security.h

/*
 * Copyright (c) 2000-2017 Samsung Electronics Co., Ltd All Rights Reserved
 *
 * PROPRIETARY/CONFIDENTIAL
 *
 * This software is the confidential and proprietary information of
 * SAMSUNG ELECTRONICS ("Confidential Information").
 * You shall not disclose such Confidential Information and shall
 * use it only in accordance with the terms of the license agreement
 * you entered into with SAMSUNG ELECTRONICS.
 * SAMSUNG make no representations or warranties about the suitability
 * of the software, either express or implied, including but not
 * limited to the implied warranties of merchantability, fitness for
 * a particular purpose, or non-infringement.
 * SAMSUNG shall not be liable for any damages suffered by licensee as
 * a result of using, modifying or distributing this software or its derivatives.
 */

#ifndef LIBMDM_MDM_SECURITY_H
#define LIBMDM_MDM_SECURITY_H

#include "mdm_client_type.h"

#ifdef __cplusplus
extern "C" {
#endif

typedef enum {
    MDM_WIPE_INTERNAL_MEMORY = 0, 
    MDM_WIPE_EXTERNAL_MEMORY      
} mdm_wipe_t;

typedef enum {
    MDM_VPN_CERTIFICATE    = 1 << 0, 
    MDM_WIFI_CERTIFICATE   = 1 << 1, 
    MDM_EMAIL_CERTIFICATE  = 1 << 2, 
    MDM_SYSTEM_CERTIFICATE = 1 << 3, 
} mdm_certificate_t;

typedef struct {
    char *countryName;          
    char *stateOrProvinceName;  
    char *localityName;         
    char *organizationName;     
    char *organizationUnitName; 
    char *commonName;           
    char *emailAddress;         
} security_name_fld_data;

typedef struct {
    mdm_certificate_t storeType; 
    int               enabled;   
    int               version;   
    int               serialNumber;    
    char *            sigAlgo;         
    char *            issuerStr;       
    security_name_fld_data issuer;     
    char *                 subjectStr; 
    security_name_fld_data subject;    
    char *                 pubKeyAlgo; 
    char *                 pubKey;     
    char *                 issuerUID;  
    char *                 subjectUID; 
    char *                 alias;      
} security_information_fields;


mdm_result_t mdm_lock_now(void);

mdm_result_t mdm_wipe_data(mdm_wipe_t type);

mdm_result_t mdm_reboot(void);

mdm_result_t mdm_install_certificate(mdm_certificate_t type, const char *file_path, const char *name,
                                     const char *password);

mdm_result_t mdm_set_internal_storage_encryption(mdm_status_t value);

mdm_status_t mdm_get_internal_storage_encryption_status(void);

/*
 * @brief API to encrypt external storage.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.2.3
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * Admin can enable external sd card encryption if any.
 *
 * @code{.c}
    mdm_result_t ret = 0;
    ret = mdm_set_external_storage_encryption(MDM_TRUE);
    if (ret == MDM_RESULT_SUCCESS) {
        // encrypting success
    } else {
        // encrypting fail
    }
 *
 * @endcode
 *
 * @privlevel public
 * @privilege %http://developer.samsung.com/tizen/privilege/mdm.security
 *
 * @param[in] value #MDM_FALSE: Disable external storage encryption.\n
 *                  #MDM_TRUE: Enable external storage encryption.
 *
 * @return #mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
 *
 * @retval #MDM_RESULT_SUCCESS Successful
 * @retval #MDM_RESULT_FAIL General failure
 * @retval #MDM_RESULT_NOT_SUPPORTED Not supported
 * @retval #MDM_RESULT_INVALID_PARAM Invalid parameter
 * @retval #MDM_RESULT_ACCESS_DENIED The application does not have the privilege to call this function.
 *
 * @par Permission:
 * Usage of this API is restricted to registered clients only.
 *
 * @see mdm_get_external_storage_encryption_status
 *
 */
mdm_result_t mdm_set_external_storage_encryption(mdm_status_t value);

/*
 * @brief This API returns status of the external storage encryption state.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.1.5
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * Admin can check whether external storage encryption is enabled or not.
 * @code{.c}
    mdm_status_t status = MDM_TRUE;
    status = mdm_get_external_storage_encryption_status();
    if (status == MDM_STATUS_ERROR) {
        // function error
    } else {
        // function success
    }
 *
 * @endcode
 *
 * @return #mdm_status_t : #MDM_TRUE or #MDM_FALSE on success, an error code on error
 *
 * @see mdm_set_external_storage_encryption
 *
 */
mdm_status_t mdm_get_external_storage_encryption_status(void);

/*
 * @brief API to allow or restrict internet sharing.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.2.3
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * Admin can disable the internet sharing.
 * @code{.c}
    mdm_result_t ret = MDM_RESULT_SUCCESS;
    ret = mdm_set_allow_internet_sharing(MDM_RESTRICTED);
    if (ret == MDM_RESULT_SUCCESS) {
        // setting success
    } else {
        // setting fail
    }
 *
 * @endcode
 *
 * @privlevel public
 * @privilege %http://developer.samsung.com/tizen/privilege/mdm.security
 * @param[in] value #MDM_RESTRICTED: Disables internet sharing, user cannot enable.\n
 *                  #MDM_ALLOWED: user control restored but will not enable it.
 *
 * @return #mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
 *
 * @retval #MDM_RESULT_SUCCESS Successful
 * @retval #MDM_RESULT_FAIL General failure
 * @retval #MDM_RESULT_NOT_SUPPORTED Not supported
 * @retval #MDM_RESULT_INVALID_PARAM Invalid parameter
 * @retval #MDM_RESULT_ACCESS_DENIED The application does not have the privilege to call this function.
 *
 * @par Permission:
 * Usage of this API is restricted to registered clients only.
 *
 * @see mdm_get_allow_internet_sharing
 *
 */
mdm_result_t mdm_set_allow_internet_sharing(mdm_status_t value);

/*
 * @brief API to check if internet sharing is allowed or restricted.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.1.5
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * Admin can check if internet sharing is allowed or restricted.
 * @code{.c}
    mdm_status_t status = MDM_ALLOWED;
    status = mdm_get_allow_internet_sharing();
    if (status == MDM_STATUS_ERROR) {
        // function error
    } else {
        // function success
    }
 *
 * @endcode
 *
 * @return #mdm_status_t : The current prevention status.
 *
 * @retval #MDM_ALLOWED     Allowed
 * @retval #MDM_RESTRICTED  Restricted
 *
 * @see mdm_set_allow_internet_sharing
 *
 */
mdm_status_t mdm_get_allow_internet_sharing(void);

/*
 * @brief API to allow or restrict desktop sync.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.2.3
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * Admin can allow or restrict the desktop sync.
 *
 * @remark
 * Desktop sync restriction #mdm_status_t is written to #MDM_POLICY_ON_KIES notification file.
 * You can register a callback for this event using #mdm_register_policy_receiver.
 *
 * @code{.c}
    mdm_result_t ret = MDM_RESULT_SUCCESS;
    ret = mdm_set_allow_desktop_sync(MDM_RESTRICTED);
    if (ret == MDM_RESULT_SUCCESS) {
        // setting success
    } else {
        // setting fail
    }
 *
 * @endcode
 *
 * @privlevel public
 * @privilege %http://developer.samsung.com/tizen/privilege/mdm.security
 *
 * @param[in] value #MDM_RESTRICTED: Disables desktop sync, user cannot enable.\n
 *                  #MDM_ALLOWED: user control restored but will not enable it.
 *
 * @return #mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
 *
 * @retval #MDM_RESULT_SUCCESS Successful
 * @retval #MDM_RESULT_FAIL General failure
 * @retval #MDM_RESULT_NOT_SUPPORTED Not supported
 * @retval #MDM_RESULT_INVALID_PARAM Invalid parameter
 * @retval #MDM_RESULT_ACCESS_DENIED The application does not have the privilege to call this function.
 *
 * @par Permission:
 * Usage of this API is restricted to registered clients only.
 *
 * @see mdm_get_allow_desktop_sync
 *
 */
mdm_result_t mdm_set_allow_desktop_sync(mdm_status_t value);

/*
 * @brief API to check if desktop sync is allowed or restricted.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.1.5
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * Admin can check if the desktop sync is allowed or restricted.
 * @code{.c}
    mdm_status_t status = MDM_ALLOWED;
    status = mdm_get_allow_desktop_sync();
    if (status == MDM_STATUS_ERROR) {
        // function error
    } else {
        // function success
    }
 *
 * @endcode
 *
 * @return #mdm_status_t : The current prevention status.
 *
 * @retval #MDM_ALLOWED     Allowed
 * @retval #MDM_RESTRICTED  Restricted
 *
 * @see mdm_set_allow_desktop_sync
 *
 */
mdm_status_t mdm_get_allow_desktop_sync(void);

mdm_data_t *mdm_get_installed_certificate_names(mdm_certificate_t type);

mdm_data_t *mdm_get_installed_certificates(mdm_certificate_t type);

mdm_result_t mdm_remove_certificate(mdm_certificate_t type, const char *name);

mdm_result_t mdm_clear_installed_certificates(mdm_certificate_t type);

/*
 * @brief API to check the policy of internal storage encryption.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.1.5
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * Invoking this function, admin can check if internal encryption is restricted or not.
 * It returns value set by #mdm_set_require_device_encryption.
 *
 * @code{.c}

    mdm_status_t stat = mdm_get_require_device_encryption();
    if (stat == MDM_FALSE || stat == MDM_TRUE) {

        if (stat == MDM_TRUE) {

            ret = mdm_set_internal_storage_encryption(MDM_TRUE);
            if (ret == MDM_RESULT_SUCCESS) {
                // function success
            } else {
                // function error
            }

        } else {
            // Internal storage encryption is restricted.
        }
    } else {
        // function error
    }

 * @endcode
 *
 * @return #mdm_status_t : Current mode of operation, one of #MDM_FALSE or #MDM_TRUE.
 *         #MDM_STATUS_ERROR if error occured.
 *
 * @see mdm_set_require_device_encryption
 * @see mdm_set_internal_storage_encryption
 *
 */
mdm_status_t mdm_get_require_device_encryption(void);

/*
 * @brief API to check if the storage card encryption is required on device.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.1.5
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * Admin can check whether given admin has requested for SD Card encryption or not. Based on this value enterprise can
 take some action.
 *
 * @code{.c}
    mdm_status_t status = MDM_ALLOWED;
    status = mdm_get_require_storage_card_encryption();
    if (status == MDM_STATUS_ERROR) {
        // function error
    } else {
        // function success
    }
 *
 * @endcode
 *
 * @return #mdm_status_t : Current mode of operation, one of #MDM_ALLOWED or #MDM_RESTRICTED
 *
 * @see mdm_set_require_storage_card_encryption
 *
 */
mdm_status_t mdm_get_require_storage_card_encryption(void);

/*
 * @brief API to allow/disallow for internal storage encryption.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.2.3
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * Admin may use this API to allow/disallow calling of #mdm_set_internal_storage_encryption. It means:
 *  - If the policy is set to #MDM_TRUE, user is allowed to run encrypting application by calling of
 #mdm_set_internal_storage_encryption.
 *  - If the policy is set to #MDM_FALSE, calls of #mdm_set_internal_storage_encryption cannot run encrypting
 application.
 *
 * This restriction concerns only internal storage encryption, for external storage use
 #mdm_set_require_storage_card_encryption.
 *
 * @code{.c}

    mdm_result_t ret = mdm_set_require_device_encryption(MDM_TRUE);
    if (ret == MDM_RESULT_SUCCESS) {

        ret = mdm_set_internal_storage_encryption(MDM_TRUE);
        if (ret == MDM_RESULT_SUCCESS) {
            // function success
        } else {
            // function error
        }

    } else {
        // function error
    }

 * @endcode
 *
 * @privlevel public
 * @privilege %http://developer.samsung.com/tizen/privilege/mdm.security
 *
 * @param[in] value #MDM_TRUE to enable encryption, #MDM_FALSE to disable it.
 *
 * @return #mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
 *
 * @retval #MDM_RESULT_SUCCESS Successful
 * @retval #MDM_RESULT_FAIL General failure
 * @retval #MDM_RESULT_NOT_SUPPORTED Not supported
 * @retval #MDM_RESULT_INVALID_PARAM Invalid parameter
 * @retval #MDM_RESULT_ACCESS_DENIED The application does not have the privilege to call this function.
 *
 * @par Permission:
 * Usage of this API is restricted to registered clients only.
 *
 * @see mdm_get_require_device_encryption
 * @see mdm_set_internal_storage_encryption
 *
 */
mdm_result_t mdm_set_require_device_encryption(mdm_status_t value);

/*
 * @brief API used to check if storage card encryption is required or not.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.2.3
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * This API is used to check if storage card encryption is required or not.
 *
 * @code{.c}
    mdm_result_t ret = 0;
    int n_status = MDM_RESTRICTED;

    ret = mdm_set_require_storage_card_encryption(n_status);
     if (ret == MDM_STATUS_ERROR) {
         // function error
     } else {
         // function success
     }
 *
 * @endcode
 *
 * @privlevel public
 * @privilege %http://developer.samsung.com/tizen/privilege/mdm.security
 *
 * @param[in]       value   True to enable encryption, false to disable.
 *
 * @return #mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
 *
 * @retval #MDM_RESULT_SUCCESS Successful
 * @retval #MDM_RESULT_FAIL General failure
 * @retval #MDM_RESULT_NOT_SUPPORTED Not supported
 * @retval #MDM_RESULT_INVALID_PARAM Invalid parameter
 * @retval #MDM_RESULT_ACCESS_DENIED The application does not have the privilege to call this function.
 *
 * @par Permission:
 * Usage of this API is restricted to registered clients only.
 *
 * @see mdm_get_require_storage_card_encryption
 *
 */
mdm_result_t mdm_set_require_storage_card_encryption(mdm_status_t value);

/*
 * @brief API to get a list of the filenames on the device.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.1.5
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * It will return all directory content for a specific path. If path is not specified it will return all files on root.
 *
 * @code{.c}
    mdm_result_t ret = 0;
    mdm_data_t *lp_data = mdm_get_file_names_on_device("/root");
    if (lp_data) {
        GList *lp_list = (GList *)lp_data->data;
        if (lp_list) {
            lp_list = g_list_first(lp_list);

            while (lp_list && lp_list->data) {
                printf("file name : %s", lp_list->data);
                lp_list = g_list_next(lp_list);
            }
        }
        mdm_free_data(lp_data);
        ret = MDM_RESULT_SUCCESS;
    } else {
        ret = MDM_RESULT_FAIL;
    }
 *
 * @endcode
 *
 * @param[in]       p_path  The file path in device.
 *
 * @return #mdm_data_t * on success, NULL on error
 *
 * @see mdm_get_file_names_with_attributes
 *
 */
mdm_data_t *mdm_get_file_names_on_device(char *p_path);

/*
 * @brief API to get a detailed list of files on device.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.1.5
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * It will return all directory content for a specific path. If path is not specified it will return all files on root.
 * The output content will have: permission, owner, group, date, time andd file name.
 *
 * @code{.c}
    mdm_result_t ret = 0;
    mdm_data_t *lp_data = mdm_get_file_names_with_attributes("/root");
    if (lp_data) {
        GList *lp_list = (GList *)lp_data->data;
        if (lp_list) {
            lp_list = g_list_first(lp_list);

            while (lp_list && lp_list->data) {
                printf("Attribute : %s", lp_list->data);
                lp_list = g_list_next(lp_list);
            }
        }
        mdm_free_data(lp_data);
        ret = MDM_RESULT_SUCCESS;
    } else {
        ret = MDM_RESULT_FAIL;
    }

 *
 * @endcode
 *
 * @param[in]       p_path  The file path in device.
 *
 * @return #mdm_data_t * on success, NULL on error
 *
 * @see mdm_get_file_names_on_device
 *
 */
mdm_data_t *mdm_get_file_names_with_attributes(char *p_path);

mdm_result_t mdm_power_off_device(void);

/*
 * @brief API to update the firmware of device.
 *
 * @since_mdm 1.0.0
 *
 * @since_tizen 2.3.2.3
 *
 * @feature %http://developer.samsung.com/tizen/feature/mdm
 *
 * @par Usage:
 * Admin can use the firmware update api immediately.
 * @code{.c}
    mdm_result_t ret = mdm_update_firmware_in_device();
    if (ret == MDM_RESULT_SUCCESS) {
        // success to update firmware
    } else {
        // fail to update firmware
    }
 *
 * @endcode
 *
 * @privlevel public
 * @privilege %http://developer.samsung.com/tizen/privilege/mdm.security
 *
 * @return #mdm_result_t : MDM_RESULT_SUCCESS on success, an error code on error
 *
 * @retval #MDM_RESULT_SUCCESS Successful
 * @retval #MDM_RESULT_FAIL General failure
 * @retval #MDM_RESULT_NOT_SUPPORTED Not supported
 * @retval #MDM_RESULT_INVALID_PARAM Invalid parameter
 * @retval #MDM_RESULT_ACCESS_DENIED The application does not have the privilege to call this function.
 *
 * @par Permission:
 * Usage of this API is restricted to registered clients only.
 *
 */
mdm_result_t mdm_update_firmware_in_device(void);

mdm_status_t mdm_get_lock_state(void);

mdm_result_t knox_mdm_set_allow_lockscreen_type_change(mdm_status_t status);

mdm_status_t knox_mdm_get_allow_lockscreen_type_change(void);

#ifdef __cplusplus
}
#endif

#endif // LIBMDM_MDM_SECURITY_H