Add function security_manager_set_identity()

Change-Id: Iec954c9a41cbf0547de685590685fdbf2b03e5d6

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index 57512cadf28447cba9cac61c4f7f53014dbdc85b..fa8dcdd08ff76791d16488b0412d2e89a4071773 100644 (file)
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -71,6 +71,8 @@
 #include "mount-namespace.h"
 
 static const char *EMPTY = "";
+static const std::string SMACK_SYSTEM = "System";
+static std::string SMACK_SYSTEM_PRIVILEGED = "System::Privileged";
 
 /**
  * Mapping of lib_retcode error codes to theirs strings equivalents
@@ -2266,3 +2268,29 @@ int security_manager_get_client_privilege_license(
         return SECURITY_MANAGER_SUCCESS;
     });
 }
+
+SECURITY_MANAGER_API
+int security_manager_set_identity(
+        process_type type,
+        const char *app_id = nullptr)
+{
+    security_manager_pre_check();
+    switch (type) {
+    case (process_type::SYSTEM):
+        if (smack_set_label_for_self(SMACK_SYSTEM.c_str()) != 0) {
+            LogError("Failed to set smack label" << SMACK_SYSTEM << "for current process");
+            return SECURITY_MANAGER_ERROR_UNKNOWN;
+        }
+        return SECURITY_MANAGER_SUCCESS;
+    case (process_type::SYSTEM_PRIVILEGED):
+        if (smack_set_label_for_self(SMACK_SYSTEM_PRIVILEGED.c_str()) != 0) {
+            LogError("Failed to set smack label" << SMACK_SYSTEM_PRIVILEGED << "for current process");
+            return SECURITY_MANAGER_ERROR_UNKNOWN;
+        }
+        return SECURITY_MANAGER_SUCCESS;
+    case (process_type::APP):
+        return security_manager_set_process_label_from_appid(app_id);
+    }
+
+    return SECURITY_MANAGER_SUCCESS;
+}

diff --git a/src/include/app-runtime.h b/src/include/app-runtime.h
index f5d6edaa00dea756885a093c1fbdf4e73b23a261..4ce099314ee8f54793e2dfdac35dc852753ec7c6 100644 (file)
--- a/src/include/app-runtime.h
+++ b/src/include/app-runtime.h
@@ -346,6 +346,19 @@ int security_manager_get_client_privilege_license(const char *privilege,
                                                   uid_t uid,
                                                   char **license);
 
+/**
+ * Set credential of calling thread to one of system-roles or an application based on app name.
+ *
+ * When process identifier is incorrect or not related to any package, this function will
+ * return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT.
+ *
+ * \param[in]  type        Type of process
+ * \param[in]  app_id      Application id of the application
+ * \return API return code or error code
+ */
+int security_manager_set_identity(process_type type,
+                                  const char *app_id);
+
 #ifdef __cplusplus
 }
 #endif

diff --git a/src/include/security-manager-types.h b/src/include/security-manager-types.h
index c152546a08ba149e8de62fa3f8417a70fc0d0ef5..b54f164a21854011206de0abce0070914c1b2f85 100644 (file)
--- a/src/include/security-manager-types.h
+++ b/src/include/security-manager-types.h
@@ -133,6 +133,16 @@ enum app_defined_privilege_type {
 };
 typedef enum app_defined_privilege_type app_defined_privilege_type;
 
+/**
+ * This enum defines the process type.
+ */
+ enum process_type {
+    SYSTEM = 0,
+    SYSTEM_PRIVILEGED,
+    APP,
+ };
+typedef enum process_type process_type;
+
 /*! \brief data structure responsible for handling informations
  * required to install / uninstall application */
 struct app_inst_req;