projects / platform / core / security / security-config.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fd6e03d)
Make TZ_USER_DB/privacy directory to protect privacy data 68/87468/1
authorjooseong lee <jooseong.lee@samsung.com>
Thu, 8 Sep 2016 06:16:52 +0000 (15:16 +0900)
committerjooseong lee <jooseong.lee@samsung.com>
Thu, 8 Sep 2016 06:16:52 +0000 (15:16 +0900)
Some Databases have privacy data like as contact and calendar.
We should restrict access to these DBs from malware applications.
TZ_USER_DB/privacy is a new dbspace which any applications can't access.

Change-Id: Ia01e7695126a4f0a627cb90c9f878e3abe1b289d
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
config/91_user-dbspace-permissions.post patch | blob | history

diff --git a/config/91_user-dbspace-permissions.post b/config/91_user-dbspace-permissions.post
index fb18d0c05eda1dbc78e27f523e90e90a398c13d4..7b766da83c2a83f2586d9b2d3856834bc94d1312 100644 (file)
--- a/config/91_user-dbspace-permissions.post
+++ b/config/91_user-dbspace-permissions.post
@@ -11,3 +11,12 @@ chmod 750 $TZ_USER_APPROOT
 
 chown $NEW_USER:system_share $TZ_USER_DB
 chmod 770 $TZ_USER_DB
+
+if [ ! -d $TZ_USER_DB/privacy ]
+then
+    mkdir -p $TZ_USER_DB/privacy
+fi
+
+chown $NEW_USER:system_share $TZ_USER_DB/privacy
+chmod 770 $TZ_USER_DB/privacy
+chsmack -a 'User' $TZ_USER_DB/privacy -t
Domain: Security / Access Control;