/*
* Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
*
- * Contact: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
+ * Contact: Rafal Krypa <r.krypa@samsung.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <sys/types.h>
-/**
- * \name Return Codes
- * exported by the foundation API.
- * result codes begin with the start error code and extend into negative direction.
- * @{
-*/
-#define SECURITY_MANAGER_API_SUCCESS 0
-/*! \brief indicating the result of the one specific API is successful */
-#define SECURITY_MANAGER_API_ERROR_SOCKET -1
-
-/*! \brief indicating the socket between client and Security Manager has been failed */
-#define SECURITY_MANAGER_API_ERROR_BAD_REQUEST -2
-
-/*! \brief indicating the response from Security Manager is malformed */
-#define SECURITY_MANAGER_API_ERROR_BAD_RESPONSE -3
-
-/*! \brief indicating the requested service does not exist */
-#define SECURITY_MANAGER_API_ERROR_NO_SUCH_SERVICE -4
-
-/*! \brief indicating requesting object is not exist */
-#define SECURITY_MANAGER_API_ERROR_NO_SUCH_OBJECT -6
-
-/*! \brief indicating the authentication between client and server has been failed */
-#define SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED -7
-
-/*! \brief indicating the API's input parameter is malformed */
-#define SECURITY_MANAGER_API_ERROR_INPUT_PARAM -8
-
-/*! \brief indicating the output buffer size which is passed as parameter is too small */
-#define SECURITY_MANAGER_API_ERROR_BUFFER_TOO_SMALL -9
-
-/*! \brief indicating system is running out of memory state */
-#define SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY -10
-
-/*! \brief indicating the access has been denied by Security Manager */
-#define SECURITY_MANAGER_API_ERROR_ACCESS_DENIED -11
-
-/*! \brief indicating Security Manager has been failed for some reason */
-#define SECURITY_MANAGER_API_ERROR_SERVER_ERROR -12
-
-/*! \brief indicating getting smack label from socket failed */
-#define SECURITY_MANAGER_API_ERROR_GETTING_SOCKET_LABEL_FAILED -21
-
-/*! \brief indicating getting smack label from file failed */
-#define SECURITY_MANAGER_API_ERROR_GETTING_FILE_LABEL_FAILED -22
-
-/*! \brief indicating setting smack label for file failed */
-#define SECURITY_MANAGER_API_ERROR_SETTING_FILE_LABEL_FAILED -23
-
-/*! \brief indicating file already exists */
-#define SECURITY_MANAGER_API_ERROR_FILE_EXIST -24
-
-/*! \brief indicating file does not exist */
-#define SECURITY_MANAGER_API_ERROR_FILE_NOT_EXIST -25
-
-/*! \brief indicating file open error */
-#define SECURITY_MANAGER_API_ERROR_FILE_OPEN_FAILED -26
-
-/*! \brief indicating file creation error */
-#define SECURITY_MANAGER_API_ERROR_FILE_CREATION_FAILED -27
-
-/*! \brief indicating file deletion error */
-#define SECURITY_MANAGER_API_ERROR_FILE_DELETION_FAILED -28
-
-/*! \brief indicating the error with unknown reason */
-#define SECURITY_MANAGER_API_ERROR_UNKNOWN -255
-/** @}*/
-
-
#ifdef __cplusplus
extern "C" {
#endif
SECURITY_MANAGER_ERROR_UNKNOWN,
SECURITY_MANAGER_ERROR_INPUT_PARAM,
SECURITY_MANAGER_ERROR_MEMORY,
- SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE
+ SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE,
+ SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED
};
/*! \brief accesses types for application installation paths*/
* using filled up app_inst_req data structure
*
* \param[in] Pointer handling app_inst_req structure
- * \return API return code or error code
+ * \return API return code or error code: it would be
+ * - SECURITY_MANAGER_SUCCESS on success,
+ * - SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED when user does not
+ * have rights to install requested directories,
+ * - SECURITY_MANAGER_ERROR_UNKNOWN on other errors.
*/
int security_manager_app_install(const app_inst_req *p_req);
*/
int security_manager_app_uninstall(const app_inst_req *p_req);
+/**
+ * Get package id of a given application
+ *
+ * On successful call pkg_id should be freed by the caller using free() function
+ *
+ * \param[out] Pointer to package identifier string
+ * \param[in] Application identifier
+ * \return API return code or error code
+ */
+int security_manager_get_app_pkgid(char **pkg_id, const char *app_id);
+
+/**
+ * Extract smack label from a given binary and set it for
+ * currently running process
+ *
+ * \param[in] Path to binary
+ * \return API return code or error code
+ */
+int security_manager_set_process_label_from_binary(const char *path);
+
+/**
+ * Compute smack label for given application id and set it for
+ * currently running process
+ *
+ * \param[in] Application identifier
+ * \return API return code or error code
+ */
+int security_manager_set_process_label_from_appid(const char *app_id);
+
+/**
+ * For given app_id and current user, calculate allowed privileges that give
+ * direct access to file system resources. Then add current process to
+ * supplementary groups that are assigned to these resources.
+ *
+ * In Tizen some sensitive resources are being accessed by applications directly.
+ * The resources, being file system objects, are owned by dedicated GIDs and only
+ * processes in those UNIX groups can access them. This function is used for
+ * adding application process to all permitted groups that are assigned to such
+ * privileges.
+ *
+ * \param[in] Application identifier
+ * \return API return code or error code
+ */
+int security_manager_set_process_groups_from_appid(const char *app_id);
+
+/**
+ * The above launcher functions, manipulating process Smack label and group,
+ * require elevated privileges. Since they will be called by launcher after fork,
+ * in the process for the application, privileges should be dropped before
+ * running an actual application. This function is a helper for that purpose -
+ * it drops capabilities from the process.
+ *
+ * \return API return code or error code
+ */
+int security_manager_drop_process_privileges(void);
+
#ifdef __cplusplus
}