2 * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Rafal Krypa <r.krypa@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
20 * @author Jacek Bukarewicz <j.bukarewicz@samsung.com>
22 * @brief Header file of a class managing smack rules
25 #ifndef _SMACK_RULES_H_
26 #define _SMACK_RULES_H_
30 #include <smack-exceptions.h>
32 struct smack_accesses;
34 namespace SecurityManager {
40 virtual ~SmackRules();
42 void add(const std::string &subject, const std::string &object,
43 const std::string &permissions);
44 void addModify(const std::string &subject, const std::string &object,
45 const std::string &allowPermissions, const std::string &denyPermissions);
46 void loadFromFile(const std::string &path);
47 void addFromTemplate(const std::vector<std::string> &templateRules,
48 const std::string &appId, const std::string &pkgId, const std::string &zoneId);
49 void addFromTemplateFile(const std::string &appId, const std::string &pkgId,
50 const std::string &zoneId);
54 void saveToFile(const std::string &path) const;
57 * Create cross dependencies for all applications in a package
59 * This is needed for all applications within a package to have
60 * correct permissions to shared data.
62 * @param[in] pkgContents - a list of all applications inside this package
63 * @param[in] zoneId - ID of zone which requested application install
65 void generatePackageCrossDeps(const std::vector<std::string> &pkgContents,
66 const std::string &zoneId);
69 * Install package-specific smack rules.
71 * Function creates smack rules using predefined template. Rules are applied
72 * to the kernel and saved on persistent storage so they are loaded on system boot.
74 * @param[in] appId - application id that is beeing installed
75 * @param[in] pkgId - package id that the application is in
76 * @param[in] pkgContents - a list of all applications in the package
78 static void installApplicationRules(const std::string &appId, const std::string &pkgId,
79 const std::vector<std::string> &pkgContents);
82 * Install package-specific smack rules.
84 * Function creates smack rules using predefined template. Rules are applied
85 * to the kernel and saved on persistent storage so they are loaded on system boot.
87 * @param[in] appId - application id that is beeing installed
88 * @param[in] pkgId - package id that the application is in
89 * @param[in] pkgContents - a list of all applications in the package
90 * @param[in] zoneId - ID of zone which requested application install
92 static void installApplicationRules(const std::string &appId, const std::string &pkgId,
93 const std::vector<std::string> &pkgContents, const std::string &zoneId);
95 * Uninstall package-specific smack rules.
97 * Function loads package-specific smack rules, revokes them from the kernel
98 * and removes them from the persistent storage.
100 * @param[in] pkgId - package identifier
102 static void uninstallPackageRules(const std::string &pkgId);
104 /* FIXME: Remove this function if real pkgId instead of "User" label will be used
105 * in generateAppLabel(). */
106 static void addMissingRulesFix();
109 * Uninstall application-specific smack rules.
111 * Function removes application specific rules from the kernel, and
112 * removes them for persistent storage.
114 * @param[in] appId - application id
115 * @param[in] pkgId - package id that the application belongs to
116 * @param[in] appsInPkg - a list of other applications in the same package id that the application belongs to
117 * @param[in] zoneId - ID of zone which requested application uninstall
119 static void uninstallApplicationRules(const std::string &appId, const std::string &pkgId,
120 std::vector<std::string> appsInPkg, const std::string &zoneId);
123 * Update package specific rules
125 * This function regenerates all package rules that
126 * need to exist currently for all application in that
129 * @param[in] pkgId - id of the package to update
130 * @param[in] pkgContents - a list of all applications in the package
131 * @param[in] zoneId - ID of zone which requested application uninstall
133 static void updatePackageRules(const std::string &pkgId,
134 const std::vector<std::string> &pkgContents, const std::string &zoneId);
138 * Create a path for package rules
141 static std::string getPackageRulesFilePath(const std::string &pkgId);
144 * Create a path for application rules
146 static std::string getApplicationRulesFilePath(const std::string &appId);
149 * Uninstall rules inside a specified file path
151 * This is a utility function that will clear all
152 * rules in the file specified by path
154 * @param[in] path - path to the file that contains the rules
156 static void uninstallRules (const std::string &path);
158 smack_accesses *m_handle;
161 } // namespace SecurityManager
163 #endif /* _SMACK_RULES_H_ */