2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
18 * Security Manager library header
21 * @file client-security-manager.cpp
22 * @author Pawel Polawski <p.polawski@samsung.com>
23 * @author Rafal Krypa <r.krypa@samsung.com>
25 * @brief This file contain client side implementation of security-manager API
34 #include <sys/types.h>
36 #include <sys/xattr.h>
37 #include <sys/smack.h>
38 #include <sys/capability.h>
40 #include <dpl/log/log.h>
41 #include <dpl/exception.h>
42 #include <smack-labels.h>
43 #include <message-buffer.h>
44 #include <client-common.h>
45 #include <protocols.h>
46 #include <service_impl.h>
47 #include <connection.h>
48 #include <zone-utils.h>
50 #include <security-manager.h>
51 #include <client-offline.h>
53 static const char *EMPTY = "";
56 * Mapping of lib_retcode error codes to theirs strings equivalents
58 static std::map<enum lib_retcode, std::string> lib_retcode_string_map = {
59 {SECURITY_MANAGER_SUCCESS, "Success"},
60 {SECURITY_MANAGER_ERROR_UNKNOWN, "Unknown error"},
61 {SECURITY_MANAGER_ERROR_INPUT_PARAM, "Invalid function parameter was given"},
62 {SECURITY_MANAGER_ERROR_MEMORY, "Memory allocation error"},
63 {SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE, "Incomplete data in application request"},
64 {SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "User does not have sufficient "
65 "rigths to perform an operation"},
66 {SECURITY_MANAGER_ERROR_ACCESS_DENIED, "Insufficient privileges"},
70 const char *security_manager_strerror(enum lib_retcode rc)
73 return lib_retcode_string_map.at(rc).c_str();
74 } catch (const std::out_of_range &e) {
75 return "Unknown error code";
80 int security_manager_app_inst_req_new(app_inst_req **pp_req)
83 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
86 *pp_req = new app_inst_req;
87 } catch (std::bad_alloc& ex) {
88 return SECURITY_MANAGER_ERROR_MEMORY;
90 (*pp_req)->uid = geteuid();
92 return SECURITY_MANAGER_SUCCESS;
96 void security_manager_app_inst_req_free(app_inst_req *p_req)
102 int security_manager_app_inst_req_set_uid(app_inst_req *p_req,
106 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
110 return SECURITY_MANAGER_SUCCESS;
114 int security_manager_app_inst_req_set_app_id(app_inst_req *p_req, const char *app_id)
116 if (!p_req || !app_id)
117 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
119 p_req->appId = app_id;
121 return SECURITY_MANAGER_SUCCESS;
125 int security_manager_app_inst_req_set_pkg_id(app_inst_req *p_req, const char *pkg_id)
127 if (!p_req || !pkg_id)
128 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
130 p_req->pkgId = pkg_id;
132 return SECURITY_MANAGER_SUCCESS;
136 int security_manager_app_inst_req_add_privilege(app_inst_req *p_req, const char *privilege)
138 if (!p_req || !privilege)
139 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
141 p_req->privileges.push_back(privilege);
143 return SECURITY_MANAGER_SUCCESS;
147 int security_manager_app_inst_req_add_path(app_inst_req *p_req, const char *path, const int path_type)
149 if (!p_req || !path || (path_type < 0) || (path_type >= SECURITY_MANAGER_ENUM_END))
150 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
152 p_req->appPaths.push_back(std::make_pair(path, path_type));
154 return SECURITY_MANAGER_SUCCESS;
158 int security_manager_app_install(const app_inst_req *p_req)
160 using namespace SecurityManager;
162 return try_catch([&] {
163 //checking parameters
165 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
166 if (p_req->appId.empty() || p_req->pkgId.empty())
167 return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
170 ClientOffline offlineMode;
171 if (offlineMode.isOffline()) {
172 retval = SecurityManager::ServiceImpl::appInstall(*p_req, geteuid(), false);
174 MessageBuffer send, recv;
176 //put data into buffer
177 Serialization::Serialize(send, (int)SecurityModuleCall::APP_INSTALL);
178 Serialization::Serialize(send, p_req->appId);
179 Serialization::Serialize(send, p_req->pkgId);
180 Serialization::Serialize(send, p_req->privileges);
181 Serialization::Serialize(send, p_req->appPaths);
182 Serialization::Serialize(send, p_req->uid);
184 //send buffer to server
185 retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
186 if (retval != SECURITY_MANAGER_API_SUCCESS) {
187 LogError("Error in sendToServer. Error code: " << retval);
188 return SECURITY_MANAGER_ERROR_UNKNOWN;
191 //receive response from server
192 Deserialization::Deserialize(recv, retval);
195 case SECURITY_MANAGER_API_SUCCESS:
196 return SECURITY_MANAGER_SUCCESS;
197 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
198 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
199 case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
200 return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
201 case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
202 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
204 return SECURITY_MANAGER_ERROR_UNKNOWN;
211 int security_manager_app_uninstall(const app_inst_req *p_req)
213 using namespace SecurityManager;
214 MessageBuffer send, recv;
216 return try_catch([&] {
217 //checking parameters
219 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
220 if (p_req->appId.empty())
221 return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
223 //put data into buffer
224 Serialization::Serialize(send, (int)SecurityModuleCall::APP_UNINSTALL);
225 Serialization::Serialize(send, p_req->appId);
227 //send buffer to server
228 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
229 if (retval != SECURITY_MANAGER_API_SUCCESS) {
230 LogError("Error in sendToServer. Error code: " << retval);
231 return SECURITY_MANAGER_ERROR_UNKNOWN;
234 //receive response from server
235 Deserialization::Deserialize(recv, retval);
236 if (retval != SECURITY_MANAGER_API_SUCCESS)
237 return SECURITY_MANAGER_ERROR_UNKNOWN;
239 return SECURITY_MANAGER_SUCCESS;;
244 int security_manager_get_app_pkgid(char **pkg_id, const char *app_id)
246 using namespace SecurityManager;
247 MessageBuffer send, recv;
249 LogDebug("security_manager_get_app_pkgid() called");
251 return try_catch([&] {
252 //checking parameters
254 if (app_id == NULL) {
255 LogError("security_manager_app_get_pkgid: app_id is NULL");
256 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
259 if (pkg_id == NULL) {
260 LogError("security_manager_app_get_pkgid: pkg_id is NULL");
261 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
264 //put data into buffer
265 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::APP_GET_PKGID));
266 Serialization::Serialize(send, std::string(app_id));
268 //send buffer to server
269 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
270 if (retval != SECURITY_MANAGER_API_SUCCESS) {
271 LogDebug("Error in sendToServer. Error code: " << retval);
272 return SECURITY_MANAGER_ERROR_UNKNOWN;
275 //receive response from server
276 Deserialization::Deserialize(recv, retval);
277 if (retval != SECURITY_MANAGER_API_SUCCESS)
278 return SECURITY_MANAGER_ERROR_UNKNOWN;
280 std::string pkgIdString;
281 Deserialization::Deserialize(recv, pkgIdString);
282 if (pkgIdString.empty()) {
283 LogError("Unexpected empty pkgId");
284 return SECURITY_MANAGER_ERROR_UNKNOWN;
287 *pkg_id = strdup(pkgIdString.c_str());
288 if (*pkg_id == NULL) {
289 LogError("Failed to allocate memory for pkgId");
290 return SECURITY_MANAGER_ERROR_MEMORY;
293 return SECURITY_MANAGER_SUCCESS;
297 static bool setup_smack(const char *label)
299 int labelSize = strlen(label);
301 // Set Smack label for open socket file descriptors
303 std::unique_ptr<DIR, std::function<int(DIR*)>> dir(
304 opendir("/proc/self/fd"), closedir);
306 LogError("Unable to read list of open file descriptors: " <<
308 return SECURITY_MANAGER_ERROR_UNKNOWN;
313 struct dirent *dirEntry = readdir(dir.get());
314 if (dirEntry == nullptr) {
315 if (errno == 0) // NULL return value also signals end of directory
318 LogError("Unable to read list of open file descriptors: " <<
320 return SECURITY_MANAGER_ERROR_UNKNOWN;
323 // Entries with numerical names specify file descriptors, ignore the rest
324 if (!isdigit(dirEntry->d_name[0]))
328 int fd = atoi(dirEntry->d_name);
329 int ret = fstat(fd, &statBuf);
331 LogWarning("fstat failed on file descriptor " << fd << ": " <<
335 if (S_ISSOCK(statBuf.st_mode)) {
336 ret = fsetxattr(fd, XATTR_NAME_SMACKIPIN, label, labelSize, 0);
338 LogError("Setting Smack label failed on file descriptor " <<
339 fd << ": " << strerror(errno));
340 return SECURITY_MANAGER_ERROR_UNKNOWN;
343 ret = fsetxattr(fd, XATTR_NAME_SMACKIPOUT, label, labelSize, 0);
345 LogError("Setting Smack label failed on file descriptor " <<
346 fd << ": " << strerror(errno));
347 return SECURITY_MANAGER_ERROR_UNKNOWN;
352 // Set Smack label of current process
353 smack_set_label_for_self(label);
355 return SECURITY_MANAGER_SUCCESS;
359 int security_manager_set_process_label_from_appid(const char *app_id)
362 std::string appLabel;
364 LogDebug("security_manager_set_process_label_from_appid() called");
366 if (smack_smackfs_path() == NULL)
367 return SECURITY_MANAGER_SUCCESS;
369 // FIXME Below modifications related to zones are temporary. Remove when Smack Namespaces
372 if (!getZoneIdFromPid(getpid(), zoneId)) {
373 LogError("Failed to get ID of zone");
374 return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
378 appLabel = SecurityManager::zoneSmackLabelGenerate(
379 SecurityManager::SmackLabels::generateAppLabel(app_id), zoneId);
382 LogError("Failed to generate smack label for appId: " << app_id);
383 return SECURITY_MANAGER_API_ERROR_NO_SUCH_OBJECT;
386 if ((ret = setup_smack(appLabel.c_str())) != SECURITY_MANAGER_SUCCESS) {
387 LogError("Failed to set smack label " << appLabel << " for current process");
391 return SECURITY_MANAGER_SUCCESS;
395 int security_manager_set_process_groups_from_appid(const char *app_id)
397 using namespace SecurityManager;
398 MessageBuffer send, recv;
401 LogDebug("security_manager_set_process_groups_from_appid() called");
403 return try_catch([&] {
404 //checking parameters
406 if (app_id == nullptr) {
407 LogError("app_id is NULL");
408 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
411 //put data into buffer
412 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::APP_GET_GROUPS));
413 Serialization::Serialize(send, std::string(app_id));
415 //send buffer to server
416 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
417 if (retval != SECURITY_MANAGER_API_SUCCESS) {
418 LogDebug("Error in sendToServer. Error code: " << retval);
419 return SECURITY_MANAGER_ERROR_UNKNOWN;
422 //receive response from server
423 Deserialization::Deserialize(recv, retval);
424 if (retval != SECURITY_MANAGER_API_SUCCESS) {
425 LogError("Failed to get list of groups from security-manager service. Error code: " << retval);
426 return SECURITY_MANAGER_ERROR_UNKNOWN;
429 //How many new groups?
431 Deserialization::Deserialize(recv, newGroupsCnt);
433 //And how many groups do we belong to already?
435 ret = getgroups(0, nullptr);
437 LogError("Unable to get list of current supplementary groups: " <<
439 return SECURITY_MANAGER_ERROR_UNKNOWN;
443 //Allocate an array for both old and new groups gids
444 std::unique_ptr<gid_t[]> groups(new gid_t[oldGroupsCnt + newGroupsCnt]);
446 LogError("Memory allocation failed.");
447 return SECURITY_MANAGER_ERROR_MEMORY;
450 //Get the old groups from process
451 ret = getgroups(oldGroupsCnt, groups.get());
453 LogError("Unable to get list of current supplementary groups: " <<
455 return SECURITY_MANAGER_ERROR_UNKNOWN;
458 //Get the new groups from server response
459 for (int i = 0; i < newGroupsCnt; ++i) {
461 Deserialization::Deserialize(recv, gid);
462 groups.get()[oldGroupsCnt + i] = gid;
463 LogDebug("Adding process to group " << gid);
466 //Apply the modified groups list
467 ret = setgroups(oldGroupsCnt + newGroupsCnt, groups.get());
469 LogError("Unable to get list of current supplementary groups: " <<
471 return SECURITY_MANAGER_ERROR_UNKNOWN;
474 return SECURITY_MANAGER_SUCCESS;
479 int security_manager_drop_process_privileges(void)
481 LogDebug("security_manager_drop_process_privileges() called");
484 cap_t cap = cap_init();
486 LogError("Unable to allocate capability object");
487 return SECURITY_MANAGER_ERROR_MEMORY;
490 ret = cap_clear(cap);
492 LogError("Unable to initialize capability object");
494 return SECURITY_MANAGER_ERROR_UNKNOWN;
497 ret = cap_set_proc(cap);
499 LogError("Unable to drop process capabilities");
501 return SECURITY_MANAGER_ERROR_UNKNOWN;
505 return SECURITY_MANAGER_SUCCESS;
509 int security_manager_prepare_app(const char *app_id)
511 LogDebug("security_manager_prepare_app() called");
514 ret = security_manager_set_process_label_from_appid(app_id);
515 if (ret != SECURITY_MANAGER_SUCCESS)
518 ret = security_manager_set_process_groups_from_appid(app_id);
519 if (ret != SECURITY_MANAGER_SUCCESS) {
520 LogWarning("Unable to setup process groups for application. Privileges with direct access to resources will not work.");
521 ret = SECURITY_MANAGER_SUCCESS;
524 ret = security_manager_drop_process_privileges();
529 int security_manager_user_req_new(user_req **pp_req)
532 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
534 *pp_req = new user_req;
535 } catch (std::bad_alloc& ex) {
536 return SECURITY_MANAGER_ERROR_MEMORY;
538 return SECURITY_MANAGER_SUCCESS;
542 void security_manager_user_req_free(user_req *p_req)
548 int security_manager_user_req_set_uid(user_req *p_req, uid_t uid)
551 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
555 return SECURITY_MANAGER_SUCCESS;
559 int security_manager_user_req_set_user_type(user_req *p_req, security_manager_user_type utype)
562 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
564 p_req->utype = static_cast<int>(utype);
566 return SECURITY_MANAGER_SUCCESS;
570 int security_manager_user_add(const user_req *p_req)
572 using namespace SecurityManager;
574 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
576 return try_catch([&] {
578 ClientOffline offlineMode;
579 if (offlineMode.isOffline()) {
580 retval = SecurityManager::ServiceImpl::userAdd(p_req->uid, p_req->utype, geteuid(),
583 MessageBuffer send, recv;
586 //put data into buffer
587 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_ADD));
589 Serialization::Serialize(send, p_req->uid);
590 Serialization::Serialize(send, p_req->utype);
592 //send buffer to server
593 retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
594 if (retval != SECURITY_MANAGER_API_SUCCESS) {
595 LogError("Error in sendToServer. Error code: " << retval);
596 return SECURITY_MANAGER_ERROR_UNKNOWN;
599 //receive response from server
600 Deserialization::Deserialize(recv, retval);
603 case SECURITY_MANAGER_API_SUCCESS:
604 return SECURITY_MANAGER_SUCCESS;
605 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
606 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
608 return SECURITY_MANAGER_ERROR_UNKNOWN;
614 int security_manager_user_delete(const user_req *p_req)
616 using namespace SecurityManager;
617 MessageBuffer send, recv;
619 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
620 return try_catch([&] {
622 //put data into buffer
623 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_DELETE));
625 Serialization::Serialize(send, p_req->uid);
628 //send buffer to server
629 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
630 if (retval != SECURITY_MANAGER_API_SUCCESS) {
631 LogError("Error in sendToServer. Error code: " << retval);
632 return SECURITY_MANAGER_ERROR_UNKNOWN;
635 //receive response from server
636 Deserialization::Deserialize(recv, retval);
638 case SECURITY_MANAGER_API_SUCCESS:
639 return SECURITY_MANAGER_SUCCESS;
640 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
641 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
643 return SECURITY_MANAGER_ERROR_UNKNOWN;
649 /***************************POLICY***************************************/
652 int security_manager_policy_update_req_new(policy_update_req **pp_req)
655 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
658 *pp_req = new policy_update_req;
659 } catch (std::bad_alloc& ex) {
660 return SECURITY_MANAGER_ERROR_MEMORY;
663 return SECURITY_MANAGER_SUCCESS;
667 void security_manager_policy_update_req_free(policy_update_req *p_req)
673 int security_manager_policy_update_send(policy_update_req *p_req)
675 using namespace SecurityManager;
676 MessageBuffer send, recv;
678 if (p_req == nullptr || p_req->units.size() == 0)
679 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
681 return try_catch([&] {
683 //put request into buffer
684 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::POLICY_UPDATE));
685 Serialization::Serialize(send, p_req->units);
688 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
689 if (retval != SECURITY_MANAGER_API_SUCCESS) {
690 LogError("Error in sendToServer. Error code: " << retval);
691 return SECURITY_MANAGER_ERROR_UNKNOWN;
694 //receive response from server
695 Deserialization::Deserialize(recv, retval);
697 case SECURITY_MANAGER_API_SUCCESS:
698 return SECURITY_MANAGER_SUCCESS;
699 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
700 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
701 case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
702 return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
704 return SECURITY_MANAGER_ERROR_UNKNOWN;
709 static inline int security_manager_get_policy_internal(
710 SecurityManager::SecurityModuleCall call_type,
711 policy_entry *p_filter,
712 policy_entry ***ppp_privs_policy,
715 using namespace SecurityManager;
716 MessageBuffer send, recv;
718 if (ppp_privs_policy == nullptr
720 || p_filter == nullptr)
721 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
723 return try_catch([&] {
724 //put request into buffer
725 Serialization::Serialize(send, static_cast<int>(call_type));
726 Serialization::Serialize(send, *p_filter);
728 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
729 if (retval != SECURITY_MANAGER_API_SUCCESS) {
730 LogError("Error in sendToServer. Error code: " << retval);
731 return SECURITY_MANAGER_ERROR_UNKNOWN;
733 //receive response from server
734 Deserialization::Deserialize(recv, retval);
736 case SECURITY_MANAGER_API_SUCCESS: {
737 //extract and allocate buffers for privs policy entries
739 policy_entry **entries = nullptr;
741 Deserialization::Deserialize(recv, entriesCnt);
742 entries = new policy_entry*[entriesCnt]();
743 for (int i = 0; i < entriesCnt; ++i) {
744 entries[i] = new policy_entry;
745 Deserialization::Deserialize(recv, entries[i]);
748 LogError("Error while parsing server response");
749 for (int i = 0; i < entriesCnt; ++i)
752 return SECURITY_MANAGER_ERROR_UNKNOWN;
754 *p_size = entriesCnt;
755 *ppp_privs_policy = entries;
756 return SECURITY_MANAGER_SUCCESS;
758 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
759 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
761 case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
762 return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
765 return SECURITY_MANAGER_ERROR_UNKNOWN;
771 int security_manager_get_configured_policy_for_admin(
772 policy_entry *p_filter,
773 policy_entry ***ppp_privs_policy,
776 return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_ADMIN, p_filter, ppp_privs_policy, p_size);
780 int security_manager_get_configured_policy_for_self(
781 policy_entry *p_filter,
782 policy_entry ***ppp_privs_policy,
785 return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_SELF, p_filter, ppp_privs_policy, p_size);
789 int security_manager_get_policy(
790 policy_entry *p_filter,
791 policy_entry ***ppp_privs_policy,
794 return security_manager_get_policy_internal(SecurityModuleCall::GET_POLICY, p_filter, ppp_privs_policy, p_size);
798 int security_manager_policy_entry_new(policy_entry **p_entry)
801 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
804 *p_entry = new policy_entry;
805 } catch (std::bad_alloc& ex) {
806 return SECURITY_MANAGER_ERROR_MEMORY;
809 return SECURITY_MANAGER_SUCCESS;
813 void security_manager_policy_entry_free(policy_entry *p_entry)
819 int security_manager_policy_entry_set_application(policy_entry *p_entry, const char *app_id)
822 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
823 p_entry->appId = app_id;
824 return SECURITY_MANAGER_SUCCESS;
828 int security_manager_policy_entry_set_user(policy_entry *p_entry, const char *user)
831 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
832 p_entry->user = user;
833 return SECURITY_MANAGER_SUCCESS;
837 int security_manager_policy_entry_set_privilege(policy_entry *p_entry, const char *privilege)
840 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
841 p_entry->privilege = privilege;
842 return SECURITY_MANAGER_SUCCESS;
846 int security_manager_policy_entry_set_level(policy_entry *p_entry, const char *policy_level)
849 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
850 p_entry->currentLevel = policy_level;
851 p_entry->maxLevel = EMPTY;
852 return SECURITY_MANAGER_SUCCESS;
856 int security_manager_policy_entry_admin_set_level(policy_entry *p_entry, const char *policy_level)
859 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
860 p_entry->maxLevel = policy_level;
861 p_entry->currentLevel = EMPTY;
862 return SECURITY_MANAGER_SUCCESS;
866 int security_manager_policy_update_req_add_entry(policy_update_req *p_req, const policy_entry *p_entry)
868 if (!p_entry || !p_req)
869 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
870 p_req->units.push_back(p_entry);
872 return SECURITY_MANAGER_SUCCESS;
876 const char *security_manager_policy_entry_get_user(policy_entry *p_entry)
878 return p_entry ? p_entry->user.c_str() : nullptr;
882 const char *security_manager_policy_entry_get_application(policy_entry *p_entry)
884 return p_entry ? p_entry->appId.c_str() : nullptr;
887 const char *security_manager_policy_entry_get_privilege(policy_entry *p_entry)
889 return p_entry ? p_entry->privilege.c_str() : nullptr;
892 const char *security_manager_policy_entry_get_level(policy_entry *p_entry)
894 return p_entry ? p_entry->currentLevel.c_str() : nullptr;
898 const char *security_manager_policy_entry_get_max_level(policy_entry *p_entry)
900 return p_entry ? p_entry->maxLevel.c_str() : nullptr;
904 void security_manager_policy_entries_free(policy_entry *p_entries, const size_t size)
906 for (size_t i = 0; i < size; i++) {
907 delete &p_entries[i];
913 int security_manager_policy_levels_get(char ***levels, size_t *levels_count)
915 using namespace SecurityManager;
916 MessageBuffer send, recv;
917 if (!levels || !levels_count)
918 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
919 return try_catch([&] {
921 //put data into buffer
922 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::POLICY_GET_DESCRIPTIONS));
924 //send buffer to server
925 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
926 if (retval != SECURITY_MANAGER_API_SUCCESS) {
927 LogError("Error in sendToServer. Error code: " << retval);
928 return SECURITY_MANAGER_ERROR_UNKNOWN;
931 //receive response from server
932 Deserialization::Deserialize(recv, retval);
935 case SECURITY_MANAGER_API_SUCCESS:
936 // success - continue
938 case SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY:
939 return SECURITY_MANAGER_ERROR_MEMORY;
940 case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
941 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
943 return SECURITY_MANAGER_ERROR_UNKNOWN;
947 Deserialization::Deserialize(recv, count);
948 *levels_count = count;
949 LogInfo("Number of policy descriptions: " << *levels_count);
951 char **array = new char *[*levels_count];
953 for (unsigned int i = 0; i < *levels_count; ++i) {
955 Deserialization::Deserialize(recv, level);
958 LogError("Unexpected empty level");
959 return SECURITY_MANAGER_ERROR_UNKNOWN;
962 array[i] = strdup(level.c_str());
963 if (array[i] == nullptr)
964 return SECURITY_MANAGER_ERROR_MEMORY;
969 return SECURITY_MANAGER_SUCCESS;
974 void security_manager_policy_levels_free(char **levels, size_t levels_count)
976 for (unsigned int i = 0; i < levels_count; i++)
983 int security_manager_get_privileges_mapping(const char *from_version,
984 const char *to_version,
985 char const * const *privileges,
986 size_t privileges_count,
987 char ***privileges_mappings,
988 size_t *mappings_count)
991 if (from_version == nullptr || privileges == nullptr ||
992 privileges_mappings == nullptr || mappings_count == nullptr || privileges_count == 0) {
993 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
995 return SECURITY_MANAGER_ERROR_UNKNOWN;
998 void security_manager_privilege_mapping_free(char **privileges_mappings, size_t mappings_count)
1000 (void)privileges_mappings;
1001 (void)mappings_count;