From: Krzysztof Sasiak <k.sasiak@samsung.com>
Date: Wed, 11 Feb 2015 10:28:03 +0000 (+0100)
Subject: Elaborating documentation and some client fixes
X-Git-Tag: accepted/tizen/3.0.2015.q1/common/20150320.110433~20
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git;a=commitdiff_plain;h=b17d250a247a11dc6b63657c4174f697f1f95e4d

Elaborating documentation and some client fixes

Change-Id: I64101b26a185706f42b621e7c04512ace8141c76
Signed-off-by: Krzysztof Sasiak <k.sasiak@samsung.com>
---

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index 4427704..87b0a74 100644
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -47,6 +47,7 @@
 #include <security-manager.h>
 #include <client-offline.h>
 
+static const char *EMPTY = "";
 
 /**
  * Mapping of lib_retcode error codes to theirs strings equivalents
@@ -58,7 +59,8 @@ static std::map<enum lib_retcode, std::string> lib_retcode_string_map = {
     {SECURITY_MANAGER_ERROR_MEMORY, "Memory allocation error"},
     {SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE, "Incomplete data in application request"},
     {SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED, "User does not have sufficient "
-                                                   "rigths to perform an operation"}
+                                                   "rigths to perform an operation"},
+    {SECURITY_MANAGER_ERROR_ACCESS_DENIED, "Insufficient privileges"},
 };
 
 SECURITY_MANAGER_API
@@ -191,6 +193,8 @@ int security_manager_app_install(const app_inst_req *p_req)
                 return SECURITY_MANAGER_SUCCESS;
             case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
                 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
+            case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
+                return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
             case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
                 return SECURITY_MANAGER_ERROR_INPUT_PARAM;
             default:
@@ -678,6 +682,8 @@ int security_manager_policy_update_send(policy_update_req *p_req)
                 return SECURITY_MANAGER_SUCCESS;
             case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
                 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
+            case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
+                return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
             default:
                 return SECURITY_MANAGER_ERROR_UNKNOWN;
         }
@@ -693,7 +699,9 @@ static inline int security_manager_get_policy_internal(
     using namespace SecurityManager;
     MessageBuffer send, recv;
 
-    if (ppp_privs_policy == nullptr || p_size == nullptr)
+    if (ppp_privs_policy == nullptr
+        || p_size == nullptr
+        || p_filter == nullptr)
         return SECURITY_MANAGER_ERROR_INPUT_PARAM;
 
     return try_catch([&] {
@@ -734,6 +742,9 @@ static inline int security_manager_get_policy_internal(
             case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
                 return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
 
+            case SECURITY_MANAGER_API_ERROR_ACCESS_DENIED:
+                return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
+
             default:
                 return SECURITY_MANAGER_ERROR_UNKNOWN;
         }
@@ -821,6 +832,7 @@ int security_manager_policy_entry_set_level(policy_entry *p_entry, const char *p
     if (!p_entry)
         return  SECURITY_MANAGER_ERROR_INPUT_PARAM;
     p_entry->currentLevel = policy_level;
+    p_entry->maxLevel = EMPTY;
     return  SECURITY_MANAGER_SUCCESS;
 }
 
@@ -830,6 +842,7 @@ int security_manager_policy_entry_admin_set_level(policy_entry *p_entry, const c
     if (!p_entry)
         return  SECURITY_MANAGER_ERROR_INPUT_PARAM;
     p_entry->maxLevel = policy_level;
+    p_entry->currentLevel = EMPTY;
     return  SECURITY_MANAGER_SUCCESS;
 }
 
diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h
index 20902ba..87ab99d 100644
--- a/src/common/include/protocols.h
+++ b/src/common/include/protocols.h
@@ -26,9 +26,11 @@
 #define _SECURITY_MANAGER_PROTOCOLS_
 
 #include <sys/types.h>
+#include <unistd.h>
 #include <vector>
 #include <string>
 #include <dpl/serialization.h>
+#include <security-manager.h>
 
 /**
  * \name Return Codes
@@ -145,7 +147,11 @@ struct policy_entry : ISerializable {
     std::string currentLevel;   // current level of privielege, or level asked to be set in privacy manager bucket
     std::string maxLevel;       // holds read maximum policy status or status to be set in admin bucket
 
-    policy_entry() : user(""), appId(""), privilege(""), currentLevel(""), maxLevel("")
+    policy_entry() : user(std::to_string(getuid())),
+                    appId(SECURITY_MANAGER_ANY),
+                    privilege(SECURITY_MANAGER_ANY),
+                    currentLevel(""),
+                    maxLevel("")
     {}
 
     policy_entry(IStream &stream) {
diff --git a/src/include/security-manager.h b/src/include/security-manager.h
index c8c265d..da0f288 100644
--- a/src/include/security-manager.h
+++ b/src/include/security-manager.h
@@ -40,7 +40,8 @@ enum lib_retcode {
     SECURITY_MANAGER_ERROR_INPUT_PARAM,
     SECURITY_MANAGER_ERROR_MEMORY,
     SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE,
-    SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED
+    SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED,
+    SECURITY_MANAGER_ERROR_ACCESS_DENIED,
 };
 
 /*! \brief accesses types for application installation paths*/
@@ -90,12 +91,18 @@ typedef struct policy_update_req policy_update_req;
 struct policy_entry;
 typedef struct policy_entry policy_entry;
 
-/*! \brief wildcard to be used in policy update requests to match all possible values of
- *         given field. Use it, for example when it is desired to apply policy change for all
+/*! \brief wildcard to be used in requests to match all possible values of given field.
+ *         Use it, for example when it is desired to list or apply policy change for all
  *         users or all apps for selected user.
  */
 #define SECURITY_MANAGER_ANY "#"
 
+/*! \brief value denoting delete operation on specific policy. It can only be used
+ *         in update policy operation, passed to either security_manager_policy_entry_admin_set_level
+ *         or security_manager_policy_entry_set_level.
+ */
+#define SECURITY_MANAGER_DELETE "DELETE"
+
 /**
  * This function translates lib_retcode error codes to strings describing
  * errors.
@@ -343,6 +350,10 @@ void security_manager_policy_update_req_free(policy_update_req *p_req);
  * It uses dynamic allocation inside and user responsibility is to call
  * policy_policy_entry_free() for freeing allocated resources.
  *
+ * \note application and privilege fields default to SECURITY_MANAGER_ANY wildcard,
+ *       user field defaults to calling user's UID, whereas the current and max level
+ *       values, default to empty string "".
+ *
  * \param[out] pp_entry Address of pointer for handle policy_entry structure
  * \return API return code or error code
  */
@@ -533,6 +544,12 @@ const char *security_manager_policy_entry_get_max_level(policy_entry *p_entry);
  *        entry point. The request should contain at least one policy update unit, otherwise
  *        the SECURITY_MANAGER_ERROR_INPUT_PARAM is returned.
  *
+ * \note  1. If user field in policy_entry is empty, then uid of the calling user is assumed
+ *        2. If privilege or app field in policy_entry is empty, then SECURITY_MANAGER_API_BAD_REQUEST
+ *           is returned
+ *        3. For user's personal policy: wildcards usage in application or privilege field of policy_entry
+ *           is not allowed
+ *
  * \param[in] p_req Pointer handling allocated policy_update_req structure
  * \return API return code or error code
  *