#include <dpl/log/log.h>
#include <dpl/exception.h>
-
+#include <smack-labels.h>
#include <message-buffer.h>
#include <client-common.h>
#include <protocols.h>
-#include <smack-common.h>
#include <service_impl.h>
#include <file-lock.h>
SECURITY_MANAGER_API
int security_manager_set_process_label_from_appid(const char *app_id)
{
- char *pkg_id;
int ret;
std::string appLabel;
if (smack_smackfs_path() == NULL)
return SECURITY_MANAGER_SUCCESS;
- ret = security_manager_get_app_pkgid(&pkg_id, app_id);
- if (ret != SECURITY_MANAGER_SUCCESS) {
- return ret;
+ if (SecurityManager::generateAppLabel(std::string(app_id), appLabel) == false) {
+ LogError("Failed to generate smack label for appId: " << app_id);
+ return SECURITY_MANAGER_API_ERROR_NO_SUCH_OBJECT;
}
- if (SecurityManager::generateAppLabel(std::string(pkg_id), appLabel)) {
- ret = setup_smack(appLabel.c_str());
- if (ret != SECURITY_MANAGER_SUCCESS) {
- LogError("Failed to set smack label " << appLabel << " for current process");
- }
- }
- else {
- ret = SECURITY_MANAGER_ERROR_UNKNOWN;
+ if ((ret = setup_smack(appLabel.c_str())) != SECURITY_MANAGER_SUCCESS) {
+ LogError("Failed to set smack label " << appLabel << " for current process");
+ return ret;
}
- free(pkg_id);
- return ret;
+ return SECURITY_MANAGER_SUCCESS;
}
SECURITY_MANAGER_API
int security_manager_user_add(const user_req *p_req)
{
using namespace SecurityManager;
+ bool offlineMode;
MessageBuffer send, recv;
if (!p_req)
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
return try_catch([&] {
+ int retval;
+ try {
+ SecurityManager::FileLocker serviceLock(SecurityManager::SERVICE_LOCK_FILE);
+ if ((offlineMode = serviceLock.Locked())) {
+ LogInfo("Working in offline mode.");
+ retval = SecurityManager::ServiceImpl::userAdd(p_req->uid, p_req->utype, geteuid());
+ }
+ } catch (const SecurityManager::FileLocker::Exception::Base &e) {
+ offlineMode = false;
+ }
+ if (!offlineMode) {
+ //server is working
- //put data into buffer
- Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_ADD));
+ //put data into buffer
+ Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_ADD));
- Serialization::Serialize(send, p_req->uid);
- Serialization::Serialize(send, p_req->utype);
+ Serialization::Serialize(send, p_req->uid);
+ Serialization::Serialize(send, p_req->utype);
- //send buffer to server
- int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
- if (retval != SECURITY_MANAGER_API_SUCCESS) {
- LogError("Error in sendToServer. Error code: " << retval);
- return SECURITY_MANAGER_ERROR_UNKNOWN;
- }
+ //send buffer to server
+ retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+ if (retval != SECURITY_MANAGER_API_SUCCESS) {
+ LogError("Error in sendToServer. Error code: " << retval);
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
- //receive response from server
- Deserialization::Deserialize(recv, retval);
+ //receive response from server
+ Deserialization::Deserialize(recv, retval);
+ }
switch(retval) {
case SECURITY_MANAGER_API_SUCCESS:
return SECURITY_MANAGER_SUCCESS;
}
});
}
+
+
+/***************************POLICY***************************************/
+
+SECURITY_MANAGER_API
+int security_manager_policy_update_req_new(policy_update_req **pp_req)
+{
+ if (!pp_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ try {
+ *pp_req = new policy_update_req;
+ } catch (std::bad_alloc& ex) {
+ return SECURITY_MANAGER_ERROR_MEMORY;
+ }
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+void security_manager_policy_update_req_free(policy_update_req *p_req)
+{
+ delete p_req;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_update_send(policy_update_req *p_req)
+{
+ using namespace SecurityManager;
+ MessageBuffer send, recv;
+
+ if (p_req == nullptr || p_req->units.size() == 0)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ return try_catch([&] {
+
+ //put request into buffer
+ Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::POLICY_UPDATE));
+ Serialization::Serialize(send, p_req->units);
+
+ //send it to server
+ int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+ if (retval != SECURITY_MANAGER_API_SUCCESS) {
+ LogError("Error in sendToServer. Error code: " << retval);
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ //receive response from server
+ Deserialization::Deserialize(recv, retval);
+ switch(retval) {
+ case SECURITY_MANAGER_API_SUCCESS:
+ return SECURITY_MANAGER_SUCCESS;
+ case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
+ return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
+ default:
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+ });
+}
+
+static inline int security_manager_get_policy_internal(
+ SecurityManager::SecurityModuleCall call_type,
+ policy_entry *p_filter,
+ policy_entry **pp_privs_policy,
+ size_t *p_size)
+{
+ using namespace SecurityManager;
+ MessageBuffer send, recv;
+
+ if (pp_privs_policy == nullptr || p_size == nullptr)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ return try_catch([&] {
+ //put request into buffer
+ Serialization::Serialize(send, static_cast<int>(call_type));
+ Serialization::Serialize(send, *p_filter);
+ //send it to server
+ int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+ if (retval != SECURITY_MANAGER_API_SUCCESS) {
+ LogError("Error in sendToServer. Error code: " << retval);
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+ //receive response from server
+ Deserialization::Deserialize(recv, retval);
+ switch(retval) {
+ case SECURITY_MANAGER_API_SUCCESS: {
+ //extract and allocate buffers for privs policy entries
+ size_t entriesCnt = 0;
+ policy_entry **entries = nullptr;
+ Deserialization::Deserialize(recv, entriesCnt);
+ try {
+ entries = new policy_entry*[entriesCnt]();
+ for (size_t i = 0; i < entriesCnt; ++i)
+ Deserialization::Deserialize(recv, entries[i]);
+ } catch (...) {
+ LogError("Error while parsing server response");
+ for (size_t i = 0; i < entriesCnt; ++i)
+ delete(entries[i]);
+ delete entries;
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+ *p_size = entriesCnt;
+ pp_privs_policy = entries;
+ return SECURITY_MANAGER_SUCCESS;
+ }
+ case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
+ return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
+
+ default:
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+ });
+}
+
+SECURITY_MANAGER_API
+int security_manager_get_configured_policy_for_admin(
+ policy_entry *p_filter,
+ policy_entry **pp_privs_policy,
+ size_t *p_size)
+{
+ return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_ADMIN, p_filter, pp_privs_policy, p_size);
+}
+
+SECURITY_MANAGER_API
+int security_manager_get_configured_policy_for_self(
+ policy_entry *p_filter,
+ policy_entry **pp_privs_policy,
+ size_t *p_size)
+{
+ return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_SELF, p_filter, pp_privs_policy, p_size);
+}
+
+SECURITY_MANAGER_API
+int security_manager_get_policy(
+ policy_entry *p_filter,
+ policy_entry **pp_privs_policy,
+ size_t *p_size)
+{
+ return security_manager_get_policy_internal(SecurityModuleCall::GET_POLICY, p_filter, pp_privs_policy, p_size);
+};
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_new(policy_entry **p_entry)
+{
+ if (!p_entry)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ try {
+ *p_entry = new policy_entry;
+ } catch (std::bad_alloc& ex) {
+ return SECURITY_MANAGER_ERROR_MEMORY;
+ }
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+void security_manager_policy_entry_free(policy_entry *p_entry)
+{
+ delete p_entry;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_set_application(policy_entry *p_entry, const char *app_id)
+{
+ if (!p_entry)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ p_entry->appId = app_id;
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_set_user(policy_entry *p_entry, const char *user)
+{
+ if (!p_entry)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ p_entry->user = user;
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_set_privilege(policy_entry *p_entry, const char *privilege)
+{
+ if (!p_entry)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ p_entry->privilege = privilege;
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_set_level(policy_entry *p_entry, const char *policy_level)
+{
+ if (!p_entry)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ p_entry->currentLevel = policy_level;
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_admin_set_level(policy_entry *p_entry, const char *policy_level)
+{
+ if (!p_entry)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ p_entry->maxLevel = policy_level;
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_update_req_add_entry(policy_update_req *p_req, const policy_entry *p_entry)
+{
+ if (!p_entry || !p_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ p_req->units.push_back(p_entry);
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+const char *security_manager_policy_entry_get_user(policy_entry *p_entry)
+{
+ if (p_entry)
+ return strdup(p_entry->user.c_str());
+ else
+ return nullptr;
+}
+
+SECURITY_MANAGER_API
+const char *security_manager_policy_entry_get_application(policy_entry *p_entry)
+{
+ if (p_entry)
+ return strdup(p_entry->appId.c_str());
+ else
+ return nullptr;
+}
+SECURITY_MANAGER_API
+const char *security_manager_policy_entry_get_privilege(policy_entry *p_entry)
+{
+ if (p_entry)
+ return strdup(p_entry->privilege.c_str());
+ else
+ return nullptr;
+}
+SECURITY_MANAGER_API
+const char *security_manager_policy_entry_get_level(policy_entry *p_entry)
+{
+ if (p_entry)
+ return strdup(p_entry->currentLevel.c_str());
+ else
+ return nullptr;
+}
+
+SECURITY_MANAGER_API
+const char *security_manager_policy_entry_get_max_level(policy_entry *p_entry)
+{
+ if (p_entry)
+ return strdup(p_entry->maxLevel.c_str());
+ else
+ return nullptr;
+}
+
+SECURITY_MANAGER_API
+void security_manager_policy_entries_free(policy_entry *p_entries, const size_t size)
+{
+ for (size_t i = 0; i < size; i++) {
+ delete &p_entries[i];
+ }
+ delete [] p_entries;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_levels_get(char ***levels, size_t *levels_count)
+{
+ (void)levels;
+ (void)levels_count;
+
+ return 0;
+}
+
+SECURITY_MANAGER_API
+void security_manager_policy_levels_free(char **levels, size_t levels_count)
+{
+ (void)levels;
+ (void)levels_count;
+}