/*
* Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
*
- * Contact: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
+ * Contact: Rafal Krypa <r.krypa@samsung.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
SECURITY_MANAGER_ERROR_UNKNOWN,
SECURITY_MANAGER_ERROR_INPUT_PARAM,
SECURITY_MANAGER_ERROR_MEMORY,
- SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE
+ SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE,
+ SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED
};
/*! \brief accesses types for application installation paths*/
int security_manager_app_inst_req_set_pkg_id(app_inst_req *p_req, const char *pkg_id);
/*
- * This function is used to add allowed user to app_inst_req structure,
- * it can be called multiple times
- *
- * \param[in] Pointer handling app_inst_req structure
- * \param[in] Privileged user identifier
- * \return API return code or error code
- */
-int security_manager_app_inst_req_add_allowed_user(app_inst_req *p_req, const uid_t user_id);
-
-/*
* This function is used to add privilege to app_inst_req structure,
* it can be called multiple times
*
* using filled up app_inst_req data structure
*
* \param[in] Pointer handling app_inst_req structure
- * \return API return code or error code
+ * \return API return code or error code: it would be
+ * - SECURITY_MANAGER_SUCCESS on success,
+ * - SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED when user does not
+ * have rights to install requested directories,
+ * - SECURITY_MANAGER_ERROR_UNKNOWN on other errors.
*/
int security_manager_app_install(const app_inst_req *p_req);
*/
int security_manager_app_uninstall(const app_inst_req *p_req);
+/**
+ * Get package id of a given application
+ *
+ * On successful call pkg_id should be freed by the caller using free() function
+ *
+ * \param[out] Pointer to package identifier string
+ * \param[in] Application identifier
+ * \return API return code or error code
+ */
+int security_manager_get_app_pkgid(char **pkg_id, const char *app_id);
+
+/**
+ * Extract smack label from a given binary and set it for
+ * currently running process
+ *
+ * \param[in] Path to binary
+ * \return API return code or error code
+ */
+int security_manager_set_process_label_from_binary(const char *path);
+
+/**
+ * Compute smack label for given application id and set it for
+ * currently running process
+ *
+ * \param[in] Application identifier
+ * \return API return code or error code
+ */
+int security_manager_set_process_label_from_appid(const char *app_id);
+
+/**
+ * For given app_id and current user, calculate allowed privileges that give
+ * direct access to file system resources. Then add current process to
+ * supplementary groups that are assigned to these resources.
+ *
+ * In Tizen some sensitive resources are being accessed by applications directly.
+ * The resources, being file system objects, are owned by dedicated GIDs and only
+ * processes in those UNIX groups can access them. This function is used for
+ * adding application process to all permitted groups that are assigned to such
+ * privileges.
+ *
+ * \param[in] Application identifier
+ * \return API return code or error code
+ */
+int security_manager_set_process_groups_from_appid(const char *app_id);
+
+/**
+ * The above launcher functions, manipulating process Smack label and group,
+ * require elevated privileges. Since they will be called by launcher after fork,
+ * in the process for the application, privileges should be dropped before
+ * running an actual application. This function is a helper for that purpose -
+ * it drops capabilities from the process.
+ *
+ * \return API return code or error code
+ */
+int security_manager_drop_process_privileges(void);
+
#ifdef __cplusplus
}
projects / platform / core / security / security-manager.git / blobdiff