package embox.security

module smac extends api {
	@IncludeExport(path="security/smac")
	source "smac.h"
	source "smac.c",
	       "smac_security.c"

	option number max_entries = 64

	/* valid are
	   0 : no logging
	   1 : log denied
	   2 : log accepted
	   3 : log denied & accepted
	*/
	option number audit=1

	option string default_file_label="*"

	depends embox.compat.posix.passwd
	depends embox.compat.posix.proc.uid
	depends embox.fs.xattr
	depends embox.kernel.task.resource.security
	depends embox.kernel.task.api

	depends embox.security.seculog
	depends embox.security.seculog_file

	depends embox.kernel.time.kernel_time
}

@DefaultImpl(smac_user_static_db)
abstract module smac_user_db { }

module smac_user_static_db extends smac_user_db {
	@InitFS(chown="1", chmod="0600", xattr="SMAC32LABEL=smac_admin")
	source "smac_users"
}

module smac_user_dynamic_db extends smac_user_db {
	@InitFS(target_name="smac_users.init", chown="1", chmod="0600", xattr="SMAC32LABEL=smac_admin")
	source "smac_users"

	source "smac_user_dynamic_init.c"

	depends embox.fs.rootfs_oldfs
	depends embox.fs.driver.ramfs
	depends embox.cmd.fs.cp
	depends embox.cmd.chmod
	depends embox.cmd.chown

	depends embox.compat.libc.stdlib.system
}
