, "Success"},
59 {SECURITY_MANAGER_ERROR_UNKNOWN, "Unknown error"},
60 {SECURITY_MANAGER_ERROR_INPUT_PARAM, "Invalid function parameter was given"},
61 {SECURITY_MANAGER_ERROR_MEMORY, "Memory allocation error"},
62 {SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE, "Incomplete data in application request"},
63 {SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "User does not have sufficient "
64 "rigths to perform an operation"},
65 {SECURITY_MANAGER_ERROR_ACCESS_DENIED, "Insufficient privileges"},
69 const char *security_manager_strerror(enum lib_retcode rc)
72 return lib_retcode_string_map.at(rc).c_str();
73 } catch (const std::out_of_range &e) {
74 return "Unknown error code";
79 int security_manager_app_inst_req_new(app_inst_req **pp_req)
82 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
85 *pp_req = new app_inst_req;
86 } catch (std::bad_alloc& ex) {
87 return SECURITY_MANAGER_ERROR_MEMORY;
89 (*pp_req)->uid = geteuid();
91 return SECURITY_MANAGER_SUCCESS;
95 void security_manager_app_inst_req_free(app_inst_req *p_req)
101 int security_manager_app_inst_req_set_uid(app_inst_req *p_req,
105 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
109 return SECURITY_MANAGER_SUCCESS;
113 int security_manager_app_inst_req_set_app_id(app_inst_req *p_req, const char *app_id)
115 if (!p_req || !app_id)
116 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
118 p_req->appId = app_id;
120 return SECURITY_MANAGER_SUCCESS;
124 int security_manager_app_inst_req_set_pkg_id(app_inst_req *p_req, const char *pkg_id)
126 if (!p_req || !pkg_id)
127 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
129 p_req->pkgId = pkg_id;
131 return SECURITY_MANAGER_SUCCESS;
135 int security_manager_app_inst_req_add_privilege(app_inst_req *p_req, const char *privilege)
137 if (!p_req || !privilege)
138 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
140 p_req->privileges.push_back(privilege);
142 return SECURITY_MANAGER_SUCCESS;
146 int security_manager_app_inst_req_add_path(app_inst_req *p_req, const char *path, const int path_type)
148 if (!p_req || !path || (path_type < 0) || (path_type >= SECURITY_MANAGER_ENUM_END))
149 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
151 p_req->appPaths.push_back(std::make_pair(path, path_type));
153 return SECURITY_MANAGER_SUCCESS;
157 int security_manager_app_install(const app_inst_req *p_req)
159 using namespace SecurityManager;
161 return try_catch([&] {
162 //checking parameters
164 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
165 if (p_req->appId.empty() || p_req->pkgId.empty())
166 return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
169 ClientOffline offlineMode;
170 if (offlineMode.isOffline()) {
171 retval = SecurityManager::ServiceImpl::appInstall(*p_req, geteuid());
173 MessageBuffer send, recv;
175 //put data into buffer
176 Serialization::Serialize(send, (int)SecurityModuleCall::APP_INSTALL);
177 Serialization::Serialize(send, p_req->appId);
178 Serialization::Serialize(send, p_req->pkgId);
179 Serialization::Serialize(send, p_req->privileges);
180 Serialization::Serialize(send, p_req->appPaths);
181 Serialization::Serialize(send, p_req->uid);
183 //send buffer to server
184 retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
185 if (retval != SECURITY_MANAGER_API_SUCCESS) {
186 LogError("Error in sendToServer. Error code: " << retval);
187 return SECURITY_MANAGER_ERROR_UNKNOWN;
190 //receive response from server
191 Deserialization::Deserialize(recv, retval);
194 case SECURITY_MANAGER_API_SUCCESS:
195 return SECURITY_MANAGER_SUCCESS;
196 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
197 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
198 case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
199 return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
200 case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
201 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
203 return SECURITY_MANAGER_ERROR_UNKNOWN;
210 int security_manager_app_uninstall(const app_inst_req *p_req)
212 using namespace SecurityManager;
213 MessageBuffer send, recv;
215 return try_catch([&] {
216 //checking parameters
218 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
219 if (p_req->appId.empty())
220 return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
222 //put data into buffer
223 Serialization::Serialize(send, (int)SecurityModuleCall::APP_UNINSTALL);
224 Serialization::Serialize(send, p_req->appId);
226 //send buffer to server
227 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
228 if (retval != SECURITY_MANAGER_API_SUCCESS) {
229 LogError("Error in sendToServer. Error code: " << retval);
230 return SECURITY_MANAGER_ERROR_UNKNOWN;
233 //receive response from server
234 Deserialization::Deserialize(recv, retval);
235 if (retval != SECURITY_MANAGER_API_SUCCESS)
236 return SECURITY_MANAGER_ERROR_UNKNOWN;
238 return SECURITY_MANAGER_SUCCESS;;
243 int security_manager_get_app_pkgid(char **pkg_id, const char *app_id)
245 using namespace SecurityManager;
246 MessageBuffer send, recv;
248 LogDebug("security_manager_get_app_pkgid() called");
250 return try_catch([&] {
251 //checking parameters
253 if (app_id == NULL) {
254 LogError("security_manager_app_get_pkgid: app_id is NULL");
255 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
258 if (pkg_id == NULL) {
259 LogError("security_manager_app_get_pkgid: pkg_id is NULL");
260 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
263 //put data into buffer
264 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::APP_GET_PKGID));
265 Serialization::Serialize(send, std::string(app_id));
267 //send buffer to server
268 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
269 if (retval != SECURITY_MANAGER_API_SUCCESS) {
270 LogDebug("Error in sendToServer. Error code: " << retval);
271 return SECURITY_MANAGER_ERROR_UNKNOWN;
274 //receive response from server
275 Deserialization::Deserialize(recv, retval);
276 if (retval != SECURITY_MANAGER_API_SUCCESS)
277 return SECURITY_MANAGER_ERROR_UNKNOWN;
279 std::string pkgIdString;
280 Deserialization::Deserialize(recv, pkgIdString);
281 if (pkgIdString.empty()) {
282 LogError("Unexpected empty pkgId");
283 return SECURITY_MANAGER_ERROR_UNKNOWN;
286 *pkg_id = strdup(pkgIdString.c_str());
287 if (*pkg_id == NULL) {
288 LogError("Failed to allocate memory for pkgId");
289 return SECURITY_MANAGER_ERROR_MEMORY;
292 return SECURITY_MANAGER_SUCCESS;
296 static bool setup_smack(const char *label)
298 int labelSize = strlen(label);
300 // Set Smack label for open socket file descriptors
302 std::unique_ptr<DIR, std::function<int(DIR*)>> dir(
303 opendir("/proc/self/fd"), closedir);
305 LogError("Unable to read list of open file descriptors: " <<
307 return SECURITY_MANAGER_ERROR_UNKNOWN;
312 struct dirent *dirEntry = readdir(dir.get());
313 if (dirEntry == nullptr) {
314 if (errno == 0) // NULL return value also signals end of directory
317 LogError("Unable to read list of open file descriptors: " <<
319 return SECURITY_MANAGER_ERROR_UNKNOWN;
322 // Entries with numerical names specify file descriptors, ignore the rest
323 if (!isdigit(dirEntry->d_name[0]))
327 int fd = atoi(dirEntry->d_name);
328 int ret = fstat(fd, &statBuf);
330 LogWarning("fstat failed on file descriptor " << fd << ": " <<
334 if (S_ISSOCK(statBuf.st_mode)) {
335 ret = fsetxattr(fd, XATTR_NAME_SMACKIPIN, label, labelSize, 0);
337 LogError("Setting Smack label failed on file descriptor " <<
338 fd << ": " << strerror(errno));
339 return SECURITY_MANAGER_ERROR_UNKNOWN;
342 ret = fsetxattr(fd, XATTR_NAME_SMACKIPOUT, label, labelSize, 0);
344 LogError("Setting Smack label failed on file descriptor " <<
345 fd << ": " << strerror(errno));
346 return SECURITY_MANAGER_ERROR_UNKNOWN;
351 // Set Smack label of current process
352 smack_set_label_for_self(label);
354 return SECURITY_MANAGER_SUCCESS;
358 int security_manager_set_process_label_from_appid(const char *app_id)
361 std::string appLabel;
363 LogDebug("security_manager_set_process_label_from_appid() called");
365 if (smack_smackfs_path() == NULL)
366 return SECURITY_MANAGER_SUCCESS;
369 appLabel = SecurityManager::SmackLabels::generateAppLabel(app_id);
371 LogError("Failed to generate smack label for appId: " << app_id);
372 return SECURITY_MANAGER_API_ERROR_NO_SUCH_OBJECT;
375 if ((ret = setup_smack(appLabel.c_str())) != SECURITY_MANAGER_SUCCESS) {
376 LogError("Failed to set smack label " << appLabel << " for current process");
380 return SECURITY_MANAGER_SUCCESS;
384 int security_manager_set_process_groups_from_appid(const char *app_id)
386 using namespace SecurityManager;
387 MessageBuffer send, recv;
390 LogDebug("security_manager_set_process_groups_from_appid() called");
392 return try_catch([&] {
393 //checking parameters
395 if (app_id == nullptr) {
396 LogError("app_id is NULL");
397 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
400 //put data into buffer
401 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::APP_GET_GROUPS));
402 Serialization::Serialize(send, std::string(app_id));
404 //send buffer to server
405 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
406 if (retval != SECURITY_MANAGER_API_SUCCESS) {
407 LogDebug("Error in sendToServer. Error code: " << retval);
408 return SECURITY_MANAGER_ERROR_UNKNOWN;
411 //receive response from server
412 Deserialization::Deserialize(recv, retval);
413 if (retval != SECURITY_MANAGER_API_SUCCESS) {
414 LogError("Failed to get list of groups from security-manager service. Error code: " << retval);
415 return SECURITY_MANAGER_ERROR_UNKNOWN;
418 //How many new groups?
420 Deserialization::Deserialize(recv, newGroupsCnt);
422 //And how many groups do we belong to already?
424 ret = getgroups(0, nullptr);
426 LogError("Unable to get list of current supplementary groups: " <<
428 return SECURITY_MANAGER_ERROR_UNKNOWN;
432 //Allocate an array for both old and new groups gids
433 std::unique_ptr<gid_t[]> groups(new gid_t[oldGroupsCnt + newGroupsCnt]);
435 LogError("Memory allocation failed.");
436 return SECURITY_MANAGER_ERROR_MEMORY;
439 //Get the old groups from process
440 ret = getgroups(oldGroupsCnt, groups.get());
442 LogError("Unable to get list of current supplementary groups: " <<
444 return SECURITY_MANAGER_ERROR_UNKNOWN;
447 //Get the new groups from server response
448 for (int i = 0; i < newGroupsCnt; ++i) {
450 Deserialization::Deserialize(recv, gid);
451 groups.get()[oldGroupsCnt + i] = gid;
452 LogDebug("Adding process to group " << gid);
455 //Apply the modified groups list
456 ret = setgroups(oldGroupsCnt + newGroupsCnt, groups.get());
458 LogError("Unable to get list of current supplementary groups: " <<
460 return SECURITY_MANAGER_ERROR_UNKNOWN;
463 return SECURITY_MANAGER_SUCCESS;
468 int security_manager_drop_process_privileges(void)
470 LogDebug("security_manager_drop_process_privileges() called");
473 cap_t cap = cap_init();
475 LogError("Unable to allocate capability object");
476 return SECURITY_MANAGER_ERROR_MEMORY;
479 ret = cap_clear(cap);
481 LogError("Unable to initialize capability object");
483 return SECURITY_MANAGER_ERROR_UNKNOWN;
486 ret = cap_set_proc(cap);
488 LogError("Unable to drop process capabilities");
490 return SECURITY_MANAGER_ERROR_UNKNOWN;
494 return SECURITY_MANAGER_SUCCESS;
498 int security_manager_prepare_app(const char *app_id)
500 LogDebug("security_manager_prepare_app() called");
503 ret = security_manager_set_process_label_from_appid(app_id);
504 if (ret != SECURITY_MANAGER_SUCCESS)
507 ret = security_manager_set_process_groups_from_appid(app_id);
508 if (ret != SECURITY_MANAGER_SUCCESS) {
509 LogWarning("Unable to setup process groups for application. Privileges with direct access to resources will not work.");
510 ret = SECURITY_MANAGER_SUCCESS;
513 ret = security_manager_drop_process_privileges();
518 int security_manager_user_req_new(user_req **pp_req)
521 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
523 *pp_req = new user_req;
524 } catch (std::bad_alloc& ex) {
525 return SECURITY_MANAGER_ERROR_MEMORY;
527 return SECURITY_MANAGER_SUCCESS;
531 void security_manager_user_req_free(user_req *p_req)
537 int security_manager_user_req_set_uid(user_req *p_req, uid_t uid)
540 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
544 return SECURITY_MANAGER_SUCCESS;
548 int security_manager_user_req_set_user_type(user_req *p_req, security_manager_user_type utype)
551 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
553 p_req->utype = static_cast<int>(utype);
555 return SECURITY_MANAGER_SUCCESS;
559 int security_manager_user_add(const user_req *p_req)
561 using namespace SecurityManager;
563 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
565 return try_catch([&] {
567 ClientOffline offlineMode;
568 if (offlineMode.isOffline()) {
569 retval = SecurityManager::ServiceImpl::userAdd(p_req->uid, p_req->utype, geteuid());
571 MessageBuffer send, recv;
574 //put data into buffer
575 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_ADD));
577 Serialization::Serialize(send, p_req->uid);
578 Serialization::Serialize(send, p_req->utype);
580 //send buffer to server
581 retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
582 if (retval != SECURITY_MANAGER_API_SUCCESS) {
583 LogError("Error in sendToServer. Error code: " << retval);
584 return SECURITY_MANAGER_ERROR_UNKNOWN;
587 //receive response from server
588 Deserialization::Deserialize(recv, retval);
591 case SECURITY_MANAGER_API_SUCCESS:
592 return SECURITY_MANAGER_SUCCESS;
593 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
594 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
596 return SECURITY_MANAGER_ERROR_UNKNOWN;
602 int security_manager_user_delete(const user_req *p_req)
604 using namespace SecurityManager;
605 MessageBuffer send, recv;
607 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
608 return try_catch([&] {
610 //put data into buffer
611 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_DELETE));
613 Serialization::Serialize(send, p_req->uid);
616 //send buffer to server
617 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
618 if (retval != SECURITY_MANAGER_API_SUCCESS) {
619 LogError("Error in sendToServer. Error code: " << retval);
620 return SECURITY_MANAGER_ERROR_UNKNOWN;
623 //receive response from server
624 Deserialization::Deserialize(recv, retval);
626 case SECURITY_MANAGER_API_SUCCESS:
627 return SECURITY_MANAGER_SUCCESS;
628 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
629 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
631 return SECURITY_MANAGER_ERROR_UNKNOWN;
637 /***************************POLICY***************************************/
640 int security_manager_policy_update_req_new(policy_update_req **pp_req)
643 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
646 *pp_req = new policy_update_req;
647 } catch (std::bad_alloc& ex) {
648 return SECURITY_MANAGER_ERROR_MEMORY;
651 return SECURITY_MANAGER_SUCCESS;
655 void security_manager_policy_update_req_free(policy_update_req *p_req)
661 int security_manager_policy_update_send(policy_update_req *p_req)
663 using namespace SecurityManager;
664 MessageBuffer send, recv;
666 if (p_req == nullptr || p_req->units.size() == 0)
667 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
669 return try_catch([&] {
671 //put request into buffer
672 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::POLICY_UPDATE));
673 Serialization::Serialize(send, p_req->units);
676 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
677 if (retval != SECURITY_MANAGER_API_SUCCESS) {
678 LogError("Error in sendToServer. Error code: " << retval);
679 return SECURITY_MANAGER_ERROR_UNKNOWN;
682 //receive response from server
683 Deserialization::Deserialize(recv, retval);
685 case SECURITY_MANAGER_API_SUCCESS:
686 return SECURITY_MANAGER_SUCCESS;
687 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
688 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
689 case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
690 return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
692 return SECURITY_MANAGER_ERROR_UNKNOWN;
697 static inline int security_manager_get_policy_internal(
698 SecurityManager::SecurityModuleCall call_type,
699 policy_entry *p_filter,
700 policy_entry ***ppp_privs_policy,
703 using namespace SecurityManager;
704 MessageBuffer send, recv;
706 if (ppp_privs_policy == nullptr
708 || p_filter == nullptr)
709 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
711 return try_catch([&] {
712 //put request into buffer
713 Serialization::Serialize(send, static_cast<int>(call_type));
714 Serialization::Serialize(send, *p_filter);
716 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
717 if (retval != SECURITY_MANAGER_API_SUCCESS) {
718 LogError("Error in sendToServer. Error code: " << retval);
719 return SECURITY_MANAGER_ERROR_UNKNOWN;
721 //receive response from server
722 Deserialization::Deserialize(recv, retval);
724 case SECURITY_MANAGER_API_SUCCESS: {
725 //extract and allocate buffers for privs policy entries
727 policy_entry **entries = nullptr;
729 Deserialization::Deserialize(recv, entriesCnt);
730 entries = new policy_entry*[entriesCnt]();
731 for (int i = 0; i < entriesCnt; ++i) {
732 entries[i] = new policy_entry;
733 Deserialization::Deserialize(recv, entries[i]);
736 LogError("Error while parsing server response");
737 for (int i = 0; i < entriesCnt; ++i)
740 return SECURITY_MANAGER_ERROR_UNKNOWN;
742 *p_size = entriesCnt;
743 *ppp_privs_policy = entries;
744 return SECURITY_MANAGER_SUCCESS;
746 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
747 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
749 case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
750 return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
753 return SECURITY_MANAGER_ERROR_UNKNOWN;
759 int security_manager_get_configured_policy_for_admin(
760 policy_entry *p_filter,
761 policy_entry ***ppp_privs_policy,
764 return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_ADMIN, p_filter, ppp_privs_policy, p_size);
768 int security_manager_get_configured_policy_for_self(
769 policy_entry *p_filter,
770 policy_entry ***ppp_privs_policy,
773 return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_SELF, p_filter, ppp_privs_policy, p_size);
777 int security_manager_get_policy(
778 policy_entry *p_filter,
779 policy_entry ***ppp_privs_policy,
782 return security_manager_get_policy_internal(SecurityModuleCall::GET_POLICY, p_filter, ppp_privs_policy, p_size);
786 int security_manager_policy_entry_new(policy_entry **p_entry)
789 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
792 *p_entry = new policy_entry;
793 } catch (std::bad_alloc& ex) {
794 return SECURITY_MANAGER_ERROR_MEMORY;
797 return SECURITY_MANAGER_SUCCESS;
801 void security_manager_policy_entry_free(policy_entry *p_entry)
807 int security_manager_policy_entry_set_application(policy_entry *p_entry, const char *app_id)
810 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
811 p_entry->appId = app_id;
812 return SECURITY_MANAGER_SUCCESS;
816 int security_manager_policy_entry_set_user(policy_entry *p_entry, const char *user)
819 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
820 p_entry->user = user;
821 return SECURITY_MANAGER_SUCCESS;
825 int security_manager_policy_entry_set_privilege(policy_entry *p_entry, const char *privilege)
828 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
829 p_entry->privilege = privilege;
830 return SECURITY_MANAGER_SUCCESS;
834 int security_manager_policy_entry_set_level(policy_entry *p_entry, const char *policy_level)
837 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
838 p_entry->currentLevel = policy_level;
839 p_entry->maxLevel = EMPTY;
840 return SECURITY_MANAGER_SUCCESS;
844 int security_manager_policy_entry_admin_set_level(policy_entry *p_entry, const char *policy_level)
847 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
848 p_entry->maxLevel = policy_level;
849 p_entry->currentLevel = EMPTY;
850 return SECURITY_MANAGER_SUCCESS;
854 int security_manager_policy_update_req_add_entry(policy_update_req *p_req, const policy_entry *p_entry)
856 if (!p_entry || !p_req)
857 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
858 p_req->units.push_back(p_entry);
860 return SECURITY_MANAGER_SUCCESS;
864 const char *security_manager_policy_entry_get_user(policy_entry *p_entry)
866 return p_entry ? p_entry->user.c_str() : nullptr;
870 const char *security_manager_policy_entry_get_application(policy_entry *p_entry)
872 return p_entry ? p_entry->appId.c_str() : nullptr;
875 const char *security_manager_policy_entry_get_privilege(policy_entry *p_entry)
877 return p_entry ? p_entry->privilege.c_str() : nullptr;
880 const char *security_manager_policy_entry_get_level(policy_entry *p_entry)
882 return p_entry ? p_entry->currentLevel.c_str() : nullptr;
886 const char *security_manager_policy_entry_get_max_level(policy_entry *p_entry)
888 return p_entry ? p_entry->maxLevel.c_str() : nullptr;
892 void security_manager_policy_entries_free(policy_entry *p_entries, const size_t size)
894 for (size_t i = 0; i < size; i++) {
895 delete &p_entries[i];
901 int security_manager_policy_levels_get(char ***levels, size_t *levels_count)
903 using namespace SecurityManager;
904 MessageBuffer send, recv;
905 if (!levels || !levels_count)
906 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
907 return try_catch([&] {
909 //put data into buffer
910 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::POLICY_GET_DESCRIPTIONS));
912 //send buffer to server
913 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
914 if (retval != SECURITY_MANAGER_API_SUCCESS) {
915 LogError("Error in sendToServer. Error code: " << retval);
916 return SECURITY_MANAGER_ERROR_UNKNOWN;
919 //receive response from server
920 Deserialization::Deserialize(recv, retval);
923 case SECURITY_MANAGER_API_SUCCESS:
924 // success - continue
926 case SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY:
927 return SECURITY_MANAGER_ERROR_MEMORY;
928 case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
929 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
931 return SECURITY_MANAGER_ERROR_UNKNOWN;
935 Deserialization::Deserialize(recv, count);
936 *levels_count = count;
937 LogInfo("Number of policy descriptions: " << *levels_count);
939 char **array = new char *[*levels_count];
941 for (unsigned int i = 0; i < *levels_count; ++i) {
943 Deserialization::Deserialize(recv, level);
946 LogError("Unexpected empty level");
947 return SECURITY_MANAGER_ERROR_UNKNOWN;
950 array[i] = strdup(level.c_str());
951 if (array[i] == nullptr)
952 return SECURITY_MANAGER_ERROR_MEMORY;
957 return SECURITY_MANAGER_SUCCESS;
962 void security_manager_policy_levels_free(char **levels, size_t levels_count)
964 for (unsigned int i = 0; i < levels_count; i++)