Within an application, we can qualify our files according to several types :
- conf : config files
- data : data files
- exec : executable files
- http : http files
- icon : icon file
- id : basename app directory
- lib : libraries files
- public : public files
Moreover an application can have particular rights, for example for a can socket creation.
The first thing to do is to send all these informations to the sec-lsm-manager so it can proceed with the installation.
To start using the library, we will create an handler for informations :
#include <sec-lsm-manager.h>
sec_lsm_manager_t *sec_lsm_manager = NULL;
sec_lsm_manager_create(&sec_lsm_manager);We need to define an id to identify our application :
sec_lsm_manager_set_id(sec_lsm_manager, "demo-app");An id can only be composed of alpha numeric character, '-' and '_'. It must also be composed of at least two characters.
We will then qualify the different files of our application :
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/", type_id);
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/bin/", type_exec);
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/bin/launcher.sh", type_exec);
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/data/", type_data);
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/data/db.sqlite", type_data);
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/data/info.json", type_data);
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/etc/", type_conf);
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/etc/file1.conf", type_conf);
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/etc/file2.config", type_conf);
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/www/", type_http);
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/www/index.html", type_http);
sec_lsm_manager_add_path(sec_lsm_manager, "/opt/demo-app/www/style.css", type_http);A path must be composed of at least two characters.
You can then add permissions :
sec_lsm_manager_add_permission(sec_lsm_manager, "urn:AGL::partner:create-can-socket")A permission must be composed of at least two characters.
For more information about permissions : [Permissions]({% chapter_link sec-lsm-manager.permissions-definition %})
And finally we can install our application security context :
sec_lsm_manager_install(sec_lsm_manager);To uninstall the application security context, you must define its id :
sec_lsm_manager_set_id(sec_lsm_manager, "demo-app");
sec_lsm_manager_uninstall(sec_lsm_manager);It is possible to display the status of a handler with the display function :
sec_lsm_manager_display(sec_lsm_manager);⚠ If an error occurs, a flag is raised and it is impossible to continue without using the clear function
sec_lsm_manager_clear(sec_lsm_manager);It is also necessary to free the handle created at the end :
sec_lsm_manager_destroy(sec_lsm_manager);It is possible to use the previous functions easily on the command line
thanks to the binary : sec-lsm-manager-cmd.
$ sec-lsm-manager-cmd
>> initialization success
id demo-app
>> id set
path "/opt/demo-app/" id
>> add path '"/opt/demo-app"' with type id
permission "urn:AGL::partner:create-can-socket"
>> add permission "urn:AGL::partner:create-can-socket"
display
################## SECURE APP ##################
id : demo-app
path : "/opt/demo-app" id
permission : "urn:AGL::partner:create-can-socket"
################################################
install