README for security-manager project
-The security manager is project forked from security-server, from which
-it inherits its main design: division for two parts:
+security-manager consists of two elements:
* system daemon (security-manager)
* library for communication with daemon (libsecurity-manager).
directory that defines actions done by security-manager after receiving
certain requests from client side.
-The security-manager's manager part is fully inherited from security-server,
-while services are completely diffrent.
-
The security-manager services are ment to gather information about security
permissions in the system and provide access to that data via means of
libsecurity-manager.
+
+More detailed information about the module can be found in the public wiki:
+
+https://wiki.tizen.org/Security/Tizen_3.X_Security_Manager
/*
- * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved
+ * Copyright (c) 2014-2024 Samsung Electronics Co., Ltd. All rights reserved
*
* This file is licensed under the terms of MIT License or the Apache License
* Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
/*
* @file client-security-manager.cpp
- * @author Pawel Polawski <p.polawski@samsung.com>
- * @author Rafal Krypa <r.krypa@samsung.com>
+ * @author Tomasz Swierczek <t.swierczek@samsung.com>
* @version 1.0
* @brief This file contain client side implementation of security-manager API
*/
});
}
-static int setup_smack(const char *label)
-{
- /* Here we also should change open socket labels for future process identification.
- However, since Smack support for "dyntransition"-like feature will be enabled soon,
- relabeling the sockets will no longer be possible.
-
- After careful review it was found that only opened sockets are ones to systemd
- (user and system session) and enlightment. Both services are not integrated with Cynara
- and seem to be fine with these sockets retaining IPIN/IPOUT "User" label.
- */
- // Set Smack label of current process
- if (smack_set_label_for_self(label) != 0) {
- LogError("Failed to set Smack label for application: " << label);
- return SECURITY_MANAGER_ERROR_UNKNOWN;
- }
-
- return SECURITY_MANAGER_SUCCESS;
-}
-
static int fetchLabelForProcess(const std::string &appName, std::string &label)
{
ClientRequest request(SecurityModuleCall::GET_PROCESS_LABEL);
return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT;
}
- if ((ret = setup_smack(appLabel.c_str())) != SECURITY_MANAGER_SUCCESS) {
+ if (smack_set_label_for_self(appLabel.c_str()) != 0) {
LogError("Failed to set smack label " << appLabel << " for current process");
- return ret;
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
}
return SECURITY_MANAGER_SUCCESS;