Security/Tizen 3.X Security Manager/API

From Tizen Wiki
Jump to: navigation, search


Contents

File app-manager.h

Functions (brief)

int security_manager_app_inst_req_new ( app_inst_req **pp_req )

This function is responsible for initialize app_inst_req data structure It uses dynamic allocation inside and user responsibility is to call app_inst_req_free() for freeing allocated resources.


void security_manager_app_inst_req_free ( app_inst_req * p_req )

This function is used to free resources allocated by calling app_inst_req_new()


int security_manager_app_inst_req_set_target_version ( app_inst_req * p_req , const char * tizen_ver )

This function is used to set up target Tizen API version for app in app_inst_req structure.


int security_manager_app_inst_req_set_app_id ( app_inst_req * p_req , const char * app_id )

This function is used to set up application identifier in app_inst_req structure.


int security_manager_app_inst_req_set_pkg_id ( app_inst_req * p_req , const char * pkg_id )

This function is used to set up package identifier in app_inst_req structure.


int security_manager_app_inst_req_add_privilege ( app_inst_req * p_req , const char * privilege )

This function is used to add privilege to app_inst_req structure, it can be called multiple times.


int security_manager_app_inst_req_add_path ( app_inst_req * p_req , const char * path , const int path_type )

This function is used to add application path to app_inst_req structure, it can be called multiple times.


int security_manager_app_inst_req_set_uid ( app_inst_req * p_req , const uid_t uid )

This function is used to set up user identifier in app_inst_req structure.


int security_manager_app_inst_req_set_author_id ( app_inst_req * p_req , const char * author_id )

This function is used to set up author identifier in app_inst_req structure.


int security_manager_app_inst_req_set_install_type ( app_inst_req * p_req , const enum app_install_type type )

This function is used to set up installation type (global, local, preloaded).


int security_manager_app_inst_req_set_hybrid ( app_inst_req * p_req )

This function is used to flag package as hybrid.


int security_manager_app_install ( const app_inst_req * p_req )

This function is used to install application based on using filled up app_inst_req data structure.


int security_manager_app_uninstall ( const app_inst_req * p_req )

This function is used to uninstall application based on using filled up app_inst_req data structure.


int security_manager_path_req_new ( path_req **pp_req )

This function is responsible for initialize path_req data structure.


void security_manager_path_req_free ( path_req * p_req )

This function is used to free resources allocated by calling security_manager_path_req_new().


int security_manager_path_req_set_pkg_id ( path_req * p_req , const char * pkg_id )

This function is used to set up package identifier in path_req structure.


int security_manager_path_req_set_install_type ( path_req * p_req , const enum app_install_type type )

This function is used to set up installation type (global, local, preloaded).


int security_manager_path_req_add_path ( path_req * p_req , const char * path , const int path_type )

This function is used to add a package path to path_req structure.


int security_manager_path_req_set_uid ( path_req * p_req , const uid_t uid )

This function is used to set up user identifier in path_req structure.


int security_manager_paths_register ( const path_req * p_req )

This function is used to register a set of paths for given package using filled up path_req data structure.

Functions

int security_manager_app_inst_req_new ( app_inst_req **pp_req )

This function is responsible for initialize app_inst_req data structure It uses dynamic allocation inside and user responsibility is to call app_inst_req_free() for freeing allocated resources.

Arguments:
[in] - pp_req Address of pointer for handle app_inst_req structure
Returned: API return code or error code

void security_manager_app_inst_req_free ( app_inst_req * p_req )

This function is used to free resources allocated by calling app_inst_req_new()

Arguments:
[in] - p_req Pointer handling allocated app_inst_req structure

int security_manager_app_inst_req_set_target_version ( app_inst_req * p_req , const char * tizen_ver )

This function is used to set up target Tizen API version for app in app_inst_req structure.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - tizen_ver Target Tizen version
Returned: API return code or error code

int security_manager_app_inst_req_set_app_id ( app_inst_req * p_req , const char * app_id )

This function is used to set up application identifier in app_inst_req structure.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - app_id Application identifier
Returned: API return code or error code

int security_manager_app_inst_req_set_pkg_id ( app_inst_req * p_req , const char * pkg_id )

This function is used to set up package identifier in app_inst_req structure.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - pkg_id Package identifier
Returned: API return code or error code

int security_manager_app_inst_req_add_privilege ( app_inst_req * p_req , const char * privilege )

This function is used to add privilege to app_inst_req structure, it can be called multiple times.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - privilege Application privilager
Returned: API return code or error code

int security_manager_app_inst_req_add_path ( app_inst_req * p_req , const char * path , const int path_type )

This function is used to add application path to app_inst_req structure, it can be called multiple times.

DeprecatedThis function is deprecated. Use security_manager_path_req_add_path() instead.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - path Application path
[in] - path_type Application path type
Returned: API return code or error code

int security_manager_app_inst_req_set_uid ( app_inst_req * p_req , const uid_t uid )

This function is used to set up user identifier in app_inst_req structure.

This field simplifies support for online and offline modes.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - uid User identifier (UID)
Returned: API return code or error code

int security_manager_app_inst_req_set_author_id ( app_inst_req * p_req , const char * author_id )

This function is used to set up author identifier in app_inst_req structure.

This field is required for trusted paths only (SECURITY_MANAGER_PATH_TRUSTED_RW).

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - author_id Author's identifier
Returned: API return code or error code

int security_manager_app_inst_req_set_install_type ( app_inst_req * p_req , const enum app_install_type type )

This function is used to set up installation type (global, local, preloaded).

If type is not set and if installation is performed by global user, type is set to 'SM_APP_INSTALL_GLOBAL'. Otherwise installation type is set to 'SM_APP_INSTALL_LOCAL'.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - type Installation type
Returned: API return code or error code

int security_manager_app_inst_req_set_hybrid ( app_inst_req * p_req )

This function is used to flag package as hybrid.

This must be done consequently for every application installed in package - if first application installed sets this flag, others also must set it, otherwise installation will fail, the same applies to non-hybrid packages - if first application doesn't set this flag, then no other application for this package can set it, otherwise its installation will fail.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
Returned: API return code or error code

int security_manager_app_install ( const app_inst_req * p_req )

This function is used to install application based on using filled up app_inst_req data structure.

Required privileges:

Arguments:
[in] - p_req Pointer handling app_inst_req structure
Returned: API return code or error code: it would be
  • SECURITY_MANAGER_SUCCESS on success,
  • SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED when user does not have rights to install requested directories,
  • SECURITY_MANAGER_ERROR_UNKNOWN on other errors.

int security_manager_app_uninstall ( const app_inst_req * p_req )

This function is used to uninstall application based on using filled up app_inst_req data structure.

Required privileges:

Arguments:
[in] - p_req Pointer handling app_inst_req structure
Returned: API return code or error code

int security_manager_path_req_new ( path_req **pp_req )

This function is responsible for initialize path_req data structure.

It uses dynamic allocation inside and user responsibility is to call security_manager_path_req_free() for freeing allocated resources.

Arguments:
[in] - pp_req Address of pointer for handle path_req structure
Returned: API return code or error code

void security_manager_path_req_free ( path_req * p_req )

This function is used to free resources allocated by calling security_manager_path_req_new().

Arguments:
[in] - p_req Pointer handling allocated path_req structure

int security_manager_path_req_set_pkg_id ( path_req * p_req , const char * pkg_id )

This function is used to set up package identifier in path_req structure.

Arguments:
[in] - p_req Pointer handling path_req structure
[in] - pkg_id Package identifier
Returned: API return code or error code

int security_manager_path_req_set_install_type ( path_req * p_req , const enum app_install_type type )

This function is used to set up installation type (global, local, preloaded).

If type is not set and if installation is performed by global user, type is set to 'SM_APP_INSTALL_GLOBAL'. Otherwise installation type is set to 'SM_APP_INSTALL_LOCAL'.

Arguments:
[in] - p_req Pointer handling path_req structure
[in] - type Installation type
Returned: API return code or error code

int security_manager_path_req_add_path ( path_req * p_req , const char * path , const int path_type )

This function is used to add a package path to path_req structure.

It can be called multiple times.

Arguments:
[in] - p_req Pointer handling path_req structure
[in] - path Package path
[in] - path_type Package path type
Returned: API return code or error code

int security_manager_path_req_set_uid ( path_req * p_req , const uid_t uid )

This function is used to set up user identifier in path_req structure.

This field simplifies support for online and offline modes.

Arguments:
[in] - p_req Pointer handling path_req structure
[in] - uid User identifier (UID)
Returned: API return code or error code

int security_manager_paths_register ( const path_req * p_req )

This function is used to register a set of paths for given package using filled up path_req data structure.

Required privileges:

Arguments:
[in] - p_req Pointer handling path_req structure
Returned: API return code or error code: it would be
  • SECURITY_MANAGER_SUCCESS on success,
  • SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED when user does not have rights to install requested directories,
  • SECURITY_MANAGER_ERROR_UNKNOWN on other errors.


File app-runtime.h

Functions (brief)

int security_manager_get_app_pkgid ( char **pkg_id , const char * app_id )

Get package id of a given application.


int security_manager_set_process_label_from_appid ( const char * app_id )

Compute smack label for given application id and set it for currently running process.


int security_manager_set_process_groups_from_appid ( const char * app_id )

For given app_id and current user, calculate allowed privileges that give direct access to file system resources.


int security_manager_drop_process_privileges ( void )

The above launcher functions, manipulating process Smack label and group, require elevated privileges.


int security_manager_prepare_app ( const char * app_id )

A convenience function for launchers for preparing security context for an application process.


int security_manager_groups_get ( char ***groups , size_t * groups_count )

This function returns array of groups bound to privileges of file resources.


int security_manager_groups_get_for_user ( uid_t uid , char ***groups , size_t * groups_count )

This function returns array of groups bound to privileges, the process run by particular user should get.


void security_manager_groups_free ( char **groups , size_t groups_count )

This function frees memory allocated by security_manager_groups_get() function.


int security_manager_identify_app_from_socket ( int sockfd , char **pkg_id , char **app_id )

Get package and application id of an application with given socket descriptor.


int security_manager_identify_app_from_pid ( pid_t pid , char **pkg_id , char **app_id )

Get package and application id of an application with given process identifier.


int security_manager_identify_app_from_cynara_client ( const char * client , char **pkg_id , char **app_id )

Get package and application id of an application with given process Cynara client identifier.


int security_manager_app_has_privilege ( const char * app_id , const char * privilege , uid_t uid , int * result )

Check whether an application would have access to a privilege.

Functions

int security_manager_get_app_pkgid ( char **pkg_id , const char * app_id )

Get package id of a given application.

On successful call pkg_id should be freed by the caller using free() function

Arguments:
[out] - pkg_id Pointer to package identifier string
[in] - app_id Application identifier
Returned: API return code or error code

int security_manager_set_process_label_from_appid ( const char * app_id )

Compute smack label for given application id and set it for currently running process.

Arguments:
[in] - app_id Application identifier
Returned: API return code or error code

int security_manager_set_process_groups_from_appid ( const char * app_id )

For given app_id and current user, calculate allowed privileges that give direct access to file system resources.

Then add current process to supplementary groups that are assigned to these resources.

In Tizen some sensitive resources are being accessed by applications directly. The resources, being file system objects, are owned by dedicated GIDs and only processes in those UNIX groups can access them. This function is used for adding application process to all permitted groups that are assigned to such privileges.

Arguments:
[in] - app_id Application identifier
Returned: API return code or error code

int security_manager_drop_process_privileges ( void )

The above launcher functions, manipulating process Smack label and group, require elevated privileges.

Since they will be called by launcher after fork, in the process for the application, privileges should be dropped before running an actual application. This function is a helper for that purpose - it drops capabilities from the process.

Returned: API return code or error code

int security_manager_prepare_app ( const char * app_id )

A convenience function for launchers for preparing security context for an application process.

It should be called after fork in the new process, before running the application in it. It is aimed to cover most common cases and will internally call other, more specialized security-manager functions for launchers. Currently it just calls:

  • security_manager_set_process_label_from_appid
  • security_manager_set_process_groups_from_appid
  • security_manager_drop_process_privileges

Arguments:
[in] - app_id Application identifier
Returned: API return code or error code

int security_manager_groups_get ( char ***groups , size_t * groups_count )

This function returns array of groups bound to privileges of file resources.

Caller needs to free memory allocated for the list using security_manager_groups_free().

Arguments:
[out] - groups pointer to array of strings.
[out] - groups_count number of strings in levels array.
Returned: API return code or error code.

int security_manager_groups_get_for_user ( uid_t uid , char ***groups , size_t * groups_count )

This function returns array of groups bound to privileges, the process run by particular user should get.

Caller needs to free memory allocated for the list using security_manager_groups_free().

Arguments:
[in] - uid uid for user running the process
[out] - groups pointer to array of group names
[out] - groups_count number of strings in levels array
Returned: API return code or error code.

void security_manager_groups_free ( char **groups , size_t groups_count )

This function frees memory allocated by security_manager_groups_get() function.

Arguments:
[in] - groups array of strings returned by security_manager_groups_get() function.
[in] - groups_count size of the groups array

int security_manager_identify_app_from_socket ( int sockfd , char **pkg_id , char **app_id )

Get package and application id of an application with given socket descriptor.

On successful call pkg_id and app_id should be freed when caller is done with them. Both pkg_id and app_id are allocated with malloc() so they should be freed with free() function. Either app_id or pkg_id may be NULL. NULL-ed argument will be ignored. If both app_id and pkg_id are NULL then SECURITY_MANAGER_ERROR_INPUT_PARAM will be returned. When socket descriptor is incorrect or not related to any package, this function will return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT. If process on the other side is a nonhybrid application, no app_id will be available.

' For non hybrid applications only package id can be returned
Arguments:
[in] - sockfd Socket descriptor of wanted application
[out] - pkg_id Package id of the application
[out] - app_id Application id of the application
Returned: API return code or error code

int security_manager_identify_app_from_pid ( pid_t pid , char **pkg_id , char **app_id )

Get package and application id of an application with given process identifier.

On successful call pkg_id and app_id should be freed when caller is done with them. Both pkg_id and app_id are allocated with malloc() so they should be freed with free() function. Either app_id or pkg_id may be NULL. NULL-ed argument will be ignored. If both app_id and pkg_id are NULL then SECURITY_MANAGER_ERROR_INPUT_PARAM will be returned. When process identifier is incorrect or not related to any package, this function will return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT. If given process is a nonhybrid application, no app_id will be available.

' Caller must be able to access and read file /proc/PID/atrr/current where PID is the given process identifier.
' For non hybrid applications only package id can be returned
Arguments:
[in] - pid Process identifier of wanted application
[out] - pkg_id Package id of the application
[out] - app_id Application id of the application
Returned: API return code or error code

int security_manager_identify_app_from_cynara_client ( const char * client , char **pkg_id , char **app_id )

Get package and application id of an application with given process Cynara client identifier.

On successful call pkg_id and app_id should be freed when caller is done with them. Both pkg_id and app_id are allocated with malloc() so they should be freed with free() function. Either app_id or pkg_id may be NULL. NULL-ed argument will be ignored. If both app_id and pkg_id are NULL then SECURITY_MANAGER_ERROR_INPUT_PARAM will be returned. When process identifier is incorrect or not related to any package, this function will return SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT.

' For non hybrid applications only package id can be returned
Arguments:
[in] - client Application Cynara client identifier
[out] - pkg_id Package id of the application
[out] - app_id Application id of the application
Returned: API return code or error code

int security_manager_app_has_privilege ( const char * app_id , const char * privilege , uid_t uid , int * result )

Check whether an application would have access to a privilege.

This enables queries for application's privileges when there is no application process running. In such case the application label cannot be determined from the process and the query for privilege must be based on app_id.

The check result is placed in result:

  • 0: access denied
  • 1: access granted

Arguments:
[in] - app_id Application identifier
[in] - privilege Privilege name
[in] - uid User identifier
[out] - result Placeholder for result
Returned: API return code or error code


File app-sharing.h

Functions (brief)

int security_manager_private_sharing_req_new ( private_sharing_req **pp_req )

This function is responsible for initialize private_sharing_req data structure It uses dynamic allocation inside and user responsibility is to call private_sharing_req_free() for freeing allocated resources.


void security_manager_private_sharing_req_free ( private_sharing_req * p_req )

This function is used to free resources allocated by calling private_sharing_req_new()


int security_manager_private_sharing_req_set_owner_appid ( private_sharing_req * p_req , const char * app_id )

This function is used to set up package identifier of paths owner application in private_sharing_req structure.


int security_manager_private_sharing_req_set_target_appid ( private_sharing_req * p_req , const char * app_id )

This function is used to set up package identifier of sharing target application in private_sharing_req structure.


int security_manager_private_sharing_req_add_paths ( private_sharing_req * p_req , const char **pp_paths , size_t path_count )

This function is used to add path list to be shared in private_sharing_req structure.


int security_manager_private_sharing_apply ( const private_sharing_req * p_req )

This function is used to apply private sharing based on given private_sharing_req.


int security_manager_private_sharing_drop ( const private_sharing_req * p_req )

This function is used to drop private sharing based on given private_sharing_req.

Functions

int security_manager_private_sharing_req_new ( private_sharing_req **pp_req )

This function is responsible for initialize private_sharing_req data structure It uses dynamic allocation inside and user responsibility is to call private_sharing_req_free() for freeing allocated resources.

Arguments:
[out] - pp_req Address of pointer for handle private_sharing_req structure
Returned: API return code or error code

void security_manager_private_sharing_req_free ( private_sharing_req * p_req )

This function is used to free resources allocated by calling private_sharing_req_new()

Arguments:
[in] - p_req Pointer handling allocated app_inst_req structure

int security_manager_private_sharing_req_set_owner_appid ( private_sharing_req * p_req , const char * app_id )

This function is used to set up package identifier of paths owner application in private_sharing_req structure.

Arguments:
[in] - p_req Pointer handling private_sharing_req structure
[in] - app_id Application identifier
Returned: API return code or error code: it would be
  • SECURITY_MANAGER_SUCCESS on success,
  • SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE when either owner app_id, target app_id or paths are not set,
  • SECURITY_MANAGER_ERROR_UNKNOWN on other errors.

int security_manager_private_sharing_req_set_target_appid ( private_sharing_req * p_req , const char * app_id )

This function is used to set up package identifier of sharing target application in private_sharing_req structure.

Arguments:
[in] - p_req Pointer handling private_sharing_req structure
[in] - app_id Application identifier
Returned: API return code or error code

int security_manager_private_sharing_req_add_paths ( private_sharing_req * p_req , const char **pp_paths , size_t path_count )

This function is used to add path list to be shared in private_sharing_req structure.

Arguments:
[in] - p_req Pointer handling private_sharing_req structure
[in] - pp_paths Path list
[in] - path_count Path count
Returned: API return code or error code

int security_manager_private_sharing_apply ( const private_sharing_req * p_req )

This function is used to apply private sharing based on given private_sharing_req.

One path can be shared with multiple applications at the same time.

Required privileges:

Arguments:
[in] - p_req Pointer handling private_sharing_req structure
Returned: API return code or error code: it would be
  • SECURITY_MANAGER_SUCCESS on success,
  • SECURITY_MANAGER_ERROR_INPUT_PARAM when either owner app_id, target app_id or paths are not set,
  • SECURITY_MANAGER_ERROR_UNKNOWN on other errors.

int security_manager_private_sharing_drop ( const private_sharing_req * p_req )

This function is used to drop private sharing based on given private_sharing_req.

Required privileges:

Arguments:
[in] - p_req Pointer handling private_sharing_req structure
Returned: API return code or error code: it would be
  • SECURITY_MANAGER_SUCCESS on success,
  • SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE when either owner app_id, target app_id or paths are not set,
  • SECURITY_MANAGER_ERROR_UNKNOWN on other errors.


File label-monitor.h

Types (brief)

typedef struct app_labels_monitor app_labels_monitor

Functions (brief)

int security_manager_app_labels_monitor_init ( app_labels_monitor **monitor )

Initialize applications' labels monitor The monitor is intended for watching for changes to the list of labels assigned to currently installed applications.


void security_manager_app_labels_monitor_finish ( app_labels_monitor * monitor )

De-initialize applications' labels monitor Frees all resources previously allocated by security_manager_app_labels_monitor_init.


int security_manager_app_labels_monitor_get_fd ( app_labels_monitor const * monitor , int * fd )

Retrieve file descriptor for waiting on applications' labels monitor The file descriptor should be put to a select-like waiting loop.


int security_manager_app_labels_monitor_process ( app_labels_monitor * monitor )

Apply new list of applications' labels to Smack relabel-list of the current process This will give permission to the current process to change its Smack label to one of application labels, even after it drops CAP_MAC_ADMIN capability.

Types

typedef struct app_labels_monitor app_labels_monitor

Functions

int security_manager_app_labels_monitor_init ( app_labels_monitor **monitor )

Initialize applications' labels monitor The monitor is intended for watching for changes to the list of labels assigned to currently installed applications.

It will allocate resources that must be freed later by security_manager_app_labels_monitor_finish. Intended user of this function is the application launcher.

Arguments:
[out] - monitor pointer to the resulting applications' label monitor
Returned: SECURITY_MANAGER_SUCCESS on success or error code on failure
Example (warning: simplified code example, with committed error handling)

app_labels_monitor *monitor; 
int fd; 
nfds_t nfds = 1; 
struct pollfd fds[1]; 
 
security_manager_app_labels_monitor_init(&monitor); 
security_manager_app_labels_monitor_process(monitor); 
security_manager_app_labels_monitor_get_fd(monitor, &fd); 
fds[0].fd = fd; 
fds[0].events = POLLIN; 
while (1) { 
    int poll_num = TEMP_FAILURE_RETRY(poll(fds, nfds, -1)); 
    if (poll_num > 0) { 
        if (fds[0].revents & POLLIN) { 
            security_manager_app_labels_monitor_process(monitor); 
            // Do your stuff - react on new list of applications' labels 
        } 
    } 
} 
// ... 
// Before finishing, release the labels monitor 
security_manager_app_labels_monitor_finish(monitor); 

void security_manager_app_labels_monitor_finish ( app_labels_monitor * monitor )

De-initialize applications' labels monitor Frees all resources previously allocated by security_manager_app_labels_monitor_init.

Arguments:
[in] - monitor an initialized applications' label monitor
Returned: SECURITY_MANAGER_SUCCESS on success or error code on failure

int security_manager_app_labels_monitor_get_fd ( app_labels_monitor const * monitor , int * fd )

Retrieve file descriptor for waiting on applications' labels monitor The file descriptor should be put to a select-like waiting loop.

It will indicate new list of applications' labels by being ready for reading.

Arguments:
[in] - monitor an initialized applications' label monitor
[out] - fd pointer to the resulting file descriptor
Returned: SECURITY_MANAGER_SUCCESS on success or error code on failure

int security_manager_app_labels_monitor_process ( app_labels_monitor * monitor )

Apply new list of applications' labels to Smack relabel-list of the current process This will give permission to the current process to change its Smack label to one of application labels, even after it drops CAP_MAC_ADMIN capability.

Arguments:
[in] - monitor an initialized applications' label monitor
Returned: SECURITY_MANAGER_SUCCESS on success or error code on failure
Access to this function requires CAP_MAC_ADMIN capability.


File policy-manager.h

Functions (brief)

int security_manager_policy_update_req_new ( policy_update_req **pp_req )

This function is responsible for initializing policy_update_req data structure.


void security_manager_policy_update_req_free ( policy_update_req * p_req )

This function is used to free resources allocated by calling policy_update_req_new().


int security_manager_policy_entry_new ( policy_entry **pp_entry )

This function is responsible for initializing policy_entry data structure.


void security_manager_policy_entry_free ( policy_entry * p_entry )

This function is used to free resources allocated by calling policy_entry_req_new().


int security_manager_policy_entry_set_application ( policy_entry * p_entry , const char * app_id )

This function is used to set up application identifier in p_entry structure.


int security_manager_policy_entry_set_user ( policy_entry * p_entry , const char * user_id )

This function is used to set up user identifier in p_entry structure Calling this function may be omitted if user wants to set policies for himself.


int security_manager_policy_entry_set_privilege ( policy_entry * p_entry , const char * privilege )

This function is used to set up privilege in p_entry structure.


int security_manager_policy_entry_set_level ( policy_entry * p_entry , const char * policy_level )

This function is used to set up privilege level in p_entry structure.


int security_manager_policy_entry_admin_set_level ( policy_entry * p_entry , const char * policy_level )

This function is used to set up privilege level for admin policy entries in p_entry structure.


int security_manager_policy_update_req_add_entry ( policy_update_req * p_req , const policy_entry * p_entry )

This function is used to add policy entry to policy update request.


const char * security_manager_policy_entry_get_user ( policy_entry * p_entry )

This function is used to obtain user ID from p_entry structure.


const char * security_manager_policy_entry_get_application ( policy_entry * p_entry )

This function is used to obtain application name from p_entry structure.


const char * security_manager_policy_entry_get_privilege ( policy_entry * p_entry )

This function is used to obtain privilege name from p_entry structure.


const char * security_manager_policy_entry_get_level ( policy_entry * p_entry )

This function is used to obtain current policy level from p_entry structure.


const char * security_manager_policy_entry_get_max_level ( policy_entry * p_entry )

This function is used to obtain maximal policy level from p_entry structure.


int security_manager_policy_update_send ( policy_update_req * p_req )

This function is used to send the prepared policy update request using privacy manager entry point.


int security_manager_get_configured_policy_for_admin ( policy_entry * p_filter , policy_entry ***ppp_privs_policy , size_t * p_size )

Function fetches all privileges enforced by admin user.


int security_manager_get_configured_policy_for_self ( policy_entry * p_filter , policy_entry ***ppp_privs_policy , size_t * p_size )

Function fetches all privileges that are configured by user in his/her privacy manager.


int security_manager_get_policy ( policy_entry * p_filter , policy_entry ***ppp_privs_policy , size_t * p_size )

Function gets the whole policy for all users, their applications and privileges based on the provided filter.


void security_manager_policy_entries_free ( policy_entry * p_entries , const size_t size )

This function is used to free resources allocated in policy_entry structures array.


int security_manager_policy_levels_get ( char ***levels , size_t * levels_count )

This function returns array of available policy levels in form of simple text descriptions.


void security_manager_policy_levels_free ( char **levels , size_t levels_count )

This function free memory allocated by security_manager_policy_levels_get() function.

Functions

int security_manager_policy_update_req_new ( policy_update_req **pp_req )

This function is responsible for initializing policy_update_req data structure.

It uses dynamic allocation inside and user responsibility is to call policy_update_req_free() for freeing allocated resources.

Arguments:
[out] - pp_req Address of pointer for handle policy_update_req structure
Returned: API return code or error code

void security_manager_policy_update_req_free ( policy_update_req * p_req )

This function is used to free resources allocated by calling policy_update_req_new().

Arguments:
[in] - p_req Pointer handling allocated policy_update_req structure

int security_manager_policy_entry_new ( policy_entry **pp_entry )

This function is responsible for initializing policy_entry data structure.

It uses dynamic allocation inside and user responsibility is to call policy_policy_entry_free() for freeing allocated resources.

' application and privilege fields default to SECURITY_MANAGER_ANY wildcard, user field defaults to calling user's UID, whereas the current and max level values, default to empty string "".
Arguments:
[out] - pp_entry Address of pointer for handle policy_entry structure
Returned: API return code or error code

void security_manager_policy_entry_free ( policy_entry * p_entry )

This function is used to free resources allocated by calling policy_entry_req_new().

Arguments:
[in] - p_entry Pointer handling allocated policy_entry structure

int security_manager_policy_entry_set_application ( policy_entry * p_entry , const char * app_id )

This function is used to set up application identifier in p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
[in] - app_id Application identifier to be set
Returned: API return code or error code

int security_manager_policy_entry_set_user ( policy_entry * p_entry , const char * user_id )

This function is used to set up user identifier in p_entry structure Calling this function may be omitted if user wants to set policies for himself.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
[in] - user_id User identifier to be set
Returned: API return code or error code

int security_manager_policy_entry_set_privilege ( policy_entry * p_entry , const char * privilege )

This function is used to set up privilege in p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
[in] - privilege Privilege to be set
Returned: API return code or error code

int security_manager_policy_entry_set_level ( policy_entry * p_entry , const char * policy_level )

This function is used to set up privilege level in p_entry structure.

This api is intended to be used to decrease user's own level of privilege.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
[in] - policy_level Policy level to be set. The level of privilege may be one of strings returned by security_manager_policy_levels_get. If it is not, then error code SECURITY_MANAGER_ERROR_INPUT_PARAM is returned. Two predefined values are always valid here:
"Allow", which means that user allows some app (setup by calling function security_manager_policy_entry_set_application) to run with some privilege (setup by security_manager_policy_entry_set_privilege). Note, that this not necessarily mean, that this privilege will really be granted. Final decision of granting privilege also depends on app's manifests, predefined policy and administrator's or manufacturer's settings. If all of those policy sources also allows granting privilege for that app, then (and only then) it will be granted.

"Deny", which means that user disallows some app (setup by calling function security_manager_policy_entry_set_application) to run with some privilege (setup by security_manager_policy_entry_set_privilege). Note, that this denies privilege irrespective of privilege levels granted to app by other policy sources: app's manifests, predefined policy and administrator's or manufacturer's settings.

Other levels may be also valid, if returned by security_manager_policy_levels_get. They represent other policy levels configured in system, which security-manager does support. The other levels are always something between "Allow" and "Deny" (like "Allow only once").

Irrespective of a meaning of those values security-manager will always treat policy set by security_manager_policy_entry_set_level as a mean to decrease user's own rights. This will never increase overall policy.

Returned: API return code or error code

int security_manager_policy_entry_admin_set_level ( policy_entry * p_entry , const char * policy_level )

This function is used to set up privilege level for admin policy entries in p_entry structure.

This function is intended to be used by admin to change level of privilege.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
[in] - policy_level Policy level to be set. This may be one of strings returned by security_manager_policy_levels_get. If it is not, then error code is returned (SECURITY_MANAGER_ERROR_INPUT_PARAM). Two predefined values are always valid here:
"Allow", which means that admin allows some user's app to get privilege irrespective of predefined policy settings for that user. Note, that this not necessarily mean, that this privilege will really be granted. Final decision of granting privilege also depends on app's manifests, user's own policy (set up by security_manager_policy_entry_set_level) or manufacturer's settings. If all of those policy sources also allows granting privilege for that app, then (and only then) it will be granted.

"Deny", which means that admin disallows some user's app to get privilege irrespective of predefined policy settings for that user. Note, that this denies privilege app's manifests, user's own policy (set up by security_manager_policy_entry_set_level) or manufacturer's settings.

Other levels may be also valid, if returned by security_manager_policy_levels_get. They represent other policy levels configured in system, which security-manager does support. The other levels are always something between "Allow" and "Deny" (like "Allow only once").

Irrespective of a meaning of those values security-manager will always treat policy set by security_manager_policy_entry_admin_set_level as a mean for admin to change user's rights, but will not alter user's own privilege level set up by security_manager_policy_entry_set_level.

Returned: API return code or error code

int security_manager_policy_update_req_add_entry ( policy_update_req * p_req , const policy_entry * p_entry )

This function is used to add policy entry to policy update request.

Note, that this function does not make a copy of object pointed to by p_entry and does not change owner of this handler. User is responsible to keep p_entry untouched until security_manager_policy_update_send is called on p_req. After that p_entry still needs to be freed. (see examples in documentation of security_manager_policy_update_send)

Arguments:
[in] - p_req Pointer handling allocated policy_update_req structure
[in] - p_entry Pointer handling policy_entry structure
Returned: API return code or error code

const char * security_manager_policy_entry_get_user ( policy_entry * p_entry )

This function is used to obtain user ID from p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
Warning: Warning: returned pointer to user ID is valid as long as p_entry is valid.
Returned: user uid

const char * security_manager_policy_entry_get_application ( policy_entry * p_entry )

This function is used to obtain application name from p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
Warning: Warning: returned pointer to application name is valid as long as p_entry is valid.
Returned: application name

const char * security_manager_policy_entry_get_privilege ( policy_entry * p_entry )

This function is used to obtain privilege name from p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
Warning: Warning: returned pointer to privilege name is valid as long as p_entry is valid.
Returned: privilege name

const char * security_manager_policy_entry_get_level ( policy_entry * p_entry )

This function is used to obtain current policy level from p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
Warning: Warning: returned pointer to policy level is valid as long as p_entry is valid.
Returned: Current policy level

const char * security_manager_policy_entry_get_max_level ( policy_entry * p_entry )

This function is used to obtain maximal policy level from p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure.
Warning: Warning: returned pointer to maximal policy level is valid as long as p_entry is valid.
Returned: Maximal policy level

int security_manager_policy_update_send ( policy_update_req * p_req )

This function is used to send the prepared policy update request using privacy manager entry point.

The request should contain at least one policy update unit, otherwise the SECURITY_MANAGER_ERROR_INPUT_PARAM is returned.

' 1. If user field in policy_entry is empty, then uid of the calling user is assumed
  • If privilege or app field in policy_entry is empty, then SECURITY_MANAGER_API_BAD_REQUEST is returned
  • For user's personal policy: wildcards usage in application or privilege field of policy_entry is not allowed

Required privileges:

Arguments:
[in] - p_req Pointer handling allocated policy_update_req structure
Returned: API return code or error code
Example: (warning: checking return codes are omitted in examples just for visibility reasons)

policy_update_req *policy_update_request; 
policy_entry *entry1; 
policy_entry *entry2; 
policy_entry *entry3; 
 
security_manager_policy_update_req_new(&policy_update_request); 
security_manager_policy_entry_new(&entry1); 
security_manager_policy_entry_new(&entry2); 
security_manager_policy_entry_new(&entry3); 
 
security_manager_policy_entry_set_application(entry1, "MyApp1"); 
security_manager_policy_entry_set_privilege(entry1, "http://tizen.org/privilege/systemsettings"); 
security_manager_policy_entry_set_level(entry1, "Deny"); 
 
security_manager_policy_entry_set_application(entry2, "MyApp2"); 
security_manager_policy_entry_set_privilege(entry2, "http://tizen.org/privilege/systemsettings"); 
security_manager_policy_entry_set_level(entry2, "Deny"); 
 
security_manager_policy_entry_set_application(entry3, "MyApp3"); 
security_manager_policy_entry_set_privilege(entry3, "http://tizen.org/privilege/notificationmanager"); 
security_manager_policy_entry_set_level(entry3, "Deny"); 
 
security_manager_policy_update_req_add_entry(policy_update_request, entry1); 
security_manager_policy_update_req_add_entry(policy_update_request, entry2); 
security_manager_policy_update_req_add_entry(policy_update_request, entry3); 
 
//do not change entry1, entry2 or entry3! 
 
security_manager_policy_update_send(policy_update_request); 
 
security_manager_policy_entry_free(entry1); 
security_manager_policy_entry_free(entry2); 
security_manager_policy_entry_free(entry3); 
security_manager_policy_update_free(policy_update_request); 

policy_update_req *policy_update_request; 
 
security_manager_policy_update_req_new(&policy_update_request); 
 
policy_entry *entry1; 
policy_entry *entry2; 
char *adminswife = "2001"; 
char *adminsfriend = "2002"; 
 
security_manager_policy_entry_new(&entry1); 
security_manager_policy_entry_new(&entry2); 
 
security_manager_policy_entry_set_user(entry1, adminswife); 
security_manager_policy_entry_set_application(entry1, SECURITY_MANAGER_ANY); 
security_manager_policy_entry_set_privilege(entry1, "http://tizen.org/privilege/vibrator"); 
security_manager_policy_entry_admin_set_level(entry1, "Deny"); 
 
security_manager_policy_entry_set_user(entry2, adminsfriend); 
security_manager_policy_entry_set_application(entry2, "App1"); 
security_manager_policy_entry_set_privilege(entry2, "http://tizen.org/privilege/email.admin"); 
security_manager_policy_entry_admin_set_level(entry2, "Allow"); 
 
security_manager_policy_update_req_add_entry(policy_update_request, entry1); 
security_manager_policy_update_req_add_entry(policy_update_request, entry2); 
 
//do not change entry1 or entry2! 
 
security_manager_policy_update_send(policy_update_request); 
 
security_manager_policy_entry_free(entry1); 
security_manager_policy_entry_free(entry2); 
security_manager_policy_update_free(policy_update_request); 

int security_manager_get_configured_policy_for_admin ( policy_entry * p_filter , policy_entry ***ppp_privs_policy , size_t * p_size )

Function fetches all privileges enforced by admin user.

The result is stored in the policy_entry structures array.

Warning: Developer is responsible for calling security_manager_policy_entries_free() for freeing allocated resources.

Required privileges:

Arguments:
[in] - p_filter Pointer to filter struct
[out] - ppp_privs_policy Pointer handling allocated policy_entry structures array
[out] - p_size Pointer where the size of allocated array will be stored
Returned: API return code or error code

int security_manager_get_configured_policy_for_self ( policy_entry * p_filter , policy_entry ***ppp_privs_policy , size_t * p_size )

Function fetches all privileges that are configured by user in his/her privacy manager.

The result is stored in the policy_entry structures array. User may only fetch privileges for his/her own UID.

Warning: Developer is responsible for calling security_manager_policy_entries_free() for freeing allocated resources.

Required privileges:

Arguments:
[in] - p_filter Pointer to filter struct
[out] - ppp_privs_policy Pointer handling allocated policy_entry structures array
[out] - p_size Pointer where the size of allocated array will be stored
Returned: API return code or error code

int security_manager_get_policy ( policy_entry * p_filter , policy_entry ***ppp_privs_policy , size_t * p_size )

Function gets the whole policy for all users, their applications and privileges based on the provided filter.

The result is stored in the policy_entry array.

Warning: Developer is responsible for calling security_manager_policy_entries_free() for freeing allocated resources.

Required privileges:

Arguments:
[in] - p_filter Pointer to filter struct
[out] - ppp_privs_policy Pointer handling allocated policy_entry structures array
[out] - p_size Pointer where the size of allocated array will be stored
Returned: API return code or error code

void security_manager_policy_entries_free ( policy_entry * p_entries , const size_t size )

This function is used to free resources allocated in policy_entry structures array.

Arguments:
[in] - p_entries Pointer handling allocated policy status array
[in] - size Size of the array

int security_manager_policy_levels_get ( char ***levels , size_t * levels_count )

This function returns array of available policy levels in form of simple text descriptions.

List is sorted using internal policy level value, from lowest value to highest and starts with "Deny".

Caller needs to free memory allocated for the list using security_manager_policy_levels_free().

Arguments:
levels Pointer to array of strings
levels_count Number of strings in levels array
Returned: API return code or error code.

void security_manager_policy_levels_free ( char **levels , size_t levels_count )

This function free memory allocated by security_manager_policy_levels_get() function.

Arguments:
levels Array of strings returned by security_manager_policy_levels_get() function.
levels_count Number of strings in levels array
Returned: API return code or error code.


File security-manager-types.h

Defines (brief)

#define  SECURITY_MANAGER_ANY

wildcard to be used in requests to match all possible values of given field. Use it, for example when it is desired to list or apply policy change for all users or all apps for selected user.


#define  SECURITY_MANAGER_DELETE

value denoting delete operation on specific policy. It can only be used in update policy operation, passed to either security_manager_policy_entry_admin_set_level or security_manager_policy_entry_set_level.

Types (brief)

typedef enum app_install_type app_install_type
typedef enum security_manager_user_type security_manager_user_type
typedef struct app_inst_req app_inst_req
typedef struct user_req user_req
typedef struct policy_update_req policy_update_req
typedef struct policy_entry policy_entry
typedef struct private_sharing_req private_sharing_req
typedef struct path_req path_req
typedef struct app_labels_monitor app_labels_monitor

Enumerations (brief)

Enumeration lib_retcode { SECURITY_MANAGER_SUCCESS , SECURITY_MANAGER_ERROR_UNKNOWN , SECURITY_MANAGER_ERROR_INPUT_PARAM , SECURITY_MANAGER_ERROR_MEMORY , SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE , SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED , SECURITY_MANAGER_ERROR_ACCESS_DENIED , SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT , SECURITY_MANAGER_ERROR_APP_UNKNOWN , SECURITY_MANAGER_ERROR_APP_NOT_PATH_OWNER , SECURITY_MANAGER_ERROR_SOCKET , SECURITY_MANAGER_ERROR_BAD_REQUEST , SECURITY_MANAGER_ERROR_NO_SUCH_SERVICE , SECURITY_MANAGER_ERROR_SERVER_ERROR , SECURITY_MANAGER_ERROR_SETTING_FILE_LABEL_FAILED , SECURITY_MANAGER_ERROR_WATCH_ADD_TO_FILE_FAILED , SECURITY_MANAGER_ERROR_FILE_OPEN_FAILED , SECURITY_MANAGER_ERROR_SET_RELABEL_SELF_FAILED , SECURITY_MANAGER_ERROR_NOT_INITIALIZED , SECURITY_MANAGER_ERROR_FILE_CREATE_FAILED , SECURITY_MANAGER_ERROR_FILE_DELETE_FAILED , }

return code of API functions

Enumeration app_install_path_type { SECURITY_MANAGER_PATH_PUBLIC_RO , SECURITY_MANAGER_PATH_RW , SECURITY_MANAGER_PATH_RO , SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO , SECURITY_MANAGER_PATH_TRUSTED_RW , SECURITY_MANAGER_ENUM_END , }

accesses types for application installation paths

Enumeration app_install_type { SM_APP_INSTALL_NONE = 0, SM_APP_INSTALL_LOCAL , SM_APP_INSTALL_GLOBAL , SM_APP_INSTALL_PRELOADED , SM_APP_INSTALL_END , } Enumeration security_manager_user_type { SM_USER_TYPE_NONE = 0, SM_USER_TYPE_ANY = 1, SM_USER_TYPE_SYSTEM = 2, SM_USER_TYPE_ADMIN = 3, SM_USER_TYPE_GUEST = 4, SM_USER_TYPE_NORMAL = 5, SM_USER_TYPE_SECURITY = 6, }

This enum has values equivalent to gumd user type.

Defines

#define SECURITY_MANAGER_ANY

wildcard to be used in requests to match all possible values of given field. Use it, for example when it is desired to list or apply policy change for all users or all apps for selected user.

#define SECURITY_MANAGER_DELETE

value denoting delete operation on specific policy. It can only be used in update policy operation, passed to either security_manager_policy_entry_admin_set_level or security_manager_policy_entry_set_level.

Types

typedef enum app_install_type app_install_type

typedef enum security_manager_user_type security_manager_user_type

typedef struct app_inst_req app_inst_req

typedef struct user_req user_req

typedef struct policy_update_req policy_update_req

typedef struct policy_entry policy_entry

typedef struct private_sharing_req private_sharing_req

typedef struct path_req path_req

typedef struct app_labels_monitor app_labels_monitor

Enumerations

lib_retcode

return code of API functions

  • SECURITY_MANAGER_SUCCESS
  • SECURITY_MANAGER_ERROR_UNKNOWN
  • SECURITY_MANAGER_ERROR_INPUT_PARAM
  • SECURITY_MANAGER_ERROR_MEMORY
  • SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE
  • SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED
  • SECURITY_MANAGER_ERROR_ACCESS_DENIED
  • SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT
  • SECURITY_MANAGER_ERROR_APP_UNKNOWN
  • SECURITY_MANAGER_ERROR_APP_NOT_PATH_OWNER
  • SECURITY_MANAGER_ERROR_SOCKET
  • SECURITY_MANAGER_ERROR_BAD_REQUEST
  • SECURITY_MANAGER_ERROR_NO_SUCH_SERVICE
  • SECURITY_MANAGER_ERROR_SERVER_ERROR
  • SECURITY_MANAGER_ERROR_SETTING_FILE_LABEL_FAILED
  • SECURITY_MANAGER_ERROR_WATCH_ADD_TO_FILE_FAILED
  • SECURITY_MANAGER_ERROR_FILE_OPEN_FAILED
  • SECURITY_MANAGER_ERROR_SET_RELABEL_SELF_FAILED
  • SECURITY_MANAGER_ERROR_NOT_INITIALIZED
  • SECURITY_MANAGER_ERROR_FILE_CREATE_FAILED
  • SECURITY_MANAGER_ERROR_FILE_DELETE_FAILED

app_install_path_type

accesses types for application installation paths

  • SECURITY_MANAGER_PATH_PUBLIC_RO

    RO access for all applications.

  • SECURITY_MANAGER_PATH_RW

    RW access for given application package.

  • SECURITY_MANAGER_PATH_RO

    RO access for given application package.

  • SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO

    RW access for the owner, RO for other applications.

  • SECURITY_MANAGER_PATH_TRUSTED_RW

    RW access for application packages coming from the same author.

  • SECURITY_MANAGER_ENUM_END

    this is only for range limit



app_install_type

  • SM_APP_INSTALL_NONE = 0
  • SM_APP_INSTALL_LOCAL
  • SM_APP_INSTALL_GLOBAL
  • SM_APP_INSTALL_PRELOADED
  • SM_APP_INSTALL_END

security_manager_user_type

This enum has values equivalent to gumd user type.

The gum-utils help states that "usertype can be system(1), admin(2), guest(3), normal(4)."

  • SM_USER_TYPE_NONE = 0
  • SM_USER_TYPE_ANY = 1
  • SM_USER_TYPE_SYSTEM = 2
  • SM_USER_TYPE_ADMIN = 3
  • SM_USER_TYPE_GUEST = 4
  • SM_USER_TYPE_NORMAL = 5
  • SM_USER_TYPE_SECURITY = 6


File security-manager.h

Functions (brief)

const char * security_manager_strerror ( enum lib_retcode rc )

This function translates lib_retcode error codes to strings describing errors.

Functions

const char * security_manager_strerror ( enum lib_retcode rc )

This function translates lib_retcode error codes to strings describing errors.

Arguments:
[in] - rc error code of lib_retcode type
Returned: string describing error for error code


File user-manager.h

Functions (brief)

int security_manager_user_req_new ( user_req **pp_req )

This function is responsible for initialization of user_req data structure.


void security_manager_user_req_free ( user_req * p_req )

This function is used to free resources allocated by security_manager_user_req_new()


int security_manager_user_req_set_uid ( user_req * p_req , uid_t uid )

This function is used to set up user identifier in user_req structure.


int security_manager_user_req_set_user_type ( user_req * p_req , security_manager_user_type utype )

This function is used to set up user type in user_req structure.


int security_manager_user_add ( const user_req * p_req )

This function should be called to inform security-manager about adding new user.


int security_manager_user_delete ( const user_req * p_req )

This function should be called to inform security-manager about removing a user.

Functions

int security_manager_user_req_new ( user_req **pp_req )

This function is responsible for initialization of user_req data structure.

It uses dynamic allocation inside and user responsibility is to call security_manager_user_req_free() for freeing allocated resources.

Arguments:
[in] - pp_req Address of pointer for handle user_req structure
Returned: API return code or error code

void security_manager_user_req_free ( user_req * p_req )

This function is used to free resources allocated by security_manager_user_req_new()

Arguments:
[in] - p_req Pointer handling allocated user_req structure

int security_manager_user_req_set_uid ( user_req * p_req , uid_t uid )

This function is used to set up user identifier in user_req structure.

Arguments:
p_req Structure containing user data filled during this function call
uid User identifier to be set
Returned: API return code or error code

int security_manager_user_req_set_user_type ( user_req * p_req , security_manager_user_type utype )

This function is used to set up user type in user_req structure.

Arguments:
p_req Structure containing user data filled during this function call
utype User type to be set
Returned: API return code or error code

int security_manager_user_add ( const user_req * p_req )

This function should be called to inform security-manager about adding new user.

This function succeeds only when is called by privileged user. Otherwise it just returns SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED and does nothing.

Required privileges:

It adds all required privileges to a newly created user. User data are passed through pointer 'p_req'.

Arguments:
p_req Structure containing user data filled before calling this uid and user type needs to be filled in p_req structure, otherwise SECURITY_MANAGER_ERROR_INPUT_PARAM will be returned.
Returned: API return code or error code.

int security_manager_user_delete ( const user_req * p_req )

This function should be called to inform security-manager about removing a user.

This function succeeds only when is called by privileged user. Otherwise it just returns SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED and does nothing.

Required privileges:

It removes all privileges granted to a user that has been granted previously by security_manager_user_add.

Arguments:
p_req Structure containing user data filled before calling this. uid of user needs to be filled in p_req structure, otherwise SECURITY_MANAGER_ERROR_INPUT_PARAM will be returned.
Returned: API return code or error code