2 * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
19 * @file service_impl.h
20 * @author Rafal Krypa <r.krypa@samsung.com>
21 * @brief Implementation of the service methods
24 #ifndef _SECURITY_MANAGER_SERVICE_IMPL_
25 #define _SECURITY_MANAGER_SERVICE_IMPL_
28 #include <sys/types.h>
30 #include <unordered_set>
32 #include "security-manager.h"
34 namespace SecurityManager {
38 static uid_t getGlobalUserId(void);
40 static void checkGlobalUser(uid_t &uid, std::string &cynaraUserStr);
42 static bool isSubDir(const char *parent, const char *subdir);
44 static bool getUserAppDir(const uid_t &uid, std::string &userAppDir);
46 static bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath);
48 static bool getZoneId(std::string &zoneId);
52 virtual ~ServiceImpl();
55 * Process application installation request.
57 * @param[in] req installation request
58 * @param[in] uid id of the requesting user
59 * @param[in] isSlave Indicates if function should be called under slave mode
61 * @return API return code, as defined in protocols.h
63 int appInstall(const app_inst_req &req, uid_t uid, bool isSlave);
66 * Process application uninstallation request.
68 * @param[in] req uninstallation request
69 * @param[in] uid id of the requesting user
70 * @param[in] isSlave Indicates if function should be called under slave mode
72 * @return API return code, as defined in protocols.h
74 int appUninstall(const std::string &appId, uid_t uid, bool isSlave);
77 * Process package id query.
78 * Retrieves the package id associated with given application id.
80 * @param[in] appId application identifier
81 * @param[out] pkgId returned package identifier
83 * @return API return code, as defined in protocols.h
85 int getPkgId(const std::string &appId, std::string &pkgId);
88 * Process query for supplementary groups allowed for the application.
89 * For given appId and uid, calculate allowed privileges that give
90 * direct access to file system resources. For each permission Cynara will be
92 * Returns set of group ids that are permitted.
94 * @param[in] appId application identifier
95 * @param[in] uid id of the requesting user
96 * @param[in] pid id of the requesting process (to construct Cynara session id)
97 * @param[in] isSlave Indicates if function should be called under slave mode
98 * @param[out] gids returned set of allowed group ids
100 * @return API return code, as defined in protocols.h
102 int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave,
103 std::unordered_set<gid_t> &gids);
106 * Process user adding request.
108 * @param[in] uidAdded uid of newly created user
109 * @param[in] userType type of newly created user
110 * @param[in] uid uid of requesting user
111 * @param[in] isSlave Indicates if function should be called under slave mode
113 * @return API return code, as defined in protocols.h
115 int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave);
118 * Process user deletion request.
120 * @param[in] uidDeleted uid of removed user
121 * @param[in] uid uid of requesting user
122 * @param[in] isSlave Indicates if function should be called under slave mode
124 * @return API return code, as defined in protocols.h
126 int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave);
129 * Update policy in Cynara - proper privilege: http://tizen.org/privilege/systemsettings.admin
130 * is needed for this to succeed
132 * @param[in] policyEntries vector of policy chunks with instructions
133 * @param[in] uid identifier of requesting user
134 * @param[in] pid PID of requesting process
135 * @param[in] smackLabel smack label of requesting app
137 * @return API return code, as defined in protocols.h
140 int policyUpdate(const std::vector<policy_entry> &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel);
142 * Fetch all configured privileges from user configurable bucket.
143 * Depending on forAdmin value: personal user policies or admin enforced
144 * policies are returned.
146 * @param[in] forAdmin determines if user is asking as ADMIN or not
147 * @param[in] filter filter for limiting the query
148 * @param[in] uid identifier of queried user
149 * @param[in] pid PID of requesting process
150 * @param[out] policyEntries vector of policy entries with result
152 * @return API return code, as defined in protocols.h
154 int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector<policy_entry> &policyEntries);
157 * Fetch all privileges for all apps installed for specific user.
159 * @param[in] forAdmin determines if user is asking as ADMIN or not
160 * @param[in] filter filter for limiting the query
161 * @param[in] uid identifier of queried user
162 * @param[in] pid PID of requesting process
163 * @param[out] policyEntries vector of policy entries with result
165 * @return API return code, as defined in protocols.h
167 int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector<policy_entry> &policyEntries);
170 * Process getting policy descriptions list.
172 * @param[in] descriptions empty vector for descriptions strings
174 * @return API return code, as defined in protocols.h
176 int policyGetDesc(std::vector<std::string> &descriptions);
179 * Process getting privileges mappings from one version to another.
181 * @param[in] version_from version to be mapped from
182 * @param[in] version_to version to be mapped to
183 * @param[in] privileges vector of privileges to be mapped
184 * @param[out] mappings mappings of given privileges
186 int getPrivilegesMappings(const std::string &version_from,
187 const std::string &version_to,
188 const std::vector<std::string> &privileges,
189 std::vector<std::string> &mappings);
192 * Process getting resources group list.
194 * @param[out] groups empty vector for group strings
196 * @return API return code, as defined in protocols.h
198 int policyGetGroups(std::vector<std::string> &groups);
200 } /* namespace SecurityManager */
202 #endif /* _SECURITY_MANAGER_SERVICE_IMPL_ */