APP_TYPE_OTHER,
} app_type_t;
+typedef enum {
+ APP_PATH_PRIVATE,
+ APP_PATH_GROUP_RW,
+ APP_PATH_PUBLIC_RO,
+ APP_PATH_SETTINGS_RW,
+ APP_PATH_ANY_LABEL,
+} app_path_type_t;
+
/* APIs - used by applications */
int control_privilege(void) __attribute__((deprecated));
* @param path file system path to the binary
* @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
*/
+int perm_app_set_privilege(const char* name, const char* type, const char* path);
int set_app_privilege(const char* name, const char* type, const char* path);
/**
* @return id of the connecting widget on success, NULL on failure.
* Caller is responsible for freeing the return widget id.
*/
+char* perm_app_id_from_socket(int sockfd);
char* app_id_from_socket(int sockfd);
/**
* @param app_id application identifier
* @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
*/
+int perm_app_install(const char* pkg_id);
int app_install(const char* app_id);
/**
* @param app_id application identifier
* @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
*/
+int perm_app_uninstall(const char* pkg_id);
int app_uninstall(const char* app_id);
/**
* @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
*/
int app_enable_permissions(const char* app_id, app_type_t app_type, const char** perm_list, bool persistent);
+int perm_app_enable_permissions(const char* pkg_id, app_type_t app_type, const char** perm_list, bool persistent);
/**
* Remove previously granted SMACK permissions based on permissions list.
* @param perm_list array of permission names, last element must be NULL
* @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
*/
+int perm_app_disable_permissions(const char* pkg_id, app_type_t app_type, const char** perm_list);
int app_disable_permissions(const char* app_id, app_type_t app_type, const char** perm_list);
/**
* @param app_id application identifier
* @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
*/
+int perm_app_revoke_permissions(const char* pkg_id);
int app_revoke_permissions(const char* app_id);
/**
* @param app_id application identifier
* @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
*/
+int perm_app_reset_permissions(const char* pkg_id);
int app_reset_permissions(const char* app_id);
/**
int add_shared_dir_readers(const char* shared_label, const char** app_list);
/**
+ * Recursively set SMACK labels for an application directory. The exact behavior
+ * depends on app_path_type argument:
+ * - APP_PATH_PRIVATE: label with app's label, set access label on everything
+ * and execute label on executable files and symlinks to executable files
+ *
+ * - APP_PATH_GROUP_RW: label with given shared_label, set access label on
+ * everything and enable transmute on directories. Also give pkg_id full access
+ * to the shared label.
+ *
+ * - APP_PATH_PUBLIC_RO: label with autogenerated label, set access label on
+ * everything and enable transmute on directories. Give full access to the label to
+ * pkg_id and RX access to all other apps.
+ *
+ * - APP_PATH_SETTINGS_RW: label with autogenerated label, set access label on
+ * everything and enable transmute on directories. Give full access to the label to
+ * pkg_id and RWX access to all appsetting apps.
+ *
+ * This function should be called during app installation.
+ * Results will be persistent on the file system.
+ * It must be called by privileged user.
+ *
+ * @param pkg_id
+ * @param path
+ * @param app_path_type
+ * @param shared_label (optional argument for APP_PATH_GROUP_RW path type)
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int perm_app_setup_path(const char* pkg_id, const char* path, app_path_type_t app_path_type, ...);
+int app_setup_path(const char* pkg_id, const char* path, app_path_type_t app_path_type, ...);
+
+/**
* Make two applications "friends", by giving them both full permissions on
* each other.
* Results will be persistent on the file system. Must be called after
* @param app_id2 second application identifier
* @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
*/
+int perm_app_add_friend(const char* pkg_id1, const char* pkg_id2);
int app_add_friend(const char* app_id1, const char* app_id2);
/**
* by the feature
* @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
*/
+int perm_add_api_feature(app_type_t app_type,
+ const char* api_feature_name,
+ const char** set_smack_rule_set,
+ const gid_t* list_of_db_gids,
+ size_t list_size);
int add_api_feature(app_type_t app_type,
const char* api_feature_name,
const char** set_smack_rule_set,
return basename;
}*/
+API int perm_app_set_privilege(const char* name, const char* type, const char* path)
+{
+ return PC_ERR_INVALID_OPERATION;
+}
+
API int set_app_privilege(const char* name, const char* type, const char* path)
{
C_LOGD("Enter function: %s", __func__);
return PC_OPERATION_SUCCESS;
}
+API char* perm_app_id_from_socket(int sockfd)
+{
+ return NULL;
+}
+
API char* app_id_from_socket(int sockfd)
{
C_LOGD("Enter function: %s", __func__);
return app_add_permissions_internal(app_id, app_type, perm_list, persistent);
}
+API int perm_app_enable_permissions(const char* pkg_id, app_type_t app_type, const char** perm_list, bool persistent)
+{
+ C_LOGD("Enter function: %s", __func__);
+ return PC_ERR_INVALID_OPERATION;
+}
+
/* FIXME: this function is only a stub */
+API int perm_app_disable_permissions(const char* pkg_id, app_type_t app_type, const char** perm_list)
+{
+ return PC_ERR_INVALID_OPERATION;
+}
+
API int app_disable_permissions(const char* app_id, app_type_t app_type, const char** perm_list)
{
C_LOGD("Enter function: %s", __func__);
return PC_OPERATION_SUCCESS;
}
+API int perm_app_revoke_permissions(const char* pkg_id)
+{
+ return PC_ERR_INVALID_OPERATION;
+}
+
API int app_revoke_permissions(const char* app_id)
{
C_LOGD("Enter function: %s", __func__);
return PC_OPERATION_SUCCESS;
}
+API int perm_app_reset_permissions(const char* pkg_id)
+{
+ return PC_ERR_INVALID_OPERATION;
+}
+
API int app_reset_permissions(const char* app_id)
{
C_LOGD("Enter function: %s", __func__);
return PC_OPERATION_SUCCESS;
}
+API int perm_app_add_friend(const char* pkg_id1, const char* pkg_id2)
+{
+ return PC_ERR_INVALID_OPERATION;
+}
+
API int app_add_friend(const char* app_id1, const char* app_id2)
{
C_LOGD("Enter function: %s", __func__);
return PC_OPERATION_SUCCESS;
}
+API int perm_app_install(const char* pkg_id)
+{
+ return PC_ERR_INVALID_OPERATION;
+}
+
API int app_install(const char* app_id)
{
C_LOGD("Enter function: %s", __func__);
return PC_OPERATION_SUCCESS;
}
+API int perm_app_uninstall(const char* pkg_id)
+{
+ return PC_ERR_INVALID_OPERATION;
+}
+
API int app_uninstall(const char* app_id)
{
// TODO: When real database will be used, then this function should remove app_id
return ret;
}
+API int perm_add_api_feature(app_type_t app_type,
+ const char* api_feature_name,
+ const char** smack_rules,
+ const gid_t* list_of_db_gids,
+ size_t list_size)
+{
+ return PC_ERR_INVALID_OPERATION;
+}
+
API int add_api_feature(app_type_t app_type,
const char* api_feature_name,
const char** smack_rules,
projects / platform / core / security / libprivilege-control.git / commitdiff