SECURITY_MANAGER_API
int security_manager_policy_levels_get(char ***levels, size_t *levels_count)
{
- (void)levels;
- (void)levels_count;
+ using namespace SecurityManager;
+ MessageBuffer send, recv;
+ if (!levels || !levels_count)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ return try_catch([&] {
+
+ //put data into buffer
+ Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::POLICY_GET_DESCRIPTIONS));
- return 0;
+ //send buffer to server
+ int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+ if (retval != SECURITY_MANAGER_API_SUCCESS) {
+ LogError("Error in sendToServer. Error code: " << retval);
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ //receive response from server
+ Deserialization::Deserialize(recv, retval);
+
+ switch(retval) {
+ case SECURITY_MANAGER_API_SUCCESS:
+ // success - continue
+ break;
+ case SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY:
+ return SECURITY_MANAGER_ERROR_MEMORY;
+ case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ default:
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ int count;
+ Deserialization::Deserialize(recv, count);
+ *levels_count = count;
+ LogInfo("Number of policy descriptions: " << *levels_count);
+
+ char **array = new char *[*levels_count];
+
+ for (unsigned int i = 0; i < *levels_count; ++i) {
+ std::string level;
+ Deserialization::Deserialize(recv, level);
+
+ if (level.empty()) {
+ LogError("Unexpected empty level");
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ array[i] = strdup(level.c_str());
+ if (array[i] == nullptr)
+ return SECURITY_MANAGER_ERROR_MEMORY;
+ }
+
+ *levels = array;
+
+ return SECURITY_MANAGER_SUCCESS;
+ });
}
SECURITY_MANAGER_API
void security_manager_policy_levels_free(char **levels, size_t levels_count)
{
- (void)levels;
- (void)levels_count;
+ for (unsigned int i = 0; i < levels_count; i++)
+ free(levels[i]);
+
+ delete[] levels;
}
GET_POLICY,
GET_CONF_POLICY_ADMIN,
GET_CONF_POLICY_SELF,
+ POLICY_GET_DESCRIPTIONS,
NOOP = 0x90,
};
*/
int getPolicy(const policy_entry &filter, uid_t uid, pid_t pid, const std::string &smackLabel, std::vector<policy_entry> &policyEntries);
+/**
+ * Process getting policy descriptions list.
+ *
+ * @param[in] descriptions empty vector for descriptions strings
+ *
+ * @return API return code, as defined in protocols.h
+ */
+int policyGetDesc(std::vector<std::string> &descriptions);
+
} /* namespace ServiceImpl */
} /* namespace SecurityManager */
return SECURITY_MANAGER_API_SUCCESS;
}
+int policyGetDesc(std::vector<std::string> &levels)
+{
+ int ret = SECURITY_MANAGER_API_SUCCESS;
+
+ try {
+ CynaraAdmin::getInstance().ListPoliciesDescriptions(levels);
+ } catch (const CynaraException::OutOfMemory &e) {
+ LogError("Error - out of memory while querying Cynara for policy descriptions list: " << e.DumpToString());
+ return SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY;
+ } catch (const CynaraException::InvalidParam &e) {
+ LogError("Error - invalid parameter while querying Cynara for policy descriptions list: " << e.DumpToString());
+ return SECURITY_MANAGER_API_ERROR_INPUT_PARAM;
+ } catch (const CynaraException::ServiceNotAvailable &e) {
+ LogError("Error - service not available while querying Cynara for policy descriptions list: " << e.DumpToString());
+ return SECURITY_MANAGER_API_ERROR_NO_SUCH_SERVICE;
+ } catch (const CynaraException::Base &e) {
+ LogError("Error while getting policy descriptions list from Cynara: " << e.DumpToString());
+ return SECURITY_MANAGER_API_ERROR_SERVER_ERROR;
+ }
+
+ return ret;
+}
+
} /* namespace ServiceImpl */
} /* namespace SecurityManager */
*/
void processGetPolicy(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid, const std::string &smackLabel);
+ /**
+ * Process getting policies descriptions as strings from Cynara
+ *
+ * @param send Raw data buffer to be sent
+ */
+ void processPolicyGetDesc(MessageBuffer &send);
+
};
} // namespace SecurityManager
case SecurityModuleCall::GET_POLICY:
processGetPolicy(buffer, send, uid, pid, smackLabel);
break;
+ case SecurityModuleCall::POLICY_GET_DESCRIPTIONS:
+ processPolicyGetDesc(send);
+ break;
default:
LogError("Invalid call: " << call_type_int);
Throw(ServiceException::InvalidAction);
};
}
+void Service::processPolicyGetDesc(MessageBuffer &send)
+{
+ int ret;
+ std::vector<std::string> descriptions;
+
+ ret = ServiceImpl::policyGetDesc(descriptions);
+ Serialization::Serialize(send, ret);
+ if (ret == SECURITY_MANAGER_API_SUCCESS) {
+ Serialization::Serialize(send, static_cast<int>(descriptions.size()));
+
+ for(std::vector<std::string>::size_type i = 0; i != descriptions.size(); i++) {
+ Serialization::Serialize(send, descriptions[i]);
+ }
+ }
+}
+
} // namespace SecurityManager