Add default policy for user when creating it.

Change-Id: Ifc2896aa413ec7c003136a5886f7aad84c0c8f00
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>

diff --git a/src/common/cynara.cpp b/src/common/cynara.cpp
index 1436ba1..4b61a56 100644 (file)
--- a/src/common/cynara.cpp
+++ b/src/common/cynara.cpp
@@ -301,6 +301,40 @@ void CynaraAdmin::UpdateAppPolicy(
     SetPolicies(policies);
 }
 
+void CynaraAdmin::UserInit(uid_t uid, security_manager_user_type userType)
+{
+    Bucket bucket;
+    std::vector<CynaraAdminPolicy> policies;
+
+    switch (userType) {
+        case SM_USER_TYPE_SYSTEM:
+            bucket = Bucket::USER_TYPE_SYSTEM;
+            break;
+        case SM_USER_TYPE_ADMIN:
+            bucket = Bucket::USER_TYPE_ADMIN;
+            break;
+        case SM_USER_TYPE_GUEST:
+            bucket = Bucket::USER_TYPE_GUEST;
+            break;
+        case SM_USER_TYPE_NORMAL:
+            bucket = Bucket::USER_TYPE_NORMAL;
+            break;
+        case SM_USER_TYPE_ANY:
+        case SM_USER_TYPE_NONE:
+        case SM_USER_TYPE_END:
+        default:
+            ThrowMsg(CynaraException::InvalidParam, "User type incorrect");
+    }
+
+    policies.push_back(CynaraAdminPolicy(CYNARA_ADMIN_WILDCARD,
+                                            std::to_string(static_cast<unsigned int>(uid)),
+                                            CYNARA_ADMIN_WILDCARD,
+                                            Buckets.at(bucket),
+                                            Buckets.at(Bucket::MAIN)));
+
+    CynaraAdmin::getInstance().SetPolicies(policies);
+}
+
 Cynara::Cynara()
 {
     checkCynaraError(

diff --git a/src/common/include/cynara.h b/src/common/include/cynara.h
index 8982d54..b74a4ec 100644 (file)
--- a/src/common/include/cynara.h
+++ b/src/common/include/cynara.h
@@ -31,6 +31,8 @@
 #include <vector>
 #include <map>
 
+#include "security-manager.h"
+
 namespace SecurityManager {
 
 enum class Bucket
@@ -122,6 +124,17 @@ public:
         const std::vector<std::string> &oldPrivileges,
         const std::vector<std::string> &newPrivileges);
 
+    /**
+     * Depending on user type, create link between MAIN bucket and appropriate
+     * USER_TYPE_* bucket for newly added user uid to apply permissions for that
+     * user type.
+     * @throws CynaraException::InvalidParam.
+     *
+     * @param uid new user uid
+     * @param userType type as enumerated in security-manager.h
+     */
+    void UserInit(uid_t uid, security_manager_user_type userType);
+
 private:
     CynaraAdmin();
     struct cynara_admin *m_CynaraAdmin;

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 5c34017..7eddd50 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -386,20 +386,11 @@ int userAdd(uid_t uidAdded, int userType, uid_t uid)
     if (uid != 0)
         return SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED;
 
-    switch (userType) {
-    case SM_USER_TYPE_SYSTEM:
-    case SM_USER_TYPE_ADMIN:
-    case SM_USER_TYPE_GUEST:
-    case SM_USER_TYPE_NORMAL:
-        break;
-    default:
+    try {
+        CynaraAdmin::getInstance().UserInit(uidAdded, static_cast<security_manager_user_type>(userType));
+    } catch (CynaraException::InvalidParam &e) {
         return SECURITY_MANAGER_API_ERROR_INPUT_PARAM;
     }
-
-    //TODO add policy information to cynara regarding user default privileges based on user_type
-    (void) uidAdded;
-    (void) userType;
-
     return SECURITY_MANAGER_API_SUCCESS;
 }