2 * libprivilege control, rules database
4 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
6 * Contact: Jan Olszak <j.olszak@samsung.com>
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
23 * @file rules-db-internals.h
24 * @author Jan Olszak (j.olszak@samsung.com)
26 * @brief This file contains definition of rules database API.
32 #ifndef _RULES_DB_INTERNALS_H_
33 #define _RULES_DB_INTERNALS_H_
38 #define SMACK_APP_LABEL_TEMPLATE "~APP~"
40 // Open database flags:
41 #define RDB_READWRITE_FLAG SQLITE_OPEN_READWRITE | SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_PRIVATECACHE
42 #define RDB_READONLY_FLAG SQLITE_OPEN_READONLY | SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_PRIVATECACHE
44 // Bind function defines:
45 #define RDB_FIRST_PARAM 1 /// Bind to the first parameter
46 #define RDB_SECOND_PARAM 2 /// Bind to the second parameter
48 #define RDB_AUTO_DETERM_SIZE -1 // Determine the size of the
51 #define RDB_FIRST_COLUMN 0
52 #define RDB_SECOND_COLUMN 1
53 #define RDB_THIRD_COLUMN 2
54 #define RDB_FOURTH_COLUMN 3
59 #define RDB_LOG_ENTRY_PARAM(format, ...) C_LOGD("RDB: Entering function %s. Args: " format, __func__, ##__VA_ARGS__)
60 #define RDB_LOG_ENTRY C_LOGD("RDB: Entering function %s", __func__)
64 * Add the label to the temporary table with modified labels.
65 * We use this table to speed up generating modified smack rules.
67 * If label is not in this table, but rule changed
68 * Smack will not get the rule in runtime.
70 * @ingroup RDB internal functions
72 * @param p_db pointer to a SQLite3 database object
73 * @param s_label_name label name
74 * @return PC_OPERATION_SUCCESS on success, error code otherwise
76 int add_modified_label_internal(sqlite3 *p_db, const char *const s_label_name);
80 * Adds label names of applications with the permission to modified labels.
81 * Used when permission is going to change and we're going to change some
82 * accesses granted by this permission.
84 * @ingroup RDB internal functions
86 * @param p_db pointer to a SQLite3 database object
87 * @param i_permission_id id of the permission
88 * @return PC_OPERATION_SUCCESS on success, error code otherwise
90 int add_modified_permission_internal(sqlite3 *p_db, sqlite3_int64 i_permission_id);
94 * Open a connection with the database and perform an initialization.
96 * @ingroup RDB internal functions
98 * @param p_db pointer to a SQLite3 database object
99 * @param b_create_temporary_tables variable denoting if temporary tables should be created
100 * @return PC_OPERATION_SUCCESS on success, error code otherwise
102 int open_rdb_connection(sqlite3 **pp_db, bool b_create_temporary_tables);
106 * Write variables into the query and create a SQLite statement.
107 * One should use the SQLite3 format strings like '%Q'.
109 * For a lot of generic queries use binding.
111 * @ingroup RDB internal functions
113 * @param p_db pointer to a SQLite3 database object
114 * @param pp_stmt buffer for a pointer to the constructed statement
115 * @return PC_OPERATION_SUCCESS on success, error code otherwise
117 int prepare_stmt(sqlite3 *p_db,
118 sqlite3_stmt **pp_stmt,
119 const char *const s_sql,
123 * Check if the label is available for an application.
125 * @ingroup RDB internal functions
127 * @param p_db pointer to a SQLite3 database object
128 * @param s_label_name application's label name
129 * @return PC_OPERATION_SUCCESS when label free
130 * PC_ERR_DB_LABEL_TAKEN when label taken
131 * error code otherwise
133 int check_app_label_internal(sqlite3 *p_db,
134 const char *const s_label_name);
138 * Adds the application to the database.
140 * @ingroup RDB internal functions
142 * @param p_db pointer to a SQLite3 database object
143 * @param s_label_name application's label name
144 * @return PC_OPERATION_SUCCESS on success, error code otherwise
146 int add_app_internal(sqlite3 *p_db,
147 const char *const s_label_name);
151 * Removes the application from the database together with its permissions and paths.
153 * @ingroup RDB internal functions
155 * @param p_db pointer to a SQLite3 database object
156 * @param s_label_name application's label name
157 * @return PC_OPERATION_SUCCESS on success, error code otherwise
159 int remove_app_internal(sqlite3 *p_db,
160 const char *const s_label_name);
164 * Add a path to the database
166 * @ingroup RDB internal functions
168 * @param p_db pointer to a SQLite3 database object
169 * @param s_owner_label_name label name of the paths owner
170 * @param s_path_label_name path's label name
171 * @param s_path the path
172 * @param s_access owner to path label access rights
173 * @param s_access_reverse path label to owner access rights
174 * @param s_type path's type name
175 * @return PC_OPERATION_SUCCESS on success, error code otherwise
177 int add_path_internal(sqlite3 *p_db,
178 const char *const s_owner_label_name,
179 const char *const s_path_label_name,
180 const char *const s_path,
181 const char *const s_access,
182 const char *const s_access_reverse,
183 const char *const s_type);
187 * Add a permission with a given name and of a give type
188 * and return its internal permission id.
190 * @ingroup RDB internal functions
192 * @param p_db pointer to a SQLite3 database object
193 * @param s_permission_name permission name
194 * @param s_permission_type_name permission type name
195 * @return PC_OPERATION_SUCCESS on success, error code otherwise
197 int add_permission_internal(sqlite3 *p_db,
198 const char *const s_permission_name,
199 const char *const s_permission_type_name);
202 * Gets the id of the permission
203 * @param p_db pointer to a SQLite3 database object
204 * @param s_permission_name permission name
205 * @param s_permission_type_name permission type name
206 * @param p_permission_id buffer for the id of the new permission
207 * @return PC_OPERATION_SUCCESS on success, error code otherwise
209 int get_permission_id_internal(sqlite3 *p_db,
210 const char *const s_permission_name,
211 const char *const s_permission_type_name,
212 sqlite3_int64 *p_permission_id);
215 * Adds a list of smack permissions to the database.
216 * s_permision_name has to appear either in the subject or the object of the rule.
218 * @ingroup RDB internal functions
220 * @param p_db pointer to a SQLite3 database object
221 * @param i_permission_id permission id for which we ad permission rules
222 * @param pp_smack_rules a list of smack rules, that we want to apply. Not empty!
223 * @return PC_OPERATION_SUCCESS on success, error code otherwise
225 int add_permission_rules_internal(sqlite3 *p_db,
226 sqlite3_int64 i_permission_id,
227 const char *const *const pp_smack_rules);
231 * Check if an app has a permission that is specified by the name.
233 * @ingroup RDB internal functions
235 * @param p_db pointer to a SQLite3 database object
236 * @param i_app_id application id
237 * @param s_permission_name permission name
238 * @param s_permission_type_name permission type name
239 * @param p_is_enabled buffer for return value
240 * @return PC_OPERATION_SUCCESS on success, error code otherwise
242 int check_app_has_permission_internal(sqlite3 *p_db,
243 const char *const s_app_label_name,
244 const char *const s_permission_name,
245 const char *const s_permission_type_name,
246 bool *const p_is_enabled);
250 * Gets the internal app id of an application with a given name.
252 * @ingroup RDB internal functions
254 * @param p_db pointer to a SQLite3 database object
255 * @param pi_app_id pointer to where the app is should be returned
256 * @param s_app_label_name label name of the application
257 * @return PC_OPERATION_SUCCESS on success, error code otherwise
259 int get_app_id_internal(sqlite3 *p_db,
261 const char *const s_app_label_name);
265 * Add a new permission to an application.
267 * @ingroup RDB internal functions
269 * @param p_db pointer to a SQLite3 database object
270 * @param i_app_id application id
271 * @param s_permission_name permission name
272 * @param s_permission_type_name permission type name
273 * @param b_is_volatile_new is the permission volatile
274 * @param b_is_enabled_new is the permission enabled
275 * @return PC_OPERATION_SUCCESS on success, error code otherwise
277 int add_app_permission_internal(sqlite3 *p_db,
279 const char *const s_permission_name,
280 const char *const s_permission_type_name,
281 const bool b_is_volatile_new,
282 const bool b_is_enabled_new);
286 * Enable or disable a permission for a given application.
288 * @ingroup RDB internal functions
290 * @param p_db pointer to a SQLite3 database object
291 * @param i_app_id application id
292 * @param s_permission_name permission name
293 * @param s_permission_type_name permission type name
294 * @param b_is_enabled_new is the permission enabled
295 * @return PC_OPERATION_SUCCESS on success, error code otherwise
297 int switch_app_permission_internal(sqlite3 *p_db,
299 const char *const s_permission_name,
300 const char *const s_permission_type_name,
301 const bool b_is_enabled_new);
305 * Update an existing permission of an application.
307 * @ingroup RDB internal functions
309 * @param p_db pointer to a SQLite3 database object
310 * @param i_app_id application id
311 * @param i_permission_id id of the permission
312 * @param b_is_volatile_new is the permission volatile
313 * @param b_is_enabled_new is the permission enabled
314 * @return PC_OPERATION_SUCCESS on success, error code otherwise
316 int update_app_permission_internal(sqlite3 *p_db,
318 const int i_permission_id,
319 const bool b_is_volatile_new,
320 const bool b_is_enabled_new);
324 * Change a permission for an application.
325 * Function modifies or adds a permission.
327 * @ingroup RDB internal functions
329 * @param p_db pointer to a SQLite3 database object
330 * @param i_app_id application id
331 * @param s_permission_name permission name
332 * @param s_permission_type_name permission type name
333 * @param i_is_volatile_new is the permission volatile
334 * @param i_is_enabled_new is the permission enabled
335 * @return PC_OPERATION_SUCCESS on success, error code otherwise
337 int change_app_permission_internal(sqlite3 *p_db,
339 const char *const s_permission_name,
340 const char *const s_permission_type_name,
341 int i_is_volatile_new,
342 int i_is_enabled_new);
346 * Delete all permissions of the application.
348 * @ingroup RDB internal functions
350 * @param p_db pointer to a SQLite3 database object
351 * @param s_app_label_name applications label name
352 * @return PC_OPERATION_SUCCESS on success, error code otherwise
354 int revoke_app_permissions_internal(sqlite3 *p_db,
355 const char *const s_app_label_name);
359 * Delete all volatile permissions of the application.
361 * @ingroup RDB internal functions
363 * @param p_db pointer to a SQLite3 database object
364 * @param s_app_label_name applications label name
365 * @return PC_OPERATION_SUCCESS on success, error code otherwise
367 int reset_app_permissions_internal(sqlite3 *p_db,
368 const char *const s_app_label_name);
372 * Prepare tables with smack rules.
374 * @ingroup RDB internal functions
376 * @param p_db pointer to a SQLite3 database object
377 * @return PC_OPERATION_SUCCESS on success, error code otherwise
379 int update_rules_in_db(sqlite3 *p_db);
383 * Updates smack rules. Only rules that change are refreshed.
385 * @ingroup RDB internal functions
387 * @param p_db pointer to a SQLite3 database object
388 * @return PC_OPERATION_SUCCESS on success, error code otherwise
390 int update_smack_rules(sqlite3 *p_db);
392 #endif // _RULES_DB_INTERNALS_H_