2 * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
20 * @author Jacek Bukarewicz <j.bukarewicz@samsung.com>
22 * @brief Header file of a class managing smack rules
25 #ifndef _SMACK_RULES_H_
26 #define _SMACK_RULES_H_
30 #include <smack-exceptions.h>
32 struct smack_accesses;
34 namespace SecurityManager {
40 virtual ~SmackRules();
42 void add(const std::string &subject, const std::string &object,
43 const std::string &permissions);
44 void addModify(const std::string &subject, const std::string &object,
45 const std::string &allowPermissions, const std::string &denyPermissions);
46 void loadFromFile(const std::string &path);
47 void addFromTemplate(const std::vector<std::string> &templateRules,
48 const std::string &appId, const std::string &pkgId);
49 void addFromTemplateFile(const std::string &appId, const std::string &pkgId);
53 void saveToFile(const std::string &path) const;
56 * Create cross dependencies for all applications in a package
58 * This is needed for all applications within a package to have
59 * correct permissions to shared data.
61 * @param[in] pkgContents - a list of all applications inside this package
63 void generatePackageCrossDeps(const std::vector<std::string> &pkgContents);
66 * Install package-specific smack rules.
68 * Function creates smack rules using predefined template. Rules are applied
69 * to the kernel and saved on persistent storage so they are loaded on system boot.
71 * @param[in] appId - application id that is beeing installed
72 * @param[in] pkgId - package id that the application is in
73 * @param[in] pkgContents - a list of all applications in the package
75 static void installApplicationRules(const std::string &appId, const std::string &pkgId,
76 const std::vector<std::string> &pkgContents);
78 * Uninstall package-specific smack rules.
80 * Function loads package-specific smack rules, revokes them from the kernel
81 * and removes them from the persistent storage.
83 * @param[in] pkgId - package identifier
85 static void uninstallPackageRules(const std::string &pkgId);
87 /* FIXME: Remove this function if real pkgId instead of "User" label will be used
88 * in generateAppLabel(). */
89 static void addMissingRulesFix();
92 * Uninstall application-specific smack rules.
94 * Function removes application specific rules from the kernel, and
95 * removes them for persistent storage.
97 * @param[in] appId - application id
98 * @param[in] pkgId - package id that the application belongs to
99 * @param[in] appsInPkg - a list of other applications in the same package id that the application belongs to
101 static void uninstallApplicationRules(const std::string &appId, const std::string &pkgId,
102 std::vector<std::string> appsInPkg);
105 * Update package specific rules
107 * This function regenerates all package rules that
108 * need to exist currently for all application in that
111 * @param[in] pkgId - id of the package to update
112 * @param[in] pkgContents - a list of all applications in the package
114 static void updatePackageRules(const std::string &pkgId, const std::vector<std::string> &pkgContents);
118 * Create a path for package rules
121 static std::string getPackageRulesFilePath(const std::string &pkgId);
124 * Create a path for application rules
126 static std::string getApplicationRulesFilePath(const std::string &appId);
129 * Uninstall rules inside a specified file path
131 * This is a utility function that will clear all
132 * rules in the file specified by path
134 * @param[in] path - path to the file that contains the rules
136 static void uninstallRules (const std::string &path);
138 smack_accesses *m_handle;
141 } // namespace SecurityManager
143 #endif /* _SMACK_RULES_H_ */