From: Jan Wojtkowski <j.wojtkowski@samsung.com>
Date: Fri, 29 Nov 2024 10:17:32 +0000 (+0100)
Subject: Add function security_manager_set_identity()
X-Git-Tag: accepted/tizen/unified/20241216.010927~4
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F86%2F315486%2F14;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git

Add function security_manager_set_identity()

Change-Id: Iec954c9a41cbf0547de685590685fdbf2b03e5d6
---

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index 57512cad..fa8dcdd0 100644
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -71,6 +71,8 @@
 #include "mount-namespace.h"
 
 static const char *EMPTY = "";
+static const std::string SMACK_SYSTEM = "System";
+static std::string SMACK_SYSTEM_PRIVILEGED = "System::Privileged";
 
 /**
  * Mapping of lib_retcode error codes to theirs strings equivalents
@@ -2266,3 +2268,29 @@ int security_manager_get_client_privilege_license(
         return SECURITY_MANAGER_SUCCESS;
     });
 }
+
+SECURITY_MANAGER_API
+int security_manager_set_identity(
+        process_type type,
+        const char *app_id = nullptr)
+{
+    security_manager_pre_check();
+    switch (type) {
+    case (process_type::SYSTEM):
+        if (smack_set_label_for_self(SMACK_SYSTEM.c_str()) != 0) {
+            LogError("Failed to set smack label" << SMACK_SYSTEM << "for current process");
+            return SECURITY_MANAGER_ERROR_UNKNOWN;
+        }
+        return SECURITY_MANAGER_SUCCESS;
+    case (process_type::SYSTEM_PRIVILEGED):
+        if (smack_set_label_for_self(SMACK_SYSTEM_PRIVILEGED.c_str()) != 0) {
+            LogError("Failed to set smack label" << SMACK_SYSTEM_PRIVILEGED << "for current process");
+            return SECURITY_MANAGER_ERROR_UNKNOWN;
+        }
+        return SECURITY_MANAGER_SUCCESS;
+    case (process_type::APP):
+        return security_manager_set_process_label_from_appid(app_id);
+    }
+
+    return SECURITY_MANAGER_SUCCESS;
+}
diff --git a/src/include/app-runtime.h b/src/include/app-runtime.h
index f5d6edaa..4ce09931 100644
--- a/src/include/app-runtime.h
+++ b/src/include/app-runtime.h
@@ -346,6 +346,19 @@ int security_manager_get_client_privilege_license(const char *privilege,
                                                   uid_t uid,
                                                   char **license);
 
+/**
+ * Set credential of calling thread to one of system-roles or an application based on app name.
+ *
+ * When process identifier is incorrect or not related to any package, this function will
+ * return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT.
+ *
+ * \param[in]  type        Type of process
+ * \param[in]  app_id      Application id of the application
+ * \return API return code or error code
+ */
+int security_manager_set_identity(process_type type,
+                                  const char *app_id);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/include/security-manager-types.h b/src/include/security-manager-types.h
index c152546a..b54f164a 100644
--- a/src/include/security-manager-types.h
+++ b/src/include/security-manager-types.h
@@ -133,6 +133,16 @@ enum app_defined_privilege_type {
 };
 typedef enum app_defined_privilege_type app_defined_privilege_type;
 
+/**
+ * This enum defines the process type.
+ */
+ enum process_type {
+    SYSTEM = 0,
+    SYSTEM_PRIVILEGED,
+    APP,
+ };
+typedef enum process_type process_type;
+
 /*! \brief data structure responsible for handling informations
  * required to install / uninstall application */
 struct app_inst_req;