From: Michal Eljasiewicz Date: Mon, 22 Dec 2014 13:33:13 +0000 (+0100) Subject: Add default policy for user when creating it. X-Git-Tag: accepted/tizen/tv/20150217.004257~22 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git;a=commitdiff_plain;h=278527c6f852600922e5df92c4aba9c81e265fd5 Add default policy for user when creating it. Change-Id: Ifc2896aa413ec7c003136a5886f7aad84c0c8f00 Signed-off-by: Michal Eljasiewicz --- diff --git a/src/common/cynara.cpp b/src/common/cynara.cpp index 1436ba1..4b61a56 100644 --- a/src/common/cynara.cpp +++ b/src/common/cynara.cpp @@ -301,6 +301,40 @@ void CynaraAdmin::UpdateAppPolicy( SetPolicies(policies); } +void CynaraAdmin::UserInit(uid_t uid, security_manager_user_type userType) +{ + Bucket bucket; + std::vector policies; + + switch (userType) { + case SM_USER_TYPE_SYSTEM: + bucket = Bucket::USER_TYPE_SYSTEM; + break; + case SM_USER_TYPE_ADMIN: + bucket = Bucket::USER_TYPE_ADMIN; + break; + case SM_USER_TYPE_GUEST: + bucket = Bucket::USER_TYPE_GUEST; + break; + case SM_USER_TYPE_NORMAL: + bucket = Bucket::USER_TYPE_NORMAL; + break; + case SM_USER_TYPE_ANY: + case SM_USER_TYPE_NONE: + case SM_USER_TYPE_END: + default: + ThrowMsg(CynaraException::InvalidParam, "User type incorrect"); + } + + policies.push_back(CynaraAdminPolicy(CYNARA_ADMIN_WILDCARD, + std::to_string(static_cast(uid)), + CYNARA_ADMIN_WILDCARD, + Buckets.at(bucket), + Buckets.at(Bucket::MAIN))); + + CynaraAdmin::getInstance().SetPolicies(policies); +} + Cynara::Cynara() { checkCynaraError( diff --git a/src/common/include/cynara.h b/src/common/include/cynara.h index 8982d54..b74a4ec 100644 --- a/src/common/include/cynara.h +++ b/src/common/include/cynara.h @@ -31,6 +31,8 @@ #include #include +#include "security-manager.h" + namespace SecurityManager { enum class Bucket @@ -122,6 +124,17 @@ public: const std::vector &oldPrivileges, const std::vector &newPrivileges); + /** + * Depending on user type, create link between MAIN bucket and appropriate + * USER_TYPE_* bucket for newly added user uid to apply permissions for that + * user type. + * @throws CynaraException::InvalidParam. + * + * @param uid new user uid + * @param userType type as enumerated in security-manager.h + */ + void UserInit(uid_t uid, security_manager_user_type userType); + private: CynaraAdmin(); struct cynara_admin *m_CynaraAdmin; diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index 5c34017..7eddd50 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -386,20 +386,11 @@ int userAdd(uid_t uidAdded, int userType, uid_t uid) if (uid != 0) return SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED; - switch (userType) { - case SM_USER_TYPE_SYSTEM: - case SM_USER_TYPE_ADMIN: - case SM_USER_TYPE_GUEST: - case SM_USER_TYPE_NORMAL: - break; - default: + try { + CynaraAdmin::getInstance().UserInit(uidAdded, static_cast(userType)); + } catch (CynaraException::InvalidParam &e) { return SECURITY_MANAGER_API_ERROR_INPUT_PARAM; } - - //TODO add policy information to cynara regarding user default privileges based on user_type - (void) uidAdded; - (void) userType; - return SECURITY_MANAGER_API_SUCCESS; }