Change-Id: I64101b26a185706f42b621e7c04512ace8141c76
Signed-off-by: Krzysztof Sasiak <k.sasiak@samsung.com>
#include <security-manager.h>
#include <client-offline.h>
#include <security-manager.h>
#include <client-offline.h>
+static const char *EMPTY = "";
/**
* Mapping of lib_retcode error codes to theirs strings equivalents
/**
* Mapping of lib_retcode error codes to theirs strings equivalents
{SECURITY_MANAGER_ERROR_MEMORY, "Memory allocation error"},
{SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE, "Incomplete data in application request"},
{SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "User does not have sufficient "
{SECURITY_MANAGER_ERROR_MEMORY, "Memory allocation error"},
{SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE, "Incomplete data in application request"},
{SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "User does not have sufficient "
- "rigths to perform an operation"}
+ "rigths to perform an operation"},
+ {SECURITY_MANAGER_ERROR_ACCESS_DENIED, "Insufficient privileges"},
return SECURITY_MANAGER_SUCCESS;
case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
return SECURITY_MANAGER_SUCCESS;
case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
+ case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
+ return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
default:
case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
default:
return SECURITY_MANAGER_SUCCESS;
case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
return SECURITY_MANAGER_SUCCESS;
case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
+ case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
+ return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
default:
return SECURITY_MANAGER_ERROR_UNKNOWN;
}
default:
return SECURITY_MANAGER_ERROR_UNKNOWN;
}
using namespace SecurityManager;
MessageBuffer send, recv;
using namespace SecurityManager;
MessageBuffer send, recv;
- if (ppp_privs_policy == nullptr || p_size == nullptr)
+ if (ppp_privs_policy == nullptr
+ || p_size == nullptr
+ || p_filter == nullptr)
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
return try_catch([&] {
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
return try_catch([&] {
case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
+ case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
+ return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
+
default:
return SECURITY_MANAGER_ERROR_UNKNOWN;
}
default:
return SECURITY_MANAGER_ERROR_UNKNOWN;
}
if (!p_entry)
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
p_entry->currentLevel = policy_level;
if (!p_entry)
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
p_entry->currentLevel = policy_level;
+ p_entry->maxLevel = EMPTY;
return SECURITY_MANAGER_SUCCESS;
}
return SECURITY_MANAGER_SUCCESS;
}
if (!p_entry)
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
p_entry->maxLevel = policy_level;
if (!p_entry)
return SECURITY_MANAGER_ERROR_INPUT_PARAM;
p_entry->maxLevel = policy_level;
+ p_entry->currentLevel = EMPTY;
return SECURITY_MANAGER_SUCCESS;
}
return SECURITY_MANAGER_SUCCESS;
}
#define _SECURITY_MANAGER_PROTOCOLS_
#include <sys/types.h>
#define _SECURITY_MANAGER_PROTOCOLS_
#include <sys/types.h>
#include <vector>
#include <string>
#include <dpl/serialization.h>
#include <vector>
#include <string>
#include <dpl/serialization.h>
+#include <security-manager.h>
std::string currentLevel; // current level of privielege, or level asked to be set in privacy manager bucket
std::string maxLevel; // holds read maximum policy status or status to be set in admin bucket
std::string currentLevel; // current level of privielege, or level asked to be set in privacy manager bucket
std::string maxLevel; // holds read maximum policy status or status to be set in admin bucket
- policy_entry() : user(""), appId(""), privilege(""), currentLevel(""), maxLevel("")
+ policy_entry() : user(std::to_string(getuid())),
+ appId(SECURITY_MANAGER_ANY),
+ privilege(SECURITY_MANAGER_ANY),
+ currentLevel(""),
+ maxLevel("")
{}
policy_entry(IStream &stream) {
{}
policy_entry(IStream &stream) {
SECURITY_MANAGER_ERROR_INPUT_PARAM,
SECURITY_MANAGER_ERROR_MEMORY,
SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE,
SECURITY_MANAGER_ERROR_INPUT_PARAM,
SECURITY_MANAGER_ERROR_MEMORY,
SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE,
- SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED
+ SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
+ SECURITY_MANAGER_ERROR_ACCESS_DENIED,
};
/*! \brief accesses types for application installation paths*/
};
/*! \brief accesses types for application installation paths*/
struct policy_entry;
typedef struct policy_entry policy_entry;
struct policy_entry;
typedef struct policy_entry policy_entry;
-/*! \brief wildcard to be used in policy update requests to match all possible values of
- * given field. Use it, for example when it is desired to apply policy change for all
+/*! \brief wildcard to be used in requests to match all possible values of given field.
+ * Use it, for example when it is desired to list or apply policy change for all
* users or all apps for selected user.
*/
#define SECURITY_MANAGER_ANY "#"
* users or all apps for selected user.
*/
#define SECURITY_MANAGER_ANY "#"
+/*! \brief value denoting delete operation on specific policy. It can only be used
+ * in update policy operation, passed to either security_manager_policy_entry_admin_set_level
+ * or security_manager_policy_entry_set_level.
+ */
+#define SECURITY_MANAGER_DELETE "DELETE"
+
/**
* This function translates lib_retcode error codes to strings describing
* errors.
/**
* This function translates lib_retcode error codes to strings describing
* errors.
* It uses dynamic allocation inside and user responsibility is to call
* policy_policy_entry_free() for freeing allocated resources.
*
* It uses dynamic allocation inside and user responsibility is to call
* policy_policy_entry_free() for freeing allocated resources.
*
+ * \note application and privilege fields default to SECURITY_MANAGER_ANY wildcard,
+ * user field defaults to calling user's UID, whereas the current and max level
+ * values, default to empty string "".
+ *
* \param[out] pp_entry Address of pointer for handle policy_entry structure
* \return API return code or error code
*/
* \param[out] pp_entry Address of pointer for handle policy_entry structure
* \return API return code or error code
*/
* entry point. The request should contain at least one policy update unit, otherwise
* the SECURITY_MANAGER_ERROR_INPUT_PARAM is returned.
*
* entry point. The request should contain at least one policy update unit, otherwise
* the SECURITY_MANAGER_ERROR_INPUT_PARAM is returned.
*
+ * \note 1. If user field in policy_entry is empty, then uid of the calling user is assumed
+ * 2. If privilege or app field in policy_entry is empty, then SECURITY_MANAGER_API_BAD_REQUEST
+ * is returned
+ * 3. For user's personal policy: wildcards usage in application or privilege field of policy_entry
+ * is not allowed
+ *
* \param[in] p_req Pointer handling allocated policy_update_req structure
* \return API return code or error code
*
* \param[in] p_req Pointer handling allocated policy_update_req structure
* \return API return code or error code
*