review.tizen.org Git - platform/core/security/security-manager.git/commit

author	Dariusz Michaluk <d.michaluk@samsung.com>
	Wed, 1 Mar 2017 15:02:16 +0000 (16:02 +0100)
committer	Dariusz Michaluk <d.michaluk@samsung.com>
	Wed, 15 Mar 2017 12:13:51 +0000 (13:13 +0100)
commit	c505504e76799bf9d4a8cc75078ba968ea2ebcfa
tree	d1549e2cd6813918c06e196c842ab41c78605fee	tree \| snapshot
parent	7ab4d16743f6ac9371303a5a2662895df13bba16	commit \| diff

Fix buckets: aggregation of global and local instance privileges of an app

Current Cynara bucket design has an issue of aggregation of privileges
of global and local instances of an applications,
meaning when app is installed both globally and locally it will gain a sum of it's privileges.

MANIFESTS bucket could be split into two:
MANIFESTS_GLOBAL - holding only rules for global applications (label * privilege ALLOW)
and redirections to second additional bucket
when applications is installed locally (label uid * bucket MANIFESTS_LOCAL)
MANIFESTS_LOCAL - have only local rules for local applications (label uid privilege ALLOW)
Both of them will have DENY by default.

Change-Id: Iba3da506fca570ca3e2147998d9012aa9e485b44

policy/security-manager-policy-reload.in		diff \| blob \| history
policy/updates/update-policy-to-v6.sh	[new file with mode: 0755]	blob
src/common/cynara.cpp		diff \| blob \| history
src/common/include/cynara.h		diff \| blob \| history
src/common/service_impl.cpp		diff \| blob \| history