/*! \brief indicating the response from Security Server is malformed */
#define SECURITY_SERVER_API_ERROR_BAD_RESPONSE -3
-/*! \brief indicating the transmitting request has been failed */
-#define SECURITY_SERVER_API_ERROR_SEND_FAILED -4
-
-/*! \brief indicating the receiving response has been failed */
-#define SECURITY_SERVER_API_ERROR_RECV_FAILED -5
+/*! \brief indicating the requested service does not exist */
+#define SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE -4
/*! \brief indicating requesting object is not exist */
#define SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT -6
* {
* printf("%s", "There is no password exists\n");
* }
- * else if(is_pwd_set == SECURITY_SERVER_SUCCESS && expire_sec > 0 && attempt < max_attempts)
+ * else if(is_pwd_set == SECURITY_SERVER_API_SUCCESS && expire_sec > 0 && attempt < max_attempts)
* {
* printf("%s", "Password is valid by now\n");
* }
* ...
* }
* }
- * else if(is_pwd_set == SECURITY_SERVER_SUCCESS && expire_sec > 0 && attempt < max_attempts)
+ * else if(is_pwd_set == SECURITY_SERVER_API_SUCCESS && expire_sec > 0 && attempt < max_attempts)
* {
* printf("%s", "Password is valid by now\n");
* ret = security_server_set_pwd("this_is_current_pwd", "this_is_new_pwd", 20, 365);
/**
* \par Description:
- * This API sets phone password only if current password is invalid or user forgot the password.
+ * This API sets phone password without performing any checks connected with provided password. It
+ * should be used only if current password is invalid or user forgot the password.
*
* \par Purpose:
* This API should be used by setting application or dedicated processes when the user changes his/her phone password.
* User forgets the password. He calls emergency manager(auto or manual) for reset password. Emergency manager calls this API and reset phone password.
*
* \par Method of function operation:
- * Resetting phone password with input string without any matching current password.
+ * Resetting phone password with input string without any matching current password. Function does
+ * no checks before password replacement (expiration time check, currently set password checks,
+ * history check and attempt count check are skipped).
*
* \par Sync (or) Async:
* This is a Synchronous API.
* (subject) customer_label to caller process (object).
* Object label will be extracted from socket.
*
+ * \param[in] CUSTOMER_LABEL execute label of the process that should have access to caller.
+ * \param[in] CUSTOMER_PID all rules applied by this function should be removed from system
+ * when process with CUSTOMER_PID dies.
+ *
+ * \return SECURITY_SERVER_API_SUCCESS on success
+ * \return SECURITY_SERVER_API_ERROR_GETTING_SOCKET_LABEL_FAILED
+ * \return SECURITY_SERVER_API_ERROR_ACCESS_DENIED
+ * \return SECURITY_SERVER_API_ERROR_BAD_REQUEST input params were rejected by security-server
+ * \return SECURITY_SERVER_API_ERROR_INPUT_PARAM input params were rejected by client library
+ * \return SECURITY_SERVER_API_ERROR_SOCKET connection to security server failed.
+ *
+ * Important: In current implementation CUSTOMER_PID is ignored! This mean that rules applied
+ * by this function won't be revoke until device reset!
+ *
* Access to this function requires SMACK rule: "<app_label> security-server::api-data-share w"
* */
int security_server_app_give_access(const char *customer_label, int customer_pid);
* \param[in] SMACK access rights to be checked
*
* \return Privilege confirm or error code
- * SECURITY_SERVER_SUCCESS - on success
+ * \return SECURITY_SERVER_API_SUCCESS - on succes
*
* Access to this function requires SMACK rule: "<app_label> security-server::api-privilege-by-pid w"
*/
int security_server_check_privilege_by_sockfd(int sockfd,
const char *object,
const char *access_rights);
-/*
- * This function allows middleware to enable permissions for specified app_id.
- *
- * \param[in] Application ID
- * \param[in] Application type defined in enum at the beginning of this file
- * \param[in] Permissions list
- * \param[in] Persistent
- *
- * \return SECURITY_SERVER_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-app-permissions w"
- */
-int security_server_app_enable_permissions(const char *app_id, app_type_t app_type, const char **perm_list, int persistent);
-
-/*
- * This function allows middleware to disable permissions for specified app_id.
- *
- * \param[in] Application ID
- * \param[in] Application type defined in enum at the beginning of this file
- * \param[in] Permissions list
- *
- * \return SECURITY_SERVER_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-app-permissions w"
- */
-int security_server_app_disable_permissions(const char *app_id, app_type_t app_type, const char **perm_list);
-
-/*
- * This function allows middleware to get UID assigned to cookie
- *
- * \param[in] Cookie
- * \param[out] Handler to store UID
- *
- * \return SECURITY_SERVER_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-cookie-check w"
- */
-int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
/*
* This function allows middleware to check if an app has the specified privilege
* \param[in] Privilege name
* \param[out] Handler to store the result. It is set to 1 (true) if privilege is enabled, 0 (false) otherwise
*
- * \return SECURITY_SERVER_SUCCESS on success or error code on fail
+ * \return SECURITY_SERVER_API_SUCCESS on success or error code on fail
*
* Access to this function requires SMACK rule: "<app_label> security-server::api-app-privilege-by-name w"
*/
const char *privilege_name,
int *result);
-/*
- * This function allows middleware to check if caller app has the specified privilege
- * enabled. Security Server gets caller app smack label from the IPC socket.
- *
- * \param[in] Application type
- * \param[in] Privilege name
- * \param[out] Handler to store the result. It is set to 1 (true) if privilege is enabled, 0 (false) otherwise
- *
- * \return SECURITY_SERVER_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-app-privilege-by-name w"
- */
-int security_server_app_caller_has_privilege(app_type_t app_type,
- const char *privilege_name,
- int *result);
-
-/*
- * This function allows middleware to get GID assigned to cookie
- *
- * \param[in] Cookie
- * \param[out] Handler to store GID
- *
- * \return SECURITY_SERVER_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-cookie-check w"
- */
-int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
-
-/*
- * This function allows to create, if doesn't exist, or open existing file by
- * Security Server on behalf of calling process in secured directory.
- *
- * \param[in] File name to create/open
- * \param[out] File descriptor
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-open-for w"
- */
-int security_server_open_for(const char *filename, int *fd) __attribute__((deprecated));
-
-/*
- * This function allows to create, if doesn't exist, file by Security Server on
- * behalf of calling process in secured directory. File gets smack label of
- * designated client process, passed as 'client_label' argument, which is
- * allowed to read created file.
- *
- * \param[in] File name to create
- * \param[in] Label of designated client
- * \param[out] File descriptor
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or one of error codes on fail
- * \return SECURITY_SERVER_API_ERROR_ACCESS_DENIED
- * \return SECURITY_SERVER_API_ERROR_SOCKET
- * \return SECURITY_SERVER_API_ERROR_INPUT_PARAM
- * \return SECURITY_SERVER_API_ERROR_GETTING_SOCKET_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_FILE_CREATION_FAILED
- * \return SECURITY_SERVER_API_ERROR_SETTING_FILE_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_FILE_EXIST
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-open-for w"
- */
-int security_server_shared_file_open(const char *filename, const char *client_label, int *fd);
-
-/*
- * This function allows to open existing file by Security Server on behalf of
- * calling process in secured directory. Security Server checks smack label
- * of calling process and if it's the same as file label access to file is
- * granted.
- *
- * \param[in] File name to open
- * \param[out] File descriptor
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or one of error codes on fail
- * \return SECURITY_SERVER_API_ERROR_ACCESS_DENIED
- * \return SECURITY_SERVER_API_ERROR_SOCKET
- * \return SECURITY_SERVER_API_ERROR_INPUT_PARAM
- * \return SECURITY_SERVER_API_ERROR_GETTING_SOCKET_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_GETTING_FILE_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED
- * \return SECURITY_SERVER_API_ERROR_FILE_NOT_EXIST
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-open-for w"
- */
-int security_server_shared_file_reopen(const char *filename, int *fd);
-
-/*
- * This function allows to delete existing file by Security Server on behalf of
- * calling process in secured directory. Security Server checks smack label
- * of calling process and if it's the same as file label data file is deleted.
- *
- * \param[in] File name to delete
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or one of error codes on fail
- * \return SECURITY_SERVER_API_ERROR_ACCESS_DENIED
- * \return SECURITY_SERVER_API_ERROR_SOCKET
- * \return SECURITY_SERVER_API_ERROR_INPUT_PARAM
- * \return SECURITY_SERVER_API_ERROR_GETTING_SOCKET_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_GETTING_FILE_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED
- * \return SECURITY_SERVER_API_ERROR_FILE_DELETION_FAILED
- * \return SECURITY_SERVER_API_ERROR_FILE_NOT_EXIST
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-open-for w"
- */
-int security_server_shared_file_delete(const char *filename);
-
#ifdef __cplusplus
}
#endif
projects / platform / core / security / security-server.git / blobdiff