src/include/ckm/ckm-control.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

/*
 *  Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License
 *
 *
 * @file        ckm-manager.h
 * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
 * @version     1.0
 * @brief       Main header file for client library.
 */
#pragma once

#include <string>
#include <memory>

#include <ckm/ckm-error.h>
#include <ckm/ckm-type.h>

// Central Key Manager namespace
namespace CKM {

class Control;
typedef std::shared_ptr<Control> ControlShPtr;

// used by login manager to unlock user data with global password
class KEY_MANAGER_API Control {
public:
    // decrypt user key with password
    virtual int unlockUserKey(uid_t user, const Password &password) = 0;

    // remove user key from memory
    virtual int lockUserKey(uid_t user) = 0;

    // remove user data from Store and erase key used for encryption
    virtual int removeUserData(uid_t user) = 0;

    // change password for user
    virtual int changeUserPassword(uid_t user, const Password &oldPassword, const Password &newPassword) = 0;

    // This is work around for security-server api - resetPassword that may be called without passing oldPassword.
    // This api should not be supported on tizen 3.0
    // User must be already logged in and his DKEK is already loaded into memory in plain text form.
    // The service will use DKEK in plain text and encrypt it in encrypted form (using new password).
    virtual int resetUserPassword(uid_t user, const Password &newPassword) = 0;

    // Required for tizen 2.3.
    // It will remove all application data owned by application identified
    // by smackLabel. This function will remove application data from unlocked
    // database only. This function may be used during application uninstallation.
    virtual int removeApplicationData(const std::string &smackLabel) = 0;

    virtual int updateCCMode() = 0;

    virtual int setPermission(uid_t user,
                              const Alias &alias,
                              const Label &accessor,
                              PermissionMask permissionMask) = 0;

    virtual ~Control() {}

    static ControlShPtr create();
};

} // namespace CKM