1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2020, Vaisala Oyj.
4  */
5 
6 /*
7  * Definitions for configuring and using Access Control List (ACL)
8  * based login methods.
9  */
10 
11 #ifndef TEEACL_H
12 #define TEEACL_H
13 
14 #include <grp.h>
15 #include <uuid.h>
16 
17 #ifdef __cplusplus
18 extern "C" {
19 #endif
20 
21 // TEE Client UUID name space identifier (UUIDv4)
22 // same as `tee_client_uuid_ns` in linux kernel drivers/tee/tee_core.c
23 #define KERNEL_NAMESPACE "58ac9ca0-2086-4683-a1b8-ec4bc08e01b6"
24 
25 /*
26  * len UUID = 36 characters
27  *
28  * Prefixes:
29  *   public
30  *   user:
31  *   group:
32  *
33  * + '\0' character totals 43, roundup.
34  */
35 
36 /**
37  * Required length for UUID char buffers
38  */
39 #define TEEACL_L_UUID 48
40 
41 /**
42  * teeacl_gid_from_name - Try to resolve gid_t for a given `group_name`.
43  *
44  * If a matching group is found, zero is returned and `gid_out` will be set to
45  * the found value.
46  * If no group is found, -ENOENT is returned.
47  * If memory allocation fails, -ENOMEM is returned.
48  * For other failures, errno is returned.
49  *
50  * @param gid_out Ptr to gid result. Will be set to group id if a matching
51  * group is found.
52  * @param group_name Name of group to resolve.
53  * @return 0 if a matching group is found, see detailed description for other
54  * cases.
55  */
56 int teeacl_gid_from_name(gid_t *gid_out, const char *group_name);
57 
58 /**
59  * teeacl_group_acl_uuid() - Encode a group login ACL string to the
60  * provided uuid_buf
61  *
62  * @param uuid_buf A buffer of length TEEACL_L_UUID.
63  * @param group Group id to encode for login.
64  * @return 0 on success, otherwise a negative number is returned in case of failure.
65  */
66 int teeacl_group_acl_uuid(char uuid_buf[TEEACL_L_UUID], gid_t group);
67 /**
68  * The possible return values of the *_user_is_member_of functions.
69  */
70 enum rv_groupmember {
71 	NOT_MEMBER,
72 	IS_MEMBER,
73 	E_MEMORY, /**< Failed to allocate memory. */
74 	E_GROUPLIST /**< Failed to read group listing. */
75 };
76 
77 /**
78  * teeacl_current_user_is_member_of() - Check if the effective user ID of
79  * the process is a member in `group`.
80  *
81  * @param group Group id to check membership of.
82  * @return enum rv_groupmember form result.
83  */
84 enum rv_groupmember teeacl_current_user_is_member_of(gid_t group);
85 
86 /**
87  * teeacl_user_is_member_of() - Check if `user` is a member in `group`.
88  *
89  * @param user Username string.
90  * @param group Group id to check membership of.
91  * @return enum rv_groupmember form result.
92  */
93 enum rv_groupmember teeacl_user_is_member_of(const char *user, gid_t group);
94 
95 #ifdef __cplusplus
96 } // extern "C"
97 #endif
98 
99 #endif /* TEEACL_H */
100