projects / platform / core / security / security-manager.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Provide a function for launchers for dropping process capabilities
[platform/core/security/security-manager.git] / src / include / security-manager.h
diff --git a/src/include/security-manager.h b/src/include/security-manager.h
index 7267091..82a3431 100644 (file)
--- a/src/include/security-manager.h
+++ b/src/include/security-manager.h
@@ -182,6 +182,17 @@ int security_manager_set_process_label_from_appid(const char *app_id);
  */
 int security_manager_set_process_groups_from_appid(const char *app_id);
 
+/**
+ * The above launcher functions, manipulating process Smack label and group,
+ * require elevated privileges. Since they will be called by launcher after fork,
+ * in the process for the application, privileges should be dropped before
+ * running an actual application. This function is a helper for that purpose -
+ * it drops capabilities from the process.
+ *
+ * \return API return code or error code
+ */
+int security_manager_drop_process_privileges(void);
+
 
 #ifdef __cplusplus
 }
Domain: Security / Access Control;