During installation set simulator as a tef backend using tef_update.sh.
Reduce root user. Currently user is the security_fw user and group.
Change ownership of /usr/lib/tastore directory and helloworld TA to security_fw.
Change permissions to user/group/others of helloworld TA and tastore directory.
Change-Id: I6fa65ba97d82784968134be58a60e7a435d90b38
#ADD_DEFINITIONS("-Wall") # Generate all warnings
#ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
+ADD_DEFINITIONS("-D_ARCH_=${ARCH}")
+
# Enable tizen-specific preprocessor defines
IF(DEFINED TIZEN)
ADD_DEFINITIONS("-D__TIZEN__")
SET(TARGET_TEF_SIMULATOR_SSFLIB ${TARGET_TEF_SIMULATOR}-ssflib)
# below targets need different names due to linking with CAs and TAs (libteec for client)
-SET(TARGET_TEF_SIMULATOR_TEEC_LIB teec)
+SET(TARGET_TEF_SIMULATOR_TEEC_LIB ${TARGET_TEF_SIMULATOR}-teec)
SET(TARGET_TEF_SIMULATOR_TEE_STUB TEEStub)
############################# sub-project paths ###############################
ADD_LIBRARY(${TARGET_TEF_SIMULATOR_TEEC_LIB} SHARED
${TEEC_LIB_SOURCES}
)
+SET_TARGET_PROPERTIES(${TARGET_TEF_SIMULATOR_TEEC_LIB} PROPERTIES LIBRARY_OUTPUT_NAME teec)
ADD_DEPENDENCIES(${TARGET_TEF_SIMULATOR_TEEC_LIB}
${TARGET_TEF_SIMULATOR_OSAL}
#define TEE_PROP_FILE "/usr/bin/GPD_TEE_PROP"
#define TA_ROOT "/tmp/"
-#define TEE_TASTORE_ROOT "/usr/lib/tastore/"
+#if _ARCH_ == 32
+ #define TEE_TASTORE_ROOT "/usr/lib/tastore/"
+#elif _ARCH_ == 64
+ #define TEE_TASTORE_ROOT "/usr/lib64/tastore/"
+#else
+ #error "Invalid architecture was set!"
+#endif
#endif /* INCLUDE_CONFIG_H_ */
%postun
%files -n %{name}
-%{bin_dir}/tef-simulator-helloworld
-%{tastore_dir}/00000000000000000000112233445566
+%attr(111,security_fw,security_fw) %{bin_dir}/tef-simulator-helloworld
+%attr(444,security_fw,security_fw) %{tastore_dir}/00000000000000000000112233445566
-DPKGCFG_PREFIX=/usr \
-DPKGCFG_VERSION=%{version} \
-DSMACK_DOMAIN_NAME=%{smack_domain_name} \
+ -DARCH=%{__isa_bits} \
-DTIZEN=1
make %{?jobs:-j%jobs}
%pre
%post
+systemctl enable tef-simulator
+
+%post -n %{name}-client
+tef-update.sh simulator
%preun
%postun
-tef-update.sh
+
+%postun -n %{name}-client
+if [ $1 = 0 ] ; then
+ tef-update.sh
+fi
%files -n %{name}
-%{bin_dir}/tef-simulator-daemon
+%attr(111,security_fw,security_fw) %{bin_dir}/tef-simulator-daemon
%{lib_dir}/libtef-simulator-ssflib.so
-%{_unitdir}/tef-simulator.service
-%{_unitdir}/tef-simulator.socket
-%{_unitdir}/tef-simulator.target
+%attr(770,root,security_fw) %{tastore_dir}
+%attr(444,security_fw,security_fw) %{_unitdir}/tef-simulator.service
+%attr(444,security_fw,security_fw) %{_unitdir}/tef-simulator.target
+%attr(444,security_fw,security_fw) %{_unitdir}/tef-simulator.socket
%files -n %{name}-client
-%{lib_dir}/tef/simulator
+%attr(111,security_fw,security_fw) %{lib_dir}/tef/simulator/libteec.so
%files -n %{name}-devkit
%{bin_dir}/TA_PackageBuilder.sh
)
INSTALL(TARGETS ${TARGET_TEF_SIMULATOR_DAEMON} DESTINATION ${BIN_DIR})
+
+INSTALL(DIRECTORY DESTINATION ${TASTORE_DIR})
*/
void TABinaryManager::decryptImage(StructBinaryInfo& info) {
string cipher = "-aes-256-cbc";
- string secret = base64_decode (info.manifest.taencryption.model.plainkeydata);
+ string secret = base64_decode(info.manifest.taencryption.model.plainkeydata);
string keyhashFilename = info.imagePath + ".keyhash";
- secret.erase(secret.size()-2);
+ secret.erase(secret.size() - 2);
string keyHash = "echo -n " + secret + " | openssl dgst -sha256 | awk '{print $2}' > " + keyhashFilename;
int result = system(keyHash.c_str());
if (result != 0) {
DefaultDependencies=no
[Service]
-User=root
-Group=root
+User=security_fw
+Group=security_fw
+CapabilityBoundingSet=
SmackProcessLabel=@SMACK_DOMAIN_NAME@
ExecStart=@SYSTEMD_CFG_BIN_DIR@/tef-simulator-daemon
Sockets=tef-simulator.socket
projects / platform / core / security / tef-simulator.git / commitdiff