#define SECURITY_SERVER_H
#include <sys/types.h>
+#include <privilege-control.h>
/**
* @file security-server.h
/*! \brief indicating the response from Security Server is malformed */
#define SECURITY_SERVER_API_ERROR_BAD_RESPONSE -3
-/*! \brief indicating the transmitting request has been failed */
-#define SECURITY_SERVER_API_ERROR_SEND_FAILED -4
-
-/*! \brief indicating the receiving response has been failed */
-#define SECURITY_SERVER_API_ERROR_RECV_FAILED -5
+/*! \brief indicating the requested service does not exist */
+#define SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE -4
/*! \brief indicating requesting object is not exist */
#define SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT -6
/*! \brief indicating password retry timeout is not occurred yet */
#define SECURITY_SERVER_API_ERROR_PASSWORD_REUSED -20
+/*! \brief indicating getting smack label from socket failed */
+#define SECURITY_SERVER_API_ERROR_GETTING_SOCKET_LABEL_FAILED -21
+
+/*! \brief indicating getting smack label from file failed */
+#define SECURITY_SERVER_API_ERROR_GETTING_FILE_LABEL_FAILED -22
+
+/*! \brief indicating setting smack label for file failed */
+#define SECURITY_SERVER_API_ERROR_SETTING_FILE_LABEL_FAILED -23
+
+/*! \brief indicating file already exists */
+#define SECURITY_SERVER_API_ERROR_FILE_EXIST -24
+
+/*! \brief indicating file does not exist */
+#define SECURITY_SERVER_API_ERROR_FILE_NOT_EXIST -25
+
+/*! \brief indicating file open error */
+#define SECURITY_SERVER_API_ERROR_FILE_OPEN_FAILED -26
+
+/*! \brief indicating file creation error */
+#define SECURITY_SERVER_API_ERROR_FILE_CREATION_FAILED -27
+
+/*! \brief indicating file deletion error */
+#define SECURITY_SERVER_API_ERROR_FILE_DELETION_FAILED -28
+
/*! \brief indicating the error with unknown reason */
#define SECURITY_SERVER_API_ERROR_UNKNOWN -255
/** @}*/
+
#ifdef __cplusplus
extern "C" {
#endif
* }
* ...
* \endcode
-*/
-int security_server_get_gid(const char *object);
-
-
-
-/**
- * \par Description:
- * Retreives object name as mull terminated string from Linux group ID which is passed by parameter
- *
- * \par Purpose:
- * This API may be used to get object name if the caller process only knows GID of the object.
- *
- * \par Typical use case:
- * In middleware daemon, by some reason, need to know object name from the Linux group ID, then call this API to retrieve object name as string
- *
- * \par Method of function operation:
- * Opens /etc/group file and searches matching gid. If there is matching result, returns name of the group as null terminated string
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * - This API is only allowed to be called by pre-defined middleware daemon
- *
- * \param[in] gid Linux group ID which needed to be retrieved as object name.
- * \param[out] object Place holder for matching object name for gid.
- * \param[in] max_object_size Allocated byte size of parameter "object".
- *
- * \return 0 on success, or negative error code on error.
- *
- * \par Prospective clients:
- * Inhouse middleware.
- *
- * \par Known issues/bugs:
- * None
*
- * \pre output parameter object must be malloced before calling this API not to make memory curruption
- *
- * \post None
- *
- * \see /etc/group,
- * security_server_get_gid()
- *
- * \remarks None
- *
- * \par Sample code:
- * \code
- * #include <security-server.h>
- * ...
- * int retval;
- * char objectname[20];
- *
- * // Call the API
- * retval = security_server_get_object_name(6005, objectname, sizeof(objectname));
- * if(retval < 0)
- * {
- * printf("%s", "Error has occurred\n");
- * exit(0);
- * }
- * ...
- * \endcode
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-get-gid w"
*/
-int security_server_get_object_name(gid_t gid, char *object, size_t max_object_size);
-
-
+int security_server_get_gid(const char *object);
/**
* \par Description:
* }
* ...
* \endcode
+ *
+ * Access to this function not requires SMACK rule
*/
-int security_server_request_cookie(char *cookie, size_t max_cookie);
+int security_server_request_cookie(char *cookie, size_t bufferSize);
* }
* ...
* \endcode
+ *
+ * Access to this function not requires SMACK rule
*/
int security_server_get_cookie_size(void);
* ...
*
* \endcode
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-cookie-check w"
*/
int security_server_check_privilege(const char *cookie, gid_t privilege);
const char *object,
const char *access_rights);
-int security_server_check_privilege_by_sockfd(int sockfd,
- const char *object,
- const char *access_rights);
-
/**
* \par Description:
* This API searchs a cookie value and returns PID of the given cookie.
* \return positive integer on success meaning the PID, 0 means the cookie is for root process, negative integer error code on error.
*
* \par Prospective clients:
- * Only pre-defiend middleware daemons
+ * Only pre-defined middleware daemons
*
* \par Known issues/bugs:
* None
* ...
*
* \endcode
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-cookie-check w"
*/
int security_server_get_cookie_pid(const char *cookie);
*
* \see security_server_set_pwd(), security_server_chk_pwd()
*
- * \remarks If password file is currupted or accitentally deleted, this API may not synchronized with security-server, but security-server will check file status on next request.
+ * \remarks If password file is corrupted or accidentally deleted, this API may not synchronized with security-server, but security-server will check file status on next request.
*
* \par Sample code:
* \code
* {
* printf("%s", "There is no password exists\n");
* }
- * else if(is_pwd_set == SECURITY_SERVER_SUCCESS && expire_sec > 0 && attempt < max_attempts)
+ * else if(is_pwd_set == SECURITY_SERVER_API_SUCCESS && expire_sec > 0 && attempt < max_attempts)
* {
* printf("%s", "Password is valid by now\n");
* }
* ...
*
* \endcode
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-password-check w"
*/
int security_server_is_pwd_valid(unsigned int *current_attempts,
unsigned int *max_attempts,
* \param[in] max_challenge Maximum number of attempts that user can try to check the password without success in serial. 0 means infinity.
* \param[in] valid_period_in_days. Number of days that this password is valid. 0 means infinity
*
- * \return 0 on seccuess, negative integer error code on error.
+ * \return 0 on success, negative integer error code on error.
*
* \par Prospective clients:
* Platform's THE ONLY setting application and some dedicated privileged processes
*
* \see security_server_is_pwd_valid(), security_server_chk_pwd(), security_server_reset_pwd()
*
- * \remarks Only setting application can call this API. The password file will be acces controlled and securely hashed. Security-server will remain previous password file to recover unexpected password file curruption.
+ * \remarks Only setting application can call this API. The password file will be access controlled and securely hashed. Security-server will remain previous password file to recover unexpected password file corruption.
* \remarks If current password exists and it's expired, or max attempts reached, you cannot call this API. You have to call security_server_reset_pwd() API.
*
* \par Sample code:
* ...
* }
* }
- * else if(is_pwd_set == SECURITY_SERVER_SUCCESS && expire_sec > 0 && attempt < max_attempts)
+ * else if(is_pwd_set == SECURITY_SERVER_API_SUCCESS && expire_sec > 0 && attempt < max_attempts)
* {
* printf("%s", "Password is valid by now\n");
* ret = security_server_set_pwd("this_is_current_pwd", "this_is_new_pwd", 20, 365);
* ...
*
* \endcode
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-password-set w"
*/
int security_server_set_pwd(const char *cur_pwd,
const char *new_pwd,
* Identifying calling peer is not ready yet, should be based on SMACK somehow.
*
* \see security_server_is_pwd_valid(), security_server_chk_pwd(), security_server_reset_pwd()
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-password-set w"
*/
int security_server_set_pwd_validity(const unsigned int valid_period_in_days);
* Identifying calling peer is not ready yet, should be based on SMACK somehow.
*
* \see security_server_is_pwd_valid(), security_server_chk_pwd(), security_server_reset_pwd()
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-password-set w"
*/
int security_server_set_pwd_max_challenge(const unsigned int max_challenge);
/**
* \par Description:
- * This API sets phone password only if current password is invalid or user forgot the password.
+ * This API sets phone password without performing any checks connected with provided password. It
+ * should be used only if current password is invalid or user forgot the password.
*
* \par Purpose:
* This API should be used by setting application or dedicated processes when the user changes his/her phone password.
*
* \par Typical use case:
- * User forgots the password. He calls emergency manager(auto or manual) for reset password. Emergency manager calls this API and reset phone password.
+ * User forgets the password. He calls emergency manager(auto or manual) for reset password. Emergency manager calls this API and reset phone password.
*
* \par Method of function operation:
- * Resetting phone password with input string without any matching current password.
+ * Resetting phone password with input string without any matching current password. Function does
+ * no checks before password replacement (expiration time check, currently set password checks,
+ * history check and attempt count check are skipped).
*
* \par Sync (or) Async:
* This is a Synchronous API.
* \param[in] max_challenge Maximum number of attempts that user can try to check the password without success in serial. 0 means infinity.
* \param[in] valid_period_in_days. Number of days that this password is valid. 0 means infinity
*
- * \return 0 on seccuess, negative integer error code on error.
+ * \return 0 on success, negative integer error code on error.
*
* \par Prospective clients:
* Platform's THE ONLY setting application and some dedicated privileged processes
*
* \see security_server_is_pwd_valid(), security_server_chk_pwd(), security_server_set_pwd()
*
- * \remarks Only dedicated applications can call this API. The password file will be acces controlled and securely hashed. Security-server will remain previous password file to recover unexpected password file curruption.
+ * \remarks Only dedicated applications can call this API. The password file will be access controlled and securely hashed. Security-server will remain previous password file to recover unexpected password file corruption.
*
* \par Sample code:
* \code
* #include <security-server.h>
* ...
* int ret;
- * unsigned int attempt, max_attempt, expire_sec;
*
- * ret = security_server_set_pwd("this_is_new_pwd", 20, 365);
+ * ret = security_server_reset_pwd("this_is_new_pwd", 20, 365);
* if(retval != SECURITY_SERVER_API_SUCCESS)
* {
* printf("%s", "we have error\n");
* ...
*
* \endcode
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-password-reset w"
*/
int security_server_reset_pwd(const char *new_pwd,
const unsigned int max_challenge,
* \param[out] max_attempts Number of maximum attempts that the password locks. 0 means infinite
* \param[out] valid_secs Remaining time in second which represents this password will be expired. 0xFFFFFFFF means infinite
*
- * \return 0 on seccuess, negative integer error code on error.
+ * \return 0 on success, negative integer error code on error.
*
* \par Prospective clients:
* Applications which has phone UI lock feature.
* ...
*
* \endcode
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-password-check w"
*/
int security_server_chk_pwd(const char *challenge,
unsigned int *current_attempt,
* \par Important notes:
* There is retry timer on this API to limit replay attack. You will get error if you called this API too often.\n
*
- * \param[in] number_of_history Number of history to be checked when user tries to change password. Maximum is currently 50
+ * \param[in] history_size Number of history to be checked when user tries to change password. Maximum is currently 50
*
- * \return 0 on seccuess, negative integer error code on error.
+ * \return 0 on success, negative integer error code on error.
*
* \par Prospective clients:
* MDM client, Enterprise manager.
*
* \see security_server_set_pwd()
*
- * \remarks The password file will be acces controlled and securely hashed. Security-server will remain previous password file to recover unexpected password file curruption.
+ * \remarks The password file will be access controlled and securely hashed. Security-server will remain previous password file to recover unexpected password file curruption.
*
* \par Sample code:
* \code
* ...
*
* \endcode
-*/
-int security_server_set_pwd_history(int number_of_history);
-
-
-
-/**
- * \par Description:
- * This API launches /usr/bin/debug-util as root privilege.
- *
- * \par Purpose:
- * This API will be used only by SDK with developer privilege to launch debugging tool to debug as the developing applicaion's privilege.
- *
- * \par Typical use case:
- * During appliation development, SDK opens a shell to install, launch, and debug the developing application. But the shell will not have any privilege to control platform. Therefore we need a special utility to manage debugging environement as same privilege level of the application. If this API is called, security server will launch the debug utility as root privilege and the utility will drop its privilege same as developing application
*
- *
- * \par Method of function operation:
- * When Security Server receives this request, it checks uid of the client, and launches /usr/bin/debug-util with given arguements.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * Caller process of this API must be owned by developer user.\n
- * The caller process will be pre-defined.
- * /usr/bin/debug-util itself must be omitted in the argv. Security server will put this as first argv in the execution procedure
- *
- * \param[in] argc Number of arguements.
- *
- * \param[in] argv Arguements
- *
- * \return 0 on success, negative integer error code on error.
- *
- * \par Prospective clients:
- * Only pre-defiend debugging utility.
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre None
- *
- * \post None
- *
- * \see None
- *
- * \remarks Calling this API, you have to put argv[1] of the debug-util as argv[0] of this API. Security server will put argv[0] automatically
- *
- * \par Sample code:
- * \code
- * #include <security-server.h>
- * #define DEVELOPER_UID 5500
- *
- * int main(int argc, char **argv)
- * {
- * int my_uid, ret;
- * uid = getuid();
- * if(uid != DEVELOPER_UID)
- * {
- * // You must be developer user
- * exit(1);
- * }
- *
- * ret = security_server_launch_debug_tool(argc -1, argv++)
- * if(ret != SECURITY_SERVER_SUCCESS)
- * {
- * // Some error occurred
- * exit(1);
- * }
- * ...
- * }
- *
- * \endcode
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-password-set w"
*/
-int security_server_launch_debug_tool(int argc, const char **argv);
+int security_server_set_pwd_history(int history_size);
/*
* This function allows to get process SMACK label by passing cookie assigned
*
* \par For free label use free(), label allocated by calloc()
* User responsibility is to free resource.
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-cookie-check w"
*/
char *security_server_get_smacklabel_cookie(const char *cookie);
*
* \par For free label use free(), label allocated by calloc().
* User responsibility is to free resource.
+ *
+ * Access to this function not requires SMACK rule
*/
char *security_server_get_smacklabel_sockfd(int fd);
* This function will give permissions "rwxat" from
* (subject) customer_label to caller process (object).
* Object label will be extracted from socket.
+ *
+ * \param[in] CUSTOMER_LABEL execute label of the process that should have access to caller.
+ * \param[in] CUSTOMER_PID all rules applied by this function should be removed from system
+ * when process with CUSTOMER_PID dies.
+ *
+ * \return SECURITY_SERVER_API_SUCCESS on success
+ * \return SECURITY_SERVER_API_ERROR_GETTING_SOCKET_LABEL_FAILED
+ * \return SECURITY_SERVER_API_ERROR_ACCESS_DENIED
+ * \return SECURITY_SERVER_API_ERROR_BAD_REQUEST input params were rejected by security-server
+ * \return SECURITY_SERVER_API_ERROR_INPUT_PARAM input params were rejected by client library
+ * \return SECURITY_SERVER_API_ERROR_SOCKET connection to security server failed.
+ *
+ * Important: In current implementation CUSTOMER_PID is ignored! This mean that rules applied
+ * by this function won't be revoke until device reset!
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-data-share w"
* */
int security_server_app_give_access(const char *customer_label, int customer_pid);
/*
- * This function allows middleware to check priviliges of process with specified PID.
- * Service is able to check proces acces to the specified object label with specified
+ * This function allows middleware to check privileges of process with specified PID or socket
+ * file descriptor.
+ * Service is able to check process access to the specified object label with specified
* access rights.
*
- * \param[in] PID number of process to be checked
+ * \param[in] PID id of process or SOCKFD socket file descriptor to be checked
* \param[in] SMACK object label
* \param[in] SMACK access rights to be checked
*
* \return Privilege confirm or error code
- * SECURITY_SERVER_SUCCESS - on succes
+ * \return SECURITY_SERVER_API_SUCCESS - on succes
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-privilege-by-pid w"
*/
int security_server_check_privilege_by_pid(int pid, const char *object, const char *access_rights);
+int security_server_check_privilege_by_sockfd(int sockfd,
+ const char *object,
+ const char *access_rights);
+
+/*
+ * This function allows middleware to check if an app has the specified privilege
+ * enabled.
+ *
+ * \param[in] Application ID
+ * \param[in] Application type
+ * \param[in] Privilege name
+ * \param[out] Handler to store the result. It is set to 1 (true) if privilege is enabled, 0 (false) otherwise
+ *
+ * \return SECURITY_SERVER_API_SUCCESS on success or error code on fail
+ *
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-app-privilege-by-name w"
+ */
+int security_server_app_has_privilege(const char *app_id,
+ app_type_t app_type,
+ const char *privilege_name,
+ int *result);
+
#ifdef __cplusplus
}
#endif
projects / platform / core / security / security-server.git / blobdiff