Security/Tizen 4.X Security Manager/API

From Tizen Wiki
Jump to: navigation, search


This page was generated automatically. Do not edit by hand.

Contents

File app-manager.h

Functions (brief)

int security_manager_app_inst_req_new (app_inst_req **pp_req)

This function is responsible for initialize app_inst_req data structure It uses dynamic allocation inside and user responsibility is to call app_inst_req_free() for freeing allocated resources.


void security_manager_app_inst_req_free (app_inst_req *p_req)

This function is used to free resources allocated by calling app_inst_req_new()


int security_manager_app_inst_req_set_target_version (app_inst_req *p_req, const char *tizen_ver)

This function is used to set up target Tizen API version for app in app_inst_req structure.


int security_manager_app_inst_req_set_app_id (app_inst_req *p_req, const char *app_id)

This function is used to set up application identifier in app_inst_req structure.


int security_manager_app_inst_req_set_pkg_id (app_inst_req *p_req, const char *pkg_id)

This function is used to set up package identifier in app_inst_req structure.


int security_manager_app_inst_req_add_privilege (app_inst_req *p_req, const char *privilege)

This function is used to add privilege to app_inst_req structure, it can be called multiple times.


int security_manager_app_inst_req_add_client_privilege (app_inst_req *p_req, const char *privilege, const char *license)

This function is used to add privilege and license to app_inst_req structure, it can be called multiple times.


int security_manager_app_inst_req_add_app_defined_privilege (app_inst_req *p_req, const char *app_defined_privilege, const app_defined_privilege_type type, const char *license)

This function is used to add privilege and license defined by application to app_inst_req structure, it can be called multiple times.


int security_manager_app_inst_req_add_path (app_inst_req *p_req, const char *path, const int path_type) __attribute__((deprecated("Use security_manager_path_req_add_path() instead")))

This function is used to add application path to app_inst_req structure, it can be called multiple times.


int security_manager_app_inst_req_set_uid (app_inst_req *p_req, const uid_t uid)

This function is used to set up user identifier in app_inst_req structure.


int security_manager_app_inst_req_set_author_id (app_inst_req *p_req, const char *author_id)

This function is used to set up author identifier in app_inst_req structure.


int security_manager_app_inst_req_set_install_type (app_inst_req *p_req, const enum app_install_type type)

This function is used to set up installation type (global, local, preloaded).


int security_manager_app_inst_req_set_hybrid (app_inst_req *p_req)

This function is used to flag package as hybrid.


int security_manager_app_install (const app_inst_req *p_req)

This function is used to install application based on using filled up app_inst_req data structure.


int security_manager_app_uninstall (const app_inst_req *p_req)

This function is used to uninstall application based on using filled up app_inst_req data structure.


int security_manager_path_req_new (path_req **pp_req)

This function is responsible for initialize path_req data structure.


void security_manager_path_req_free (path_req *p_req)

This function is used to free resources allocated by calling security_manager_path_req_new().


int security_manager_path_req_set_pkg_id (path_req *p_req, const char *pkg_id)

This function is used to set up package identifier in path_req structure.


int security_manager_path_req_set_install_type (path_req *p_req, const enum app_install_type type)

This function is used to set up installation type (global, local, preloaded).


int security_manager_path_req_add_path (path_req *p_req, const char *path, const int path_type)

This function is used to add a package path to path_req structure.


int security_manager_path_req_set_uid (path_req *p_req, const uid_t uid)

This function is used to set up user identifier in path_req structure.


int security_manager_paths_register (const path_req *p_req)

This function is used to register a set of paths for given package using filled up path_req data structure.

Functions

int security_manager_app_inst_req_new(app_inst_req ** pp_req)

This function is responsible for initialize app_inst_req data structure It uses dynamic allocation inside and user responsibility is to call app_inst_req_free() for freeing allocated resources.

Arguments:
[in] - pp_req Address of pointer for handle app_inst_req structure
Returns: API return code or error code


void security_manager_app_inst_req_free(app_inst_req * p_req)

This function is used to free resources allocated by calling app_inst_req_new()

Arguments:
[in] - p_req Pointer handling allocated app_inst_req structure
Returns:


int security_manager_app_inst_req_set_target_version(app_inst_req * p_req, const char * tizen_ver)

This function is used to set up target Tizen API version for app in app_inst_req structure.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - tizen_ver Target Tizen version
Returns: API return code or error code


int security_manager_app_inst_req_set_app_id(app_inst_req * p_req, const char * app_id)

This function is used to set up application identifier in app_inst_req structure.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - app_id Application identifier
Returns: API return code or error code


int security_manager_app_inst_req_set_pkg_id(app_inst_req * p_req, const char * pkg_id)

This function is used to set up package identifier in app_inst_req structure.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - pkg_id Package identifier
Returns: API return code or error code


int security_manager_app_inst_req_add_privilege(app_inst_req * p_req, const char * privilege)

This function is used to add privilege to app_inst_req structure, it can be called multiple times.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - privilege Application privilege
Returns: API return code or error code


int security_manager_app_inst_req_add_client_privilege(app_inst_req * p_req, const char * privilege, const char * license)

This function is used to add privilege and license to app_inst_req structure, it can be called multiple times.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - privilege Application privilege
[in] - license Requirements for license-manager. For privileges provided by Tizen system and for SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED this parameter must be NULL. For type SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSE this parameter may contain path to document with license that will be used during verification process. File or directory with file must be marked as SECURITY_MANAGER_PATH_RO.
Returns: API return code or error code


int security_manager_app_inst_req_add_app_defined_privilege(app_inst_req * p_req, const char * app_defined_privilege, const app_defined_privilege_type type, const char * license)

This function is used to add privilege and license defined by application to app_inst_req structure, it can be called multiple times.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - app_defined_privilege Privilege defined by application
[in] - type Privilege type
[in] - license Requirements for license-manager. For type SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED this parameter must be NULL. For type SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSE this parameter may contain path to license that will be used during varification process. File or directory with file must be marked as SECURITY_MANAGER_PATH_RO.
Returns: API return code or error code


int security_manager_app_inst_req_add_path(app_inst_req * p_req, const char * path, const int path_type)

This function is used to add application path to app_inst_req structure, it can be called multiple times.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - path Application path
[in] - path_type Application path type
Returns: API return code or error code


int security_manager_app_inst_req_set_uid(app_inst_req * p_req, const uid_t uid)

This function is used to set up user identifier in app_inst_req structure.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - uid User identifier (UID)
Returns: API return code or error code


int security_manager_app_inst_req_set_author_id(app_inst_req * p_req, const char * author_id)

This function is used to set up author identifier in app_inst_req structure.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - author_id Author's identifier
Returns: API return code or error code


int security_manager_app_inst_req_set_install_type(app_inst_req * p_req, const enum app_install_type type)

This function is used to set up installation type (global, local, preloaded).

Arguments:
[in] - p_req Pointer handling app_inst_req structure
[in] - type Installation type
Returns: API return code or error code


int security_manager_app_inst_req_set_hybrid(app_inst_req * p_req)

This function is used to flag package as hybrid.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
Returns: API return code or error code


int security_manager_app_install(const app_inst_req * p_req)

This function is used to install application based on using filled up app_inst_req data structure.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
Returns: API return code or error code: it would be

SECURITY_MANAGER_SUCCESS on success,SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED when user does not have rights to install requested directories,SECURITY_MANAGER_ERROR_UNKNOWN on other errors.


int security_manager_app_uninstall(const app_inst_req * p_req)

This function is used to uninstall application based on using filled up app_inst_req data structure.

Arguments:
[in] - p_req Pointer handling app_inst_req structure
Returns: API return code or error code


int security_manager_path_req_new(path_req ** pp_req)

This function is responsible for initialize path_req data structure.

Arguments:
[in] - pp_req Address of pointer for handle path_req structure
Returns: API return code or error code


void security_manager_path_req_free(path_req * p_req)

This function is used to free resources allocated by calling security_manager_path_req_new().

Arguments:
[in] - p_req Pointer handling allocated path_req structure
Returns:


int security_manager_path_req_set_pkg_id(path_req * p_req, const char * pkg_id)

This function is used to set up package identifier in path_req structure.

Arguments:
[in] - p_req Pointer handling path_req structure
[in] - pkg_id Package identifier
Returns: API return code or error code


int security_manager_path_req_set_install_type(path_req * p_req, const enum app_install_type type)

This function is used to set up installation type (global, local, preloaded).

Arguments:
[in] - p_req Pointer handling path_req structure
[in] - type Installation type
Returns: API return code or error code


int security_manager_path_req_add_path(path_req * p_req, const char * path, const int path_type)

This function is used to add a package path to path_req structure.

Arguments:
[in] - p_req Pointer handling path_req structure
[in] - path Package path
[in] - path_type Package path type
Returns: API return code or error code


int security_manager_path_req_set_uid(path_req * p_req, const uid_t uid)

This function is used to set up user identifier in path_req structure.

Arguments:
[in] - p_req Pointer handling path_req structure
[in] - uid User identifier (UID)
Returns: API return code or error code


int security_manager_paths_register(const path_req * p_req)

This function is used to register a set of paths for given package using filled up path_req data structure.

Arguments:
[in] - p_req Pointer handling path_req structure
Returns: API return code or error code: it would be

SECURITY_MANAGER_SUCCESS on success,SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED when user does not have rights to install requested directories,SECURITY_MANAGER_ERROR_UNKNOWN on other errors.


File app-runtime.h

Functions (brief)

int security_manager_get_app_pkgid (char **pkg_id, const char *app_id)

Get package id of a given application.


int security_manager_set_process_label_from_appid (const char *app_id)

Compute smack label for given application id and set it for currently running process.


int security_manager_set_process_groups_from_appid (const char *app_id)

For given app_id and current user, calculate allowed privileges that give direct access to file system resources.


int security_manager_drop_process_privileges (void)

The above launcher functions, manipulating process Smack label and group, require elevated privileges.


int security_manager_prepare_app (const char *app_id)

A convenience function for launchers for preparing security context for an application process.


int security_manager_groups_get (char ***groups, size_t *groups_count)

This function returns array of groups bound to privileges of file resources.


int security_manager_groups_get_for_user (uid_t uid, char ***groups, size_t *groups_count)

This function returns array of groups bound to privileges, the process run by particular user should get.


void security_manager_groups_free (char **groups, size_t groups_count)

This function frees memory allocated by security_manager_groups_get() function.


int security_manager_identify_app_from_socket (int sockfd, char **pkg_id, char **app_id)

Get package and application id of an application with given socket descriptor.


int security_manager_identify_app_from_pid (pid_t pid, char **pkg_id, char **app_id)

Get package and application id of an application with given process identifier.


int security_manager_identify_app_from_cynara_client (const char *client, char **pkg_id, char **app_id)

Get package and application id of an application with given process Cynara client identifier.


int security_manager_app_has_privilege (const char *app_id, const char *privilege, uid_t uid, int *result)

Check whether an application would have access to a privilege.


int security_manager_shm_open (const char *name, int oflag, mode_t mode, const char *app_id)

This function creates descriptor that may be used as shared memory segment with app_id application.


int security_manager_get_app_defined_privilege_provider (const char *privilege, uid_t uid, char **pkg_id, char **app_id)

Get package id and application id of an application which provides privilege.


int security_manager_get_app_defined_privilege_license (const char *privilege, uid_t uid, char **license)

Get license of an application which provides privilege.


int security_manager_get_client_privilege_license (const char *privilege, const char *pkg_id, const char *app_id, uid_t uid, char **license)

Extract license from application that requested access to privilege.

Functions

int security_manager_get_app_pkgid(char ** pkg_id, const char * app_id)

Get package id of a given application.

Arguments:
[out] - pkg_id Pointer to package identifier string
[in] - app_id Application identifier
Returns: API return code or error code


int security_manager_set_process_label_from_appid(const char * app_id)

Compute smack label for given application id and set it for currently running process.

Arguments:
[in] - app_id Application identifier
Returns: API return code or error code


int security_manager_set_process_groups_from_appid(const char * app_id)

For given app_id and current user, calculate allowed privileges that give direct access to file system resources.

Arguments:
[in] - app_id Application identifier
Returns: API return code or error code


int security_manager_drop_process_privileges(void )

The above launcher functions, manipulating process Smack label and group, require elevated privileges.

Arguments:
Returns: API return code or error code


int security_manager_prepare_app(const char * app_id)

A convenience function for launchers for preparing security context for an application process.

Arguments:
[in] - app_id Application identifier
Returns: API return code or error code


int security_manager_groups_get(char *** groups, size_t * groups_count)

This function returns array of groups bound to privileges of file resources.

Arguments:
[out] - groups pointer to array of strings.
[out] - groups_count number of strings in levels array.
Returns: API return code or error code.


int security_manager_groups_get_for_user(uid_t uid, char *** groups, size_t * groups_count)

This function returns array of groups bound to privileges, the process run by particular user should get.

Arguments:
[in] - uid uid for user running the process
[out] - groups pointer to array of group names
[out] - groups_count number of strings in levels array
Returns: API return code or error code.


void security_manager_groups_free(char ** groups, size_t groups_count)

This function frees memory allocated by security_manager_groups_get() function.

Arguments:
[in] - groups array of strings returned by security_manager_groups_get() function.
[in] - groups_count size of the groups array
Returns:


int security_manager_identify_app_from_socket(int sockfd, char ** pkg_id, char ** app_id)

Get package and application id of an application with given socket descriptor.

Arguments:
[in] - sockfd Socket descriptor of wanted application
[out] - pkg_id Package id of the application
[out] - app_id Application id of the application
Returns: For non hybrid applications only package id can be returned


int security_manager_identify_app_from_pid(pid_t pid, char ** pkg_id, char ** app_id)

Get package and application id of an application with given process identifier.

Arguments:
[in] - pid Process identifier of wanted application
[out] - pkg_id Package id of the application
[out] - app_id Application id of the application
Returns: Caller must be able to access and read file /proc/PID/atrr/current where PID is the given process identifier.


int security_manager_identify_app_from_cynara_client(const char * client, char ** pkg_id, char ** app_id)

Get package and application id of an application with given process Cynara client identifier.

Arguments:
[in] - client Application Cynara client identifier
[out] - pkg_id Package id of the application
[out] - app_id Application id of the application
Returns: For non hybrid applications only package id can be returned


int security_manager_app_has_privilege(const char * app_id, const char * privilege, uid_t uid, int * result)

Check whether an application would have access to a privilege.

Arguments:
[in] - app_id Application identifier
[in] - privilege Privilege name
[in] - uid User identifier
[out] - result Placeholder for result
Returns: API return code or error code


int security_manager_shm_open(const char * name, int oflag, mode_t mode, const char * app_id)

This function creates descriptor that may be used as shared memory segment with app_id application.

Arguments:
[in] - name This value is passed to shm_open as first parameter (man 3 shm_open for details)
[in] - oflag This value is passed to shm_open as second parameter (man 3 shm_open for details)
[in] - mode This value is passed to shm_open as third parameter (man 3 shm_open for details)
[in] - app_id Identifier of application that will gain access to shared memory segment
Returns: file descriptor or -1 on error. If -1 is returned then errno will be set. Errno == ECONNABORTED means that the security-manager server failed and did not return any information about error.


int security_manager_get_app_defined_privilege_provider(const char * privilege, uid_t uid, char ** pkg_id, char ** app_id)

Get package id and application id of an application which provides privilege.

Arguments:
[in] - privilege Privilege name
[in] - uid User identifier
[out] - pkg_id Package id of the provider application
[out] - app_id Application id of the provider application
Returns: API return code or error code


int security_manager_get_app_defined_privilege_license(const char * privilege, uid_t uid, char ** license)

Get license of an application which provides privilege.

Arguments:
[in] - privilege Privilege name
[in] - uid User identifier
[out] - license Data used to verify if client may use this privilege. If privilege type is SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED this value will be set to NULL.
Returns: API return code or error code


int security_manager_get_client_privilege_license(const char * privilege, const char * pkg_id, const char * app_id, uid_t uid, char ** license)

Extract license from application that requested access to privilege.

Arguments:
[in] - privilege Privilege name
[in] - pkg_id Package Id of application that request of license.
[in] - app_id Id of application that request access to privilege (null for non-hybrid application).
[in] - uid User identifier
[out] - license Data that will be used to verify access to privilege. If privilege type is SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED this value will be set to NULL.
Returns: API return code or error code


File app-sharing.h

Functions (brief)

int security_manager_private_sharing_req_new (private_sharing_req **pp_req)

This function is responsible for initialize private_sharing_req data structure It uses dynamic allocation inside and user responsibility is to call private_sharing_req_free() for freeing allocated resources.


void security_manager_private_sharing_req_free (private_sharing_req *p_req)

This function is used to free resources allocated by calling private_sharing_req_new()


int security_manager_private_sharing_req_set_owner_appid (private_sharing_req *p_req, const char *app_id)

This function is used to set up package identifier of paths owner application in private_sharing_req structure.


int security_manager_private_sharing_req_set_target_appid (private_sharing_req *p_req, const char *app_id)

This function is used to set up package identifier of sharing target application in private_sharing_req structure.


int security_manager_private_sharing_req_add_paths (private_sharing_req *p_req, const char **pp_paths, size_t path_count)

This function is used to add path list to be shared in private_sharing_req structure.


int security_manager_private_sharing_apply (const private_sharing_req *p_req)

This function is used to apply private sharing based on given private_sharing_req.


int security_manager_private_sharing_drop (const private_sharing_req *p_req)

This function is used to drop private sharing based on given private_sharing_req.

Functions

int security_manager_private_sharing_req_new(private_sharing_req ** pp_req)

This function is responsible for initialize private_sharing_req data structure It uses dynamic allocation inside and user responsibility is to call private_sharing_req_free() for freeing allocated resources.

Arguments:
[out] - pp_req Address of pointer for handle private_sharing_req structure
Returns: API return code or error code


void security_manager_private_sharing_req_free(private_sharing_req * p_req)

This function is used to free resources allocated by calling private_sharing_req_new()

Arguments:
[in] - p_req Pointer handling allocated app_inst_req structure
Returns:


int security_manager_private_sharing_req_set_owner_appid(private_sharing_req * p_req, const char * app_id)

This function is used to set up package identifier of paths owner application in private_sharing_req structure.

Arguments:
[in] - p_req Pointer handling private_sharing_req structure
[in] - app_id Application identifier
Returns: API return code or error code: it would be

SECURITY_MANAGER_SUCCESS on success,SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE when either owner app_id, target app_id or paths are not set,SECURITY_MANAGER_ERROR_UNKNOWN on other errors.


int security_manager_private_sharing_req_set_target_appid(private_sharing_req * p_req, const char * app_id)

This function is used to set up package identifier of sharing target application in private_sharing_req structure.

Arguments:
[in] - p_req Pointer handling private_sharing_req structure
[in] - app_id Application identifier
Returns: API return code or error code


int security_manager_private_sharing_req_add_paths(private_sharing_req * p_req, const char ** pp_paths, size_t path_count)

This function is used to add path list to be shared in private_sharing_req structure.

Arguments:
[in] - p_req Pointer handling private_sharing_req structure
[in] - pp_paths Path list
[in] - path_count Path count
Returns: API return code or error code


int security_manager_private_sharing_apply(const private_sharing_req * p_req)

This function is used to apply private sharing based on given private_sharing_req.

Arguments:
[in] - p_req Pointer handling private_sharing_req structure
Returns: API return code or error code: it would be

SECURITY_MANAGER_SUCCESS on success,SECURITY_MANAGER_ERROR_INPUT_PARAM when either owner app_id, target app_id or paths are not set,SECURITY_MANAGER_ERROR_UNKNOWN on other errors.


int security_manager_private_sharing_drop(const private_sharing_req * p_req)

This function is used to drop private sharing based on given private_sharing_req.

Arguments:
[in] - p_req Pointer handling private_sharing_req structure
Returns: API return code or error code: it would be

SECURITY_MANAGER_SUCCESS on success,SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE when either owner app_id, target app_id or paths are not set,SECURITY_MANAGER_ERROR_UNKNOWN on other errors.

File label-monitor.h

Typedefs

typedef struct app_labels_monitor app_labels_monitor

Functions (brief)

int security_manager_app_labels_monitor_init (app_labels_monitor **monitor)

Initialize applications' labels monitor The monitor is intended for watching for changes to the list of labels assigned to currently installed applications.


void security_manager_app_labels_monitor_finish (app_labels_monitor *monitor)

De-initialize applications' labels monitor Frees all resources previously allocated by security_manager_app_labels_monitor_init.


int security_manager_app_labels_monitor_get_fd (app_labels_monitor const *monitor, int *fd)

Retrieve file descriptor for waiting on applications' labels monitor The file descriptor should be put to a select-like waiting loop.


int security_manager_app_labels_monitor_process (app_labels_monitor *monitor)

Apply new list of applications' labels to Smack relabel-list of the current process This will give permission to the current process to change its Smack label to one of application labels, even after it drops CAP_MAC_ADMIN capability.

Functions

int security_manager_app_labels_monitor_init(app_labels_monitor ** monitor)

Initialize applications' labels monitor The monitor is intended for watching for changes to the list of labels assigned to currently installed applications.

Arguments:
[out] - monitor pointer to the resulting applications' label monitor
Returns: SECURITY_MANAGER_SUCCESS on success or error code on failure


void security_manager_app_labels_monitor_finish(app_labels_monitor * monitor)

De-initialize applications' labels monitor Frees all resources previously allocated by security_manager_app_labels_monitor_init.

Arguments:
[in] - monitor an initialized applications' label monitor
Returns: SECURITY_MANAGER_SUCCESS on success or error code on failure


int security_manager_app_labels_monitor_get_fd(app_labels_monitor const * monitor, int * fd)

Retrieve file descriptor for waiting on applications' labels monitor The file descriptor should be put to a select-like waiting loop.

Arguments:
[in] - monitor an initialized applications' label monitor
[out] - fd pointer to the resulting file descriptor
Returns: SECURITY_MANAGER_SUCCESS on success or error code on failure


int security_manager_app_labels_monitor_process(app_labels_monitor * monitor)

Apply new list of applications' labels to Smack relabel-list of the current process This will give permission to the current process to change its Smack label to one of application labels, even after it drops CAP_MAC_ADMIN capability.

Arguments:
[in] - monitor an initialized applications' label monitor
Returns: SECURITY_MANAGER_SUCCESS on success or error code on failure

File policy-manager.h

Functions (brief)

int security_manager_policy_update_req_new (policy_update_req **pp_req)

This function is responsible for initializing policy_update_req data structure.


void security_manager_policy_update_req_free (policy_update_req *p_req)

This function is used to free resources allocated by calling policy_update_req_new().


int security_manager_policy_entry_new (policy_entry **pp_entry)

This function is responsible for initializing policy_entry data structure.


void security_manager_policy_entry_free (policy_entry *p_entry)

This function is used to free resources allocated by calling policy_entry_req_new().


int security_manager_policy_entry_set_application (policy_entry *p_entry, const char *app_id)

This function is used to set up application identifier in p_entry structure.


int security_manager_policy_entry_set_user (policy_entry *p_entry, const char *user_id)

This function is used to set up user identifier in p_entry structure Calling this function may be omitted if user wants to set policies for himself.


int security_manager_policy_entry_set_privilege (policy_entry *p_entry, const char *privilege)

This function is used to set up privilege in p_entry structure.


int security_manager_policy_entry_set_level (policy_entry *p_entry, const char *policy_level)

This function is used to set up privilege level in p_entry structure.


int security_manager_policy_entry_admin_set_level (policy_entry *p_entry, const char *policy_level)

This function is used to set up privilege level for admin policy entries in p_entry structure.


int security_manager_policy_update_req_add_entry (policy_update_req *p_req, const policy_entry *p_entry)

This function is used to add policy entry to policy update request.


const char * security_manager_policy_entry_get_user (policy_entry *p_entry)

This function is used to obtain user ID from p_entry structure.


const char * security_manager_policy_entry_get_application (policy_entry *p_entry)

This function is used to obtain application name from p_entry structure.


const char * security_manager_policy_entry_get_privilege (policy_entry *p_entry)

This function is used to obtain privilege name from p_entry structure.


const char * security_manager_policy_entry_get_level (policy_entry *p_entry)

This function is used to obtain current policy level from p_entry structure.


const char * security_manager_policy_entry_get_max_level (policy_entry *p_entry)

This function is used to obtain maximal policy level from p_entry structure.


int security_manager_policy_update_send (policy_update_req *p_req)

This function is used to send the prepared policy update request using privacy manager entry point.


int security_manager_get_configured_policy_for_admin (policy_entry *p_filter, policy_entry ***ppp_privs_policy, size_t *p_size)

Function fetches all privileges enforced by admin user.


int security_manager_get_configured_policy_for_self (policy_entry *p_filter, policy_entry ***ppp_privs_policy, size_t *p_size)

Function fetches all privileges that are configured by user in his/her privacy manager.


int security_manager_get_policy (policy_entry *p_filter, policy_entry ***ppp_privs_policy, size_t *p_size)

Function gets the whole policy for all users, their applications and privileges based on the provided filter.


void security_manager_policy_entries_free (policy_entry *p_entries, const size_t size)

This function is used to free resources allocated in policy_entry structures array.


int security_manager_policy_levels_get (char ***levels, size_t *levels_count)

This function returns array of available policy levels in form of simple text descriptions.


void security_manager_policy_levels_free (char **levels, size_t levels_count)

This function free memory allocated by security_manager_policy_levels_get() function.

Functions

int security_manager_policy_update_req_new(policy_update_req ** pp_req)

This function is responsible for initializing policy_update_req data structure.

Arguments:
[out] - pp_req Address of pointer for handle policy_update_req structure
Returns: API return code or error code


void security_manager_policy_update_req_free(policy_update_req * p_req)

This function is used to free resources allocated by calling policy_update_req_new().

Arguments:
[in] - p_req Pointer handling allocated policy_update_req structure
Returns:


int security_manager_policy_entry_new(policy_entry ** pp_entry)

This function is responsible for initializing policy_entry data structure.

Arguments:
[out] - pp_entry Address of pointer for handle policy_entry structure
Returns: application and privilege fields default to SECURITY_MANAGER_ANY wildcard, user field defaults to calling user's UID, whereas the current and max level values, default to empty string "".


void security_manager_policy_entry_free(policy_entry * p_entry)

This function is used to free resources allocated by calling policy_entry_req_new().

Arguments:
[in] - p_entry Pointer handling allocated policy_entry structure
Returns:


int security_manager_policy_entry_set_application(policy_entry * p_entry, const char * app_id)

This function is used to set up application identifier in p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
[in] - app_id Application identifier to be set
Returns: API return code or error code


int security_manager_policy_entry_set_user(policy_entry * p_entry, const char * user_id)

This function is used to set up user identifier in p_entry structure Calling this function may be omitted if user wants to set policies for himself.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
[in] - user_id User identifier to be set
Returns: API return code or error code


int security_manager_policy_entry_set_privilege(policy_entry * p_entry, const char * privilege)

This function is used to set up privilege in p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
[in] - privilege Privilege to be set
Returns: API return code or error code


int security_manager_policy_entry_set_level(policy_entry * p_entry, const char * policy_level)

This function is used to set up privilege level in p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
[in] - policy_level Policy level to be set. The level of privilege may be one of strings returned by security_manager_policy_levels_get. If it is not, then error code SECURITY_MANAGER_ERROR_INPUT_PARAM is returned. Two predefined values are always valid here:
Returns: API return code or error code


int security_manager_policy_entry_admin_set_level(policy_entry * p_entry, const char * policy_level)

This function is used to set up privilege level for admin policy entries in p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
[in] - policy_level Policy level to be set. This may be one of strings returned by security_manager_policy_levels_get. If it is not, then error code is returned (SECURITY_MANAGER_ERROR_INPUT_PARAM). Two predefined values are always valid here:
Returns: API return code or error code


int security_manager_policy_update_req_add_entry(policy_update_req * p_req, const policy_entry * p_entry)

This function is used to add policy entry to policy update request.

Arguments:
[in] - p_req Pointer handling allocated policy_update_req structure
[in] - p_entry Pointer handling policy_entry structure
Returns: API return code or error code


const char * security_manager_policy_entry_get_user(policy_entry * p_entry)

This function is used to obtain user ID from p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
Returns: Warning: returned pointer to user ID is valid as long as p_entry is valid.


const char * security_manager_policy_entry_get_application(policy_entry * p_entry)

This function is used to obtain application name from p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
Returns: Warning: returned pointer to application name is valid as long as p_entry is valid.


const char * security_manager_policy_entry_get_privilege(policy_entry * p_entry)

This function is used to obtain privilege name from p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
Returns: Warning: returned pointer to privilege name is valid as long as p_entry is valid.


const char * security_manager_policy_entry_get_level(policy_entry * p_entry)

This function is used to obtain current policy level from p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure
Returns: Warning: returned pointer to policy level is valid as long as p_entry is valid.


const char * security_manager_policy_entry_get_max_level(policy_entry * p_entry)

This function is used to obtain maximal policy level from p_entry structure.

Arguments:
[in] - p_entry Pointer handling policy_entry structure.
Returns: Warning: returned pointer to maximal policy level is valid as long as p_entry is valid.


int security_manager_policy_update_send(policy_update_req * p_req)

This function is used to send the prepared policy update request using privacy manager entry point.

Arguments:
[in] - p_req Pointer handling allocated policy_update_req structure
Returns: 1. If user field in policy_entry is empty, then uid of the calling user is assumed

If privilege or app field in policy_entry is empty, then SECURITY_MANAGER_API_BAD_REQUEST is returnedFor user's personal policy: wildcards usage in application or privilege field of policy_entry is not allowed


int security_manager_get_configured_policy_for_admin(policy_entry * p_filter, policy_entry *** ppp_privs_policy, size_t * p_size)

Function fetches all privileges enforced by admin user.

Arguments:
[in] - p_filter Pointer to filter struct
[out] - ppp_privs_policy Pointer handling allocated policy_entry structures array
[out] - p_size Pointer where the size of allocated array will be stored
Returns: Developer is responsible for calling security_manager_policy_entries_free() for freeing allocated resources.


int security_manager_get_configured_policy_for_self(policy_entry * p_filter, policy_entry *** ppp_privs_policy, size_t * p_size)

Function fetches all privileges that are configured by user in his/her privacy manager.

Arguments:
[in] - p_filter Pointer to filter struct
[out] - ppp_privs_policy Pointer handling allocated policy_entry structures array
[out] - p_size Pointer where the size of allocated array will be stored
Returns: Developer is responsible for calling security_manager_policy_entries_free() for freeing allocated resources.


int security_manager_get_policy(policy_entry * p_filter, policy_entry *** ppp_privs_policy, size_t * p_size)

Function gets the whole policy for all users, their applications and privileges based on the provided filter.

Arguments:
[in] - p_filter Pointer to filter struct
[out] - ppp_privs_policy Pointer handling allocated policy_entry structures array
[out] - p_size Pointer where the size of allocated array will be stored
Returns: Developer is responsible for calling security_manager_policy_entries_free() for freeing allocated resources.


void security_manager_policy_entries_free(policy_entry * p_entries, const size_t size)

This function is used to free resources allocated in policy_entry structures array.

Arguments:
[in] - p_entries Pointer handling allocated policy status array
[in] - size Size of the array
Returns:


int security_manager_policy_levels_get(char *** levels, size_t * levels_count)

This function returns array of available policy levels in form of simple text descriptions.

Arguments:
levels Pointer to array of strings
levels_count Number of strings in levels array
Returns: API return code or error code.


void security_manager_policy_levels_free(char ** levels, size_t levels_count)

This function free memory allocated by security_manager_policy_levels_get() function.

Arguments:
levels Array of strings returned by security_manager_policy_levels_get() function.
levels_count Number of strings in levels array
Returns: API return code or error code.


File security-manager.h

Functions (brief)

const char * security_manager_strerror (enum lib_retcode rc)

This function translates lib_retcode error codes to strings describing errors.

Functions

const char * security_manager_strerror(enum lib_retcode rc)

This function translates lib_retcode error codes to strings describing errors.

Arguments:
[in] - rc error code of lib_retcode type
Returns: string describing error for error code

File security-manager-types.h

Defines

#define SECURITY_MANAGER_ANY "#"

wildcard to be used in requests to match all possible values of given field. Use it, for example when it is desired to list or apply policy change for all users or all apps for selected user.


#define SECURITY_MANAGER_DELETE "DELETE"

value denoting delete operation on specific policy. It can only be used in update policy operation, passed to either security_manager_policy_entry_admin_set_level or security_manager_policy_entry_set_level.

Enumerations

lib_retcode

return code of API functions

  • SECURITY_MANAGER_SUCCESS
  • SECURITY_MANAGER_ERROR_UNKNOWN
  • SECURITY_MANAGER_ERROR_INPUT_PARAM
  • SECURITY_MANAGER_ERROR_MEMORY
  • SECURITY_MANAGER_ERROR_REQ_NOT_COMPLETE
  • SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED
  • SECURITY_MANAGER_ERROR_ACCESS_DENIED
  • SECURITY_MANAGER_ERROR_NO_SUCH_OBJECT
  • SECURITY_MANAGER_ERROR_APP_UNKNOWN
  • SECURITY_MANAGER_ERROR_APP_NOT_PATH_OWNER
  • SECURITY_MANAGER_ERROR_SOCKET
  • SECURITY_MANAGER_ERROR_BAD_REQUEST
  • SECURITY_MANAGER_ERROR_NO_SUCH_SERVICE
  • SECURITY_MANAGER_ERROR_SERVER_ERROR
  • SECURITY_MANAGER_ERROR_SETTING_FILE_LABEL_FAILED
  • SECURITY_MANAGER_ERROR_WATCH_ADD_TO_FILE_FAILED
  • SECURITY_MANAGER_ERROR_FILE_OPEN_FAILED
  • SECURITY_MANAGER_ERROR_SET_RELABEL_SELF_FAILED
  • SECURITY_MANAGER_ERROR_NOT_INITIALIZED
  • SECURITY_MANAGER_ERROR_FILE_CREATE_FAILED
  • SECURITY_MANAGER_ERROR_FILE_DELETE_FAILED

app_install_path_type

accesses types for application installation paths

  • SECURITY_MANAGER_PATH_PUBLIC_RO

RO access for all applications.

  • SECURITY_MANAGER_PATH_RW

RW access for given application package.

  • SECURITY_MANAGER_PATH_RO

RO access for given application package.

  • SECURITY_MANAGER_PATH_OWNER_RW_OTHER_RO

RW access for the owner, RO for other applications.

  • SECURITY_MANAGER_PATH_TRUSTED_RW

RW access for application packages coming from the same author.

  • SECURITY_MANAGER_ENUM_END

this is only for range limit


app_install_type

  • SM_APP_INSTALL_NONE
  • SM_APP_INSTALL_LOCAL
  • SM_APP_INSTALL_GLOBAL
  • SM_APP_INSTALL_PRELOADED
  • SM_APP_INSTALL_END

security_manager_user_type

This enum has values equivalent to gumd user type.

  • SM_USER_TYPE_NONE
  • SM_USER_TYPE_ANY
  • SM_USER_TYPE_SYSTEM
  • SM_USER_TYPE_ADMIN
  • SM_USER_TYPE_GUEST
  • SM_USER_TYPE_NORMAL
  • SM_USER_TYPE_SECURITY

app_defined_privilege_type

app defined privileges types

  • SM_APP_DEFINED_PRIVILEGE_TYPE_UNTRUSTED
  • SM_APP_DEFINED_PRIVILEGE_TYPE_LICENSED


Typedefs

typedef enum app_install_type app_install_type
typedef enum security_manager_user_type security_manager_user_type
typedef enum app_defined_privilege_type app_defined_privilege_type
typedef struct app_inst_req app_inst_req
typedef struct user_req user_req
typedef struct policy_update_req policy_update_req
typedef struct policy_entry policy_entry
typedef struct private_sharing_req private_sharing_req
typedef struct path_req path_req
typedef struct app_labels_monitor app_labels_monitor

File user-manager.h

Functions (brief)

int security_manager_user_req_new (user_req **pp_req)

This function is responsible for initialization of user_req data structure.


void security_manager_user_req_free (user_req *p_req)

This function is used to free resources allocated by security_manager_user_req_new()


int security_manager_user_req_set_uid (user_req *p_req, uid_t uid)

This function is used to set up user identifier in user_req structure.


int security_manager_user_req_set_user_type (user_req *p_req, security_manager_user_type utype)

This function is used to set up user type in user_req structure.


int security_manager_user_add (const user_req *p_req)

This function should be called to inform security-manager about adding new user.


int security_manager_user_delete (const user_req *p_req)

This function should be called to inform security-manager about removing a user.

Functions

int security_manager_user_req_new(user_req ** pp_req)

This function is responsible for initialization of user_req data structure.

Arguments:
[in] - pp_req Address of pointer for handle user_req structure
Returns: API return code or error code


void security_manager_user_req_free(user_req * p_req)

This function is used to free resources allocated by security_manager_user_req_new()

Arguments:
[in] - p_req Pointer handling allocated user_req structure
Returns:


int security_manager_user_req_set_uid(user_req * p_req, uid_t uid)

This function is used to set up user identifier in user_req structure.

Arguments:
p_req Structure containing user data filled during this function call
uid User identifier to be set
Returns: API return code or error code


int security_manager_user_req_set_user_type(user_req * p_req, security_manager_user_type utype)

This function is used to set up user type in user_req structure.

Arguments:
p_req Structure containing user data filled during this function call
utype User type to be set
Returns: API return code or error code


int security_manager_user_add(const user_req * p_req)

This function should be called to inform security-manager about adding new user.

Arguments:
p_req Structure containing user data filled before calling this uid and user type needs to be filled in p_req structure, otherwise SECURITY_MANAGER_ERROR_INPUT_PARAM will be returned.
Returns: API return code or error code.


int security_manager_user_delete(const user_req * p_req)

This function should be called to inform security-manager about removing a user.

Arguments:
p_req Structure containing user data filled before calling this. uid of user needs to be filled in p_req structure, otherwise SECURITY_MANAGER_ERROR_INPUT_PARAM will be returned.
Returns: API return code or error code