X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=docs%2Fafb-binding-references.md;h=0e30ffe7c40598fa6ddd38eea8b9d03ce25d6b4e;hb=e1b255b4c6486b0d2df5cd8b2aad8b817876ddf2;hp=e8b9629ec90fb3a2783fb5ffed6bd0ab4f46afb6;hpb=98b3f3bfed183a89eec13386d5138ef73b13ea34;p=src%2Fapp-framework-binder.git diff --git a/docs/afb-binding-references.md b/docs/afb-binding-references.md index e8b9629e..0e30ffe7 100644 --- a/docs/afb-binding-references.md +++ b/docs/afb-binding-references.md @@ -1,8 +1,6 @@ -Binding Reference -================= +# Binding Reference -Structure for declaring binding -------------------------------- +## Structure for declaring binding ### struct afb_binding_v2 @@ -17,13 +15,14 @@ This structure is defined as below. */ struct afb_binding_v2 { - const char *api; /* api name for the binding */ - const char *specification; /* textual openAPIv3 specification of the binding */ - const struct afb_verb_v2 *verbs; /* array of descriptions of verbs terminated by a NULL name */ + const char *api; /* api name for the binding */ + const char *specification; /* textual openAPIv3 specification of the binding */ + const char *info; /* some info about the api, can be NULL */ + const struct afb_verb_v2 *verbs; /* array of descriptions of verbs terminated by a NULL name */ int (*preinit)(); /* callback at load of the binding */ int (*init)(); /* callback for starting the service */ void (*onevent)(const char *event, struct json_object *object); /* callback for handling events */ - unsigned noconcurrency: 1; /* avoids concurrent requests to verbs */ + unsigned noconcurrency: 1; /* avoids concurrent requests to verbs */ }; ``` @@ -41,29 +40,30 @@ struct afb_verb_v2 { const char *verb; /* name of the verb */ void (*callback)(struct afb_req req); /* callback function implementing the verb */ - const struct afb_auth *auth; /* required authorization */ + const struct afb_auth *auth; /* required authorization */ + const char *info; /* some info about the verb, can be NULL */ uint32_t session; /* authorization and session requirements of the verb */ }; ``` -The session flags is an or of the constant defined below: +The **session** flags is one of the constant defined below: - - AFB_SESSION_NONE : no flag, synonym to 0 - - AFB_SESSION_LOA_0 : Requires the LOA to be 0 or more, synonym to 0 or AFB_SESSION_NONE - - AFB_SESSION_LOA_1 : Requires the LOA to be 1 or more - - AFB_SESSION_LOA_2 : Requires the LOA to be 2 or more - - AFB_SESSION_LOA_3 : Requires the LOA to be 3 or more - - AFB_SESSION_CHECK : Requires the token to be set and valid - - AFB_SESSION_REFRESH : Implies a token refresh - - AFB_SESSION_CLOSE : Implies cloing the session +- AFB_SESSION_NONE : no flag, synonym to 0 +- AFB_SESSION_LOA_0 : Requires the LOA to be 0 or more, synonym to 0 or AFB_SESSION_NONE +- AFB_SESSION_LOA_1 : Requires the LOA to be 1 or more +- AFB_SESSION_LOA_2 : Requires the LOA to be 2 or more +- AFB_SESSION_LOA_3 : Requires the LOA to be 3 or more +- AFB_SESSION_CHECK : Requires the token to be set and valid +- AFB_SESSION_REFRESH : Implies a token refresh +- AFB_SESSION_CLOSE : Implies cloing the session -The LOA is set binding by binding using the function **afb_req_session_set_LOA**. +The LOA (Level Of Assurance) is set, by binding, using the function **afb_req_session_set_LOA**. ### struct afb_auth and enum afb_auth_type The structure **afb_auth** is used within verb description to -set security requirements. The interpretation of the structure -depends on the value of the field **type**. +set security requirements. +The interpretation of the structure depends on the value of the field **type**. ```C struct afb_auth @@ -77,6 +77,7 @@ struct afb_auth const struct afb_auth *next; }; ``` + The possible values for **type** is defined here: ```C @@ -85,14 +86,14 @@ The possible values for **type** is defined here: */ enum afb_auth_type { - afb_auth_No = 0, /** never authorized, no data */ - afb_auth_Token, /** authorized if token valid, no data */ - afb_auth_LOA, /** authorized if LOA greater than data 'loa' */ - afb_auth_Permission, /** authorized if permission 'text' is granted */ - afb_auth_Or, /** authorized if 'first' or 'next' is authorized */ - afb_auth_And, /** authorized if 'first' and 'next' are authorized */ - afb_auth_Not, /** authorized if 'first' is not authorized */ - afb_auth_Yes /** always authorized, no data */ + afb_auth_No = 0, /** never authorized, no data */ + afb_auth_Token, /** authorized if token valid, no data */ + afb_auth_LOA, /** authorized if LOA greater than data 'loa' */ + afb_auth_Permission, /** authorized if permission 'text' is granted */ + afb_auth_Or, /** authorized if 'first' or 'next' is authorized */ + afb_auth_And, /** authorized if 'first' and 'next' are authorized */ + afb_auth_Not, /** authorized if 'first' is not authorized */ + afb_auth_Yes /** always authorized, no data */ }; ``` @@ -100,16 +101,15 @@ Example: ```C static const struct afb_auth _afb_auths_v2_monitor[] = { - { .type = afb_auth_Permission, .text = "urn:AGL:permission:monitor:public:set" }, - { .type = afb_auth_Permission, .text = "urn:AGL:permission:monitor:public:get" }, - { .type = afb_auth_Or, .first = &_afb_auths_v2_monitor[1], .next = &_afb_auths_v2_monitor[0] } + { .type = afb_auth_Permission, .text = "urn:AGL:permission:monitor:public:set" }, + { .type = afb_auth_Permission, .text = "urn:AGL:permission:monitor:public:get" }, + { .type = afb_auth_Or, .first = &_afb_auths_v2_monitor[1], .next = &_afb_auths_v2_monitor[0] } }; ``` -Functions of class afb_daemon... -------------------------- +## Functions of class afb_daemon -The 3 following functions are linked to libsystemd. +The 3 following functions are linked to libsystemd. They allow use of **sd_event** features and access to **sd_bus** features. @@ -130,7 +130,7 @@ struct sd_bus *afb_daemon_get_user_bus(); struct sd_bus *afb_daemon_get_system_bus(); ``` -The 2 following functions are linked to event management. +The 2 following functions are linked to event management. Broadcasting an event send it to any possible listener. ```C @@ -142,6 +142,8 @@ Broadcasting an event send it to any possible listener. * Thus, in the case where 'object' should remain available after * the function returns, the function 'json_object_get' shall be used. * + * Calling this function is only forbidden during preinit. + * * Returns the count of clients that received the event. */ int afb_daemon_broadcast_event(const char *name, struct json_object *object); @@ -149,15 +151,22 @@ int afb_daemon_broadcast_event(const char *name, struct json_object *object); /* * Creates an event of 'name' and returns it. * + * Calling this function is only forbidden during preinit. + * * See afb_event_is_valid to check if there is an error. */ struct afb_event afb_daemon_make_event(const char *name); ``` The following function is used by logging macros and should normally -not be used. Instead, you should use the macros -**AFB\_ERROR**, **AFB\_WARNING**, **AFB\_NOTICE**, -**AFB\_INFO**, **AFB\_DEBUG** +not be used. +Instead, you should use the macros: + +- **AFB\_ERROR** +- **AFB\_WARNING** +- **AFB\_NOTICE** +- **AFB\_INFO** +- **AFB\_DEBUG** ```C /* @@ -223,13 +232,25 @@ bindings at its initialization. /* * Tells that it requires the API of "name" to exist * and if 'initialized' is not null to be initialized. + * Calling this function is only allowed within init. * Returns 0 in case of success or -1 in case of error. */ int afb_daemon_require_api(const char *name, int initialized) ``` -Functions of class afb_service... -------------------------- +This function allows to give a different name to the binding. +It can be called during pre-init. + +```C +/* + * Set the name of the API to 'name'. + * Calling this function is only allowed within preinit. + * Returns 0 in case of success or -1 in case of error. + */ +int afb_daemon_rename_api(const char *name); +``` + +## Functions of class afb_service The following functions allow services to call verbs of other bindings for themselves. @@ -245,7 +266,7 @@ bindings for themselves. * * The 'callback' receives 3 arguments: * 1. 'closure' the user defined closure pointer 'callback_closure', - * 2. 'iserror' a boolean status being true (not null) when an error occured, + * 2. 'status' a status being 0 on success or negative when an error occured, * 2. 'result' the resulting data as a JSON object. * * @param api The api name of the method to call @@ -257,11 +278,11 @@ bindings for themselves. * @see also 'afb_req_subcall' */ void afb_service_call( - const char *api, - const char *verb, - struct json_object *args, - void (*callback)(void*closure, int iserror, struct json_object *result), - void *callback_closure); + const char *api, + const char *verb, + struct json_object *args, + void (*callback)(void*closure, int status, struct json_object *result), + void *callback_closure); /** * Calls the 'verb' of the 'api' with the arguments 'args' and 'verb' in the name of the binding. @@ -276,22 +297,21 @@ void afb_service_call( * @param args The arguments to pass to the method * @param result Where to store the result - should call json_object_put on it - * - * @returns 1 in case of success or 0 in case of error. + * @returns 0 in case of success or a negative value in case of error. * * @see also 'afb_req_subcall' */ int afb_service_call_sync( - const char *api, - const char *verb, - struct json_object *args, - struct json_object **result); + const char *api, + const char *verb, + struct json_object *args, + struct json_object **result); ``` -Functions of class afb_event... -------------------------- +## Functions of class afb_event -This function checks whether the event is valid. It must be used -when creating events. +This function checks whether the event is valid. +It must be used when creating events. ```C /* @@ -351,8 +371,7 @@ This function allows to retrieve the exact name of the event. const char *afb_event_name(struct afb_event event); ``` -Functions of class afb_req... -------------------------- +## Functions of class afb_req This function checks the validity of the **req**. @@ -514,7 +533,6 @@ void afb_req_session_close(struct afb_req req); int afb_req_session_set_LOA(struct afb_req req, unsigned level); ``` - The 4 following functions must be used for asynchronous handling requests. ```C @@ -578,33 +596,64 @@ client (with its permissions). * This call is made in the context of the request 'req'. * On completion, the function 'callback' is invoked with the * 'closure' given at call and two other parameters: 'iserror' and 'result'. - * 'iserror' is a boolean that indicates if the reply is an error reply. + * 'status' is 0 on success or negative when on an error reply. * 'result' is the json object of the reply, you must not call json_object_put * on the result. * * For convenience, the function calls 'json_object_put' for 'args'. * Thus, in the case where 'args' should remain available after * the function returns, the function 'json_object_get' shall be used. + * + * See also: + * - 'afb_req_subcall_req' that is convenient to keep request alive automatically. + * - 'afb_req_subcall_sync' the synchronous version */ void afb_req_subcall( struct afb_req req, const char *api, const char *verb, struct json_object *args, - void (*callback)(void *closure, int iserror, struct json_object *result), + void (*callback)(void *closure, int status, struct json_object *result), void *closure); +/* + * Makes a call to the method of name 'api' / 'verb' with the object 'args'. + * This call is made in the context of the request 'req'. + * On completion, the function 'callback' is invoked with the + * original request 'req', the 'closure' given at call and two + * other parameters: 'iserror' and 'result'. + * 'status' is 0 on success or negative when on an error reply. + * 'result' is the json object of the reply, you must not call json_object_put + * on the result. + * + * For convenience, the function calls 'json_object_put' for 'args'. + * Thus, in the case where 'args' should remain available after + * the function returns, the function 'json_object_get' shall be used. + * + * See also: + * - 'afb_req_subcall' that doesn't keep request alive automatically. + * - 'afb_req_subcall_sync' the synchronous version + */ +static inline void afb_req_subcall_req(struct afb_req req, const char *api, const char *verb, struct json_object *args, void (*callback)(void *closure, int iserror, struct json_object *result, struct afb_req req), void *closure) +{ + req.itf->subcall_req(req.closure, api, verb, args, callback, closure); +} + /* * Makes a call to the method of name 'api' / 'verb' with the object 'args'. * This call is made in the context of the request 'req'. * This call is synchronous, it waits untill completion of the request. - * It returns 0 on an error answer and returns 1 when no error was detected. + * It returns 0 on success or a negative value on error answer. * The object pointed by 'result' is filled and must be released by the caller * after its use by calling 'json_object_put'. * * For convenience, the function calls 'json_object_put' for 'args'. * Thus, in the case where 'args' should remain available after * the function returns, the function 'json_object_get' shall be used. + * + * See also: + * - 'afb_req_subcall_req' that is convenient to keep request alive automatically. + * - 'afb_req_subcall' that doesn't keep request alive automatically. */ int afb_req_subcall_sync( struct afb_req req, @@ -615,9 +664,14 @@ int afb_req_subcall_sync( ``` The following function is used by logging macros and should normally -not be used. Instead, you should use the macros -**AFB_REQ_ERROR**, **AFB_REQ_WARNING**, **AFB_REQ_NOTICE**, -**AFB_REQ_INFO**, **AFB_REQ_DEBUG** +not be used. +Instead, you should use the macros: + +- **AFB_REQ_ERROR** +- **AFB_REQ_WARNING** +- **AFB_REQ_NOTICE** +- **AFB_REQ_INFO** +- **AFB_REQ_DEBUG** ```C /* @@ -640,8 +694,40 @@ not be used. Instead, you should use the macros void afb_req_verbose(struct afb_req req, int level, const char *file, int line, const char * func, const char *fmt, ...); ``` -Logging macros --------------- +The functions below allow a binding involved in the platform security +to explicitely check a permission of a client or to get the calling +application identity. + +```C +/* + * Check whether the 'permission' is granted or not to the client + * identified by 'req'. + * + * Returns 1 if the permission is granted or 0 otherwise. + */ +int afb_req_has_permission(struct afb_req req, const char *permission); + +/* + * Get the application identifier of the client application for the + * request 'req'. + * + * Returns the application identifier or NULL when the application + * can not be identified. + * + * The returned value if not NULL must be freed by the caller + */ +char *afb_req_get_application_id(struct afb_req req); + +/* + * Get the user identifier (UID) of the client application for the + * request 'req'. + * + * Returns -1 when the application can not be identified. + */ +int afb_req_get_uid(struct afb_req req); +``` + +## Logging macros The following macros must be used for logging: