diff options
author | Rafal Krypa <r.krypa@samsung.com> | 2016-04-13 16:55:51 +0200 |
---|---|---|
committer | Gerrit Code Review <gerrit@review.vlan103.tizen.org> | 2016-04-20 08:30:15 -0700 |
commit | 675972c373489c107e5a5dbf2efa3e545a91dc9c (patch) | |
tree | 2c73d257b354056c01c00133e3672dfe6ea98b86 /src/common/include/credentials.h | |
parent | 56cc121590370c87bf27621b1dace36284523ef8 (diff) | |
download | security-manager-675972c373489c107e5a5dbf2efa3e545a91dc9c.tar.gz security-manager-675972c373489c107e5a5dbf2efa3e545a91dc9c.tar.bz2 security-manager-675972c373489c107e5a5dbf2efa3e545a91dc9c.zip |
Integrate with Cynara, clients must be privileged
Several API functions now require the caller to hold appropriate privilege.
Ultimately new internal privileges will be created and used by security-manager.
For now, when appropriate privilege is missing, use "notexist" privilege
placeholder.
Privileges required per API:
- security_manager_app_install
* http://tizen.org/privilege/notexist (private installation)
* http://tizen.org/privilege/notexist (global installation)
- security_manager_app_uninstall
* http://tizen.org/privilege/notexist (private uninstallation)
* http://tizen.org/privilege/notexist (global uninstallation)
- security_manager_private_sharing_apply
* http://tizen.org/privilege/notexist
- security_manager_private_sharing_drop
* http://tizen.org/privilege/notexist
- security_manager_policy_update_send
* http://tizen.org/privilege/notexist (for setting own policy)
* http://tizen.org/privilege/internal/usermanagement (for setting policy for other or all)
- security_manager_get_configured_policy_for_admin
* http://tizen.org/privilege/internal/usermanagement
- security_manager_get_configured_policy_for_self
* http://tizen.org/privilege/notexist
- security_manager_get_policy
* http://tizen.org/privilege/notexist (for fetching own policy)
* http://tizen.org/privilege/internal/usermanagement (for fetching policy for other or all)
- security_manager_user_add
* http://tizen.org/privilege/internal/usermanagement
- security_manager_user_delete
* http://tizen.org/privilege/internal/usermanagement
Change-Id: Id67473db434b13d977fbd2fa704db3ac1bd1c32b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Diffstat (limited to 'src/common/include/credentials.h')
-rw-r--r-- | src/common/include/credentials.h | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/src/common/include/credentials.h b/src/common/include/credentials.h new file mode 100644 index 00000000..003a37ec --- /dev/null +++ b/src/common/include/credentials.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file credentials.h + * @author Rafal Krypa <r.krypa@samsung.com> + * @version 1.0 + */ + +#ifndef SECURITY_MANAGER_CREDENTIALS_ +#define SECURITY_MANAGER_CREDENTIALS_ + +#include <string> +#include <sys/types.h> + +#include <dpl/exception.h> + +namespace SecurityManager { + +class Credentials { +public: + pid_t pid; /* process ID of the sending process */ + uid_t uid; /* user ID of the sending process */ + gid_t gid; /* group ID of the sending process */ + std::string label; /* security context of the sending process */ + + Credentials() = delete; + static Credentials getCredentialsFromSelf(void); + static Credentials getCredentialsFromSocket(int socket); + + class Exception { + public: + DECLARE_EXCEPTION_TYPE(SecurityManager::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, SocketError) + }; + +private: + Credentials(pid_t pid, uid_t uid, gid_t gid, std::string &&label) : + pid(pid), uid(uid), gid(gid), label(std::move(label)) {} +}; + +} // namespace SecurityManager + +#endif /* SECURITY_MANAGER_CREDENTIALS_ */ |