SET(TARGET_SECURITY_SERVER "security-server")
SET(TARGET_SECURITY_CLIENT "security-server-client")
-SET(TARGET_SECURITY_MANAGER_CLIENT "security-manager-client")
SET(TARGET_SERVER_COMMON "security-server-commons")
ADD_SUBDIRECTORY(src)
#
ADD_SUBDIRECTORY(security-server)
-ADD_SUBDIRECTORY(security-manager)
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Pawel Polawski (p.polawski@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-manager.pc.in security-manager.pc @ONLY)
-
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/security-manager/security-manager.pc
- DESTINATION
- ${LIB_INSTALL_DIR}/pkgconfig
- )
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=@LIB_INSTALL_DIR@
-includedir=${prefix}/include
-
-Name: security-manager
-Description: Security Manager Package
-Version: 1.0.1
-Requires:
-Libs: -L${libdir} -lsecurity-manager-client
-Cflags: -I${includedir}/security-manager
+++ /dev/null
-<manifest>
- <request>
- <domain name="_" />
- </request>
-</manifest>
Source0: %{name}-%{version}.tar.gz
Source1: security-server.manifest
Source2: libsecurity-server-client.manifest
-Source3: libsecurity-manager-client.manifest
BuildRequires: cmake
BuildRequires: zip
BuildRequires: pkgconfig(dlog)
Requires(postun): /sbin/ldconfig
%description -n libsecurity-server-client
-Tizen Security server client library
+Tizen Security server client libraries
%package -n libsecurity-server-client-devel
Summary: Security server (client-devel)
%description -n libsecurity-server-client-devel
Development files needed for using the security client
-%package -n libsecurity-manager-client
-Summary: Security manager (client)
-Group: Security/Libraries
-Requires: security-server = %{version}-%{release}
-Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
-
-%description -n libsecurity-manager-client
-Tizen Security manager client library
-
-%package -n libsecurity-manager-client-devel
-Summary: Security manager (client-devel)
-Group: Security/Development
-Requires: libsecurity-manager-client = %{version}-%{release}
-
-%description -n libsecurity-manager-client-devel
-Development files needed for using the security manager client
-
%package -n security-server-devel
Summary: for web applications (Development)
Group: Security/Development
%setup -q
cp %{SOURCE1} .
cp %{SOURCE2} .
-cp %{SOURCE3} .
%build
%if 0%{?sec_build_binary_debug_enable}
mkdir -p %{buildroot}/usr/share/license
cp LICENSE %{buildroot}/usr/share/license/%{name}
cp LICENSE %{buildroot}/usr/share/license/libsecurity-server-client
-cp LICENSE %{buildroot}/usr/share/license/libsecurity-manager-client
mkdir -p %{buildroot}/etc/security/
cp security-server-audit.conf %{buildroot}/etc/security/
%make_install
%post -n libsecurity-server-client -p /sbin/ldconfig
-%post -n libsecurity-manager-client -p /sbin/ldconfig
-
%postun -n libsecurity-server-client -p /sbin/ldconfig
-%postun -n libsecurity-manager-client -p /sbin/ldconfig
-
%files -n security-server
%manifest security-server.manifest
%defattr(-,root,root,-)
%defattr(-,root,root,-)
%{_libdir}/libsecurity-server-client.so
%{_libdir}/libsecurity-server-commons.so
-%{_includedir}/security-server/security-server.h
-%{_libdir}/pkgconfig/security-server.pc
-
-%files -n libsecurity-manager-client
-%manifest libsecurity-manager-client.manifest
-%defattr(-,root,root,-)
-%{_libdir}/libsecurity-manager-client.so.*
-%{_datadir}/license/libsecurity-manager-client
-
-%files -n libsecurity-manager-client-devel
-%manifest %{name}.manifest
-%defattr(-,root,root,-)
-%{_libdir}/libsecurity-manager-client.so
-%{_libdir}/libsecurity-server-commons.so
-%{_includedir}/security-manager/security-manager.h
-%{_libdir}/pkgconfig/security-manager.pc
+/usr/include/security-server/security-server.h
+%{_libdir}/pkgconfig/*.pc
SET_TARGET_PROPERTIES(
${TARGET_SECURITY_CLIENT}
PROPERTIES
- COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=hidden"
+ COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=hidden"
SOVERSION ${SECURITY_CLIENT_VERSION_MAJOR}
VERSION ${SECURITY_CLIENT_VERSION}
)
################################################################################
-SET(SECURITY_MANAGER_CLIENT_VERSION_MAJOR 1)
-SET(SECURITY_MANAGER_CLIENT_VERSION ${SECURITY_MANAGER_CLIENT_VERSION_MAJOR}.0.1)
-
-INCLUDE_DIRECTORIES(
- ${SERVER2_PATH}/client
- ${SERVER2_PATH}/common
- ${SERVER2_PATH}/dpl/core/include
- ${SERVER2_PATH}/dpl/log/include
- )
-
-SET(SECURITY_MANAGER_CLIENT_SOURCES
- ${SERVER2_PATH}/client/client-security-manager.cpp
- ${SERVER2_PATH}/client/client-common.cpp
- )
-
-ADD_LIBRARY(${TARGET_SECURITY_MANAGER_CLIENT} SHARED ${SECURITY_MANAGER_CLIENT_SOURCES})
-
-SET_TARGET_PROPERTIES(
- ${TARGET_SECURITY_MANAGER_CLIENT}
- PROPERTIES
- COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=hidden"
- SOVERSION ${SECURITY_MANAGER_CLIENT_VERSION_MAJOR}
- VERSION ${SECURITY_MANAGER_CLIENT_VERSION}
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SECURITY_MANAGER_CLIENT}
- ${SECURITY_SERVER_DEP_LIBRARIES}
- ${TARGET_SERVER_COMMON}
- )
-
-################################################################################
-
INSTALL(TARGETS ${TARGET_SECURITY_CLIENT} DESTINATION ${LIB_INSTALL_DIR})
-INSTALL(TARGETS ${TARGET_SECURITY_MANAGER_CLIENT} DESTINATION ${LIB_INSTALL_DIR})
INSTALL(TARGETS ${TARGET_SECURITY_SERVER} DESTINATION bin)
INSTALL(FILES
${SECURITY_SERVER_PATH}/include/security-server.h
- DESTINATION ${INCLUDE_INSTALL_DIR}/security-server
- )
-
-INSTALL(FILES
- ${SECURITY_SERVER_PATH}/include/security-manager.h
- DESTINATION ${INCLUDE_INSTALL_DIR}/security-manager
+ DESTINATION /usr/include/security-server
)
################################################################################
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- * Security Manager library header
- */
-/*
- * @file security-manager.h
- * @author Pawel Polawski (p.polawski@samsung.com)
- * @version 1.0
- * @brief This file contains header of security-manager API
- */
-
-#ifndef SECURITY_MANAGER_H_
-#define SECURITY_MANAGER_H_
-
-#include <sys/types.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*! \brief return code of API functions */
-enum lib_retcode {
- SECURITY_MANAGER_SUCCESS,
- SECURITY_MANAGER_ERROR_UNKNOWN,
- SECURITY_MANAGER_ERROR_INPUT_PARAM,
- SECURITY_MANAGER_ERROR_MEMORY,
- SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE
-};
-
-/*! \brief accesses types for application installation paths*/
-enum app_install_path_type {
- //accessible read-write only for applications with same package id
- SECURITY_MANAGER_PATH_PRIVATE,
- //read-write access for all applications
- SECURITY_MANAGER_PATH_PUBLIC,
- //read only access for all applications
- SECURITY_MANAGER_PATH_PUBLIC_RO,
- //this is only for range limit
- SECURITY_MANAGER_ENUM_END
-};
-
-/*! \brief data structure responsible for handling informations
- * required to install / uninstall application */
-struct app_inst_req;
-typedef struct app_inst_req app_inst_req;
-
-/*
- * This function is responsible for initialize app_inst_req data structure
- * It uses dynamic allocation inside and user responsibility is to call
- * app_inst_req_free() for freeing allocated resources
- *
- * \param[in] Address of pointer for handle app_inst_req structure
- * \return API return code or error code
- */
-int security_manager_app_inst_req_new(app_inst_req **pp_req);
-
-/*
- * This function is used to free resources allocated by calling app_inst_req_new()
- * \param[in] Pointer handling allocated app_inst_req structure
- */
-void security_manager_app_inst_req_free(app_inst_req *p_req);
-
-/*
- * This function is used to set up application identifier in app_inst_req structure
- *
- * \param[in] Pointer handling app_inst_req structure
- * \param[in] Application identifier
- * \return API return code or error code
- */
-int security_manager_app_inst_req_set_app_id(app_inst_req *p_req, const char *app_id);
-
-/*
- * This function is used to set up package identifier in app_inst_req structure
- *
- * \param[in] Pointer handling app_inst_req structure
- * \param[in] Package identifier
- * \return API return code or error code
- */
-int security_manager_app_inst_req_set_pkg_id(app_inst_req *p_req, const char *pkg_id);
-
-/*
- * This function is used to add allowed user to app_inst_req structure,
- * it can be called multiple times
- *
- * \param[in] Pointer handling app_inst_req structure
- * \param[in] Privileged user identifier
- * \return API return code or error code
- */
-int security_manager_app_inst_req_add_allowed_user(app_inst_req *p_req, const uid_t user_id);
-
-/*
- * This function is used to add privilege to app_inst_req structure,
- * it can be called multiple times
- *
- * \param[in] Pointer handling app_inst_req structure
- * \param[in] Application privilager
- * \return API return code or error code
- */
-int security_manager_app_inst_req_add_privilege(app_inst_req *p_req, const char *privilege);
-
-/*
- * This function is used to add application path to app_inst_req structure,
- * it can be called multiple times
- *
- * \param[in] Pointer handling app_inst_req structure
- * \param[in] Application path
- * \param[in] Application path type
- * \return API return code or error code
- */
-int security_manager_app_inst_req_add_path(app_inst_req *p_req, const char *path, const int path_type);
-
-/*
- * This function is used to install application based on
- * using filled up app_inst_req data structure
- *
- * \param[in] Pointer handling app_inst_req structure
- * \return API return code or error code
- */
-int security_manager_app_install(const app_inst_req *p_req);
-
-/*
- * This function is used to uninstall application based on
- * using filled up app_inst_req data structure
- *
- * \param[in] Pointer handling app_inst_req structure
- * \return API return code or error code
- */
-int security_manager_app_uninstall(const app_inst_req *p_req);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* SECURITY_MANAGER_H_ */
#include <message-buffer.h>
#define SECURITY_SERVER_API __attribute__((visibility("default")))
-#define SECURITY_MANAGER_API __attribute__((visibility("default")))
#define SECURITY_SERVER_UNUSED __attribute__((unused))
extern "C" {
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- * Security Manager library header
- */
-/*
- * @file client-security-manager.cpp
- * @author Pawel Polawski (p.polawski@samsung.com)
- * @version 1.0
- * @brief This file contain client side implementation of security-manager API
- */
-
-#include <cstdio>
-#include <utility>
-
-#include <dpl/log/log.h>
-#include <dpl/exception.h>
-
-#include <message-buffer.h>
-#include <client-common.h>
-#include <protocols.h>
-
-#include <security-manager.h>
-#include <security-server.h>
-
-
-SECURITY_MANAGER_API
-int security_manager_app_inst_req_new(app_inst_req **pp_req)
-{
- if (!pp_req)
- return SECURITY_MANAGER_ERROR_INPUT_PARAM;
-
- try {
- *pp_req = new app_inst_req;
- } catch (std::bad_alloc& ex) {
- return SECURITY_MANAGER_ERROR_MEMORY;
- }
-
-
- return SECURITY_MANAGER_SUCCESS;
-}
-
-SECURITY_MANAGER_API
-void security_manager_app_inst_req_free(app_inst_req *p_req)
-{
- delete p_req;
-}
-
-SECURITY_MANAGER_API
-int security_manager_app_inst_req_set_app_id(app_inst_req *p_req, const char *app_id)
-{
- if (!p_req || !app_id)
- return SECURITY_MANAGER_ERROR_INPUT_PARAM;
-
- p_req->appId = app_id;
-
- return SECURITY_MANAGER_SUCCESS;
-}
-
-SECURITY_MANAGER_API
-int security_manager_app_inst_req_set_pkg_id(app_inst_req *p_req, const char *pkg_id)
-{
- if (!p_req || !pkg_id)
- return SECURITY_MANAGER_ERROR_INPUT_PARAM;
-
- p_req->pkgId = pkg_id;
-
- return SECURITY_MANAGER_SUCCESS;
-}
-
-SECURITY_MANAGER_API
-int security_manager_app_inst_req_add_allowed_user(app_inst_req *p_req, const uid_t user_id)
-{
- if (!p_req)
- return SECURITY_MANAGER_ERROR_INPUT_PARAM;
-
- p_req->allowedUsers.push_back(user_id);
-
- return SECURITY_MANAGER_SUCCESS;
-}
-
-SECURITY_MANAGER_API
-int security_manager_app_inst_req_add_privilege(app_inst_req *p_req, const char *privilege)
-{
- if (!p_req || !privilege)
- return SECURITY_MANAGER_ERROR_INPUT_PARAM;
-
- p_req->privileges.push_back(privilege);
-
- return SECURITY_MANAGER_SUCCESS;
-}
-
-SECURITY_MANAGER_API
-int security_manager_app_inst_req_add_path(app_inst_req *p_req, const char *path, const int path_type)
-{
- if (!p_req || !path || (path_type < 0) || (path_type >= SECURITY_MANAGER_ENUM_END))
- return SECURITY_MANAGER_ERROR_INPUT_PARAM;
-
- p_req->appPaths.push_back(std::make_pair(path, path_type));
-
- return SECURITY_MANAGER_SUCCESS;
-}
-
-SECURITY_MANAGER_API
-int security_manager_app_install(const app_inst_req *p_req)
-{
- using namespace SecurityServer;
- MessageBuffer send, recv;
-
- LogDebug("app_install() called");
-
- return try_catch([&] {
- //checking parameters
- if (!p_req)
- return SECURITY_MANAGER_ERROR_INPUT_PARAM;
- if (p_req->appId.empty() || p_req->pkgId.empty())
- return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
-
- //put data into buffer
- Serialization::Serialize(send, (int)SecurityModuleCall::APP_INSTALL);
- Serialization::Serialize(send, p_req->appId);
- Serialization::Serialize(send, p_req->pkgId);
- Serialization::Serialize(send, p_req->allowedUsers);
- Serialization::Serialize(send, p_req->privileges);
- Serialization::Serialize(send, p_req->appPaths);
-
- //send buffer to server
- int retval = sendToServer(SERVICE_SOCKET_INSTALLER, send.Pop(), recv);
- if (retval != SECURITY_SERVER_API_SUCCESS) {
- LogDebug("Error in sendToServer. Error code: " << retval);
- return SECURITY_MANAGER_ERROR_UNKNOWN;
- }
-
- //receive response from server
- Deserialization::Deserialize(recv, retval);
- if (retval != SECURITY_SERVER_API_SUCCESS)
- return SECURITY_MANAGER_ERROR_UNKNOWN;
-
- return SECURITY_MANAGER_SUCCESS;;
- });
-}
-
-SECURITY_MANAGER_API
-int security_manager_app_uninstall(const app_inst_req *p_req)
-{
- using namespace SecurityServer;
- MessageBuffer send, recv;
-
- LogDebug("app_uninstall() called");
-
- return try_catch([&] {
- //checking parameters
- if (!p_req)
- return SECURITY_MANAGER_ERROR_INPUT_PARAM;
- if (p_req->appId.empty())
- return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
-
- //put data into buffer
- Serialization::Serialize(send, (int)SecurityModuleCall::APP_UNINSTALL);
- Serialization::Serialize(send, p_req->appId);
-
- //send buffer to server
- int retval = sendToServer(SERVICE_SOCKET_INSTALLER, send.Pop(), recv);
- if (retval != SECURITY_SERVER_API_SUCCESS) {
- LogDebug("Error in sendToServer. Error code: " << retval);
- return SECURITY_MANAGER_ERROR_UNKNOWN;
- }
-
- //receive response from server
- Deserialization::Deserialize(recv, retval);
- if (retval != SECURITY_SERVER_API_SUCCESS)
- return SECURITY_MANAGER_ERROR_UNKNOWN;
-
- return SECURITY_MANAGER_SUCCESS;;
- });
-}
-
-
/*
* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
*
- * Contact: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
+ * Contact: Bumjin Im <bj.im@samsung.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
char const * const SERVICE_SOCKET_PASSWD_RESET =
SOCKET_PATH_PREFIX_SECURITY_SERVER "security-server-api-password-reset.socket";
-char const * const SERVICE_SOCKET_INSTALLER =
- SOCKET_PATH_PREFIX_SECURITY_MANAGER"/tmp/.security-manager-installer.socket";
-
const size_t COOKIE_SIZE = 20;
const size_t MAX_PASSWORD_LEN = 32;
/*
* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
*
- * Contact: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
+ * Contact: Bumjin Im <bj.im@samsung.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <cstddef>
#include <time.h>
-#include <vector>
-#include <utility>
-#include <string>
-
-struct app_inst_req {
- std::string appId;
- std::string pkgId;
- std::vector<uid_t> allowedUsers;
- std::vector<std::string> privileges;
- std::vector<std::pair<std::string, int>> appPaths;
-};
namespace SecurityServer {
extern char const * const SERVICE_SOCKET_PASSWD_CHECK;
extern char const * const SERVICE_SOCKET_PASSWD_SET;
extern char const * const SERVICE_SOCKET_PASSWD_RESET;
-extern char const * const SERVICE_SOCKET_INSTALLER;
enum class AppPermissionsAction { ENABLE, DISABLE };
HDR_SET_PWD_HISTORY
};
-enum class SecurityModuleCall
-{
- APP_INSTALL,
- APP_UNINSTALL
-};
-
extern const size_t MAX_PASSWORD_LEN;
extern const unsigned int MAX_PASSWORD_HISTORY;
extern const unsigned int PASSWORD_INFINITE_EXPIRATION_DAYS;