ret = security_manager_drop_process_privileges();
return ret;
}
+
+SECURITY_MANAGER_API
+int security_manager_user_req_new(user_req **pp_req)
+{
+ if (!pp_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ try {
+ *pp_req = new user_req;
+ } catch (std::bad_alloc& ex) {
+ return SECURITY_MANAGER_ERROR_MEMORY;
+ }
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+void security_manager_user_req_free(user_req *p_req)
+{
+ delete p_req;
+}
+
+SECURITY_MANAGER_API
+int security_manager_user_req_set_uid(user_req *p_req, uid_t uid)
+{
+ if (!p_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ p_req->uid = uid;
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_user_req_set_user_type(user_req *p_req, security_manager_user_type utype)
+{
+ if (!p_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+ p_req->utype = static_cast<int>(utype);
+
+ return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_user_add(const user_req *p_req)
+{
+ //TODO
+ (void) p_req;
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+}
+
+SECURITY_MANAGER_API
+int security_manager_user_delete(const user_req *p_req)
+{
+ //TODO
+ (void) p_req;
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+}
SECURITY_MANAGER_ENUM_END
};
+/**
+ * This enum has values equivalent to gumd user type.
+ * The gum-utils help states that
+ * "usertype can be system(1), admin(2), guest(3), normal(4)."
+ */
+enum security_manager_user_type {
+ SM_USER_TYPE_NONE = 0,/*<-this should not be used, if it is used, there will be an error returned by SM*/
+ SM_USER_TYPE_SYSTEM = 1,
+ SM_USER_TYPE_ADMIN = 2,
+ SM_USER_TYPE_GUEST = 3,
+ SM_USER_TYPE_NORMAL = 4,
+ SM_USER_TYPE_ANY = 5,/*<-this value may be used only for setting policies and not during user adding*/
+ SM_USER_TYPE_END
+};
+typedef enum security_manager_user_type security_manager_user_type;
+
/*! \brief data structure responsible for handling informations
* required to install / uninstall application */
struct app_inst_req;
typedef struct app_inst_req app_inst_req;
+/*! \brief data structure responsible for handling informations
+ * required to manage users */
+struct user_req;
+typedef struct user_req user_req;
+
/**
* This function translates lib_retcode error codes to strings describing
* errors.
*/
int security_manager_prepare_app(const char *app_id);
+/*
+ * This function is responsible for initialization of user_req data structure.
+ * It uses dynamic allocation inside and user responsibility is to call
+ * security_manager_user_req_free() for freeing allocated resources.
+ *
+ * @param[in] Address of pointer for handle user_req structure
+ * @return API return code or error code
+ */
+int security_manager_user_req_new(user_req **pp_req);
+
+/*
+ * This function is used to free resources allocated by
+ * security_manager_user_req_new()
+ *
+ * @param[in] Pointer handling allocated user_req structure
+ */
+void security_manager_user_req_free(user_req *p_req);
+
+/*
+ * This function is used to set up user identifier in user_req structure.
+ *
+ * @param p_req Structure containing user data filled during this function call
+ * @param uid User identifier to be set
+ * @return API return code or error code
+ */
+int security_manager_user_req_set_uid(user_req *p_req, uid_t uid);
+
+/*
+ * This function is used to set up user type in user_req structure.
+ *
+ * @param p_req Structure containing user data filled during this function call
+ * @param utype User type to be set
+ * @return API return code or error code
+ */
+int security_manager_user_req_set_user_type(user_req *p_req, security_manager_user_type utype);
+
+/*
+ * This function should be called to inform security-manager about adding new user.
+ * This function succeeds only when is called by privileged user.
+ * Otherwise it just returns SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED and does nothing.
+ *
+ * It adds all required privileges to a newly created user.
+ * User data are passed through pointer 'p_req'.
+ * @param p_req Structure containing user data filled before calling this
+ * uid and user type needs to be filled in p_req structure,
+ * otherwise SECURITY_MANAGER_ERROR_INPUT_PARAM will be returned.
+ * @return API return code or error code.
+ */
+int security_manager_user_add(const user_req *p_req);
+
+/*
+ * This function should be called to inform security-manager about removing a user.
+ * This function succeeds only when is called by privileged user.
+ * Otherwise it just returns SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED and does nothing.
+ *
+ * It removes all privileges granted to a user that has been granted previously by
+ * security_manager_user_add.
+ *
+ * @param p_req Structure containing user data filled before calling this.
+ * uid of user needs to be filled in p_req structure,
+ * otherwise SECURITY_MANAGER_ERROR_INPUT_PARAM will be returned.
+ * @return API return code or error code
+ */
+int security_manager_user_delete(const user_req *p_req);
+
#ifdef __cplusplus
}