virtual int setCCMode(CCModeState mode) = 0;
+ virtual int allowAccess(uid_t user,
+ const std::string &owner,
+ const std::string &alias,
+ const std::string &accessor,
+ AccessRight granted) = 0;
+
+ virtual int denyAccess(uid_t user,
+ const std::string &owner,
+ const std::string &alias,
+ const std::string &accessor) = 0;
+
virtual ~Control(){}
static ControlShPtr create();
// if application does not have permission to use network.
virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
+ virtual int allowAccess(const std::string &alias, const std::string &accessor, AccessRight granted) = 0;
+ virtual int denyAccess(const std::string &alias, const std::string &accessor) = 0;
+
+
static ManagerShPtr create();
// static ManagerShPtr getManager(int uid); // TODO
};
CC_MODE_ON
};
+enum class AccessRight: int {
+ AR_READ = 0,
+ AR_READ_REMOVE
+};
+
const char * ErrorToString(int error);
} // namespace CKM
*/
int ckmc_reset_user_password(uid_t user, const char *new_password);
+/**
+ * @brief Allows another application to access client's application data
+ *
+ * @since_tizen 2.3
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.admin
+ *
+ * @remarks Data identified by @a alias should exist
+ *
+ * @param[in] user User ID of a user whose data will be affected
+ * @param[in] owner Package id (smack label) of the data owner
+ * @param[in] alias Data alias for which access will be granted
+ * @param[in] accessor Package id (smack label) of the application that will gain access rights
+ * @param[in] granted Rights granted for @a accessor application
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_allow_access()
+ * @see ckmc_deny_access()
+ * @see ckmc_deny_access_by_adm()
+ */
+int ckmc_allow_access_by_adm(uid_t user, const char *owner, const char *alias, const char *accessor, ckmc_access_right_e granted);
+
+/**
+ * @brief Revokes another application's access to client's application data
+ *
+ * @since_tizen 2.3
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.admin
+ *
+ * @remarks Data identified by @a alias should exist
+ * @remarks Only access previously granted with ckmc_allow_access can be revoked.
+ *
+ * @param[in] user User ID of a user whose data will be affected
+ * @param[in] owner Package id (smack label) of the data owner
+ * @param[in] alias Data alias for which access will be revoked
+ * @param[in] accessor Package id (smack label) of the application that will lose access rights
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
+ * have access to @a alias
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_allow_access()
+ * @see ckmc_deny_access()
+ * @see ckmc_allow_access_by_adm()
+ */
+int ckmc_deny_access_by_adm(uid_t user, const char *owner, const char *alias, const char *accessor);
/**
* @}
*/
int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list);
+/**
+ * @brief Allows another application to access client's application data
+ *
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks Data identified by @a alias should exist
+ *
+ * @param[in] alias Data alias for which access will be granted
+ * @param[in] accessor Package id (smack label) of the application that will gain access rights
+ * @param[in] granted Rights granted for @a accessor application
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_deny_access()
+ */
+int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted);
+
+/**
+ * @brief Revokes another application's access to client's application data
+ *
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks Data identified by @a alias should exist
+ * @remarks Only access previously granted with ckmc_allow_access can be revoked.
+ *
+ * @param[in] alias Data alias for which access will be revoked
+ * @param[in] accessor Package id (smack label) of the application that will lose access rights
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
+ * have access to @a alias
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_allow_access()
+ */
+int ckmc_deny_access(const char *alias, const char *accessor);
+
#ifdef __cplusplus
}
} ckmc_rsa_padding_algo_e;
/**
+ * @brief Enumeration for database access rights.
+ * @since_tizen 2.3
+ */
+typedef enum __ckmc_access_right{
+ CKMC_AR_READ = 0, /**< access right for read*/
+ CKMC_AR_READ_REMOVE /**< access right for read and remove*/
+} ckmc_access_right_e;
+
+/**
* @brief the structure for binary buffer used in key manager CAPI.
* @since_tizen 2.3
*/
CKM::Password _toPasswordStr(const char *str)
{
- if(str == NULL)
- return CKM::Password();
- return CKM::Password(str);
+ if (str == NULL)
+ return CKM::Password();
+ return CKM::Password(str);
}
KEY_MANAGER_CAPI
int ckmc_unlock_user_key(uid_t user, const char *password)
{
- auto control = CKM::Control::create();
- int ret = control->unlockUserKey(user, _toPasswordStr(password));
- return to_ckmc_error(ret);
+ auto control = CKM::Control::create();
+ int ret = control->unlockUserKey(user, _toPasswordStr(password));
+ return to_ckmc_error(ret);
}
KEY_MANAGER_CAPI
int ckmc_lock_user_key(uid_t user)
{
- auto control = CKM::Control::create();
- int ret = control->lockUserKey(user);
- return to_ckmc_error(ret);
+ auto control = CKM::Control::create();
+ int ret = control->lockUserKey(user);
+ return to_ckmc_error(ret);
}
KEY_MANAGER_CAPI
int ckmc_remove_user_data(uid_t user)
{
- auto control = CKM::Control::create();
- int ret = control->removeUserData(user);
- return to_ckmc_error(ret);
+ auto control = CKM::Control::create();
+ int ret = control->removeUserData(user);
+ return to_ckmc_error(ret);
}
KEY_MANAGER_CAPI
int ckmc_change_user_password(uid_t user, const char *oldPassword, const char *newPassword)
{
- auto control = CKM::Control::create();
- int ret = control->changeUserPassword(user, _toPasswordStr(oldPassword), _toPasswordStr(newPassword));
- return to_ckmc_error(ret);
+ auto control = CKM::Control::create();
+ int ret = control->changeUserPassword(user,
+ _toPasswordStr(oldPassword),
+ _toPasswordStr(newPassword));
+ return to_ckmc_error(ret);
}
KEY_MANAGER_CAPI
int ckmc_reset_user_password(uid_t user, const char *newPassword)
{
- auto control = CKM::Control::create();
- int ret = control->resetUserPassword(user, _toPasswordStr(newPassword));
- return to_ckmc_error(ret);
+ auto control = CKM::Control::create();
+ int ret = control->resetUserPassword(user, _toPasswordStr(newPassword));
+ return to_ckmc_error(ret);
}
+KEY_MANAGER_CAPI
+int ckmc_allow_access_by_adm(uid_t user, const char* owner, const char *alias, const char *accessor, ckmc_access_right_e granted)
+{
+ if (!owner || !alias || !accessor)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ auto control = CKM::Control::create();
+
+ CKM::AccessRight ar = static_cast<CKM::AccessRight>(static_cast<int>(granted));
+ return to_ckmc_error(control->allowAccess(user, owner, alias, accessor, ar));
+}
+
+KEY_MANAGER_CAPI
+int ckmc_deny_access_by_adm(uid_t user, const char* owner, const char *alias, const char *accessor)
+{
+ if (!owner || !alias || !accessor)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ auto control = CKM::Control::create();
+
+ return to_ckmc_error(control->denyAccess(user, owner, alias, accessor));
+}
return CKMC_ERROR_NONE;
}
+
+KEY_MANAGER_CAPI
+int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
+{
+ if (!alias || !accessor)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+
+ CKM::AccessRight ar = static_cast<CKM::AccessRight>(static_cast<int>(granted));
+ return to_ckmc_error(mgr->allowAccess(alias, accessor, ar));
+}
+
+KEY_MANAGER_CAPI
+int ckmc_deny_access(const char *alias, const char *accessor)
+{
+ if (!alias || !accessor)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+
+ return to_ckmc_error(mgr->denyAccess(alias, accessor));
+}
});
}
+ virtual int allowAccess(uid_t /*user*/,
+ const std::string &/*owner*/,
+ const std::string &/*alias*/,
+ const std::string &/*accessor*/,
+ AccessRight /*granted*/)
+ {
+ return CKM_API_ERROR_UNKNOWN;
+ }
+
+ virtual int denyAccess(uid_t /*user*/,
+ const std::string &/*owner*/,
+ const std::string &/*alias*/,
+ const std::string &/*accessor*/)
+ {
+ return CKM_API_ERROR_UNKNOWN;
+ }
+
virtual ~ControlImpl(){}
};
});
}
+int ManagerImpl::allowAccess(const std::string &/*alias*/,
+ const std::string &/*accessor*/,
+ AccessRight /*granted*/)
+{
+ return CKM_API_ERROR_UNKNOWN;
+}
+
+int ManagerImpl::denyAccess(const std::string &/*alias*/, const std::string &/*accessor*/)
+{
+ return CKM_API_ERROR_UNKNOWN;
+}
+
ManagerShPtr Manager::create() {
try {
return std::make_shared<ManagerImpl>();
int ocspCheck(const CertificateShPtrVector &certificateChain, int &ocspCheck);
+ int allowAccess(const std::string &alias, const std::string &accessor, AccessRight granted);
+ int denyAccess(const std::string &alias, const std::string &accessor);
+
protected:
int saveBinaryData(
const Alias &alias,