From e23799e92c97db9c8528c32218a9d9457e44064c Mon Sep 17 00:00:00 2001
From: Jan Cybulski <j.cybulski@samsung.com>
Date: Sat, 31 Jan 2015 10:38:33 +0100
Subject: [PATCH] Add API stub for setting policies

Change-Id: I56ccafe0432c44e7f5f97abd9f1aa29ff76e4c47
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
---
 src/client/client-security-manager.cpp | 109 ++++++++++++++
 src/common/include/protocols.h         |  15 ++
 src/include/security-manager.h         | 262 +++++++++++++++++++++++++++++++++
 3 files changed, 386 insertions(+)

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index c3f72d9..c2a3fd7 100644
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -634,3 +634,112 @@ int security_manager_user_delete(const user_req *p_req)
         }
     });
 }
+
+
+/***************************POLICY***************************************/
+
+SECURITY_MANAGER_API
+int security_manager_policy_update_req_new(policy_update_req **pp_req)
+{
+    if (!pp_req)
+        return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+    try {
+        *pp_req = new policy_update_req;
+    } catch (std::bad_alloc& ex) {
+        return SECURITY_MANAGER_ERROR_MEMORY;
+    }
+
+    return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+void security_manager_policy_update_req_free(policy_update_req *p_req)
+{
+    delete p_req;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_update_send(policy_update_req *p_req)
+{
+    (void)p_req;
+
+    return SECURITY_MANAGER_ERROR_UNKNOWN;
+}
+
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_new(policy_entry **p_entry)
+{
+    if (!p_entry)
+        return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+
+    try {
+        *p_entry = new policy_entry;
+    } catch (std::bad_alloc& ex) {
+        return SECURITY_MANAGER_ERROR_MEMORY;
+    }
+
+    return SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+void security_manager_policy_entry_free(policy_entry *p_entry)
+{
+    delete p_entry;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_set_application(policy_entry *p_entry, const char *app_id)
+{
+    if (!p_entry)
+        return  SECURITY_MANAGER_ERROR_INPUT_PARAM;
+    p_entry->appId = app_id;
+    return  SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_set_user(policy_entry *p_entry, const char *user)
+{
+    if (!p_entry)
+        return  SECURITY_MANAGER_ERROR_INPUT_PARAM;
+    p_entry->user = user;
+    return  SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_set_privilege(policy_entry *p_entry, const char *privilege)
+{
+    if (!p_entry)
+        return  SECURITY_MANAGER_ERROR_INPUT_PARAM;
+    p_entry->privilege = privilege;
+    return  SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_set_level(policy_entry *p_entry, const char *policy_level)
+{
+    if (!p_entry)
+        return  SECURITY_MANAGER_ERROR_INPUT_PARAM;
+    p_entry->currentLevel = policy_level;
+    return  SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_entry_admin_set_level(policy_entry *p_entry, const char *policy_level)
+{
+    if (!p_entry)
+        return  SECURITY_MANAGER_ERROR_INPUT_PARAM;
+    p_entry->maxLevel = policy_level;
+    return  SECURITY_MANAGER_SUCCESS;
+}
+
+SECURITY_MANAGER_API
+int security_manager_policy_update_req_add_entry(policy_update_req *p_req, const policy_entry *p_entry)
+{
+    if (!p_entry || !p_req)
+        return  SECURITY_MANAGER_ERROR_INPUT_PARAM;
+    p_req->units.push_back(p_entry);
+
+    return  SECURITY_MANAGER_SUCCESS;
+}
diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h
index 11b93a5..1d52dd4 100644
--- a/src/common/include/protocols.h
+++ b/src/common/include/protocols.h
@@ -130,4 +130,19 @@ enum class SecurityModuleCall
 
 } // namespace SecurityManager
 
+struct policy_entry {
+    std::string user;           // uid converted to string
+    std::string appId;          // application identifier
+    std::string privilege;      // cynara privilege
+    std::string currentLevel;   // current level of privielege, or level asked to be set in privacy manager bucket
+    std::string maxLevel;       // holds read maximum policy status or status to be set in admin bucket
+};
+typedef struct policy_entry policy_entry;
+
+
+struct policy_update_req {
+    std::vector<const policy_entry *> units;
+};
+
+
 #endif // _SECURITY_MANAGER_PROTOCOLS_
diff --git a/src/include/security-manager.h b/src/include/security-manager.h
index 5e0f15b..0dd5378 100644
--- a/src/include/security-manager.h
+++ b/src/include/security-manager.h
@@ -81,6 +81,21 @@ typedef struct app_inst_req app_inst_req;
 struct user_req;
 typedef struct user_req user_req;
 
+/*! \brief data structure responsible for handling policy updates
+ *  required to manage users' and applications' permissions */
+struct policy_update_req;
+typedef struct policy_update_req policy_update_req;
+
+/*! \brief data structure responsible for handling single policy entry*/
+struct policy_entry;
+typedef struct policy_entry policy_entry;
+
+/*! \brief wildcard to be used in policy update requests to match all possible values of
+ *         given field. Use it, for example when it is desired to apply policy change for all
+ *         users or all apps for selected user.
+ */
+#define SECURITY_MANAGER_ANY "#"
+
 /**
  * This function translates lib_retcode error codes to strings describing
  * errors.
@@ -305,6 +320,253 @@ int security_manager_user_add(const user_req *p_req);
  */
 int security_manager_user_delete(const user_req *p_req);
 
+/**
+ * \brief This function is responsible for initializing policy_update_req data structure.
+ *
+ * It uses dynamic allocation inside and user responsibility is to call
+ * policy_update_req_free() for freeing allocated resources.
+ *
+ * \param[out] pp_req Address of pointer for handle policy_update_req structure
+ * \return API return code or error code
+ */
+int security_manager_policy_update_req_new(policy_update_req **pp_req);
+
+/**
+ * \brief This function is used to free resources allocated by calling policy_update_req_new().
+ * \param[in] p_req Pointer handling allocated policy_update_req structure
+ */
+void security_manager_policy_update_req_free(policy_update_req *p_req);
+
+/**
+ * \brief This function is responsible for initializing policy_entry data structure.
+ *
+ * It uses dynamic allocation inside and user responsibility is to call
+ * policy_policy_entry_free() for freeing allocated resources.
+ *
+ * \param[out] pp_entry Address of pointer for handle policy_entry structure
+ * \return API return code or error code
+ */
+int security_manager_policy_entry_new(policy_entry **pp_entry);
+
+/**
+ * \brief This function is used to free resources allocated by calling
+ * policy_entry_req_new().
+ * \param[in] p_entry Pointer handling allocated policy_entry structure
+ */
+void security_manager_policy_entry_free(policy_entry *p_entry);
+
+/**
+ * This function is used to set up application identifier in p_entry structure
+ *
+ * \param[in] p_entry Pointer handling policy_entry structure
+ * \param[in] app_id Application identifier to be set
+ * \return API return code or error code
+ */
+int security_manager_policy_entry_set_application(policy_entry *p_entry, const char *app_id);
+
+/**
+ * This function is used to set up user identifier in p_entry structure
+ * Calling this function may be omitted if user wants to set policies for himself
+ * \param[in] p_entry Pointer handling policy_entry structure
+ * \param[in] user_id User identifier to be set
+ * \return API return code or error code
+ */
+int security_manager_policy_entry_set_user(policy_entry *p_entry, const char *user_id);
+
+/**
+ * This function is used to set up privilege in p_entry structure
+ *
+ * \param[in] p_entry Pointer handling policy_entry structure
+ * \param[in] privilege Privilege to be set
+ * \return API return code or error code
+ */
+int security_manager_policy_entry_set_privilege(policy_entry *p_entry, const char *privilege);
+
+/**
+ * This function is used to set up privilege level in p_entry structure.
+ * This api is intended to be used to decrease user's own level of privilege.
+ *
+ * \param[in] p_entry Pointer handling policy_entry structure
+ * \param[in] policy_level Policy level to be set. The level of privilege may
+ * be one of strings returned by @ref security_manager_policy_levels_get.
+ * If it is not, then error code SECURITY_MANAGER_ERROR_INPUT_PARAM is returned.
+ * Two predefined values are always valid here:
+ *
+ * "Allow", which means that user allows some app (setup by calling function
+ * @ref security_manager_policy_entry_set_application) to run with some privilege
+ * (setup by @ref security_manager_policy_entry_set_privilege).
+ * Note, that this not necessarily mean, that this privilege will really be granted.
+ * Final decision of granting privilege also depends on app's manifests,
+ * predefined policy and administrator's or manufacturer's settings.
+ * If all of those policy sources also allows granting privilege for that app,
+ *  then (and only then) it will be granted.
+ *
+ * "Deny", which means that user disallows some app (setup by calling function
+ * @ref security_manager_policy_entry_set_application) to run with some privilege
+ * (setup by @ref security_manager_policy_entry_set_privilege).
+ * Note, that this denies privilege irrespective of privilege levels granted
+ * to app by other policy sources: app's manifests, predefined policy
+ * and administrator's or manufacturer's settings.
+ *
+ * Other levels may be also valid, if returned by security_manager_policy_levels_get.
+ * They represent other policy levels configured in system, which security-manager
+ * does support. The other levels are always something between "Allow" and "Deny"
+ * (like "Allow only once").
+ *
+ * Irrespective of a meaning of those values security-manager will always treat
+ * policy set by security_manager_policy_entry_set_level as a mean to
+ * decrease user's own rights. This will never increase overall policy.
+ *
+ * \return API return code or error code
+ */
+int security_manager_policy_entry_set_level(policy_entry *p_entry, const char *policy_level);
+
+/**
+ * This function is used to set up privilege level for admin policy entries
+ * in p_entry structure.
+ *
+ * This function is intended to be used by admin to change level of privilege.
+ * If it is used by user that has no http://tizen.org/privilege/systemsettings.admin
+ * privilege, then security_manager_policy_update_send will return error code.
+ *
+ * \param[in] p_entry Pointer handling policy_entry structure
+ * \param[in] policy_level Policy level to be set. This may be one of strings
+ * returned by @ref security_manager_policy_levels_get. If it is not, then error
+ * code is returned (SECURITY_MANAGER_ERROR_INPUT_PARAM).
+ * Two predefined values are always valid here:
+ *
+ * "Allow", which means that admin allows some user's app to
+ * get privilege irrespective of predefined policy settings for that user.
+ * Note, that this not necessarily mean, that this privilege will really be granted.
+ * Final decision of granting privilege also depends on app's manifests,
+ * user's own policy (set up by @ref security_manager_policy_entry_set_level)
+ * or manufacturer's settings.
+ * If all of those policy sources also allows granting privilege for that app,
+ * then (and only then) it will be granted.
+ *
+ * "Deny", which means that admin disallows some user's app to get privilege
+ * irrespective of predefined policy settings for that user.
+ * Note, that this denies privilege app's manifests, user's own policy
+ * (set up by @ref security_manager_policy_entry_set_level) or manufacturer's
+ * settings.
+ *
+ * Other levels may be also valid, if returned by security_manager_policy_levels_get.
+ * They represent other policy levels configured in system, which security-manager
+ * does support. The other levels are always something between "Allow" and "Deny"
+ * (like "Allow only once").
+ *
+ * Irrespective of a meaning of those values security-manager will always treat
+ * policy set by security_manager_policy_entry_admin_set_level as a mean for admin
+ * to change user's rights, but will not alter user's own privilege level set up
+ * by @ref security_manager_policy_entry_set_level.
+ *
+ * \return API return code or error code
+ */
+int security_manager_policy_entry_admin_set_level(policy_entry *p_entry, const char *policy_level);
+
+/**
+ * This function is used to add policy entry to policy update request.
+ *
+ * Note, that this function does not make a copy of object pointed to by p_entry
+ * and does not change owner of this handler.
+ * User is responsible to keep p_entry untouched until @ref security_manager_policy_update_send
+ * is called on p_req. After that p_entry still needs to be freed.
+ * (see examples in documentation of @ref security_manager_policy_update_send)
+ *
+ * \param[in] p_req Pointer handling allocated policy_update_req structure
+ * \param[in] p_entry Pointer handling policy_entry structure
+ * \return API return code or error code
+ */
+int security_manager_policy_update_req_add_entry(policy_update_req *p_req, const policy_entry *p_entry);
+
+/**
+ * \brief This function is used to send the prepared policy update request to scurity-manager daemon.
+ *
+ * \param[in] p_req Pointer handling allocated policy_update_req structure
+ * \return API return code or error code
+ *
+ * Example:
+ * (warning: checking return codes are omitted in examples just for visibility reasons)
+ *
+ * - to update policy for user by himself:
+ *   (Deny access from app MyApp1 to privilege http://tizen.org/privilege/systemsettings,
+ *   deny access from app MyApp2 to privilege http://tizen.org/privilege/systemsettings,
+ *   deny access from app MyApp3 to privilege http://tizen.org/privilege/notificationmanager)
+ *
+ *      policy_update_req *policy_update_request;
+ *      policy_entry *entry1;
+ *      policy_entry *entry2;
+ *      policy_entry *entry3;
+ *
+ *      security_manager_policy_update_req_new(&policy_update_request);
+ *      security_manager_policy_entry_new(&entry1);
+ *      security_manager_policy_entry_new(&entry2);
+ *      security_manager_policy_entry_new(&entry3);
+ *
+ *      security_manager_policy_entry_set_application(entry1, "MyApp1");
+ *      security_manager_policy_entry_set_privilege(entry1, "http://tizen.org/privilege/systemsettings");
+ *      security_manager_policy_entry_set_level(entry1, "Deny");
+ *
+ *      security_manager_policy_entry_set_application(entry2, "MyApp2");
+ *      security_manager_policy_entry_set_privilege(entry2, "http://tizen.org/privilege/systemsettings");
+ *      security_manager_policy_entry_set_level(entry2, "Deny");
+ *
+ *      security_manager_policy_entry_set_application(entry3, "MyApp3");
+ *      security_manager_policy_entry_set_privilege(entry3, "http://tizen.org/privilege/notificationmanager");
+ *      security_manager_policy_entry_set_level(entry3, "Deny");
+ *
+ *      security_manager_policy_update_req_add_entry(policy_update_request, entry1);
+ *      security_manager_policy_update_req_add_entry(policy_update_request, entry2);
+ *      security_manager_policy_update_req_add_entry(policy_update_request, entry3);
+ *
+ *      //do not change entry1, entry2 or entry3!
+ *
+ *      security_manager_policy_update_send(policy_update_request);
+ *
+ *      security_manager_policy_entry_free(entry1);
+ *      security_manager_policy_entry_free(entry2);
+ *      security_manager_policy_entry_free(entry3);
+ *      security_manager_policy_update_free(policy_update_request);
+ *
+ * - to update policy by administrator for some user:
+ *   (Deny access of user of uid 2001 from any app to privilege http://tizen.org/privilege/vibrator,
+ *   (allow access of user of uid 2002 using app "App1" to privilege http://tizen.org/privilege/email.admin)
+ *
+ *      policy_update_req *policy_update_request;
+ *
+ *      security_manager_policy_update_req_new(&policy_update_request);
+
+ *      policy_entry *entry1;
+ *      policy_entry *entry2;
+ *      char *adminswife = "2001";
+ *      char *adminsfriend = "2002";
+ *
+ *      security_manager_policy_entry_new(&entry1);
+ *      security_manager_policy_entry_new(&entry2);
+ *
+ *      security_manager_policy_entry_set_user(entry1, adminswife);
+ *      security_manager_policy_entry_set_application(entry1, SECURITY_MANAGER_ANY);
+ *      security_manager_policy_entry_set_privilege(entry1, "http://tizen.org/privilege/vibrator");
+ *      security_manager_policy_entry_admin_set_level(entry1, "Deny");
+ *
+ *      security_manager_policy_entry_set_user(entry2, adminsfriend);
+ *      security_manager_policy_entry_set_application(entry2, "App1");
+ *      security_manager_policy_entry_set_privilege(entry2, "http://tizen.org/privilege/email.admin");
+ *      security_manager_policy_entry_admin_set_level(entry2, "Allow");
+ *
+ *      security_manager_policy_update_req_add_entry(policy_update_request, entry1);
+ *      security_manager_policy_update_req_add_entry(policy_update_request, entry2);
+ *
+ *      //do not change entry1 or entry2!
+ *
+ *      security_manager_policy_update_send(policy_update_request);
+ *
+ *      security_manager_policy_entry_free(entry1);
+ *      security_manager_policy_entry_free(entry2);
+ *      security_manager_policy_update_free(policy_update_request);
+ *
+ */
+int security_manager_policy_update_send(policy_update_req *p_req);
 
 #ifdef __cplusplus
 }
-- 
2.7.4