SET(TARGET_SECURITY_SERVER "security-server")
SET(TARGET_SECURITY_CLIENT "security-server-client")
+SET(TARGET_SECURITY_MANAGER_CLIENT "security-manager-client")
SET(TARGET_SERVER_COMMON "security-server-commons")
ADD_SUBDIRECTORY(src)
#
ADD_SUBDIRECTORY(security-server)
+ADD_SUBDIRECTORY(security-manager)
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Pawel Polawski (p.polawski@samsung.com)
+# @brief
+#
+
+CONFIGURE_FILE(security-manager.pc.in security-manager.pc @ONLY)
+
+INSTALL(FILES
+ ${CMAKE_BINARY_DIR}/build/security-manager/security-manager.pc
+ DESTINATION
+ ${LIB_INSTALL_DIR}/pkgconfig
+ )
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=@LIB_INSTALL_DIR@
+includedir=${prefix}/include
+
+Name: security-manager
+Description: Security Manager Package
+Version: 1.0.1
+Requires:
+Libs: -L${libdir} -lsecurity-manager-client
+Cflags: -I${includedir}/security-manager
--- /dev/null
+<manifest>
+ <request>
+ <domain name="_" />
+ </request>
+</manifest>
Source0: %{name}-%{version}.tar.gz
Source1: security-server.manifest
Source2: libsecurity-server-client.manifest
+Source3: libsecurity-manager-client.manifest
BuildRequires: cmake
BuildRequires: zip
BuildRequires: pkgconfig(dlog)
Requires(postun): /sbin/ldconfig
%description -n libsecurity-server-client
-Tizen Security server client libraries
+Tizen Security server client library
%package -n libsecurity-server-client-devel
Summary: Security server (client-devel)
%description -n libsecurity-server-client-devel
Development files needed for using the security client
+%package -n libsecurity-manager-client
+Summary: Security manager (client)
+Group: Security/Libraries
+Requires: security-server = %{version}-%{release}
+Requires(post): /sbin/ldconfig
+Requires(postun): /sbin/ldconfig
+
+%description -n libsecurity-manager-client
+Tizen Security manager client library
+
+%package -n libsecurity-manager-client-devel
+Summary: Security manager (client-devel)
+Group: Security/Development
+Requires: libsecurity-manager-client = %{version}-%{release}
+
+%description -n libsecurity-manager-client-devel
+Development files needed for using the security manager client
+
%package -n security-server-devel
Summary: for web applications (Development)
Group: Security/Development
%setup -q
cp %{SOURCE1} .
cp %{SOURCE2} .
+cp %{SOURCE3} .
%build
%if 0%{?sec_build_binary_debug_enable}
mkdir -p %{buildroot}/usr/share/license
cp LICENSE %{buildroot}/usr/share/license/%{name}
cp LICENSE %{buildroot}/usr/share/license/libsecurity-server-client
+cp LICENSE %{buildroot}/usr/share/license/libsecurity-manager-client
mkdir -p %{buildroot}/etc/security/
cp security-server-audit.conf %{buildroot}/etc/security/
%make_install
%post -n libsecurity-server-client -p /sbin/ldconfig
+%post -n libsecurity-manager-client -p /sbin/ldconfig
+
%postun -n libsecurity-server-client -p /sbin/ldconfig
+%postun -n libsecurity-manager-client -p /sbin/ldconfig
+
%files -n security-server
%manifest security-server.manifest
%defattr(-,root,root,-)
%defattr(-,root,root,-)
%{_libdir}/libsecurity-server-client.so
%{_libdir}/libsecurity-server-commons.so
-/usr/include/security-server/security-server.h
-%{_libdir}/pkgconfig/*.pc
+%{_includedir}/security-server/security-server.h
+%{_libdir}/pkgconfig/security-server.pc
+
+%files -n libsecurity-manager-client
+%manifest libsecurity-manager-client.manifest
+%defattr(-,root,root,-)
+%{_libdir}/libsecurity-manager-client.so.*
+%{_datadir}/license/libsecurity-manager-client
+
+%files -n libsecurity-manager-client-devel
+%manifest %{name}.manifest
+%defattr(-,root,root,-)
+%{_libdir}/libsecurity-manager-client.so
+%{_libdir}/libsecurity-server-commons.so
+%{_includedir}/security-manager/security-manager.h
+%{_libdir}/pkgconfig/security-manager.pc
SET_TARGET_PROPERTIES(
${TARGET_SECURITY_CLIENT}
PROPERTIES
- COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=hidden"
+ COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=hidden"
SOVERSION ${SECURITY_CLIENT_VERSION_MAJOR}
VERSION ${SECURITY_CLIENT_VERSION}
)
################################################################################
+SET(SECURITY_MANAGER_CLIENT_VERSION_MAJOR 1)
+SET(SECURITY_MANAGER_CLIENT_VERSION ${SECURITY_MANAGER_CLIENT_VERSION_MAJOR}.0.1)
+
+INCLUDE_DIRECTORIES(
+ ${SERVER2_PATH}/client
+ ${SERVER2_PATH}/common
+ ${SERVER2_PATH}/dpl/core/include
+ ${SERVER2_PATH}/dpl/log/include
+ )
+
+SET(SECURITY_MANAGER_CLIENT_SOURCES
+ ${SERVER2_PATH}/client/client-security-manager.cpp
+ ${SERVER2_PATH}/client/client-common.cpp
+ )
+
+ADD_LIBRARY(${TARGET_SECURITY_MANAGER_CLIENT} SHARED ${SECURITY_MANAGER_CLIENT_SOURCES})
+
+SET_TARGET_PROPERTIES(
+ ${TARGET_SECURITY_MANAGER_CLIENT}
+ PROPERTIES
+ COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=hidden"
+ SOVERSION ${SECURITY_MANAGER_CLIENT_VERSION_MAJOR}
+ VERSION ${SECURITY_MANAGER_CLIENT_VERSION}
+ )
+
+TARGET_LINK_LIBRARIES(${TARGET_SECURITY_MANAGER_CLIENT}
+ ${SECURITY_SERVER_DEP_LIBRARIES}
+ ${TARGET_SERVER_COMMON}
+ )
+
+################################################################################
+
INSTALL(TARGETS ${TARGET_SECURITY_CLIENT} DESTINATION ${LIB_INSTALL_DIR})
+INSTALL(TARGETS ${TARGET_SECURITY_MANAGER_CLIENT} DESTINATION ${LIB_INSTALL_DIR})
INSTALL(TARGETS ${TARGET_SECURITY_SERVER} DESTINATION bin)
INSTALL(FILES
${SECURITY_SERVER_PATH}/include/security-server.h
- DESTINATION /usr/include/security-server
+ DESTINATION ${INCLUDE_INSTALL_DIR}/security-server
+ )
+
+INSTALL(FILES
+ ${SECURITY_SERVER_PATH}/include/security-manager.h
+ DESTINATION ${INCLUDE_INSTALL_DIR}/security-manager
)
################################################################################
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ * Security Manager library header
+ */
+/*
+ * @file security-manager.h
+ * @author Pawel Polawski (p.polawski@samsung.com)
+ * @version 1.0
+ * @brief This file contains header of security-manager API
+ */
+
+#ifndef SECURITY_MANAGER_H_
+#define SECURITY_MANAGER_H_
+
+#include <sys/types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*! \brief return code of API functions */
+enum lib_retcode {
+ SECURITY_MANAGER_SUCCESS,
+ SECURITY_MANAGER_ERROR_UNKNOWN,
+ SECURITY_MANAGER_ERROR_INPUT_PARAM,
+ SECURITY_MANAGER_ERROR_MEMORY,
+ SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE
+};
+
+/*! \brief accesses types for application installation paths*/
+enum app_install_path_type {
+ //accessible read-write only for applications with same package id
+ SECURITY_MANAGER_PATH_PRIVATE,
+ //read-write access for all applications
+ SECURITY_MANAGER_PATH_PUBLIC,
+ //read only access for all applications
+ SECURITY_MANAGER_PATH_PUBLIC_RO,
+ //this is only for range limit
+ SECURITY_MANAGER_ENUM_END
+};
+
+/*! \brief data structure responsible for handling informations
+ * required to install / uninstall application */
+struct app_inst_req;
+typedef struct app_inst_req app_inst_req;
+
+/*
+ * This function is responsible for initialize app_inst_req data structure
+ * It uses dynamic allocation inside and user responsibility is to call
+ * app_inst_req_free() for freeing allocated resources
+ *
+ * \param[in] Address of pointer for handle app_inst_req structure
+ * \return API return code or error code
+ */
+int security_manager_app_inst_req_new(app_inst_req **pp_req);
+
+/*
+ * This function is used to free resources allocated by calling app_inst_req_new()
+ * \param[in] Pointer handling allocated app_inst_req structure
+ */
+void security_manager_app_inst_req_free(app_inst_req *p_req);
+
+/*
+ * This function is used to set up application identifier in app_inst_req structure
+ *
+ * \param[in] Pointer handling app_inst_req structure
+ * \param[in] Application identifier
+ * \return API return code or error code
+ */
+int security_manager_app_inst_req_set_app_id(app_inst_req *p_req, const char *app_id);
+
+/*
+ * This function is used to set up package identifier in app_inst_req structure
+ *
+ * \param[in] Pointer handling app_inst_req structure
+ * \param[in] Package identifier
+ * \return API return code or error code
+ */
+int security_manager_app_inst_req_set_pkg_id(app_inst_req *p_req, const char *pkg_id);
+
+/*
+ * This function is used to add allowed user to app_inst_req structure,
+ * it can be called multiple times
+ *
+ * \param[in] Pointer handling app_inst_req structure
+ * \param[in] Privileged user identifier
+ * \return API return code or error code
+ */
+int security_manager_app_inst_req_add_allowed_user(app_inst_req *p_req, const uid_t user_id);
+
+/*
+ * This function is used to add privilege to app_inst_req structure,
+ * it can be called multiple times
+ *
+ * \param[in] Pointer handling app_inst_req structure
+ * \param[in] Application privilager
+ * \return API return code or error code
+ */
+int security_manager_app_inst_req_add_privilege(app_inst_req *p_req, const char *privilege);
+
+/*
+ * This function is used to add application path to app_inst_req structure,
+ * it can be called multiple times
+ *
+ * \param[in] Pointer handling app_inst_req structure
+ * \param[in] Application path
+ * \param[in] Application path type
+ * \return API return code or error code
+ */
+int security_manager_app_inst_req_add_path(app_inst_req *p_req, const char *path, const int path_type);
+
+/*
+ * This function is used to install application based on
+ * using filled up app_inst_req data structure
+ *
+ * \param[in] Pointer handling app_inst_req structure
+ * \return API return code or error code
+ */
+int security_manager_app_install(const app_inst_req *p_req);
+
+/*
+ * This function is used to uninstall application based on
+ * using filled up app_inst_req data structure
+ *
+ * \param[in] Pointer handling app_inst_req structure
+ * \return API return code or error code
+ */
+int security_manager_app_uninstall(const app_inst_req *p_req);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SECURITY_MANAGER_H_ */
#include <message-buffer.h>
#define SECURITY_SERVER_API __attribute__((visibility("default")))
+#define SECURITY_MANAGER_API __attribute__((visibility("default")))
#define SECURITY_SERVER_UNUSED __attribute__((unused))
extern "C" {
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ * Security Manager library header
+ */
+/*
+ * @file client-security-manager.cpp
+ * @author Pawel Polawski (p.polawski@samsung.com)
+ * @version 1.0
+ * @brief This file contain client side implementation of security-manager API
+ */
+
+#include <cstdio>
+#include <utility>
+
+#include <dpl/log/log.h>
+#include <dpl/exception.h>
+
+#include <message-buffer.h>
+#include <client-common.h>
+#include <protocols.h>
+
+#include <security-manager.h>
+#include <security-server.h>
+
+
+SECURITY_MANAGER_API
+int security_manager_app_inst_req_new(app_inst_req **pp_req)
+{
+ if (!pp_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ try {
+ *pp_req = new app_inst_req;
+ } catch (std::bad_alloc& ex) {
+ return SECURITY_MANAGER_ERROR_MEMORY;
+ }
+
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+void security_manager_app_inst_req_free(app_inst_req *p_req)
+{
+ delete p_req;
+}
+
+SECURITY_MANAGER_API
+int security_manager_app_inst_req_set_app_id(app_inst_req *p_req, const char *app_id)
+{
+ if (!p_req || !app_id)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ p_req->appId = app_id;
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_app_inst_req_set_pkg_id(app_inst_req *p_req, const char *pkg_id)
+{
+ if (!p_req || !pkg_id)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ p_req->pkgId = pkg_id;
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_app_inst_req_add_allowed_user(app_inst_req *p_req, const uid_t user_id)
+{
+ if (!p_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ p_req->allowedUsers.push_back(user_id);
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_app_inst_req_add_privilege(app_inst_req *p_req, const char *privilege)
+{
+ if (!p_req || !privilege)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ p_req->privileges.push_back(privilege);
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_app_inst_req_add_path(app_inst_req *p_req, const char *path, const int path_type)
+{
+ if (!p_req || !path || (path_type < 0) || (path_type >= SECURITY_MANAGER_ENUM_END))
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ p_req->appPaths.push_back(std::make_pair(path, path_type));
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_app_install(const app_inst_req *p_req)
+{
+ using namespace SecurityServer;
+ MessageBuffer send, recv;
+
+ LogDebug("app_install() called");
+
+ return try_catch([&] {
+ //checking parameters
+ if (!p_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ if (p_req->appId.empty() || p_req->pkgId.empty())
+ return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
+
+ //put data into buffer
+ Serialization::Serialize(send, (int)SecurityModuleCall::APP_INSTALL);
+ Serialization::Serialize(send, p_req->appId);
+ Serialization::Serialize(send, p_req->pkgId);
+ Serialization::Serialize(send, p_req->allowedUsers);
+ Serialization::Serialize(send, p_req->privileges);
+ Serialization::Serialize(send, p_req->appPaths);
+
+ //send buffer to server
+ int retval = sendToServer(SERVICE_SOCKET_INSTALLER, send.Pop(), recv);
+ if (retval != SECURITY_SERVER_API_SUCCESS) {
+ LogDebug("Error in sendToServer. Error code: " << retval);
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ //receive response from server
+ Deserialization::Deserialize(recv, retval);
+ if (retval != SECURITY_SERVER_API_SUCCESS)
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+
+ return SECURITY_MANAGER_SUCCESS;;
+ });
+}
+
+SECURITY_MANAGER_API
+int security_manager_app_uninstall(const app_inst_req *p_req)
+{
+ using namespace SecurityServer;
+ MessageBuffer send, recv;
+
+ LogDebug("app_uninstall() called");
+
+ return try_catch([&] {
+ //checking parameters
+ if (!p_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ if (p_req->appId.empty())
+ return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
+
+ //put data into buffer
+ Serialization::Serialize(send, (int)SecurityModuleCall::APP_UNINSTALL);
+ Serialization::Serialize(send, p_req->appId);
+
+ //send buffer to server
+ int retval = sendToServer(SERVICE_SOCKET_INSTALLER, send.Pop(), recv);
+ if (retval != SECURITY_SERVER_API_SUCCESS) {
+ LogDebug("Error in sendToServer. Error code: " << retval);
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ //receive response from server
+ Deserialization::Deserialize(recv, retval);
+ if (retval != SECURITY_SERVER_API_SUCCESS)
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+
+ return SECURITY_MANAGER_SUCCESS;;
+ });
+}
+
+
/*
* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
*
- * Contact: Bumjin Im <bj.im@samsung.com>
+ * Contact: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
namespace SecurityServer {
char const * const SERVICE_SOCKET_SHARED_MEMORY =
- "/tmp/.security-server-api-data-share.sock";
+ "/tmp/.security-server-api-data-share.sock";
char const * const SERVICE_SOCKET_GET_GID =
- "/tmp/.security-server-api-get-gid.sock";
+ "/tmp/.security-server-api-get-gid.sock";
char const * const SERVICE_SOCKET_PRIVILEGE_BY_PID =
- "/tmp/.security-server-api-privilege-by-pid.sock";
+ "/tmp/.security-server-api-privilege-by-pid.sock";
char const * const SERVICE_SOCKET_APP_PRIVILEGE_BY_NAME =
- "/tmp/.security-server-api-app-privilege-by-name.sock";
+ "/tmp/.security-server-api-app-privilege-by-name.sock";
char const * const SERVICE_SOCKET_COOKIE_GET =
- "/tmp/.security-server-api-cookie-get.sock";
+ "/tmp/.security-server-api-cookie-get.sock";
char const * const SERVICE_SOCKET_COOKIE_CHECK =
- "/tmp/.security-server-api-cookie-check.sock";
+ "/tmp/.security-server-api-cookie-check.sock";
char const * const SERVICE_SOCKET_PASSWD_CHECK =
- "/tmp/.security-server-api-password-check.sock";
+ "/tmp/.security-server-api-password-check.sock";
char const * const SERVICE_SOCKET_PASSWD_SET =
- "/tmp/.security-server-api-password-set.sock";
+ "/tmp/.security-server-api-password-set.sock";
char const * const SERVICE_SOCKET_PASSWD_RESET =
- "/tmp/.security-server-api-password-reset.sock";
+ "/tmp/.security-server-api-password-reset.sock";
+char const * const SERVICE_SOCKET_INSTALLER =
+ "/tmp/.security-manager-api.sock";
const size_t COOKIE_SIZE = 20;
/*
* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
*
- * Contact: Bumjin Im <bj.im@samsung.com>
+ * Contact: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <cstddef>
#include <time.h>
+#include <vector>
+#include <utility>
+#include <string>
+
+struct app_inst_req {
+ std::string appId;
+ std::string pkgId;
+ std::vector<uid_t> allowedUsers;
+ std::vector<std::string> privileges;
+ std::vector<std::pair<std::string, int>> appPaths;
+};
namespace SecurityServer {
extern char const * const SERVICE_SOCKET_PASSWD_CHECK;
extern char const * const SERVICE_SOCKET_PASSWD_SET;
extern char const * const SERVICE_SOCKET_PASSWD_RESET;
+extern char const * const SERVICE_SOCKET_INSTALLER;
enum class AppPermissionsAction { ENABLE, DISABLE };
HDR_SET_PWD_HISTORY
};
+enum class SecurityModuleCall
+{
+ APP_INSTALL,
+ APP_UNINSTALL
+};
+
extern const size_t MAX_PASSWORD_LEN;
extern const unsigned int MAX_PASSWORD_HISTORY;
extern const unsigned int PASSWORD_INFINITE_EXPIRATION_DAYS;