projects / platform / core / security / security-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2b8cb0b)
Add APPDEFINED Cynara bucket 35/113735/1
authorRadoslaw Bartosiak <r.bartosiak@samsung.com>
Fri, 27 Jan 2017 09:15:27 +0000 (10:15 +0100)
committerBartlomiej Grzelewski <b.grzelewski@samsung.com>
Wed, 8 Feb 2017 13:39:28 +0000 (14:39 +0100)
In order to support app-defined privileges and licence-manager
new bucket for storing these privileges is introduced.

Change-Id: I5e8cf96869489cd4f255efba31e37337e7925c74
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
policy/security-manager-policy-reload.in patch | blob | history
src/common/cynara.cpp patch | blob | history
src/common/include/cynara.h patch | blob | history

diff --git a/policy/security-manager-policy-reload.in b/policy/security-manager-policy-reload.in
index 4a9dd538c918fd94fb1daa25c9f2662b45d485d9..2490ca326f0709e1e381c564acfeefde53cc9015 100755 (executable)
--- a/policy/security-manager-policy-reload.in
+++ b/policy/security-manager-policy-reload.in
@@ -15,6 +15,7 @@ do
 done <<END
 PRIVACY_MANAGER DENY
 ADMIN NONE
+APPDEFINED NONE
 MAIN DENY
 MANIFESTS DENY
 END
@@ -29,6 +30,7 @@ do
 done <<END
 MAIN MANIFESTS
 PRIVACY_MANAGER MAIN
+ADMIN APPDEFINED
 END
 
 # Import user-type policies
diff --git a/src/common/cynara.cpp b/src/common/cynara.cpp
index fd18f212c5bc47c77409f4b59002cb5e59e9c3a0..dc42bdf5c0778999f867c6243aa4fdc371738f71 100644 (file)
--- a/src/common/cynara.cpp
+++ b/src/common/cynara.cpp
@@ -66,6 +66,9 @@ namespace SecurityManager {
  *   user type. ALLOW rules only.
  * - ADMIN           - stores custom rules introduced by device administrator.
  *   Ignored if no matching rule found.
+ * - APPDEFINED      - stores privileges introduced by the providers application.
+ *   Ignored if no matching rule found.
+
  *
  * Below is basic layout of buckets:
  *
@@ -109,7 +112,15 @@ namespace SecurityManager {
  *        |                |       ADMIN      |                 |
  *        |--------------->|                  |<----------------|
  *                         |------------------|
- *
+ *                                  |
+ *                                  |
+ *                                  |
+ *                                  V
+ *                         |------------------|
+ *                         |     <<none>>     |
+ *                         |                  |
+ *                         |    APPDEFINED    !
+ *                         |------------------|
  */
 CynaraAdmin::BucketsMap CynaraAdmin::Buckets =
 {
@@ -122,6 +133,7 @@ CynaraAdmin::BucketsMap CynaraAdmin::Buckets =
     { Bucket::USER_TYPE_SYSTEM, std::string("USER_TYPE_SYSTEM")},
     { Bucket::ADMIN, std::string("ADMIN")},
     { Bucket::MANIFESTS, std::string("MANIFESTS")},
+    { Bucket::APPDEFINED, std::string("APPDEFINED")},
 };
 
 CynaraAdminPolicy::CynaraAdminPolicy()
diff --git a/src/common/include/cynara.h b/src/common/include/cynara.h
index 5be7344e865d9de77a0c9c6681d29f86a3ac5c0f..508a1f19218cbb5a497ce8d4e50632da92029b27 100644 (file)
--- a/src/common/include/cynara.h
+++ b/src/common/include/cynara.h
@@ -50,7 +50,8 @@ enum class Bucket
     USER_TYPE_GUEST,
     USER_TYPE_SYSTEM,
     ADMIN,
-    MANIFESTS
+    MANIFESTS,
+    APPDEFINED
 };
 
 class CynaraException
Domain: Security / Access Control;