cynara_admin_finish(m_CynaraAdmin);
}
-CynaraAdmin &CynaraAdmin::getInstance()
-{
- static CynaraAdmin cynaraAdmin;
- return cynaraAdmin;
-}
-
void CynaraAdmin::SetPolicies(const std::vector<CynaraAdminPolicy> &policies)
{
if (policies.empty()) {
const std::vector<std::string> &privileges,
std::function <bool(const std::string &)> isPrivacy)
{
- auto calcPolicies = [&label](
+ auto calcPolicies = [&](
const std::string &user,
const std::vector<std::string> &privileges,
const std::string &bucket,
std::vector<CynaraAdminPolicy> oldPolicies;
std::unordered_set<std::string> privilegesSet(privileges.begin(),
privileges.end());
- CynaraAdmin::getInstance().ListPolicies(bucket, label, user,
+ ListPolicies(bucket, label, user,
CYNARA_ADMIN_ANY, oldPolicies);
// Compare previous policies with set of new requested privileges
std::vector<std::string> &privileges)
{
std::vector<CynaraAdminPolicy> policies;
- CynaraAdmin::getInstance().ListPolicies(
+ ListPolicies(
CynaraAdmin::Buckets.at(Bucket::MANIFESTS),
label, user, CYNARA_ADMIN_ANY, policies);
int askUserPolicy = convertToPolicyType(Config::PRIVACY_POLICY_DESC);
std::vector<CynaraAdminPolicy> appPolicies;
- CynaraAdmin::getInstance().ListPolicies(CynaraAdmin::Buckets.at(Bucket::MANIFESTS),
+ ListPolicies(CynaraAdmin::Buckets.at(Bucket::MANIFESTS),
CYNARA_ADMIN_ANY, CYNARA_ADMIN_WILDCARD,
CYNARA_ADMIN_ANY, appPolicies);
Buckets.at(Bucket::PRIVACY_MANAGER)));
}
- CynaraAdmin::getInstance().SetPolicies(policies);
+ SetPolicies(policies);
}
void CynaraAdmin::ListUsers(std::vector<uid_t> &listOfUsers)
{
std::vector<CynaraAdminPolicy> tmpListOfUsers;
- CynaraAdmin::getInstance().ListPolicies(
+ ListPolicies(
CynaraAdmin::Buckets.at(Bucket::MAIN),
CYNARA_ADMIN_WILDCARD,
CYNARA_ADMIN_ANY,
{
std::string uidStr = std::to_string(uid);
std::vector<CynaraAdminPolicy> tmpListOfUsers;
- CynaraAdmin::getInstance().ListPolicies(
+ ListPolicies(
CynaraAdmin::Buckets.at(Bucket::MAIN),
CYNARA_ADMIN_WILDCARD,
uidStr,
level = CYNARA_ADMIN_DELETE;
} else {
try {
- level = CynaraAdmin::getInstance().convertToPolicyType(policyEntry.maxLevel);
+ level = m_cynaraAdmin.convertToPolicyType(policyEntry.maxLevel);
} catch (const std::out_of_range& e) {
LogError("policy max level cannot be: " << policyEntry.maxLevel);
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
level = CYNARA_ADMIN_DELETE;
} else {
try {
- level = CynaraAdmin::getInstance().convertToPolicyType(policyEntry.currentLevel);
+ level = m_cynaraAdmin.convertToPolicyType(policyEntry.currentLevel);
} catch (const std::out_of_range& e) {
LogError("policy current level cannot be: " << policyEntry.currentLevel);
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
/* Get all application ids in the package to generate rules withing the package */
getPkgLabels(req.pkgName, pkgLabels);
m_priviligeDb.GetPkgAuthorId(req.pkgName, authorId);
- CynaraAdmin::getInstance().UpdateAppPolicy(appLabel, cynaraUserStr, req.privileges, isPrivilegePrivacy);
+ m_cynaraAdmin.UpdateAppPolicy(appLabel, cynaraUserStr, req.privileges, isPrivilegePrivacy);
if (hasSharedRO)
m_priviligeDb.SetSharedROPackage(req.pkgName);
m_priviligeDb.GetPackagesInfo(pkgsInfo);
getPkgsProcessLabels(pkgsInfo, pkgsProcessLabels);
- CynaraAdmin::getInstance().UpdateAppPolicy(processLabel, cynaraUserStr,
+ m_cynaraAdmin.UpdateAppPolicy(processLabel, cynaraUserStr,
std::vector<std::string>(), isPrivilegePrivacy);
m_priviligeDb.CommitTransaction();
LogDebug("Application uninstallation commited to database");
std::vector<std::string> privileges;
std::string uidStr = std::to_string(creds.uid);
- CynaraAdmin::getInstance().GetAppPolicy(appProcessLabel, uidStr, privileges);
- CynaraAdmin::getInstance().GetAppPolicy(appProcessLabel, CYNARA_ADMIN_WILDCARD, privileges);
+ m_cynaraAdmin.GetAppPolicy(appProcessLabel, uidStr, privileges);
+ m_cynaraAdmin.GetAppPolicy(appProcessLabel, CYNARA_ADMIN_WILDCARD, privileges);
vectorRemoveDuplicates(privileges);
return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
}
try {
- CynaraAdmin::getInstance().UserInit(uidAdded, static_cast<security_manager_user_type>(userType), isPrivilegePrivacy);
+ m_cynaraAdmin.UserInit(uidAdded, static_cast<security_manager_user_type>(userType), isPrivilegePrivacy);
PermissibleSet::initializeUserPermissibleFile(uidAdded);
} catch (CynaraException::InvalidParam &e) {
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
}
}
- CynaraAdmin::getInstance().UserRemove(uidDeleted);
+ m_cynaraAdmin.UserRemove(uidDeleted);
return ret;
}
}
// Apply updates
- CynaraAdmin::getInstance().SetPolicies(validatedPolicies);
+ m_cynaraAdmin.SetPolicies(validatedPolicies);
} catch (const CynaraException::Base &e) {
LogError("Error while updating Cynara rules: " << e.DumpToString());
}
//Fetch privileges from ADMIN bucket
- CynaraAdmin::getInstance().ListPolicies(
+ m_cynaraAdmin.ListPolicies(
CynaraAdmin::Buckets.at(Bucket::ADMIN),
appProcessLabel,
user,
};
};
//Fetch privileges from PRIVACY_MANAGER bucket
- CynaraAdmin::getInstance().ListPolicies(
+ m_cynaraAdmin.ListPolicies(
CynaraAdmin::Buckets.at(Bucket::PRIVACY_MANAGER),
appProcessLabel,
user,
pe.appName = app;
pe.user = strcmp(policy.user, CYNARA_ADMIN_WILDCARD) ? policy.user : SECURITY_MANAGER_ANY;
pe.privilege = strcmp(policy.privilege, CYNARA_ADMIN_WILDCARD) ? policy.privilege : pe.privilege = SECURITY_MANAGER_ANY;
- pe.currentLevel = CynaraAdmin::getInstance().convertToPolicyDescription(policy.result);
+ pe.currentLevel = m_cynaraAdmin.convertToPolicyDescription(policy.result);
if (!forAdmin) {
// All policy entries in PRIVACY_MANAGER should be fully-qualified
- pe.maxLevel = CynaraAdmin::getInstance().convertToPolicyDescription(
- CynaraAdmin::getInstance().GetPrivilegeManagerMaxLevel(
+ pe.maxLevel = m_cynaraAdmin.convertToPolicyDescription(
+ m_cynaraAdmin.GetPrivilegeManagerMaxLevel(
policy.client, policy.user, policy.privilege));
} else {
// Cannot reliably calculate maxLavel for policies from ADMIN bucket
- pe.maxLevel = CynaraAdmin::getInstance().convertToPolicyDescription(CYNARA_ADMIN_ALLOW);
+ pe.maxLevel = m_cynaraAdmin.convertToPolicyDescription(CYNARA_ADMIN_ALLOW);
}
LogError("Invalid UID: " << e.what());
};
} else
- CynaraAdmin::getInstance().ListUsers(listOfUsers);
+ m_cynaraAdmin.ListUsers(listOfUsers);
} else {
LogWarning("Not enough privilege to fetch user policy for all users by user: " << creds.uid);
LogDebug("Fetching personal policy for user: " << creds.uid);
std::string appProcessLabel = getAppProcessLabel(appName);
std::vector<std::string> listOfPrivileges;
- CynaraAdmin::getInstance().GetAppPolicy(appProcessLabel, userStr, listOfPrivileges);
- CynaraAdmin::getInstance().GetAppPolicy(appProcessLabel, CYNARA_ADMIN_WILDCARD, listOfPrivileges);
+ m_cynaraAdmin.GetAppPolicy(appProcessLabel, userStr, listOfPrivileges);
+ m_cynaraAdmin.GetAppPolicy(appProcessLabel, CYNARA_ADMIN_WILDCARD, listOfPrivileges);
if (filter.privilege.compare(SECURITY_MANAGER_ANY)) {
LogDebug("Limitting Cynara query to privilege: " << filter.privilege);
pe.user = userStr;
pe.privilege = privilege;
- pe.currentLevel = CynaraAdmin::getInstance().convertToPolicyDescription(
- CynaraAdmin::getInstance().GetPrivilegeManagerCurrLevel(
+ pe.currentLevel = m_cynaraAdmin.convertToPolicyDescription(
+ m_cynaraAdmin.GetPrivilegeManagerCurrLevel(
appProcessLabel, userStr, privilege));
- pe.maxLevel = CynaraAdmin::getInstance().convertToPolicyDescription(
- CynaraAdmin::getInstance().GetPrivilegeManagerMaxLevel(
+ pe.maxLevel = m_cynaraAdmin.convertToPolicyDescription(
+ m_cynaraAdmin.GetPrivilegeManagerMaxLevel(
appProcessLabel, userStr, privilege));
LogDebug(
int ret = SECURITY_MANAGER_SUCCESS;
try {
- CynaraAdmin::getInstance().ListPoliciesDescriptions(levels);
+ m_cynaraAdmin.ListPoliciesDescriptions(levels);
} catch (const CynaraException::OutOfMemory &e) {
LogError("Error - out of memory while querying Cynara for policy descriptions list: " << e.DumpToString());
return SECURITY_MANAGER_ERROR_MEMORY;
int ret = SECURITY_MANAGER_SUCCESS;
try {
- auto userType = CynaraAdmin::getInstance().GetUserType(uid);
+ auto userType = m_cynaraAdmin.GetUserType(uid);
if (userType == SM_USER_TYPE_NONE) {
return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT;
m_priviligeDb.GetGroupsRelatedPrivileges(group2privVector);
for (const auto &g2p : group2privVector) {
- CynaraAdmin::getInstance().Check(CYNARA_ADMIN_ANY, uidStr, g2p.second,
+ m_cynaraAdmin.Check(CYNARA_ADMIN_ANY, uidStr, g2p.second,
bucket, result, resultExtra, true);
if (result == CYNARA_ADMIN_ALLOW)
groups.push_back(g2p.first);
projects / platform / core / security / security-manager.git / commitdiff