projects / platform / core / security / security-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e1bfaa9)
Retrieve package manager privilege from User::Shell client 93/180293/2
authorjin-gyu.kim <jin-gyu.kim@samsung.com>
Thu, 24 May 2018 08:23:07 +0000 (17:23 +0900)
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Tue, 17 Jul 2018 14:07:55 +0000 (14:07 +0000)
When user uses dbus-send in the shell process, these privileges can be allowed.
Therefore, privilege checks for these were meaningless.
pkgcmd tools will have "System" execute label,
so we can remove these privileges from User:Shell client.

Change-Id: I56bb4c3d2ef270fada6ce8725eccb4390e2b718f

policy/security-manager-policy-reload.in patch | blob | history

diff --git a/policy/security-manager-policy-reload.in b/policy/security-manager-policy-reload.in
index 26113276f06ef40a9d5b8715931cd29e1e942acd..4afc004c552cbb91006e003f15ee4446728ac5f2 100755 (executable)
--- a/policy/security-manager-policy-reload.in
+++ b/policy/security-manager-policy-reload.in
@@ -67,12 +67,6 @@ done
 # Root shell get access to all privileges
 cyad --set-policy --bucket=MANIFESTS_GLOBAL --client="User::Shell" --user="0" --privilege="*" --type=ALLOW
 
-# Shell process get access to packagemanager.admin privilege to install applications
-cyad --set-policy --bucket=MANIFESTS_GLOBAL --client="User::Shell" --user="*" --privilege="http://tizen.org/privilege/packagemanager.admin" --type=ALLOW
-
-# Shell process get access to packagemanager.info privilege to debug applications
-cyad --set-policy --bucket=MANIFESTS_GLOBAL --client="User::Shell" --user="*" --privilege="http://tizen.org/privilege/packagemanager.info" --type=ALLOW
-
 # Load privilege-group mappings
 (
 echo "BEGIN;"
Domain: Security / Access Control;