1 README for security-server project
3 security-server project contains of two parts:
4 1) the server part, that is implemented as a daemon that has vast rights for
5 vulnerable, security-related data, and that may be trusted by its clients.
7 2) the client part, libsecurity-server: a library that allows programs to
8 communicate with the server part to ask for granting some rights or to get some
11 The libsecurity-server library's API is available in the header file
12 src/incluce/privilege-control.h.
14 The libsecurity-server API may be used to:
15 * enable SMACK security for in-direct interprocess communication.
16 * password management (setting, restoring, checking passwords)
17 * check for SMACK rights that other processes have if its smack label is not
18 known, but a remote's side pid is known or communication to it is established
20 * enabling and disabling permissions for a specified application
25 The server part is implemented in a /src/server2 directory.
26 The implementation is divided into:
27 manager part: that is responsible for threads and communication management
28 with no awareness of what information is being transferred. This part is
29 implemented by SocketManager class that works with GenericSocketService as
30 a generalization for services that security-server provides.
32 services part: implemented as classes derived from GenericSocketService
33 grouped in src/server2/service directory that defines actions done by
34 security-server after receiving certain requests from client side.
36 Adding services to security-server should be done by creating a new class
37 derived from GenericSocketService, implementing proper functions for it,
38 registering it to SocketManager in main loop and making unix socket for service.
40 The paths of unix sockets used in communication between server and libclient are
41 defined in src/server2/common directory. Sockets themselves are configured in
42 files in systemd directory.
projects / platform / core / security / security-server.git / blob