2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
18 * Security Manager library header
21 * @file client-security-manager.cpp
22 * @author Pawel Polawski <p.polawski@samsung.com>
23 * @author Rafal Krypa <r.krypa@samsung.com>
25 * @brief This file contain client side implementation of security-manager API
34 #include <sys/types.h>
36 #include <sys/xattr.h>
37 #include <sys/smack.h>
38 #include <sys/capability.h>
40 #include <dpl/log/log.h>
41 #include <dpl/exception.h>
42 #include <smack-labels.h>
43 #include <message-buffer.h>
44 #include <client-common.h>
45 #include <protocols.h>
46 #include <service_impl.h>
47 #include <security-manager.h>
48 #include <client-offline.h>
52 * Mapping of lib_retcode error codes to theirs strings equivalents
54 static std::map<enum lib_retcode, std::string> lib_retcode_string_map = {
55 {SECURITY_MANAGER_SUCCESS, "Success"},
56 {SECURITY_MANAGER_ERROR_UNKNOWN, "Unknown error"},
57 {SECURITY_MANAGER_ERROR_INPUT_PARAM, "Invalid function parameter was given"},
58 {SECURITY_MANAGER_ERROR_MEMORY, "Memory allocation error"},
59 {SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE, "Incomplete data in application request"},
60 {SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "User does not have sufficient "
61 "rigths to perform an operation"}
65 const char *security_manager_strerror(enum lib_retcode rc)
68 return lib_retcode_string_map.at(rc).c_str();
69 } catch (const std::out_of_range &e) {
70 return "Unknown error code";
75 int security_manager_app_inst_req_new(app_inst_req **pp_req)
78 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
81 *pp_req = new app_inst_req;
82 } catch (std::bad_alloc& ex) {
83 return SECURITY_MANAGER_ERROR_MEMORY;
85 (*pp_req)->uid = geteuid();
87 return SECURITY_MANAGER_SUCCESS;
91 void security_manager_app_inst_req_free(app_inst_req *p_req)
97 int security_manager_app_inst_req_set_uid(app_inst_req *p_req,
101 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
105 return SECURITY_MANAGER_SUCCESS;
109 int security_manager_app_inst_req_set_app_id(app_inst_req *p_req, const char *app_id)
111 if (!p_req || !app_id)
112 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
114 p_req->appId = app_id;
116 return SECURITY_MANAGER_SUCCESS;
120 int security_manager_app_inst_req_set_pkg_id(app_inst_req *p_req, const char *pkg_id)
122 if (!p_req || !pkg_id)
123 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
125 p_req->pkgId = pkg_id;
127 return SECURITY_MANAGER_SUCCESS;
131 int security_manager_app_inst_req_add_privilege(app_inst_req *p_req, const char *privilege)
133 if (!p_req || !privilege)
134 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
136 p_req->privileges.push_back(privilege);
138 return SECURITY_MANAGER_SUCCESS;
142 int security_manager_app_inst_req_add_path(app_inst_req *p_req, const char *path, const int path_type)
144 if (!p_req || !path || (path_type < 0) || (path_type >= SECURITY_MANAGER_ENUM_END))
145 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
147 p_req->appPaths.push_back(std::make_pair(path, path_type));
149 return SECURITY_MANAGER_SUCCESS;
153 int security_manager_app_install(const app_inst_req *p_req)
155 using namespace SecurityManager;
157 return try_catch([&] {
158 //checking parameters
160 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
161 if (p_req->appId.empty() || p_req->pkgId.empty())
162 return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
165 ClientOffline offlineMode;
166 if (offlineMode.isOffline()) {
167 retval = SecurityManager::ServiceImpl::appInstall(*p_req, geteuid());
169 MessageBuffer send, recv;
171 //put data into buffer
172 Serialization::Serialize(send, (int)SecurityModuleCall::APP_INSTALL);
173 Serialization::Serialize(send, p_req->appId);
174 Serialization::Serialize(send, p_req->pkgId);
175 Serialization::Serialize(send, p_req->privileges);
176 Serialization::Serialize(send, p_req->appPaths);
177 Serialization::Serialize(send, p_req->uid);
179 //send buffer to server
180 retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
181 if (retval != SECURITY_MANAGER_API_SUCCESS) {
182 LogError("Error in sendToServer. Error code: " << retval);
183 return SECURITY_MANAGER_ERROR_UNKNOWN;
186 //receive response from server
187 Deserialization::Deserialize(recv, retval);
190 case SECURITY_MANAGER_API_SUCCESS:
191 return SECURITY_MANAGER_SUCCESS;
192 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
193 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
194 case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
195 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
197 return SECURITY_MANAGER_ERROR_UNKNOWN;
204 int security_manager_app_uninstall(const app_inst_req *p_req)
206 using namespace SecurityManager;
207 MessageBuffer send, recv;
209 return try_catch([&] {
210 //checking parameters
212 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
213 if (p_req->appId.empty())
214 return SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE;
216 //put data into buffer
217 Serialization::Serialize(send, (int)SecurityModuleCall::APP_UNINSTALL);
218 Serialization::Serialize(send, p_req->appId);
220 //send buffer to server
221 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
222 if (retval != SECURITY_MANAGER_API_SUCCESS) {
223 LogError("Error in sendToServer. Error code: " << retval);
224 return SECURITY_MANAGER_ERROR_UNKNOWN;
227 //receive response from server
228 Deserialization::Deserialize(recv, retval);
229 if (retval != SECURITY_MANAGER_API_SUCCESS)
230 return SECURITY_MANAGER_ERROR_UNKNOWN;
232 return SECURITY_MANAGER_SUCCESS;;
237 int security_manager_get_app_pkgid(char **pkg_id, const char *app_id)
239 using namespace SecurityManager;
240 MessageBuffer send, recv;
242 LogDebug("security_manager_get_app_pkgid() called");
244 return try_catch([&] {
245 //checking parameters
247 if (app_id == NULL) {
248 LogError("security_manager_app_get_pkgid: app_id is NULL");
249 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
252 if (pkg_id == NULL) {
253 LogError("security_manager_app_get_pkgid: pkg_id is NULL");
254 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
257 //put data into buffer
258 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::APP_GET_PKGID));
259 Serialization::Serialize(send, std::string(app_id));
261 //send buffer to server
262 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
263 if (retval != SECURITY_MANAGER_API_SUCCESS) {
264 LogDebug("Error in sendToServer. Error code: " << retval);
265 return SECURITY_MANAGER_ERROR_UNKNOWN;
268 //receive response from server
269 Deserialization::Deserialize(recv, retval);
270 if (retval != SECURITY_MANAGER_API_SUCCESS)
271 return SECURITY_MANAGER_ERROR_UNKNOWN;
273 std::string pkgIdString;
274 Deserialization::Deserialize(recv, pkgIdString);
275 if (pkgIdString.empty()) {
276 LogError("Unexpected empty pkgId");
277 return SECURITY_MANAGER_ERROR_UNKNOWN;
280 *pkg_id = strdup(pkgIdString.c_str());
281 if (*pkg_id == NULL) {
282 LogError("Failed to allocate memory for pkgId");
283 return SECURITY_MANAGER_ERROR_MEMORY;
286 return SECURITY_MANAGER_SUCCESS;
290 static bool setup_smack(const char *label)
292 int labelSize = strlen(label);
294 // Set Smack label for open socket file descriptors
296 std::unique_ptr<DIR, std::function<int(DIR*)>> dir(
297 opendir("/proc/self/fd"), closedir);
299 LogError("Unable to read list of open file descriptors: " <<
301 return SECURITY_MANAGER_ERROR_UNKNOWN;
306 struct dirent *dirEntry = readdir(dir.get());
307 if (dirEntry == nullptr) {
308 if (errno == 0) // NULL return value also signals end of directory
311 LogError("Unable to read list of open file descriptors: " <<
313 return SECURITY_MANAGER_ERROR_UNKNOWN;
316 // Entries with numerical names specify file descriptors, ignore the rest
317 if (!isdigit(dirEntry->d_name[0]))
321 int fd = atoi(dirEntry->d_name);
322 int ret = fstat(fd, &statBuf);
324 LogWarning("fstat failed on file descriptor " << fd << ": " <<
328 if (S_ISSOCK(statBuf.st_mode)) {
329 ret = fsetxattr(fd, XATTR_NAME_SMACKIPIN, label, labelSize, 0);
331 LogError("Setting Smack label failed on file descriptor " <<
332 fd << ": " << strerror(errno));
333 return SECURITY_MANAGER_ERROR_UNKNOWN;
336 ret = fsetxattr(fd, XATTR_NAME_SMACKIPOUT, label, labelSize, 0);
338 LogError("Setting Smack label failed on file descriptor " <<
339 fd << ": " << strerror(errno));
340 return SECURITY_MANAGER_ERROR_UNKNOWN;
345 // Set Smack label of current process
346 smack_set_label_for_self(label);
348 return SECURITY_MANAGER_SUCCESS;
352 int security_manager_set_process_label_from_appid(const char *app_id)
355 std::string appLabel;
357 LogDebug("security_manager_set_process_label_from_appid() called");
359 if (smack_smackfs_path() == NULL)
360 return SECURITY_MANAGER_SUCCESS;
362 if (SecurityManager::generateAppLabel(std::string(app_id), appLabel) == false) {
363 LogError("Failed to generate smack label for appId: " << app_id);
364 return SECURITY_MANAGER_API_ERROR_NO_SUCH_OBJECT;
367 if ((ret = setup_smack(appLabel.c_str())) != SECURITY_MANAGER_SUCCESS) {
368 LogError("Failed to set smack label " << appLabel << " for current process");
372 return SECURITY_MANAGER_SUCCESS;
376 int security_manager_set_process_groups_from_appid(const char *app_id)
378 using namespace SecurityManager;
379 MessageBuffer send, recv;
382 LogDebug("security_manager_set_process_groups_from_appid() called");
384 return try_catch([&] {
385 //checking parameters
387 if (app_id == nullptr) {
388 LogError("app_id is NULL");
389 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
392 //put data into buffer
393 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::APP_GET_GROUPS));
394 Serialization::Serialize(send, std::string(app_id));
396 //send buffer to server
397 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
398 if (retval != SECURITY_MANAGER_API_SUCCESS) {
399 LogDebug("Error in sendToServer. Error code: " << retval);
400 return SECURITY_MANAGER_ERROR_UNKNOWN;
403 //receive response from server
404 Deserialization::Deserialize(recv, retval);
405 if (retval != SECURITY_MANAGER_API_SUCCESS) {
406 LogError("Failed to get list of groups from security-manager service. Error code: " << retval);
407 return SECURITY_MANAGER_ERROR_UNKNOWN;
410 //How many new groups?
412 Deserialization::Deserialize(recv, newGroupsCnt);
414 //And how many groups do we belong to already?
416 ret = getgroups(0, nullptr);
418 LogError("Unable to get list of current supplementary groups: " <<
420 return SECURITY_MANAGER_ERROR_UNKNOWN;
424 //Allocate an array for both old and new groups gids
425 std::unique_ptr<gid_t[]> groups(new gid_t[oldGroupsCnt + newGroupsCnt]);
427 LogError("Memory allocation failed.");
428 return SECURITY_MANAGER_ERROR_MEMORY;
431 //Get the old groups from process
432 ret = getgroups(oldGroupsCnt, groups.get());
434 LogError("Unable to get list of current supplementary groups: " <<
436 return SECURITY_MANAGER_ERROR_UNKNOWN;
439 //Get the new groups from server response
440 for (int i = 0; i < newGroupsCnt; ++i) {
442 Deserialization::Deserialize(recv, gid);
443 groups.get()[oldGroupsCnt + i] = gid;
444 LogDebug("Adding process to group " << gid);
447 //Apply the modified groups list
448 ret = setgroups(oldGroupsCnt + newGroupsCnt, groups.get());
450 LogError("Unable to get list of current supplementary groups: " <<
452 return SECURITY_MANAGER_ERROR_UNKNOWN;
455 return SECURITY_MANAGER_SUCCESS;
460 int security_manager_drop_process_privileges(void)
462 LogDebug("security_manager_drop_process_privileges() called");
465 cap_t cap = cap_init();
467 LogError("Unable to allocate capability object");
468 return SECURITY_MANAGER_ERROR_MEMORY;
471 ret = cap_clear(cap);
473 LogError("Unable to initialize capability object");
475 return SECURITY_MANAGER_ERROR_UNKNOWN;
478 ret = cap_set_proc(cap);
480 LogError("Unable to drop process capabilities");
482 return SECURITY_MANAGER_ERROR_UNKNOWN;
486 return SECURITY_MANAGER_SUCCESS;
490 int security_manager_prepare_app(const char *app_id)
492 LogDebug("security_manager_prepare_app() called");
495 ret = security_manager_set_process_label_from_appid(app_id);
496 if (ret != SECURITY_MANAGER_SUCCESS)
499 ret = security_manager_set_process_groups_from_appid(app_id);
500 if (ret != SECURITY_MANAGER_SUCCESS) {
501 LogWarning("Unable to setup process groups for application. Privileges with direct access to resources will not work.");
502 ret = SECURITY_MANAGER_SUCCESS;
505 ret = security_manager_drop_process_privileges();
510 int security_manager_user_req_new(user_req **pp_req)
513 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
515 *pp_req = new user_req;
516 } catch (std::bad_alloc& ex) {
517 return SECURITY_MANAGER_ERROR_MEMORY;
519 return SECURITY_MANAGER_SUCCESS;
523 void security_manager_user_req_free(user_req *p_req)
529 int security_manager_user_req_set_uid(user_req *p_req, uid_t uid)
532 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
536 return SECURITY_MANAGER_SUCCESS;
540 int security_manager_user_req_set_user_type(user_req *p_req, security_manager_user_type utype)
543 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
545 p_req->utype = static_cast<int>(utype);
547 return SECURITY_MANAGER_SUCCESS;
551 int security_manager_user_add(const user_req *p_req)
553 using namespace SecurityManager;
555 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
557 return try_catch([&] {
559 ClientOffline offlineMode;
560 if (offlineMode.isOffline()) {
561 retval = SecurityManager::ServiceImpl::userAdd(p_req->uid, p_req->utype, geteuid());
563 MessageBuffer send, recv;
566 //put data into buffer
567 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_ADD));
569 Serialization::Serialize(send, p_req->uid);
570 Serialization::Serialize(send, p_req->utype);
572 //send buffer to server
573 retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
574 if (retval != SECURITY_MANAGER_API_SUCCESS) {
575 LogError("Error in sendToServer. Error code: " << retval);
576 return SECURITY_MANAGER_ERROR_UNKNOWN;
579 //receive response from server
580 Deserialization::Deserialize(recv, retval);
583 case SECURITY_MANAGER_API_SUCCESS:
584 return SECURITY_MANAGER_SUCCESS;
585 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
586 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
588 return SECURITY_MANAGER_ERROR_UNKNOWN;
594 int security_manager_user_delete(const user_req *p_req)
596 using namespace SecurityManager;
597 MessageBuffer send, recv;
599 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
600 return try_catch([&] {
602 //put data into buffer
603 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_DELETE));
605 Serialization::Serialize(send, p_req->uid);
608 //send buffer to server
609 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
610 if (retval != SECURITY_MANAGER_API_SUCCESS) {
611 LogError("Error in sendToServer. Error code: " << retval);
612 return SECURITY_MANAGER_ERROR_UNKNOWN;
615 //receive response from server
616 Deserialization::Deserialize(recv, retval);
618 case SECURITY_MANAGER_API_SUCCESS:
619 return SECURITY_MANAGER_SUCCESS;
620 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
621 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
623 return SECURITY_MANAGER_ERROR_UNKNOWN;
629 /***************************POLICY***************************************/
632 int security_manager_policy_update_req_new(policy_update_req **pp_req)
635 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
638 *pp_req = new policy_update_req;
639 } catch (std::bad_alloc& ex) {
640 return SECURITY_MANAGER_ERROR_MEMORY;
643 return SECURITY_MANAGER_SUCCESS;
647 void security_manager_policy_update_req_free(policy_update_req *p_req)
653 int security_manager_policy_update_send(policy_update_req *p_req)
655 using namespace SecurityManager;
656 MessageBuffer send, recv;
658 if (p_req == nullptr || p_req->units.size() == 0)
659 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
661 return try_catch([&] {
663 //put request into buffer
664 Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::POLICY_UPDATE));
665 Serialization::Serialize(send, p_req->units);
668 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
669 if (retval != SECURITY_MANAGER_API_SUCCESS) {
670 LogError("Error in sendToServer. Error code: " << retval);
671 return SECURITY_MANAGER_ERROR_UNKNOWN;
674 //receive response from server
675 Deserialization::Deserialize(recv, retval);
677 case SECURITY_MANAGER_API_SUCCESS:
678 return SECURITY_MANAGER_SUCCESS;
679 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
680 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
682 return SECURITY_MANAGER_ERROR_UNKNOWN;
687 static inline int security_manager_get_policy_internal(
688 SecurityManager::SecurityModuleCall call_type,
689 policy_entry *p_filter,
690 policy_entry **pp_privs_policy,
693 using namespace SecurityManager;
694 MessageBuffer send, recv;
696 if (pp_privs_policy == nullptr || p_size == nullptr)
697 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
699 return try_catch([&] {
700 //put request into buffer
701 Serialization::Serialize(send, static_cast<int>(call_type));
702 Serialization::Serialize(send, *p_filter);
704 int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
705 if (retval != SECURITY_MANAGER_API_SUCCESS) {
706 LogError("Error in sendToServer. Error code: " << retval);
707 return SECURITY_MANAGER_ERROR_UNKNOWN;
709 //receive response from server
710 Deserialization::Deserialize(recv, retval);
712 case SECURITY_MANAGER_API_SUCCESS: {
713 //extract and allocate buffers for privs policy entries
715 policy_entry **entries = nullptr;
716 Deserialization::Deserialize(recv, entriesCnt);
718 entries = new policy_entry*[entriesCnt]();
719 for (int i = 0; i < entriesCnt; ++i)
720 Deserialization::Deserialize(recv, entries[i]);
722 LogError("Error while parsing server response");
723 for (int i = 0; i < entriesCnt; ++i)
726 return SECURITY_MANAGER_ERROR_UNKNOWN;
728 *p_size = entriesCnt;
729 pp_privs_policy = entries;
730 return SECURITY_MANAGER_SUCCESS;
732 case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
733 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
736 return SECURITY_MANAGER_ERROR_UNKNOWN;
742 int security_manager_get_configured_policy_for_admin(
743 policy_entry *p_filter,
744 policy_entry **pp_privs_policy,
747 return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_ADMIN, p_filter, pp_privs_policy, p_size);
751 int security_manager_get_configured_policy_for_self(
752 policy_entry *p_filter,
753 policy_entry **pp_privs_policy,
756 return security_manager_get_policy_internal(SecurityModuleCall::GET_CONF_POLICY_SELF, p_filter, pp_privs_policy, p_size);
760 int security_manager_get_policy(
761 policy_entry *p_filter,
762 policy_entry **pp_privs_policy,
765 return security_manager_get_policy_internal(SecurityModuleCall::GET_POLICY, p_filter, pp_privs_policy, p_size);
769 int security_manager_policy_entry_new(policy_entry **p_entry)
772 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
775 *p_entry = new policy_entry;
776 } catch (std::bad_alloc& ex) {
777 return SECURITY_MANAGER_ERROR_MEMORY;
780 return SECURITY_MANAGER_SUCCESS;
784 void security_manager_policy_entry_free(policy_entry *p_entry)
790 int security_manager_policy_entry_set_application(policy_entry *p_entry, const char *app_id)
793 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
794 p_entry->appId = app_id;
795 return SECURITY_MANAGER_SUCCESS;
799 int security_manager_policy_entry_set_user(policy_entry *p_entry, const char *user)
802 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
803 p_entry->user = user;
804 return SECURITY_MANAGER_SUCCESS;
808 int security_manager_policy_entry_set_privilege(policy_entry *p_entry, const char *privilege)
811 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
812 p_entry->privilege = privilege;
813 return SECURITY_MANAGER_SUCCESS;
817 int security_manager_policy_entry_set_level(policy_entry *p_entry, const char *policy_level)
820 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
821 p_entry->currentLevel = policy_level;
822 return SECURITY_MANAGER_SUCCESS;
826 int security_manager_policy_entry_admin_set_level(policy_entry *p_entry, const char *policy_level)
829 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
830 p_entry->maxLevel = policy_level;
831 return SECURITY_MANAGER_SUCCESS;
835 int security_manager_policy_update_req_add_entry(policy_update_req *p_req, const policy_entry *p_entry)
837 if (!p_entry || !p_req)
838 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
839 p_req->units.push_back(p_entry);
841 return SECURITY_MANAGER_SUCCESS;
845 const char *security_manager_policy_entry_get_user(policy_entry *p_entry)
848 return strdup(p_entry->user.c_str());
854 const char *security_manager_policy_entry_get_application(policy_entry *p_entry)
857 return strdup(p_entry->appId.c_str());
862 const char *security_manager_policy_entry_get_privilege(policy_entry *p_entry)
865 return strdup(p_entry->privilege.c_str());
870 const char *security_manager_policy_entry_get_level(policy_entry *p_entry)
873 return strdup(p_entry->currentLevel.c_str());
879 const char *security_manager_policy_entry_get_max_level(policy_entry *p_entry)
882 return strdup(p_entry->maxLevel.c_str());
888 void security_manager_policy_entries_free(policy_entry *p_entries, const size_t size)
890 for (size_t i = 0; i < size; i++) {
891 delete &p_entries[i];
897 int security_manager_policy_levels_get(char ***levels, size_t *levels_count)
906 void security_manager_policy_levels_free(char **levels, size_t levels_count)