/*! \brief indicating the response from Security Server is malformed */
#define SECURITY_SERVER_API_ERROR_BAD_RESPONSE -3
-/*! \brief indicating the transmitting request has been failed */
-/* deprecated unused */
-#define SECURITY_SERVER_API_ERROR_SEND_FAILED -4
-
-/*! \brief indicating the receiving response has been failed */
-/* deprecated unused */
-#define SECURITY_SERVER_API_ERROR_RECV_FAILED -5
+/*! \brief indicating the requested service does not exist */
+#define SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE -4
/*! \brief indicating requesting object is not exist */
#define SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT -6
int security_server_check_privilege_by_sockfd(int sockfd,
const char *object,
const char *access_rights);
-/*
- * This function allows middleware to enable permissions for specified app_id.
- *
- * \param[in] Application ID
- * \param[in] Application type defined in enum at the beginning of this file
- * \param[in] Permissions list
- * \param[in] Persistent
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-app-permissions w"
- */
-int security_server_app_enable_permissions(const char *app_id, app_type_t app_type, const char **perm_list, int persistent);
-
-/*
- * This function allows middleware to disable permissions for specified app_id.
- *
- * \param[in] Application ID
- * \param[in] Application type defined in enum at the beginning of this file
- * \param[in] Permissions list
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-app-permissions w"
- */
-int security_server_app_disable_permissions(const char *app_id, app_type_t app_type, const char **perm_list);
-
-/*
- * This function allows middleware to get UID assigned to cookie
- *
- * \param[in] Cookie
- * \param[out] Handler to store UID
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-cookie-check w"
- */
-int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
/*
* This function allows middleware to check if an app has the specified privilege
const char *privilege_name,
int *result);
-/*
- * This function allows middleware to check if caller app has the specified privilege
- * enabled. Security Server gets caller app smack label from the IPC socket.
- *
- * \param[in] Application type
- * \param[in] Privilege name
- * \param[out] Handler to store the result. It is set to 1 (true) if privilege is enabled, 0 (false) otherwise
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-app-privilege-by-name w"
- */
-int security_server_app_caller_has_privilege(app_type_t app_type,
- const char *privilege_name,
- int *result);
-
-/*
- * This function allows middleware to get GID assigned to cookie
- *
- * \param[in] Cookie
- * \param[out] Handler to store GID
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-cookie-check w"
- */
-int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
-
-/*
- * This function allows to create, if doesn't exist, or open existing file by
- * Security Server on behalf of calling process in secured directory.
- *
- * \param[in] File name to create/open
- * \param[out] File descriptor
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or error code on fail
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-open-for w"
- */
-int security_server_open_for(const char *filename, int *fd) __attribute__((deprecated));
-
-/*
- * This function allows to create, if doesn't exist, file by Security Server on
- * behalf of calling process in secured directory. File gets smack label of
- * designated client process, passed as 'client_label' argument, which is
- * allowed to read created file.
- *
- * \param[in] File name to create
- * \param[in] Label of designated client
- * \param[out] File descriptor
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or one of error codes on fail
- * \return SECURITY_SERVER_API_ERROR_ACCESS_DENIED
- * \return SECURITY_SERVER_API_ERROR_SOCKET
- * \return SECURITY_SERVER_API_ERROR_INPUT_PARAM
- * \return SECURITY_SERVER_API_ERROR_GETTING_SOCKET_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_FILE_CREATION_FAILED
- * \return SECURITY_SERVER_API_ERROR_SETTING_FILE_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_FILE_EXIST
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-open-for w"
- */
-int security_server_shared_file_open(const char *filename, const char *client_label, int *fd);
-
-/*
- * This function allows to open existing file by Security Server on behalf of
- * calling process in secured directory. Security Server checks smack label
- * of calling process and if it's the same as file label access to file is
- * granted.
- *
- * \param[in] File name to open
- * \param[out] File descriptor
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or one of error codes on fail
- * \return SECURITY_SERVER_API_ERROR_ACCESS_DENIED
- * \return SECURITY_SERVER_API_ERROR_SOCKET
- * \return SECURITY_SERVER_API_ERROR_INPUT_PARAM
- * \return SECURITY_SERVER_API_ERROR_GETTING_SOCKET_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_GETTING_FILE_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED
- * \return SECURITY_SERVER_API_ERROR_FILE_NOT_EXIST
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-open-for w"
- */
-int security_server_shared_file_reopen(const char *filename, int *fd);
-
-/*
- * This function allows to delete existing file by Security Server on behalf of
- * calling process in secured directory. Security Server checks smack label
- * of calling process and if it's the same as file label data file is deleted.
- *
- * \param[in] File name to delete
- *
- * \return SECURITY_SERVER_API_SUCCESS on success or one of error codes on fail
- * \return SECURITY_SERVER_API_ERROR_ACCESS_DENIED
- * \return SECURITY_SERVER_API_ERROR_SOCKET
- * \return SECURITY_SERVER_API_ERROR_INPUT_PARAM
- * \return SECURITY_SERVER_API_ERROR_GETTING_SOCKET_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_GETTING_FILE_LABEL_FAILED
- * \return SECURITY_SERVER_API_ERROR_AUTHENTICATION_FAILED
- * \return SECURITY_SERVER_API_ERROR_FILE_DELETION_FAILED
- * \return SECURITY_SERVER_API_ERROR_FILE_NOT_EXIST
- *
- * Access to this function requires SMACK rule: "<app_label> security-server::api-open-for w"
- */
-int security_server_shared_file_delete(const char *filename);
-
#ifdef __cplusplus
}
#endif
projects / platform / core / security / security-server.git / blobdiff