2 * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
19 * @file service_impl.h
20 * @author Rafal Krypa <r.krypa@samsung.com>
21 * @brief Implementation of the service methods
24 #ifndef _SECURITY_MANAGER_SERVICE_IMPL_
25 #define _SECURITY_MANAGER_SERVICE_IMPL_
28 #include <sys/types.h>
30 #include <unordered_set>
32 #include "security-manager.h"
34 namespace SecurityManager {
35 namespace ServiceImpl {
38 * Retrieves ID (UID and PID) of peer connected to socket
40 * @param[in] Socket file descriptor
41 * @param[out] UID of connected peer. Function does not modify the variable if ID retrieval fails.
42 * @param[out] PID of connected peer. Function does not modify the variable if ID retrieval fails.
44 * @return True if peer ID was successfully retrieved, false otherwise.
46 bool getPeerID(int sock, uid_t &uid, pid_t &pid);
49 * Process application installation request.
51 * @param[in] req installation request
52 * @param[in] uid id of the requesting user
53 * @param[in] isSlave Indicates if function should be called under slave mode
55 * @return API return code, as defined in protocols.h
57 int appInstall(const app_inst_req &req, uid_t uid, bool isSlave);
60 * Process application uninstallation request.
62 * @param[in] req uninstallation request
63 * @param[in] uid id of the requesting user
64 * @param[in] isSlave Indicates if function should be called under slave mode
66 * @return API return code, as defined in protocols.h
68 int appUninstall(const std::string &appId, uid_t uid, bool isSlave);
71 * Process package id query.
72 * Retrieves the package id associated with given application id.
74 * @param[in] appId application identifier
75 * @param[out] pkgId returned package identifier
77 * @return API return code, as defined in protocols.h
79 int getPkgId(const std::string &appId, std::string &pkgId);
82 * Process query for supplementary groups allowed for the application.
83 * For given appId and uid, calculate allowed privileges that give
84 * direct access to file system resources. For each permission Cynara will be
86 * Returns set of group ids that are permitted.
88 * @param[in] appId application identifier
89 * @param[in] uid id of the requesting user
90 * @param[in] pid id of the requesting process (to construct Cynara session id)
91 * @param[in] isSlave Indicates if function should be called under slave mode
92 * @param[out] gids returned set of allowed group ids
94 * @return API return code, as defined in protocols.h
96 int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, bool isSlave,
97 std::unordered_set<gid_t> &gids);
100 * Process user adding request.
102 * @param[in] uidAdded uid of newly created user
103 * @param[in] userType type of newly created user
104 * @param[in] uid uid of requesting user
105 * @param[in] isSlave Indicates if function should be called under slave mode
107 * @return API return code, as defined in protocols.h
109 int userAdd(uid_t uidAdded, int userType, uid_t uid, bool isSlave);
112 * Process user deletion request.
114 * @param[in] uidDeleted uid of removed user
115 * @param[in] uid uid of requesting user
116 * @param[in] isSlave Indicates if function should be called under slave mode
118 * @return API return code, as defined in protocols.h
120 int userDelete(uid_t uidDeleted, uid_t uid, bool isSlave);
123 * Update policy in Cynara - proper privilege: http://tizen.org/privilege/systemsettings.admin
124 * is needed for this to succeed
126 * @param[in] policyEntries vector of policy chunks with instructions
127 * @param[in] uid identifier of requesting user
128 * @param[in] pid PID of requesting process
129 * @param[in] smackLabel smack label of requesting app
131 * @return API return code, as defined in protocols.h
134 int policyUpdate(const std::vector<policy_entry> &policyEntries, uid_t uid, pid_t pid, const std::string &smackLabel);
136 * Fetch all configured privileges from user configurable bucket.
137 * Depending on forAdmin value: personal user policies or admin enforced
138 * policies are returned.
140 * @param[in] forAdmin determines if user is asking as ADMIN or not
141 * @param[in] filter filter for limiting the query
142 * @param[in] uid identifier of queried user
143 * @param[in] pid PID of requesting process
144 * @param[out] policyEntries vector of policy entries with result
146 * @return API return code, as defined in protocols.h
148 int getConfiguredPolicy(bool forAdmin, const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector<policy_entry> &policyEntries);
151 * Fetch all privileges for all apps installed for specific user.
153 * @param[in] forAdmin determines if user is asking as ADMIN or not
154 * @param[in] filter filter for limiting the query
155 * @param[in] uid identifier of queried user
156 * @param[in] pid PID of requesting process
157 * @param[out] policyEntries vector of policy entries with result
159 * @return API return code, as defined in protocols.h
161 int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector<policy_entry> &policyEntries);
164 * Process getting policy descriptions list.
166 * @param[in] descriptions empty vector for descriptions strings
168 * @return API return code, as defined in protocols.h
170 int policyGetDesc(std::vector<std::string> &descriptions);
172 } /* namespace ServiceImpl */
173 } /* namespace SecurityManager */
175 #endif /* _SECURITY_MANAGER_SERVICE_IMPL_ */