cynaraAdmin.SetPolicies(policies);
}
+static bool checkCynaraError(int result, const std::string &msg)
+{
+ // TODO: Cynara client error codes are being currently refactored
+ // This function must be updated when the refactor is finished.
+ switch (result) {
+ case CYNARA_API_SUCCESS:
+ return true;
+ case CYNARA_API_ACCESS_DENIED:
+ return false;
+ case CYNARA_API_OUT_OF_MEMORY:
+ ThrowMsg(CynaraException::OutOfMemory, msg);
+ case CYNARA_API_INVALID_PARAM:
+ ThrowMsg(CynaraException::InvalidParam, msg);
+ case CYNARA_API_SERVICE_NOT_AVAILABLE:
+ ThrowMsg(CynaraException::ServiceNotAvailable, msg);
+ default:
+ ThrowMsg(CynaraException::UnknownError, msg);
+ }
+}
+
+Cynara::Cynara()
+{
+ checkCynaraError(
+ cynara_initialize(&m_Cynara, nullptr),
+ "Cannot connect to Cynara policy interface.");
+}
+
+Cynara::~Cynara()
+{
+ cynara_finish(m_Cynara);
+}
+
+bool Cynara::check(const std::string &label, const std::string &privilege,
+ const std::string &user, const std::string &session)
+{
+ return checkCynaraError(
+ cynara_check(m_Cynara,
+ label.c_str(), session.c_str(), user.c_str(), privilege.c_str()),
+ "Cannot check permission with Cynara.");
+}
} // namespace SecurityManager
#ifndef _SECURITY_MANAGER_CYNARA_
#define _SECURITY_MANAGER_CYNARA_
+#include <cynara-client.h>
#include <cynara-admin.h>
#include <dpl/exception.h>
#include <string>
struct cynara_admin *m_CynaraAdmin;
};
+class Cynara
+{
+public:
+ Cynara();
+ virtual ~Cynara();
+
+ /**
+ * Ask Cynara for permission.
+ *
+ * @param label application Smack label
+ * @param privilege privilege identifier
+ * @param user user identifier (uid)
+ * @param session session identifier
+ * @return true if access is permitted, false if denied
+ */
+ bool check(const std::string &label, const std::string &privilege,
+ const std::string &user, const std::string &session);
+
+private:
+ struct cynara *m_Cynara;
+};
+
+
} // namespace SecurityManager
#endif // _SECURITY_MANAGER_CYNARA_