4 * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
6 * Contact: Bumjin Im <bj.im@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License
22 #ifndef SECURITY_SERVER_COMMON_H
23 #define SECURITY_SERVER_COMMON_H
29 #include <sys/types.h>
32 /* Definitions *********************************************************/
33 /* Return value. Continuing from return value of the client header file */
34 #define SECURITY_SERVER_SUCCESS 0
35 #define SECURITY_SERVER_ERROR_SOCKET -1
36 #define SECURITY_SERVER_ERROR_BAD_REQUEST -2
37 #define SECURITY_SERVER_ERROR_BAD_RESPONSE -3
38 #define SECURITY_SERVER_ERROR_SEND_FAILED -4
39 #define SECURITY_SERVER_ERROR_RECV_FAILED -5
40 #define SECURITY_SERVER_ERROR_NO_SUCH_OBJECT -6
41 #define SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED -7
42 #define SECURITY_SERVER_ERROR_INPUT_PARAM -8
43 #define SECURITY_SERVER_ERROR_BUFFER_TOO_SMALL -9
44 #define SECURITY_SERVER_ERROR_OUT_OF_MEMORY -10
45 #define SECURITY_SERVER_ERROR_ACCESS_DENIED -11
46 #define SECURITY_SERVER_ERROR_SERVER_ERROR -12
47 #define SECURITY_SERVER_ERROR_NO_SUCH_COOKIE -13
48 #define SECURITY_SERVER_ERROR_NO_PASSWORD -14
49 #define SECURITY_SERVER_ERROR_PASSWORD_EXIST -15
50 #define SECURITY_SERVER_ERROR_PASSWORD_MISMATCH -16
51 #define SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER -17
52 #define SECURITY_SERVER_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED -18
53 #define SECURITY_SERVER_ERROR_PASSWORD_EXPIRED -19
54 #define SECURITY_SERVER_ERROR_PASSWORD_REUSED -20
55 #define SECURITY_SERVER_ERROR_SOCKET_BIND -21
56 #define SECURITY_SERVER_ERROR_FILE_OPERATION -22
57 #define SECURITY_SERVER_ERROR_TIMEOUT -23
58 #define SECURITY_SERVER_ERROR_POLL -24
59 #define SECURITY_SERVER_ERROR_UNKNOWN -255
61 /* Miscellaneous Definitions */
62 #define SECURITY_SERVER_SOCK_PATH "/tmp/.security_server.sock"
63 #define SECURITY_SERVER_DEFAULT_COOKIE_PATH "/tmp/.security_server.coo"
64 #define SECURITY_SERVER_DAEMON_PATH "/usr/bin/security-server"
65 #define SECURITY_SERVER_COOKIE_LEN 20
66 #define MAX_OBJECT_LABEL_LEN 32
67 #define MAX_MODE_STR_LEN 16
68 #define SECURITY_SERVER_MAX_OBJ_NAME 30
69 #define SECURITY_SERVER_MSG_VERSION 0x01
70 #define SECURITY_SERVER_ACCEPT_TIMEOUT_MILISECOND 10000
71 #define SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND 3000
72 #define SECURITY_SERVER_DEVELOPER_UID 5100
73 #define SECURITY_SERVER_DATA_DIRECTORY_PATH "/opt/data/security-server"
74 #define SECURITY_SERVER_ATTEMPT_FILE_NAME "attempts"
75 #define SECURITY_SERVER_HISTORY_FILE_NAME "history"
76 #define SECURITY_SERVER_MAX_PASSWORD_LEN 32
77 #define SECURITY_SERVER_HASHED_PWD_LEN 32 /* SHA256 */
78 #define SECURITY_SERVER_PASSWORD_RETRY_TIMEOUT_SECOND 1 /* Deprecated. Will be removed. */
79 #define SECURITY_SERVER_PASSWORD_RETRY_TIMEOUT_MICROSECOND 500000 /* = 500 milliseconds */
80 #define SECURITY_SERVER_MAX_PASSWORD_HISTORY 50
81 #define SECURITY_SERVER_NUM_THREADS 10
82 #define MESSAGE_MAX_LEN 1048576
85 #ifndef SECURITY_SERVER_API
86 #define SECURITY_SERVER_API __attribute__((visibility("default")))
91 /* Data types *****************************************************************/
94 /* Cookie List data type */
95 typedef struct _cookie_list
97 unsigned char cookie[SECURITY_SERVER_COOKIE_LEN]; /* 20 bytes random Cookie */
98 int permission_len; /* Client process permissions (aka group IDs) */
99 pid_t pid; /* Client process's PID */
100 char *path; /* Client process's executable path */
101 int *permissions; /* Array of GID that the client process has */
102 char *smack_label; /* SMACK label of the client process */
103 char is_roots_process; /* Is cookie belongs to roots process */
104 struct _cookie_list *prev; /* Next cookie list */
105 struct _cookie_list *next; /* Previous cookie list */
109 /* Function prototypes ******************************************************/
112 void printhex(const unsigned char *data, int size);
114 /* for SECURE_LOG* purpose */
122 #define LOG_(id, prio, tag, fmt, arg ...) \
123 (__dlog_print(id, prio, tag, "%s: %s(%d) > " fmt, __MODULE__, __func__, __LINE__, ##arg))
125 #define SECURE_LOG_(id, prio, tag, fmt, arg ...) \
126 (_SECURE_ ? (__dlog_print(id, prio, tag, "%s: %s(%d) > [SECURE_LOG] " fmt, __MODULE__, __func__, __LINE__, ##arg)) : (0))
131 #define LOG_TAG "SECURITY_SERVER"
133 #define SECURE_LOGD(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_DEBUG, LOG_TAG, format, ##arg)
134 #define SECURE_LOGI(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_INFO, LOG_TAG, format, ##arg)
135 #define SECURE_LOGW(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_WARN, LOG_TAG, format, ##arg)
136 #define SECURE_LOGE(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_ERROR, LOG_TAG, format, ##arg)
139 #define SECURE_SLOGE(format, arg ...) SECURE_LOG_(LOG_ID_MAIN, DLOG_ERROR, LOG_TAG, format, ##arg)
140 #endif // SECURE_SLOGE
141 /****************************/
144 #ifdef SECURITY_SERVER_DEBUG_TO_CONSOLE /* debug msg will be printed in console */
145 #define SEC_SVR_DBG(FMT, ARG ...) fprintf(stderr, "[DBG:%s:%d] " FMT "\n", \
146 __FILE__, __LINE__, ##ARG)
147 #define SEC_SVR_WRN(FMT, ARG ...) fprintf(stderr, "[WRN:%s:%d] " FMT "\n", \
148 __FILE__, __LINE__, ##ARG)
149 #define SEC_SVR_ERR(FMT, ARG ...) fprintf(stderr, "[ERR:%s:%d] " FMT "\n", \
150 __FILE__, __LINE__, ##ARG)
156 #define LOG_TAG "SECURITY_SERVER"
157 #define SEC_SVR_ERR SLOGE
158 #if SECURITY_SERVER_DEBUG_DLOG /* debug msg will be printed by dlog daemon */
159 #define SEC_SVR_DBG SLOGD
160 #define SEC_SVR_WRN SLOGW
161 #else /* No debug output */
163 #define SEC_SVR_DBG(FMT, ARG ...) do { } while(0)
164 #define SEC_SVR_WRN(FMT, ARG ...) do { } while(0)
168 #define SECURE_SLOGD(FMT, ARG ...) do { } while(0)
172 #define SECURE_SLOGW(FMT, ARG ...) do { } while(0)
174 #endif // SECURITY_SERVER_DEBUG_DLOG
175 #endif // SECURITY_SERVER_DEBUG_TO_CONSOLE