Add support for USER_TYPE_SECURITY

Change-Id: I45ba88fc3a69ec632af6b195f82e288a25388288

diff --git a/policy/usertype-security.profile b/policy/usertype-security.profile
new file mode 100644 (file)
index 0000000..8ab2375
--- /dev/null
+++ b/policy/usertype-security.profile
@@ -0,0 +1,131 @@
+'Normal usertype permissions
+'app   permission
+*      http://tizen.org/privilege/account.read
+*      http://tizen.org/privilege/account.write
+*      http://tizen.org/privilege/alarm.get
+*      http://tizen.org/privilege/alarm.set
+*      http://tizen.org/privilege/antivirus
+*      http://tizen.org/privilege/antivirus.admin
+*      http://tizen.org/privilege/antivirus.scan
+*      http://tizen.org/privilege/antivirus.webprotect
+*      http://tizen.org/privilege/appdir.shareddata
+*      http://tizen.org/privilege/apphistory.read
+*      http://tizen.org/privilege/appmanager.kill
+*      http://tizen.org/privilege/appmanager.kill.bgapp
+*      http://tizen.org/privilege/appmanager.launch
+*      http://tizen.org/privilege/bluetooth
+*      http://tizen.org/privilege/bluetooth.admin
+*      http://tizen.org/privilege/bookmark.admin
+*      http://tizen.org/privilege/calendar.read
+*      http://tizen.org/privilege/calendar.write
+*      http://tizen.org/privilege/call
+*      http://tizen.org/privilege/callhistory.read
+*      http://tizen.org/privilege/callhistory.write
+*      http://tizen.org/privilege/camera
+*      http://tizen.org/privilege/contact.read
+*      http://tizen.org/privilege/contact.write
+*      http://tizen.org/privilege/content.write
+*      http://tizen.org/privilege/d2d.datasharing
+*      http://tizen.org/privilege/datasharing
+*      http://tizen.org/privilege/display
+*      http://tizen.org/privilege/download
+*      http://tizen.org/privilege/dpm.bluetooth
+*      http://tizen.org/privilege/dpm.browser
+*      http://tizen.org/privilege/dpm.camera
+*      http://tizen.org/privilege/dpm.clipboard
+*      http://tizen.org/privilege/dpm.debugging
+*      http://tizen.org/privilege/dpm.email
+*      http://tizen.org/privilege/dpm.location
+*      http://tizen.org/privilege/dpm.lock
+*      http://tizen.org/privilege/dpm.message
+*      http://tizen.org/privilege/dpm.microphone
+*      http://tizen.org/privilege/dpm.password
+*      http://tizen.org/privilege/dpm.security
+*      http://tizen.org/privilege/dpm.settings
+*      http://tizen.org/privilege/dpm.storage
+*      http://tizen.org/privilege/dpm.usb
+*      http://tizen.org/privilege/dpm.wifi
+*      http://tizen.org/privilege/dpm.wipe
+*      http://tizen.org/privilege/dpm.zone
+*      http://tizen.org/privilege/email
+*      http://tizen.org/privilege/email.admin
+*      http://tizen.org/privilege/externalstorage
+*      http://tizen.org/privilege/externalstorage.appdata
+*      http://tizen.org/privilege/haptic
+*      http://tizen.org/privilege/healthinfo
+*      http://tizen.org/privilege/ime
+*      http://tizen.org/privilege/imemanager
+*      http://tizen.org/privilege/inputgenerator
+*      http://tizen.org/privilege/internet
+*      http://tizen.org/privilege/keygrab
+*      http://tizen.org/privilege/keymanager
+*      http://tizen.org/privilege/led
+*      http://tizen.org/privilege/location
+*      http://tizen.org/privilege/location.coarse
+*      http://tizen.org/privilege/location.enable
+*      http://tizen.org/privilege/mapservice
+*      http://tizen.org/privilege/mediacontroller.client
+*      http://tizen.org/privilege/mediacontroller.server
+*      http://tizen.org/privilege/mediahistory.read
+*      http://tizen.org/privilege/mediastorage
+*      http://tizen.org/privilege/message.read
+*      http://tizen.org/privilege/message.write
+*      http://tizen.org/privilege/minicontrol.provider
+*      http://tizen.org/privilege/network.get
+*      http://tizen.org/privilege/network.profile
+*      http://tizen.org/privilege/network.set
+*      http://tizen.org/privilege/nfc
+*      http://tizen.org/privilege/nfc.admin
+*      http://tizen.org/privilege/nfc.cardemulation
+*      http://tizen.org/privilege/notification
+*      http://tizen.org/privilege/packagemanager.admin
+*      http://tizen.org/privilege/packagemanager.clearcache
+*      http://tizen.org/privilege/packagemanager.info
+*      http://tizen.org/privilege/power
+*      http://tizen.org/privilege/push
+*      http://tizen.org/privilege/reboot
+*      http://tizen.org/privilege/recorder
+*      http://tizen.org/privilege/screenshot
+*      http://tizen.org/privilege/secureelement
+*      http://tizen.org/privilege/shortcut
+*      http://tizen.org/privilege/systemmonitor
+*      http://tizen.org/privilege/systemsettings.admin
+*      http://tizen.org/privilege/telephony
+*      http://tizen.org/privilege/telephony.admin
+*      http://tizen.org/privilege/tethering.admin
+*      http://tizen.org/privilege/use_ir
+*      http://tizen.org/privilege/volume.set
+*      http://tizen.org/privilege/vpnservice
+*      http://tizen.org/privilege/vpnservice.admin
+*      http://tizen.org/privilege/web-history.admin
+*      http://tizen.org/privilege/widget.viewer
+*      http://tizen.org/privilege/wifidirect
+*      http://tizen.org/privilege/window.priority.set
+*      http://tizen.org/privilege/notexist
+*      http://tizen.org/privilege/internal/default/public
+*      http://tizen.org/privilege/internal/default/partner
+*      http://tizen.org/privilege/internal/default/platform
+*      http://tizen.org/privilege/internal/buxton
+*      http://tizen.org/privilege/internal/buxton/account.read
+*      http://tizen.org/privilege/internal/buxton/camcorder
+*      http://tizen.org/privilege/internal/buxton/contact.read
+*      http://tizen.org/privilege/internal/buxton/location
+*      http://tizen.org/privilege/internal/buxton/message.read
+*      http://tizen.org/privilege/internal/buxton/network.get
+*      http://tizen.org/privilege/internal/buxton/nfc
+*      http://tizen.org/privilege/internal/buxton/nfc.cardemulation
+*      http://tizen.org/privilege/internal/buxton/readonly
+*      http://tizen.org/privilege/internal/buxton/telephony
+*      http://tizen.org/privilege/internal/dbus
+*      http://tizen.org/privilege/internal/inputdevice.block
+*      http://tizen.org/privilege/internal/appdebugging
+*      http://tizen.org/privilege/internal/web/appmanager.certificate
+*      http://tizen.org/privilege/internal/web/datasync
+*      http://tizen.org/privilege/internal/web/fullscreen
+*      http://tizen.org/privilege/internal/web/tv.audio
+*      http://tizen.org/privilege/internal/web/tv.channel
+*      http://tizen.org/privilege/internal/web/tv.display
+*      http://tizen.org/privilege/internal/web/tv.inputdevice
+*      http://tizen.org/privilege/internal/web/tv.window
+*      http://tizen.org/privilege/internal/web/unlimitedstorage
+*      http://tizen.org/privilege/internal/web/websetting

diff --git a/src/client/CMakeLists.txt b/src/client/CMakeLists.txt
index 44d898f..d1996a2 100644 (file)
--- a/src/client/CMakeLists.txt
+++ b/src/client/CMakeLists.txt
@@ -5,7 +5,7 @@ PKG_CHECK_MODULES(CLIENT_DEP
     libprocps
     )
 
-SET(CLIENT_VERSION_MAJOR 1)
+SET(CLIENT_VERSION_MAJOR 2)
 SET(CLIENT_VERSION ${CLIENT_VERSION_MAJOR}.0.2)
 
 INCLUDE_DIRECTORIES(SYSTEM

diff --git a/src/cmd/security-manager-cmd.cpp b/src/cmd/security-manager-cmd.cpp
index 4dad63a..7c0806f 100644 (file)
--- a/src/cmd/security-manager-cmd.cpp
+++ b/src/cmd/security-manager-cmd.cpp
@@ -52,7 +52,8 @@ static std::map <std::string, enum security_manager_user_type> user_type_map = {
     {"system", SM_USER_TYPE_SYSTEM},
     {"admin", SM_USER_TYPE_ADMIN},
     {"guest", SM_USER_TYPE_GUEST},
-    {"normal", SM_USER_TYPE_NORMAL}
+    {"normal", SM_USER_TYPE_NORMAL},
+    {"security", SM_USER_TYPE_SECURITY}
 };
 
 static std::map <std::string, enum app_install_type> install_type_map = {

diff --git a/src/common/cynara.cpp b/src/common/cynara.cpp
index 04cff83..5580e11 100644 (file)
--- a/src/common/cynara.cpp
+++ b/src/common/cynara.cpp
@@ -59,6 +59,7 @@ namespace SecurityManager {
  * - USER_TYPE_ADMIN
  * - USER_TYPE_SYSTEM
  * - USER_TYPE_NORMAL
+ * - USER_TYPE_SECURITY
  * - USER_TYPE_GUEST - they store privileges from templates for apropriate
  *   user type. ALLOW rules only.
  * - ADMIN           - stores custom rules introduced by device administrator.
@@ -82,23 +83,29 @@ namespace SecurityManager {
  * |---------------|   |                        |     |-------------------|
  * |    <<deny>>   |<--| * * *  Bucket:MANIFESTS|---->|      <<deny>>     |
  * | USER_TYPE_SYST|   |------------------------|     |  USER_TYPE_NORMAL |
- * |               |        |              |          |                   |
- * |---------------|        |              |          |-------------------|
- *        |                 |              |                    |
- *        |                 V              V                    |
- *        |      |---------------|      |---------------|       |
- *        |      |    <<deny>>   |      |    <<deny>>   |       |
- *        |      |USER_TYPE_GUEST|      |USER_TYPE_ADMIN|       |
- *        |      |               |      |               |       |
- *        |      |---------------|      |---------------|       |
- *        |              |                      |               |
- *        |              |----             -----|               |
- *        |                  |             |                    |
- *        |                  V             V                    |
- *        |                |------------------|                 |
- *        |------------->  |     <<none>>     | <---------------|
- *                         |       ADMIN      |
- *                         |                  |
+ * |               |        |       |      |          |                   |
+ * |---------------|        |       |      |          |-------------------|
+ *        |                 |       |      |                    |
+ *        |                 V       |      V                    |
+ *        |      |---------------|  |   |---------------|       |
+ *        |      |    <<deny>>   |  |   |    <<deny>>   |       |
+ *        |      |USER_TYPE_GUEST|  |   |USER_TYPE_ADMIN|       |
+ *        |      |               |  |   |               |       |
+ *        |      |---------------|  |   |---------------|       |
+ *        |           |             V               |           |
+ *        |           |     |------------------|    |           |
+ *        |           |     |     <<deny>>     |    |           |
+ *        |           |     |USER_TYPE_SECURITY|    |           |
+ *        |           |     |                  |    |           |
+ *        |           |     |------------------|    |           |
+ *        |           |             |               |           |
+ *        |           |             |               |           |
+ *        |           |             |               |           |
+ *        |           |             V               |           |
+ *        |           |    |------------------|     |           |
+ *        |           |--->|     <<none>>     |<----|           |
+ *        |                |       ADMIN      |                 |
+ *        |--------------->|                  |<----------------|
  *                         |------------------|
  *
  */
@@ -108,6 +115,7 @@ CynaraAdmin::BucketsMap CynaraAdmin::Buckets =
     { Bucket::MAIN, std::string("MAIN")},
     { Bucket::USER_TYPE_ADMIN, std::string("USER_TYPE_ADMIN")},
     { Bucket::USER_TYPE_NORMAL, std::string("USER_TYPE_NORMAL")},
+    { Bucket::USER_TYPE_SECURITY, std::string("USER_TYPE_SECURITY")},
     { Bucket::USER_TYPE_GUEST, std::string("USER_TYPE_GUEST") },
     { Bucket::USER_TYPE_SYSTEM, std::string("USER_TYPE_SYSTEM")},
     { Bucket::ADMIN, std::string("ADMIN")},
@@ -405,9 +413,11 @@ void CynaraAdmin::UserInit(uid_t uid, security_manager_user_type userType,
         case SM_USER_TYPE_NORMAL:
             bucket = Bucket::USER_TYPE_NORMAL;
             break;
+        case SM_USER_TYPE_SECURITY:
+            bucket = Bucket::USER_TYPE_SECURITY;
+            break;
         case SM_USER_TYPE_ANY:
         case SM_USER_TYPE_NONE:
-        case SM_USER_TYPE_END:
         default:
             ThrowMsg(CynaraException::InvalidParam, "User type incorrect");
     }

diff --git a/src/common/include/cynara.h b/src/common/include/cynara.h
index ca8b4d6..cf33b19 100644 (file)
--- a/src/common/include/cynara.h
+++ b/src/common/include/cynara.h
@@ -48,6 +48,7 @@ enum class Bucket
     MAIN,
     USER_TYPE_ADMIN,
     USER_TYPE_NORMAL,
+    USER_TYPE_SECURITY,
     USER_TYPE_GUEST,
     USER_TYPE_SYSTEM,
     ADMIN,

diff --git a/src/include/security-manager-types.h b/src/include/security-manager-types.h
index 7b8c8bb..b3f6f59 100644 (file)
--- a/src/include/security-manager-types.h
+++ b/src/include/security-manager-types.h
@@ -87,12 +87,12 @@ typedef enum app_install_type app_install_type;
  */
 enum security_manager_user_type {
     SM_USER_TYPE_NONE   = 0,/*<-this should not be used, if it is used, there will be an error returned by SM*/
-    SM_USER_TYPE_SYSTEM = 1,
-    SM_USER_TYPE_ADMIN  = 2,
-    SM_USER_TYPE_GUEST  = 3,
-    SM_USER_TYPE_NORMAL = 4,
-    SM_USER_TYPE_ANY = 5,/*<-this value may be used only for setting policies and not during user adding*/
-    SM_USER_TYPE_END
+    SM_USER_TYPE_ANY = 1,/*<-this value may be used only for setting policies and not during user adding*/
+    SM_USER_TYPE_SYSTEM = 2,
+    SM_USER_TYPE_ADMIN  = 3,
+    SM_USER_TYPE_GUEST  = 4,
+    SM_USER_TYPE_NORMAL = 5,
+    SM_USER_TYPE_SECURITY = 6,
 };
 typedef enum security_manager_user_type security_manager_user_type;