2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
18 * Security Manager library header
21 * @file client-security-manager.cpp
22 * @author Pawel Polawski <p.polawski@samsung.com>
23 * @author Rafal Krypa <r.krypa@samsung.com>
25 * @brief This file contain client side implementation of security-manager API
34 #include <sys/types.h>
36 #include <sys/xattr.h>
37 #include <sys/smack.h>
38 #include <sys/capability.h>
40 #include <dpl/log/log.h>
41 #include <dpl/exception.h>
42 #include <smack-labels.h>
43 #include <message-buffer.h>
44 #include <client-common.h>
45 #include <protocols.h>
46 #include <service_impl.h>
47 #include <security-manager.h>
48 #include <client-offline.h>
50 static const char *EMPTY = "";
53 * Mapping of lib_retcode error codes to theirs strings equivalents
55 static std::map<enum lib_retcode, std::string> lib_retcode_string_map = {
56 {SECURITY_MANAGER_SUCCESS, "Success"},
57 {SECURITY_MANAGER_ERROR_UNKNOWN, "Unknown error"},
58 {SECURITY_MANAGER_ERROR_INPUT_PARAM, "Invalid function parameter was given"},
59 {SECURITY_MANAGER_ERROR_MEMORY, "Memory allocation error"},
60 {SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE, "Incomplete data in application request"},
61 {SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "User does not have sufficient "
62 "rigths to perform an operation"},
63 {SECURITY_MANAGER_ERROR_ACCESS_DENIED, "Insufficient privileges"},
67 const char *security_manager_strerror(enum lib_retcode rc)
70 return lib_retcode_string_map.at(rc).c_str();
71 } catch (const std::out_of_range &e) {
72 return "Unknown error code";
77 int security_manager_app_inst_req_new(app_inst_req **pp_req)
80 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
83 *pp_req = new app_inst_req;
84 } catch (std::bad_alloc& ex) {
85 return SECURITY_MANAGER_ERROR_MEMORY;
87 (*pp_req)->uid = geteuid();
89 return SECURITY_MANAGER_SUCCESS;
93 void security_manager_app_inst_req_free(app_inst_req *p_req)
99 int security_manager_app_inst_req_set_uid(app_inst_req *p_req,
103 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
107 return SECURITY_MANAGER_SUCCESS;
111 int security_manager_app_inst_req_set_app_id(app_inst_req *p_req, const char *app_id)
113 if (!p_req || !app_id)
114 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
116 p_req->appId = app_id;
118 return SECURITY_MANAGER_SUCCESS;
122 int security_manager_app_inst_req_set_pkg_id(app_inst_req *p_req, const char *pkg_id)
124 if (!p_req || !pkg_id)
125 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
127 p_req->pkgId = pkg_id;
129 return SECURITY_MANAGER_SUCCESS;
133 int security_manager_app_inst_req_add_privilege(app_inst_req *p_req, const char *privilege)
135 if (!p_req || !privilege)
136 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
138 p_req->privileges.push_back(privilege);
140 return SECURITY_MANAGER_SUCCESS;
144 int security_manager_app_inst_req_add_path(app_inst_req *p_req, const char *path, const int path_type)
146 if (!p_req || !path || (path_type < 0) || (path_type >= SECURITY_MANAGER_ENUM_END))
147 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
149 p_req->appPaths.push_back(std::make_pair(path, path_type));
151 return SECURITY_MANAGER_SUCCESS;
155 int security_manager_app_install(const app_inst_req *p_req)
157 using namespace SecurityManager;
159 return try_catch([&] {
160 //checking parameters
162 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
163 if (p_req->appId.empty() || p_req->pkgId.empty())
164 return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
167 ClientOffline offlineMode;
168 if (offlineMode.isOffline()) {
169 retval = SecurityManager::ServiceImpl::appInstall(*p_req, geteuid());
171 MessageBuffer send, recv;
173 //put data into buffer
174 Serialization::Serialize(send, (int)SecurityModuleCall::APP_INSTALL);
175 Serialization::Serialize(send, p_req->appId);
176 Serialization::Serialize(send, p_req->pkgId);
177 Serialization::Serialize(send, p_req->privileges);
178 Serialization::Serialize(send, p_req->appPaths);
179 Serialization::Serialize(send, p_req->uid);
181 //send buffer to server
182 retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
183 if (retval != SECURITY_MANAGER_API_SUCCESS) {
184 LogError("Error in sendToServer. Error code: " << retval);
185 return SECURITY_MANAGER_ERROR_UNKNOWN;
188 //receive response from server
189 Deserialization::Deserialize(recv, retval);
192 case SECURITY_MANAGER_API_SUCCESS:
193 return SECURITY_MANAGER_SUCCESS;
194 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
195 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
196 case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
197 return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
198 case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
199 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
201 return SECURITY_MANAGER_ERROR_UNKNOWN;
208 int security_manager_app_uninstall(const app_inst_req *p_req)
210 using namespace SecurityManager;
211 MessageBuffer send, recv;
213 return try_catch([&] {
214 //checking parameters
216 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
217 if (p_req->appId.empty())
218 return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
220 //put data into buffer
221 Serialization::Serialize(send, (int)SecurityModuleCall::APP_UNINSTALL);
222 Serialization::Serialize(send, p_req->appId);
224 //send buffer to server
225 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
226 if (retval != SECURITY_MANAGER_API_SUCCESS) {
227 LogError("Error in sendToServer. Error code: " << retval);
228 return SECURITY_MANAGER_ERROR_UNKNOWN;
231 //receive response from server
232 Deserialization::Deserialize(recv, retval);
233 if (retval != SECURITY_MANAGER_API_SUCCESS)
234 return SECURITY_MANAGER_ERROR_UNKNOWN;
236 return SECURITY_MANAGER_SUCCESS;;
241 int security_manager_get_app_pkgid(char **pkg_id, const char *app_id)
243 using namespace SecurityManager;
244 MessageBuffer send, recv;
246 LogDebug("security_manager_get_app_pkgid() called");
248 return try_catch([&] {
249 //checking parameters
251 if (app_id == NULL) {
252 LogError("security_manager_app_get_pkgid: app_id is NULL");
253 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
256 if (pkg_id == NULL) {
257 LogError("security_manager_app_get_pkgid: pkg_id is NULL");
258 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
261 //put data into buffer
262 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::APP_GET_PKGID));
263 Serialization::Serialize(send, std::string(app_id));
265 //send buffer to server
266 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
267 if (retval != SECURITY_MANAGER_API_SUCCESS) {
268 LogDebug("Error in sendToServer. Error code: " << retval);
269 return SECURITY_MANAGER_ERROR_UNKNOWN;
272 //receive response from server
273 Deserialization::Deserialize(recv, retval);
274 if (retval != SECURITY_MANAGER_API_SUCCESS)
275 return SECURITY_MANAGER_ERROR_UNKNOWN;
277 std::string pkgIdString;
278 Deserialization::Deserialize(recv, pkgIdString);
279 if (pkgIdString.empty()) {
280 LogError("Unexpected empty pkgId");
281 return SECURITY_MANAGER_ERROR_UNKNOWN;
284 *pkg_id = strdup(pkgIdString.c_str());
285 if (*pkg_id == NULL) {
286 LogError("Failed to allocate memory for pkgId");
287 return SECURITY_MANAGER_ERROR_MEMORY;
290 return SECURITY_MANAGER_SUCCESS;
294 static bool setup_smack(const char *label)
296 int labelSize = strlen(label);
298 // Set Smack label for open socket file descriptors
300 std::unique_ptr<DIR, std::function<int(DIR*)>> dir(
301 opendir("/proc/self/fd"), closedir);
303 LogError("Unable to read list of open file descriptors: " <<
305 return SECURITY_MANAGER_ERROR_UNKNOWN;
310 struct dirent *dirEntry = readdir(dir.get());
311 if (dirEntry == nullptr) {
312 if (errno == 0) // NULL return value also signals end of directory
315 LogError("Unable to read list of open file descriptors: " <<
317 return SECURITY_MANAGER_ERROR_UNKNOWN;
320 // Entries with numerical names specify file descriptors, ignore the rest
321 if (!isdigit(dirEntry->d_name[0]))
325 int fd = atoi(dirEntry->d_name);
326 int ret = fstat(fd, &statBuf);
328 LogWarning("fstat failed on file descriptor " << fd << ": " <<
332 if (S_ISSOCK(statBuf.st_mode)) {
333 ret = fsetxattr(fd, XATTR_NAME_SMACKIPIN, label, labelSize, 0);
335 LogError("Setting Smack label failed on file descriptor " <<
336 fd << ": " << strerror(errno));
337 return SECURITY_MANAGER_ERROR_UNKNOWN;
340 ret = fsetxattr(fd, XATTR_NAME_SMACKIPOUT, label, labelSize, 0);
342 LogError("Setting Smack label failed on file descriptor " <<
343 fd << ": " << strerror(errno));
344 return SECURITY_MANAGER_ERROR_UNKNOWN;
349 // Set Smack label of current process
350 smack_set_label_for_self(label);
352 return SECURITY_MANAGER_SUCCESS;
356 int security_manager_set_process_label_from_appid(const char *app_id)
359 std::string appLabel;
361 LogDebug("security_manager_set_process_label_from_appid() called");
363 if (smack_smackfs_path() == NULL)
364 return SECURITY_MANAGER_SUCCESS;
366 if (SecurityManager::generateAppLabel(std::string(app_id), appLabel) == false) {
367 LogError("Failed to generate smack label for appId: " << app_id);
368 return SECURITY_MANAGER_API_ERROR_NO_SUCH_OBJECT;
371 if ((ret = setup_smack(appLabel.c_str())) != SECURITY_MANAGER_SUCCESS) {
372 LogError("Failed to set smack label " << appLabel << " for current process");
376 return SECURITY_MANAGER_SUCCESS;
380 int security_manager_set_process_groups_from_appid(const char *app_id)
382 using namespace SecurityManager;
383 MessageBuffer send, recv;
386 LogDebug("security_manager_set_process_groups_from_appid() called");
388 return try_catch([&] {
389 //checking parameters
391 if (app_id == nullptr) {
392 LogError("app_id is NULL");
393 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
396 //put data into buffer
397 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::APP_GET_GROUPS));
398 Serialization::Serialize(send, std::string(app_id));
400 //send buffer to server
401 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
402 if (retval != SECURITY_MANAGER_API_SUCCESS) {
403 LogDebug("Error in sendToServer. Error code: " << retval);
404 return SECURITY_MANAGER_ERROR_UNKNOWN;
407 //receive response from server
408 Deserialization::Deserialize(recv, retval);
409 if (retval != SECURITY_MANAGER_API_SUCCESS) {
410 LogError("Failed to get list of groups from security-manager service. Error code: " << retval);
411 return SECURITY_MANAGER_ERROR_UNKNOWN;
414 //How many new groups?
416 Deserialization::Deserialize(recv, newGroupsCnt);
418 //And how many groups do we belong to already?
420 ret = getgroups(0, nullptr);
422 LogError("Unable to get list of current supplementary groups: " <<
424 return SECURITY_MANAGER_ERROR_UNKNOWN;
428 //Allocate an array for both old and new groups gids
429 std::unique_ptr<gid_t[]> groups(new gid_t[oldGroupsCnt + newGroupsCnt]);
431 LogError("Memory allocation failed.");
432 return SECURITY_MANAGER_ERROR_MEMORY;
435 //Get the old groups from process
436 ret = getgroups(oldGroupsCnt, groups.get());
438 LogError("Unable to get list of current supplementary groups: " <<
440 return SECURITY_MANAGER_ERROR_UNKNOWN;
443 //Get the new groups from server response
444 for (int i = 0; i < newGroupsCnt; ++i) {
446 Deserialization::Deserialize(recv, gid);
447 groups.get()[oldGroupsCnt + i] = gid;
448 LogDebug("Adding process to group " << gid);
451 //Apply the modified groups list
452 ret = setgroups(oldGroupsCnt + newGroupsCnt, groups.get());
454 LogError("Unable to get list of current supplementary groups: " <<
456 return SECURITY_MANAGER_ERROR_UNKNOWN;
459 return SECURITY_MANAGER_SUCCESS;
464 int security_manager_drop_process_privileges(void)
466 LogDebug("security_manager_drop_process_privileges() called");
469 cap_t cap = cap_init();
471 LogError("Unable to allocate capability object");
472 return SECURITY_MANAGER_ERROR_MEMORY;
475 ret = cap_clear(cap);
477 LogError("Unable to initialize capability object");
479 return SECURITY_MANAGER_ERROR_UNKNOWN;
482 ret = cap_set_proc(cap);
484 LogError("Unable to drop process capabilities");
486 return SECURITY_MANAGER_ERROR_UNKNOWN;
490 return SECURITY_MANAGER_SUCCESS;
494 int security_manager_prepare_app(const char *app_id)
496 LogDebug("security_manager_prepare_app() called");
499 ret = security_manager_set_process_label_from_appid(app_id);
500 if (ret != SECURITY_MANAGER_SUCCESS)
503 ret = security_manager_set_process_groups_from_appid(app_id);
504 if (ret != SECURITY_MANAGER_SUCCESS) {
505 LogWarning("Unable to setup process groups for application. Privileges with direct access to resources will not work.");
506 ret = SECURITY_MANAGER_SUCCESS;
509 ret = security_manager_drop_process_privileges();
514 int security_manager_user_req_new(user_req **pp_req)
517 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
519 *pp_req = new user_req;
520 } catch (std::bad_alloc& ex) {
521 return SECURITY_MANAGER_ERROR_MEMORY;
523 return SECURITY_MANAGER_SUCCESS;
527 void security_manager_user_req_free(user_req *p_req)
533 int security_manager_user_req_set_uid(user_req *p_req, uid_t uid)
536 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
540 return SECURITY_MANAGER_SUCCESS;
544 int security_manager_user_req_set_user_type(user_req *p_req, security_manager_user_type utype)
547 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
549 p_req->utype = static_cast<int>(utype);
551 return SECURITY_MANAGER_SUCCESS;
555 int security_manager_user_add(const user_req *p_req)
557 using namespace SecurityManager;
559 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
561 return try_catch([&] {
563 ClientOffline offlineMode;
564 if (offlineMode.isOffline()) {
565 retval = SecurityManager::ServiceImpl::userAdd(p_req->uid, p_req->utype, geteuid());
567 MessageBuffer send, recv;
570 //put data into buffer
571 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_ADD));
573 Serialization::Serialize(send, p_req->uid);
574 Serialization::Serialize(send, p_req->utype);
576 //send buffer to server
577 retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
578 if (retval != SECURITY_MANAGER_API_SUCCESS) {
579 LogError("Error in sendToServer. Error code: " << retval);
580 return SECURITY_MANAGER_ERROR_UNKNOWN;
583 //receive response from server
584 Deserialization::Deserialize(recv, retval);
587 case SECURITY_MANAGER_API_SUCCESS:
588 return SECURITY_MANAGER_SUCCESS;
589 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
590 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
592 return SECURITY_MANAGER_ERROR_UNKNOWN;
598 int security_manager_user_delete(const user_req *p_req)
600 using namespace SecurityManager;
601 MessageBuffer send, recv;
603 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
604 return try_catch([&] {
606 //put data into buffer
607 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_DELETE));
609 Serialization::Serialize(send, p_req->uid);
612 //send buffer to server
613 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
614 if (retval != SECURITY_MANAGER_API_SUCCESS) {
615 LogError("Error in sendToServer. Error code: " << retval);
616 return SECURITY_MANAGER_ERROR_UNKNOWN;
619 //receive response from server
620 Deserialization::Deserialize(recv, retval);
622 case SECURITY_MANAGER_API_SUCCESS:
623 return SECURITY_MANAGER_SUCCESS;
624 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
625 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
627 return SECURITY_MANAGER_ERROR_UNKNOWN;
633 /***************************POLICY***************************************/
636 int security_manager_policy_update_req_new(policy_update_req **pp_req)
639 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
642 *pp_req = new policy_update_req;
643 } catch (std::bad_alloc& ex) {
644 return SECURITY_MANAGER_ERROR_MEMORY;
647 return SECURITY_MANAGER_SUCCESS;
651 void security_manager_policy_update_req_free(policy_update_req *p_req)
657 int security_manager_policy_update_send(policy_update_req *p_req)
659 using namespace SecurityManager;
660 MessageBuffer send, recv;
662 if (p_req == nullptr || p_req->units.size() == 0)
663 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
665 return try_catch([&] {
667 //put request into buffer
668 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::POLICY_UPDATE));
669 Serialization::Serialize(send, p_req->units);
672 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
673 if (retval != SECURITY_MANAGER_API_SUCCESS) {
674 LogError("Error in sendToServer. Error code: " << retval);
675 return SECURITY_MANAGER_ERROR_UNKNOWN;
678 //receive response from server
679 Deserialization::Deserialize(recv, retval);
681 case SECURITY_MANAGER_API_SUCCESS:
682 return SECURITY_MANAGER_SUCCESS;
683 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
684 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
685 case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
686 return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
688 return SECURITY_MANAGER_ERROR_UNKNOWN;
693 static inline int security_manager_get_policy_internal(
694 SecurityManager::SecurityModuleCall call_type,
695 policy_entry *p_filter,
696 policy_entry ***ppp_privs_policy,
699 using namespace SecurityManager;
700 MessageBuffer send, recv;
702 if (ppp_privs_policy == nullptr
704 || p_filter == nullptr)
705 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
707 return try_catch([&] {
708 //put request into buffer
709 Serialization::Serialize(send, static_cast<int>(call_type));
710 Serialization::Serialize(send, *p_filter);
712 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
713 if (retval != SECURITY_MANAGER_API_SUCCESS) {
714 LogError("Error in sendToServer. Error code: " << retval);
715 return SECURITY_MANAGER_ERROR_UNKNOWN;
717 //receive response from server
718 Deserialization::Deserialize(recv, retval);
720 case SECURITY_MANAGER_API_SUCCESS: {
721 //extract and allocate buffers for privs policy entries
723 policy_entry **entries = nullptr;
724 Deserialization::Deserialize(recv, entriesCnt);
726 entries = new policy_entry*[entriesCnt]();
727 for (int i = 0; i < entriesCnt; ++i) {
728 entries[i] = new policy_entry;
729 Deserialization::Deserialize(recv, entries[i]);
732 LogError("Error while parsing server response");
733 for (int i = 0; i < entriesCnt; ++i)
736 return SECURITY_MANAGER_ERROR_UNKNOWN;
738 *p_size = entriesCnt;
739 *ppp_privs_policy = entries;
740 return SECURITY_MANAGER_SUCCESS;
742 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
743 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
745 case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
746 return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
749 return SECURITY_MANAGER_ERROR_UNKNOWN;
755 int security_manager_get_configured_policy_for_admin(
756 policy_entry *p_filter,
757 policy_entry ***ppp_privs_policy,
760 return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_ADMIN, p_filter, ppp_privs_policy, p_size);
764 int security_manager_get_configured_policy_for_self(
765 policy_entry *p_filter,
766 policy_entry ***ppp_privs_policy,
769 return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_SELF, p_filter, ppp_privs_policy, p_size);
773 int security_manager_get_policy(
774 policy_entry *p_filter,
775 policy_entry ***ppp_privs_policy,
778 return security_manager_get_policy_internal(SecurityModuleCall::GET_POLICY, p_filter, ppp_privs_policy, p_size);
782 int security_manager_policy_entry_new(policy_entry **p_entry)
785 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
788 *p_entry = new policy_entry;
789 } catch (std::bad_alloc& ex) {
790 return SECURITY_MANAGER_ERROR_MEMORY;
793 return SECURITY_MANAGER_SUCCESS;
797 void security_manager_policy_entry_free(policy_entry *p_entry)
803 int security_manager_policy_entry_set_application(policy_entry *p_entry, const char *app_id)
806 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
807 p_entry->appId = app_id;
808 return SECURITY_MANAGER_SUCCESS;
812 int security_manager_policy_entry_set_user(policy_entry *p_entry, const char *user)
815 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
816 p_entry->user = user;
817 return SECURITY_MANAGER_SUCCESS;
821 int security_manager_policy_entry_set_privilege(policy_entry *p_entry, const char *privilege)
824 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
825 p_entry->privilege = privilege;
826 return SECURITY_MANAGER_SUCCESS;
830 int security_manager_policy_entry_set_level(policy_entry *p_entry, const char *policy_level)
833 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
834 p_entry->currentLevel = policy_level;
835 p_entry->maxLevel = EMPTY;
836 return SECURITY_MANAGER_SUCCESS;
840 int security_manager_policy_entry_admin_set_level(policy_entry *p_entry, const char *policy_level)
843 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
844 p_entry->maxLevel = policy_level;
845 p_entry->currentLevel = EMPTY;
846 return SECURITY_MANAGER_SUCCESS;
850 int security_manager_policy_update_req_add_entry(policy_update_req *p_req, const policy_entry *p_entry)
852 if (!p_entry || !p_req)
853 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
854 p_req->units.push_back(p_entry);
856 return SECURITY_MANAGER_SUCCESS;
860 const char *security_manager_policy_entry_get_user(policy_entry *p_entry)
862 return p_entry ? p_entry->user.c_str() : nullptr;
866 const char *security_manager_policy_entry_get_application(policy_entry *p_entry)
868 return p_entry ? p_entry->appId.c_str() : nullptr;
871 const char *security_manager_policy_entry_get_privilege(policy_entry *p_entry)
873 return p_entry ? p_entry->privilege.c_str() : nullptr;
876 const char *security_manager_policy_entry_get_level(policy_entry *p_entry)
878 return p_entry ? p_entry->currentLevel.c_str() : nullptr;
882 const char *security_manager_policy_entry_get_max_level(policy_entry *p_entry)
884 return p_entry ? p_entry->maxLevel.c_str() : nullptr;
888 void security_manager_policy_entries_free(policy_entry *p_entries, const size_t size)
890 for (size_t i = 0; i < size; i++) {
891 delete &p_entries[i];
897 int security_manager_policy_levels_get(char ***levels, size_t *levels_count)
906 void security_manager_policy_levels_free(char **levels, size_t levels_count)