Integrate with Cynara, clients must be privileged

Several API functions now require the caller to hold appropriate privilege.
Ultimately new internal privileges will be created and used by security-manager.
For now, when appropriate privilege is missing, use "notexist" privilege
placeholder.

Privileges required per API:
- security_manager_app_install
  * http://tizen.org/privilege/notexist (private installation)
  * http://tizen.org/privilege/notexist (global installation)

- security_manager_app_uninstall
  * http://tizen.org/privilege/notexist (private uninstallation)
  * http://tizen.org/privilege/notexist (global uninstallation)

- security_manager_private_sharing_apply
  * http://tizen.org/privilege/notexist

- security_manager_private_sharing_drop
  * http://tizen.org/privilege/notexist

- security_manager_policy_update_send
  * http://tizen.org/privilege/notexist (for setting own policy)
  * http://tizen.org/privilege/internal/usermanagement (for setting policy for other or all)

- security_manager_get_configured_policy_for_admin
  * http://tizen.org/privilege/internal/usermanagement

- security_manager_get_configured_policy_for_self
  * http://tizen.org/privilege/notexist

- security_manager_get_policy
  * http://tizen.org/privilege/notexist (for fetching own policy)
  * http://tizen.org/privilege/internal/usermanagement (for fetching policy for other or all)

- security_manager_user_add
  * http://tizen.org/privilege/internal/usermanagement

- security_manager_user_delete
  * http://tizen.org/privilege/internal/usermanagement

Change-Id: Id67473db434b13d977fbd2fa704db3ac1bd1c32b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

1 files changed, 56 insertions, 0 deletions

diff --git a/src/common/include/credentials.h b/src/common/include/credentials.h
new file mode 100644
index 00000000..003a37ec
--- /dev/null
+++ b/src/common/include/credentials.h
@@ -0,0 +1,56 @@
+/*
+ *  Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file       credentials.h
+ * @author     Rafal Krypa <r.krypa@samsung.com>
+ * @version    1.0
+ */
+
+#ifndef SECURITY_MANAGER_CREDENTIALS_
+#define SECURITY_MANAGER_CREDENTIALS_
+
+#include <string>
+#include <sys/types.h>
+
+#include <dpl/exception.h>
+
+namespace SecurityManager {
+
+class Credentials {
+public:
+    pid_t pid;    /* process ID of the sending process */
+    uid_t uid;    /* user ID of the sending process */
+    gid_t gid;    /* group ID of the sending process */
+    std::string label; /* security context of the sending process */
+
+    Credentials() = delete;
+    static Credentials getCredentialsFromSelf(void);
+    static Credentials getCredentialsFromSocket(int socket);
+
+    class Exception {
+    public:
+        DECLARE_EXCEPTION_TYPE(SecurityManager::Exception, Base)
+        DECLARE_EXCEPTION_TYPE(Base, SocketError)
+    };
+
+private:
+    Credentials(pid_t pid, uid_t uid, gid_t gid, std::string &&label) :
+        pid(pid), uid(uid), gid(gid), label(std::move(label)) {}
+};
+
+} // namespace SecurityManager
+
+#endif /* SECURITY_MANAGER_CREDENTIALS_ */