README for security-server project

security-server project contains of two parts:
1) the server part, that is implemented as a daemon that has vast rights for
vulnerable, security-related data, and that may be trusted by its clients.

2) the client part, libsecurity-server: a library that allows programs to
communicate with the server part to ask for granting some rights or to get some
security-related data.

The libsecurity-server library's API is available in the header file
src/incluce/privilege-control.h.

The libsecurity-server API may be used to:
* enable SMACK security for in-direct interprocess communication.
* password management (setting, restoring, checking passwords)
* check for SMACK rights that other processes have if its smack label is not
known, but a remote's side pid is known or communication to it is established
with socket.
* enabling and disabling permissions for a specified application


security-server2:

The server part is implemented in a /src/server2 directory.
The implementation is divided into:
    manager part: that is responsible for threads and communication management
    with no awareness of what information is being transferred. This part is
    implemented by SocketManager class that works with GenericSocketService as
    a generalization for services that security-server provides.
and
    services part: implemented as classes derived from GenericSocketService
    grouped in src/server2/service directory that defines actions done by
    security-server after receiving certain requests from client side.

Adding services to security-server should be done by creating a new class
derived from GenericSocketService, implementing proper functions for it,
registering it to SocketManager in main loop and making unix socket for service.

The paths of unix sockets used in communication between server and libclient are
defined in src/server2/common directory. Sockets themselves are configured in
files in systemd directory.