*/
int ima_evm_server_get_gid(const char *object);
-
-
-/**
- * \par Description:
- * Retreives object name as mull terminated string from Linux group ID which is passed by parameter
- *
- * \par Purpose:
- * This API may be used to get object name if the caller process only knows GID of the object.
- *
- * \par Typical use case:
- * In middleware daemon, by some reason, need to know object name from the Linux group ID, then call this API to retrieve object name as string
- *
- * \par Method of function operation:
- * Opens /etc/group file and searches matching gid. If there is matching result, returns name of the group as null terminated string
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * - This API is only allowed to be called by pre-defined middleware daemon
- *
- * \param[in] gid Linux group ID which needed to be retrieved as object name.
- * \param[out] object Place holder for matching object name for gid.
- * \param[in] max_object_size Allocated byte size of parameter "object".
- *
- * \return 0 on success, or negative error code on error.
- *
- * \par Prospective clients:
- * Inhouse middleware.
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre output parameter object must be malloced before calling this API not to make memory curruption
- *
- * \post None
- *
- * \see /etc/group,
- * ima_evm_server_get_gid()
- *
- * \remarks None
- *
- * \par Sample code:
- * \code
- * #include <ima-evm-server.h>
- * ...
- * int retval;
- * char objectname[20];
- *
- * // Call the API
- * retval = ima_evm_server_get_object_name(6005, objectname, sizeof(objectname));
- * if(retval < 0)
- * {
- * printf("%s", "Error has occurred\n");
- * exit(0);
- * }
- * ...
- * \endcode
-*/
-int ima_evm_server_get_object_name(gid_t gid, char *object, size_t max_object_size);
-
-
-
-/**
- * \par Description:
- * Request cookie to the IMA-EVM Server. Cookie is a random bit stream which is used as ticket for user space object.
- *
- * \par Purpose:
- * This API may be used by application and client middleware process to get access to middleware daemons.
- *
- * \par Typical use case:
- * When an application process wants to get access to some middleware object, first call this API to get cookie value. Then it calls the service API to get service with the cookie value.
- *
- * \par Method of function operation:
- * Caller process just send request message. IMA-EVM Server checks proc file system to get list of gIDs the caller belongs, then create a random cookie and responds to caller.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * Cookie needs to be stored relatively secure.
- *
- * \param[out] cookie Place holder for cookie value.
- * \param[in] max_cookie Allocated byte size of parameter "cookie".
- *
- * \return 0 on success, or negative error code on error.
- *
- * \par Prospective clients:
- * Any process
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre output parameter cookie must be malloced before calling this API not to make memory curruption
- * Size of the cookie can be retrieved by ima_evm_server_get_cookie_size() API.
- *
- * \post None
- *
- * \see ima_evm_server_check_privilege(), ima_evm_server_get_cookie_size()
- *
- * \remarks None
- *
- * \par Sample code:
- * \code
- * #include <ima-evm-server.h>
- * ...
- * int retval;
- * size_t cookie_size;
- * cookie_size = ima_evm_server_get_cookie_size();
- * unsigned char cookie[cookie_size];
- *
- * // Call the API
- * retval = ima_evm_server_request_cookie(cookie, cookie_size);
- * if(retval < 0)
- * {
- * printf("%s", "Error has occurred\n");
- * exit(0);
- * }
- * ...
- * \endcode
-*/
-int ima_evm_server_request_cookie(char *cookie, size_t max_cookie);
-
-
-
-/**
- * \par Description:
- * This API gets the cookie's byte size which is issued by IMA-EVM Server.
- *
- * \par Purpose:
- * This API may be used by application and middleware process to get size of cookie before getting and storing cookie value.
- *
- * \par Typical use case:
- * When an application process wants to get access to some middleware object, first call this API to get cookie value. Then it calls the service API to get service with the cookie value.
- *
- * \par Method of function operation:
- * This API just returns pre-defined integer value as cookie size.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * None
- *
- * \return Always returns byte size of the cookie.
- *
- * \par Prospective clients:
- * Any process
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre None
- *
- * \post None
- *
- * \see ima_evm_server_request_cookie()
-
- * \remarks None
- *
- * \par Sample code:
- * \code
- * #include <ima-evm-server.h>
- * ...
- * int retval;
- * size_t cookie_size;
- *
- * // API calling
- * cookie_size = ima_evm_server_get_cookie_size();
- * unsigned char cookie[cookie_size];
- *
- * char objectname[20];
- * retval = ima_evm_server_request_cookie(cookie, cookie_size);
- * if(retval < 0)
- * {
- * printf("%s", "Error has occurred\n");
- * exit(0);
- * }
- * ...
- * \endcode
-*/
-int ima_evm_server_get_cookie_size(void);
-
-
-
-/**
- * \par Description:
- * This API checks the cookie is allowed to access to given object.
- *
- * \par Purpose:
- * This API may be used by middleware process to ask the client application has privilege for the given object.
- *
- * \par Typical use case:
- * When middleware server receives request message from client application process with cookie value, it calls this API to ask to IMA-EVM Server that the client application has privilege to access the service. If yes, then the middleware daemon can continue service, if not, it can return error to client application.
- *
- * \par Method of function operation:
- * When IMA-EVM Server receives this request, it searches cookie database and check the cookie is there, if there is matching cookie, then it checks the cookie has the privilege. It returns success if there is match, if not, it returns error.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * Cookie value needs to be stored relatively secure\n
- * Privilege should be pre-defined by Platform design.
- *
- * \param[in] cookie Received cookie value from client application
- * \param[in] privilege Object group ID which the client application wants to access
- *
- * \return 0 on success, or negative error code on error.
- *
- * \par Prospective clients:
- * Only pre-defiend middleware daemons
- *
- * \par Known issues/bugs:
- * None
- * \pre None
- *
- * \post None
- *
- * \see ima_evm_server_request_cookie(), ima_evm_server_get_gid(), ima_evm_server_get_cookie_size()
- *
- * \remarks None
- *
- * \par Sample code:
- * \code
- * #include <ima-evm-server.h>
- * ...
- * int retval;
- * size_t cookie_size;
- * int call_gid;
- * cookie_size = ima_evm_server_get_cookie_size();
- * unsigned char recved_cookie[cookie_size];
- *
- * ... // Receiving request with cookie
- *
- * call_gid = ima_evm_server_get_gid("telephony_makecall");
-100G
- * retval = ima_evm_server_check_privilege(recved_cookie, (gid_t)call_gid);
- * if(retval < 0)
- * {
- * if(retval == IMA_EVM_SERVER_API_ERROR_ACCESS_DENIED)
- * {
- * printf("%s", "access has been denied\n");
- * return;
- * }
- * printf("%s", "Error has occurred\n");
- * }
- * ...
- *
- * \endcode
-*/
-int ima_evm_server_check_privilege(const char *cookie, gid_t privilege);
-
-int ima_evm_server_check_privilege_by_cookie(const char *cookie,
- const char *object,
- const char *access_rights);
-
-int ima_evm_server_check_privilege_by_sockfd(int sockfd,
- const char *object,
- const char *access_rights);
-
-/**
- * \par Description:
- * This API searchs a cookie value and returns PID of the given cookie.
- *
- * \par Purpose:
- * This API may be used by middleware process to ask the client application has privilege for the given object.
- *
- * \par Typical use case:
- * In some cases, a middleware server wants to know PID of the application process. But if the middleware server uses non-direct IPC such as dbus, it's nearly impossible to know and guarantee peer PID. By using this API, the middleware server can retrieve a PID of the requesting process.
- *
- * \par Method of function operation:
- * When IMA-EVM Server receives this request, it searches cookie database and check the cookie is there, if there is matching cookie, then it returns corresponding PID for the cookie.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * Cookie value needs to be stored relatively secure\n
- * This API is abled to be called only by pre-defined middleware servers.
- *
- * \param[in] cookie Received cookie value from client application. Cookie is not a null terminated human readable string. Make sure you're code doesn't have any string related process on the cookie.
- *
- * \return positive integer on success meaning the PID, 0 means the cookie is for root process, negative integer error code on error.
- *
- * \par Prospective clients:
- * Only pre-defiend middleware daemons
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre None
- *
- * \post None
- *
- * \see ima_evm_server_request_cookie(), ima_evm_server_get_cookie_size()
- *
- * \remarks the cookie is not a null terminated string. Cookie is a BINARY byte stream of such length which can be retrieved by ima_evm_server_get_cookie_size() API.
- * Therefore, please do not use strcpy() family to process cookie value. You MUST use memcpy() function to process cookie value.
- * You also have to know that the cookie value doesn't carry any null terminator. So you don't need to allocate 1 more byte of the cookie size.
- *
- * \par Sample code:
- * \code
- * #include <ima-evm-server.h>
- * ...
- * int peerpid;
- * size_t cookie_size;
- * gid_t call_gid;
- * cookie_size = ima_evm_server_get_cookie_size();
- * unsigned char recved_cookie[cookie_size];
- *
- * ... // Receiving request with cookie
- *
- * peerpid = ima_evm_server_get_cookie_pid(recved_cookie);
- * if(peerpid < 0)
- * {
- * printf("%s", "Error has occurred\n");
- * }
- * ...
- *
- * \endcode
-*/
-int ima_evm_server_get_cookie_pid(const char *cookie);
-
-
-
-/**
- * \par Description:
- * This API checks phone validity of password, to check existance, expiration, remaining attempts.
- *
- * \par Purpose:
- * This API should be used by applications which needs phone password check. Caller application should behave properly after this API call.
- *
- * \par Typical use case:
- * Lock screen can call this API before it shows unlock screen, if there is password, lock screen can show password input UI, if not, lock screen can show just unlock screen
- *
- * \par Method of function operation:
- * Sends a validate request to ima-evm server and ima-evm server replies with password information.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * Password file should be stored safely. The password file will be stored by ima-evm server and only allowed itself to read/write, and data is will be securely hashed\n
- *
- * \param[out] current_attempts Number of password check missed attempts.
- * \param[out] max_attempts Number of maximum attempts that the password locks. 0 means infinite
- * \param[out] valid_secs Remaining time in second which represents this password will be expired. 0xFFFFFFFF means infinite
- *
- * \return 0 if there is no password set, other negative integer error code on error.
- *
- * \par Prospective clients:
- * Applications which can unlock UI
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre None
- *
- * \post None
- *
- * \see ima_evm_server_set_pwd(), ima_evm_server_chk_pwd()
- *
- * \remarks If password file is currupted or accitentally deleted, this API may not synchronized with ima-evm-server, but ima-evm-server will check file status on next request.
- *
- * \par Sample code:
- * \code
- * #include <ima-evm-server.h>
- * ...
- * int ret;
- * unsigned int attempt, max_attempt, expire_sec;
- *
- * ret = ima_evm_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- * if(is_pwd_set == IMA_EVM_SERVER_API_ERROR_NO_PASSWORD)
- * {
- * printf("%s", "There is no password exists\n");
- * }
- * else if(is_pwd_set == IMA_EVM_SERVER_SUCCESS && expire_sec > 0 && attempt < max_attempts)
- * {
- * printf("%s", "Password is valid by now\n");
- * }
- * else
- * {
- * printf("%s", "Something wrong\n");
- * }
- * ...
- *
- * \endcode
-*/
-int ima_evm_server_is_pwd_valid(unsigned int *current_attempts,
- unsigned int *max_attempts,
- unsigned int *valid_secs);
-
-
-
-/**
- * \par Description:
- * This API sets phone password only if current password matches.
- *
- * \par Purpose:
- * This API should be used by setting application when the user changes his/her phone password.
- *
- * \par Typical use case:
- * Setting application calls this API to change phone password. Caller needs current password to grant the change.
- *
- * \par Method of function operation:
- * Sends current password with new password to ima-evm-server, ima-evm-server checks current password and set new password to current only when current password is correct. Caller application can determine maximum number of attempts and expiration time in days
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * There is retry timer on this API to limit replay attack. You will get error if you called this API too often.\n
- *
- * \param[in] cur_pwd Null terminated current password string. It can be NULL pointer if there is no password set yet - by calling ima_evm_server_is_pwd_empty()
- * \param[in] new_pwd Null terminated new password string. It must not a NULL pointer.
- * \param[in] max_challenge Maximum number of attempts that user can try to check the password without success in serial. 0 means infinity.
- * \param[in] valid_period_in_days. Number of days that this password is valid. 0 means infinity
- *
- * \return 0 on seccuess, negative integer error code on error.
- *
- * \par Prospective clients:
- * Platform's THE ONLY setting application and some dedicated privileged processes
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre None
- *
- * \post None
- *
- * \see ima_evm_server_is_pwd_valid(), ima_evm_server_chk_pwd(), ima_evm_server_reset_pwd()
- *
- * \remarks Only setting application can call this API. The password file will be acces controlled and securely hashed. IMA-EVM-server will remain previous password file to recover unexpected password file curruption.
- * \remarks If current password exists and it's expired, or max attempts reached, you cannot call this API. You have to call ima_evm_server_reset_pwd() API.
- *
- * \par Sample code:
- * \code
- * #include <ima-evm-server.h>
- * ...
- * int ret;
- * unsigned int attempt, max_attempt, expire_sec;
- *
- * ret = ima_evm_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- * if(is_pwd_set == IMA_EVM_SERVER_API_ERROR_NO_PASSWORD)
- * {
- * printf("%s", "There is no password exists\n");
- * ret = ima_evm_server_set_pwd(NULL, "this_is_new_pwd", 20, 365);
- * if(ret != IMA_EVM_SERVER_API_SUCCESS)
- * {
- * printf("%s", "we have error\n");
- * ...
- * }
- * }
- * else if(is_pwd_set == IMA_EVM_SERVER_SUCCESS && expire_sec > 0 && attempt < max_attempts)
- * {
- * printf("%s", "Password is valid by now\n");
- * ret = ima_evm_server_set_pwd("this_is_current_pwd", "this_is_new_pwd", 20, 365);
- * if(ret != IMA_EVM_SERVER_API_SUCCESS)
- * {
- * printf("%s", "we have error\n");
- * ...
- * }
- * }
- * else
- * {
- * printf("%s", "Something wrong\n");
- * }
- * ...
- *
- * \endcode
-*/
-int ima_evm_server_set_pwd(const char *cur_pwd,
- const char *new_pwd,
- const unsigned int max_challenge,
- const unsigned int valid_period_in_days);
-
-
-/**
- * \par Description:
- * This API sets validity period for currently setup password.
- *
- * \par Purpose:
- * This API should be used by Enterprise authorities to modify password policy. To be used only with valid password setup.
- *
- * \par Typical use case:
- * Authorized application calls this API to change current passwords validity when password policy needs to be changed.
- *
- * \par Method of function operation:
- * Function attempts to find currently set password and changes its current validity to passed number of days. Retry counter for the password is reset to zero.
- * If there is no password set, function returns proper error code.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- * \param[in] valid_period_in_days. Number of days that this password is valid. 0 means infinity
- *
- * \return 0 on success, negative integer error code on error.
- *
- * \par Prospective clients:
- * Platform's THE ONLY setting application and some dedicated privileged processes
- *
- * \par Known issues/bugs:
- * Identifying calling peer is not ready yet, should be based on SMACK somehow.
- *
- * \see ima_evm_server_is_pwd_valid(), ima_evm_server_chk_pwd(), ima_evm_server_reset_pwd()
- */
-int ima_evm_server_set_pwd_validity(const unsigned int valid_period_in_days);
-
-
-/**
- * \par Description:
- * This API sets maximum number of attempts for currently setup password.
- *
- * \par Purpose:
- * This API should be used by Enterprise authorities to modify password policy. To be used only with valid password setup.
- *
- * \par Typical use case:
- * Authorized application calls this API to change current passwords max attempt number when password policy needs to be changed.
- *
- * \par Method of function operation:
- * Function attempts to find currently set password and changes its max attempt number to passed one. Retry counter for the password is reset to zero.
- * If there is no password set, function returns proper error code.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- * \param[in] max_challenge Maximum number of attempts that user can try to check the password without success in serial. 0 means infinity.
- *
- * \return 0 on success, negative integer error code on error.
- *
- * \par Prospective clients:
- * Platform's THE ONLY setting application and some dedicated privileged processes
- *
- * \par Known issues/bugs:
- * Identifying calling peer is not ready yet, should be based on SMACK somehow.
- *
- * \see ima_evm_server_is_pwd_valid(), ima_evm_server_chk_pwd(), ima_evm_server_reset_pwd()
- */
-int ima_evm_server_set_pwd_max_challenge(const unsigned int max_challenge);
-
-/**
- * \par Description:
- * This API sets phone password only if current password is invalid or user forgot the password.
- *
- * \par Purpose:
- * This API should be used by setting application or dedicated processes when the user changes his/her phone password.
- *
- * \par Typical use case:
- * User forgots the password. He calls emergency manager(auto or manual) for reset password. Emergency manager calls this API and reset phone password.
- *
- * \par Method of function operation:
- * Resetting phone password with input string without any matching current password.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * There is retry timer on this API to limit replay attack. You will get error if you called this API too often.\n
- *
- * \param[in] new_pwd Null terminated new password string. It must not a NULL pointer.
- * \param[in] max_challenge Maximum number of attempts that user can try to check the password without success in serial. 0 means infinity.
- * \param[in] valid_period_in_days. Number of days that this password is valid. 0 means infinity
- *
- * \return 0 on seccuess, negative integer error code on error.
- *
- * \par Prospective clients:
- * Platform's THE ONLY setting application and some dedicated privileged processes
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre None
- *
- * \post None
- *
- * \see ima_evm_server_is_pwd_valid(), ima_evm_server_chk_pwd(), ima_evm_server_set_pwd()
- *
- * \remarks Only dedicated applications can call this API. The password file will be acces controlled and securely hashed. IMA-EVM-server will remain previous password file to recover unexpected password file curruption.
- *
- * \par Sample code:
- * \code
- * #include <ima-evm-server.h>
- * ...
- * int ret;
- * unsigned int attempt, max_attempt, expire_sec;
- *
- * ret = ima_evm_server_set_pwd("this_is_new_pwd", 20, 365);
- * if(retval != IMA_EVM_SERVER_API_SUCCESS)
- * {
- * printf("%s", "we have error\n");
- * ...
- * }
- * ...
- *
- * \endcode
-*/
-int ima_evm_server_reset_pwd(const char *new_pwd,
- const unsigned int max_challenge,
- const unsigned int valid_period_in_days);
-
-/**
- * \par Description:
- * This API compares stored phone password with challenged input value.
- *
- * \par Purpose:
- * This API should be used by applications which has phone UI lock capability.
- *
- * \par Typical use case:
- * Lock screen calls this API after user typed phone password and pressed okay.
- *
- * \par Method of function operation:
- * Sends challenged password to ima-evm-server, ima-evm-server compares hashed current password and hashed challenged password.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * There is retry timer on this API to limit replay attack. You will get error if you called this API too often.\n
- *
- * \param[in] challenge Null terminated challenged password string. It must not a NULL pointer.
- * \param[out] current_attempts Number of password check missed attempts.
- * \param[out] max_attempts Number of maximum attempts that the password locks. 0 means infinite
- * \param[out] valid_secs Remaining time in second which represents this password will be expired. 0xFFFFFFFF means infinite
- *
- * \return 0 on seccuess, negative integer error code on error.
- *
- * \par Prospective clients:
- * Applications which has phone UI lock feature.
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre None
- *
- * \post None
- *
- * \see ima_evm_server_is_pwd_valid(), ima_evm_server_set_pwd()
- *
- * \remarks The password file will be acces controlled and securely hashed. IMA-EVM-server will remain previous password file to recover unexpected password file curruption.
- *
- * \par Sample code:
- * \code
- * #include <ima-evm-server.h>
- * ...
- * int retval;
- * unsigned int attempt, max_attempt, expire_sec;
- *
- * retval = ima_evm_server_chk_pwd("is_this_password", &attmpt, &max_attempt, &expire_sec);
- * if(retval == IMA_EVM_SERVER_API_ERROR_PASSWORD_MISMATCH)
- * {
- * printf("%s", "Oh you typed wrong password\n");
- * ...
- * }
- * else if(retval == IMA_EVM_SERVER_API_SUCCESS)
- * {
- * printf("%s", "You remember your password.\n");
- * ...
- * }
- * ...
- *
- * \endcode
-*/
-int ima_evm_server_chk_pwd(const char *challenge,
- unsigned int *current_attempt,
- unsigned int *max_attempt,
- unsigned int *valid_secs);
-
-
-/**
- * \par Description:
- * This API set the number of password history which should be maintained. Once this number set, user cannot reuse recent number of passwords which is described in this history value
- *
- * \par Purpose:
- * This API should be used only by dedicated process in the platform.
- *
- * \par Typical use case:
- * Enterprise manager calls this API when the enterprise wants to enforce harder password policy.
- *
- * \par Method of function operation:
- * When enterprise manager (MDM) is trying to change the security policy for phone password, it calls this API background to change the history policy.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * There is retry timer on this API to limit replay attack. You will get error if you called this API too often.\n
- *
- * \param[in] number_of_history Number of history to be checked when user tries to change password. Maximum is currently 50
- *
- * \return 0 on seccuess, negative integer error code on error.
- *
- * \par Prospective clients:
- * MDM client, Enterprise manager.
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre None
- *
- * \post None
- *
- * \see ima_evm_server_set_pwd()
- *
- * \remarks The password file will be acces controlled and securely hashed. Ima-evm-server will remain previous password file to recover unexpected password file curruption.
- *
- * \par Sample code:
- * \code
- * #include <ima-evm-server.h>
- * ...
- * int retval;
- *
- * ret = ima_evm_server_set_pwd_history(100);
- * if(ret != IMA_EVM_SERVER_API_SUCCESS)
- * {
- * printf("%s", "You have error\n");
- * ...
- * }
- * ...
- *
- * \endcode
-*/
-int ima_evm_server_set_pwd_history(int number_of_history);
-
-
-
-/**
- * \par Description:
- * This API launches /usr/bin/debug-util as root privilege.
- *
- * \par Purpose:
- * This API will be used only by SDK with developer privilege to launch debugging tool to debug as the developing applicaion's privilege.
- *
- * \par Typical use case:
- * During appliation development, SDK opens a shell to install, launch, and debug the developing application. But the shell will not have any privilege to control platform. Therefore we need a special utility to manage debugging environement as same privilege level of the application. If this API is called, ima-evm server will launch the debug utility as root privilege and the utility will drop its privilege same as developing application
- *
- *
- * \par Method of function operation:
- * When IMA-EVM Server receives this request, it checks uid of the client, and launches /usr/bin/debug-util with given arguements.
- *
- * \par Sync (or) Async:
- * This is a Synchronous API.
- *
- * \par Important notes:
- * Caller process of this API must be owned by developer user.\n
- * The caller process will be pre-defined.
- * /usr/bin/debug-util itself must be omitted in the argv. IMA-EVM server will put this as first argv in the execution procedure
- *
- * \param[in] argc Number of arguements.
- *
- * \param[in] argv Arguements
- *
- * \return 0 on success, negative integer error code on error.
- *
- * \par Prospective clients:
- * Only pre-defiend debugging utility.
- *
- * \par Known issues/bugs:
- * None
- *
- * \pre None
- *
- * \post None
- *
- * \see None
- *
- * \remarks Calling this API, you have to put argv[1] of the debug-util as argv[0] of this API. IMA-EVM server will put argv[0] automatically
- *
- * \par Sample code:
- * \code
- * #include <ima-evm-server.h>
- * #define DEVELOPER_UID 5500
- *
- * int main(int argc, char **argv)
- * {
- * int my_uid, ret;
- * uid = getuid();
- * if(uid != DEVELOPER_UID)
- * {
- * // You must be developer user
- * exit(1);
- * }
- *
- * ret = ima_evm_server_launch_debug_tool(argc -1, argv++)
- * if(ret != IMA_EVM_SERVER_SUCCESS)
- * {
- * // Some error occurred
- * exit(1);
- * }
- * ...
- * }
- *
- * \endcode
-*/
-int ima_evm_server_launch_debug_tool(int argc, const char **argv);
-
-/*
- * This function allows to get process SMACK label by passing cookie assigned
- * to process. Function returns pointer to allocated buffer with label.
- * User has to free the buffer after using.
- *
- * \param[in] Pointer to cookie
- *
- * \return Pointer to SMACK label or NULL
- *
- * \par For free label use free(), label allocated by calloc()
- * User responsibility is to free resource.
- */
-char *ima_evm_server_get_smacklabel_cookie(const char *cookie);
-
-/*
- * This function allows to get process SMACK label by passing socket descriptor.
- * Function returns pointer to allocated buffer with label.
- * User has to free the buffer after using.
- *
- * \param[in] Socket descriptor
- *
- * \return Pointer to SMACK label or NULL
- *
- * \par For free label use free(), label allocated by calloc().
- * User responsibility is to free resource.
- */
-char *ima_evm_server_get_smacklabel_sockfd(int fd);
-
-/*
- * This function will give permissions "rwxat" from
- * (subject) customer_label to caller process (object).
- * Object label will be extracted from socket.
- * */
-int ima_evm_server_app_give_access(const char *customer_label, int customer_pid);
-
-/*
- * This function allows middleware to check priviliges of process with specified PID.
- * Service is able to check proces acces to the specified object label with specified
- * access rights.
- *
- * \param[in] PID number of process to be checked
- * \param[in] SMACK object label
- * \param[in] SMACK access rights to be checked
- *
- * \return Privilege confirm or error code
- * IMA_EVM_SERVER_SUCCESS - on succes
- */
-int ima_evm_server_check_privilege_by_pid(int pid, const char *object, const char *access_rights);
-
#ifdef __cplusplus
}
#endif
projects / platform / core / security / ima-evm-reference-utils.git / commitdiff