2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
20 * @author Michal Witanowski <m.witanowski@samsung.com>
21 * @author Rafal Krypa <r.krypa@samsung.com>
22 * @brief Implementation of security-manager service
25 #ifndef _SECURITY_MANAGER_SERVICE_
26 #define _SECURITY_MANAGER_SERVICE_
28 #include "base-service.h"
30 namespace SecurityManager {
32 class ServiceException
35 DECLARE_EXCEPTION_TYPE(SecurityManager::Exception, Base)
36 DECLARE_EXCEPTION_TYPE(Base, InvalidAction)
40 public SecurityManager::BaseService
43 Service(const bool isSlave);
44 ServiceDescriptionVector GetServiceDescription();
50 * Handle request from a client
52 * @param conn Socket connection information
53 * @param buffer Raw received data buffer
54 * @param interfaceID identifier used to distinguish source socket
55 * @return true on success
57 bool processOne(const ConnectionID &conn, MessageBuffer &buffer, InterfaceID interfaceID);
60 * Process application installation
62 * @param buffer Raw received data buffer
63 * @param send Raw data buffer to be sent
64 * @param uid User's identifier for whom application will be installed
66 void processAppInstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid);
69 * Process application uninstallation
71 * @param buffer Raw received data buffer
72 * @param send Raw data buffer to be sent
73 * @param uid User's identifier for whom application will be uninstalled
75 void processAppUninstall(MessageBuffer &buffer, MessageBuffer &send, uid_t uid);
78 * Process getting package id from app id
80 * @param buffer Raw received data buffer
81 * @param send Raw data buffer to be sent
83 void processGetPkgId(MessageBuffer &buffer, MessageBuffer &send);
86 * Process getting permitted group ids for app id
88 * @param buffer Raw received data buffer
89 * @param send Raw data buffer to be sent
90 * @param uid User's identifier for whom application will be launched
91 * @param pid Process id in which application will be launched
93 void processGetAppGroups(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid);
95 void processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t uid);
97 void processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_t uid);
100 * Process policy update request
102 * @param buffer Raw received data buffer
103 * @param send Raw data buffer to be sent
104 * @param uid Identifier of the user who sent the request
105 * @param pid PID of the process which sent the request
106 * @param smackLabel smack label of requesting app
108 void processPolicyUpdate(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid, const std::string &smackLabel);
111 * List all privileges for specific user, placed in Cynara's PRIVACY_MANAGER
112 * or ADMIN's bucket - choice based on forAdmin parameter
114 * @param buffer Raw received data buffer
115 * @param send Raw data buffer to be sent
116 * @param uid Identifier of the user who sent the request
117 * @param pid PID of the process which sent the request
118 * @param smackLabel smack label of requesting app
119 * @param forAdmin determines internal type of request
121 void processGetConfiguredPolicy(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid, const std::string &smackLabel, bool forAdmin);
124 * Get whole policy for specific user. Whole policy is a list of all apps,
125 * and their permissions (based on what they've stated in their manifests).
126 * If uid is unprivileged, then only privileges for the caller uid will be
127 * listed. If uid is privileged, then apps for all the users will be listed.
129 * @param buffer Raw received data buffer
130 * @param send Raw data buffer to be sent
131 * @param uid Identifier of the user who sent the request
132 * @param pid PID of the process which sent the request
133 * @param smackLabel smack label of requesting app
135 void processGetPolicy(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid, const std::string &smackLabel);
138 * Process getting policies descriptions as strings from Cynara
140 * @param recv Raw received data buffer
141 * @param send Raw data buffer to be sent
143 void processPolicyGetDesc(MessageBuffer &send);
146 * Process getting privileges mapping. This retrieves and sends to clinet vector of privileges
147 * which are mapped to given privileges between two given privilege versions.
149 * @oaran send Raw data buffer to be sent
151 void processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send);
155 } // namespace SecurityManager
157 #endif // _SECURITY_MANAGER_SERVICE_