review.tizen.org Git - platform/core/security/security-manager.git/commit

author	Rafal Krypa <r.krypa@samsung.com>
	Tue, 19 Dec 2017 09:00:15 +0000 (10:00 +0100)
committer	Dariusz Michaluk <d.michaluk@samsung.com>
	Fri, 22 Dec 2017 14:34:24 +0000 (14:34 +0000)
commit	77f347fa83a11da75dcf923873ad05b7fc9a401f
tree	659b95a991f88c7d3ec66865af3ee0a0db93bd2f	tree \| snapshot
parent	97ef7cec3d572819da97bed3471f52121ab1d0ee	commit \| diff

client: do not add application process to hardcoded groups

Initial implementation of privilege enforcement with mount namespaces
included client code that added all application processes to hardcoded
set of groups: priv_externalstorage and priv_mediastorage.
This is wrong. Enforcement of privileges by either groups or mount
namespaces is to be configured in respectively privilege-group.list and
privilege-mount.list. Application process should be added to a group
if and only if it holds a privilege that is configured to be enforced
with a group. Similarly proper mounts and umounts will be done in application
mount namespace based on privilege status.
There is no need to hardcode groups. If a privilege is enforced with mount
namespace, it should not require additional group assignment. If it used
to be enforced with a group, but it has been switched to enforcement with
mount, filesystem permissions need to be adjusted, not security-manager code.

Privileges mediastorage and external storage are now enforced with bind
mounts. They are being removed from privilege-group mapping - combining
these two mechanisms is undesired.

Change-Id: I41204daa24329e8e9648b3ecb4e53d87c763b35b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

policy/privilege-group.list		diff \| blob \| history
src/client/client-security-manager.cpp		diff \| blob \| history