SET(EXEC_PREFIX "\${prefix}")
SET(LIBDIR "\${prefix}/lib")
SET(INCLUDEDIR "\${prefix}/include")
+SET(SHAREDIR "${PREFIX}/share/privilege-control")
+SET(HOMEDIR "/opt/home")
SET(VERSION 1.0)
SET(VERSION_MAJOR 0)
INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include)
INCLUDE(FindPkgConfig)
-pkg_check_modules(pkgs REQUIRED security-server openssl)
+pkg_check_modules(pkgs REQUIRED libsmack)
FOREACH(flag ${pkgs_CFLAGS})
SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
## Additional flag
SET(activate "-DUSE_PRIVILEGE_CONTROL")
-SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden")
+SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden -DSHAREDIR='${SHAREDIR}' -DHOMEDIR='${HOMEDIR}'")
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}")
###################################################################################################
## for libprivilege-control.so (library)
-SET(libprivilege-control_SOURCES ${src_dir}/privilege-control.c ${src_dir}/account-manage.c)
+SET(libprivilege-control_SOURCES ${src_dir}/privilege-control.c)
SET(libprivilege-control_LDFLAGS " -module -avoid-version ")
SET(libprivilege-control_CFLAGS " ${CFLAGS} -fPIC -I${include_dir} ${activate} ")
#SET(libprivilege-control_LIBADD " ")
SET_TARGET_PROPERTIES(slp-su PROPERTIES COMPILE_FLAGS "${slp-su_CFLAGS}")
###################################################################################################
-###################################################################################################
-## for debug-util (excutable)
-SET(debug-util_SOURCES ${src_dir}/debug-util.c)
-SET(debug-util_LDFLAGS " -module -avoid-version ")
-SET(debug-util_CFLAGS " ${CFLAGS} -fPIC -I${include_dir} ${activate} ")
-
-ADD_EXECUTABLE(debug-util ${debug-util_SOURCES})
-TARGET_LINK_LIBRARIES(debug-util ${pkgs_LDFLAGS} privilege-control)
-SET_TARGET_PROPERTIES(debug-util PROPERTIES COMPILE_FLAGS "${debug-util_CFLAGS}")
-###################################################################################################
-
-###################################################################################################
-## for kill_app (excutable)
-SET(kill-app_SOURCES ${src_dir}/kill_app.c)
-SET(kill-app_LDFLAGS " -module -avoid-version ")
-SET(kill-app_CFLAGS " ${CFLAGS} -fPIC -I${include_dir} ${activate} ")
-
-ADD_EXECUTABLE(kill_app ${kill-app_SOURCES})
-#TARGET_LINK_LIBRARIES(kill_app ${pkgs_LDFLAGS} privilege-control)
-SET_TARGET_PROPERTIES(kill_app PROPERTIES COMPILE_FLAGS "${kill-app_CFLAGS}")
-###################################################################################################
-
CONFIGURE_FILE(libprivilege-control.pc.in libprivilege-control.pc @ONLY)
FILE(GLOB datfiles ${CMAKE_CURRENT_SOURCE_DIR}/permissions/*.dat)
+FILE(GLOB smackfiles ${CMAKE_CURRENT_SOURCE_DIR}/permissions/*.smack)
FILE(GLOB udevfiles ${CMAKE_CURRENT_SOURCE_DIR}/udev/rules/*)
INSTALL(TARGETS privilege-control DESTINATION lib COMPONENT RuntimeLibraries)
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/passwd DESTINATION /opt/etc/)
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/group DESTINATION /opt/etc/)
INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/privilege-control.h DESTINATION include)
-INSTALL(FILES ${datfiles} DESTINATION /usr/share/privilege-control)
-INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/app_group_list DESTINATION /usr/share/privilege-control)
-INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/dev_group_list DESTINATION /usr/share/privilege-control)
+INSTALL(FILES ${datfiles} DESTINATION ${SHAREDIR})
+INSTALL(FILES ${smackfiles} DESTINATION ${SHAREDIR})
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/app_group_list DESTINATION ${SHAREDIR})
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/dev_group_list DESTINATION ${SHAREDIR})
INSTALL(FILES ${udevfiles} DESTINATION /lib/udev/rules.d)
INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/slp-su DESTINATION bin)
-INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/debug-util DESTINATION bin)
-INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/kill_app DESTINATION bin)
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
+libprivilege-control (0.0.6) unstable; urgency=low
+
+ * Another attempt to push package to OBS
+ * Changed 'flash_power' to 'rear_flash' in udev configuration
+
+ -- Tomasz Swierczek <t.swierczek@samsung.com> Mon, 06 Aug 2012 10:51:00 +0200
+
+libprivilege-control (0.0.5) unstable; urgency=low
+
+ * Fix generated Smack labels for WRT widgets.
+ * Extend semantics of SMACK configuration files for WRT.
+ * Add missing permissions for WRT widgets.
+
+ -- Rafal Krypa <r.krypa@samsung.com> Thu, 02 Aug 2012 11:41:45 +0200
+
+libprivilege-control (0.0.4) unstable; urgency=low
+
+ * Remove debug-util and kill_app.
+ * Some udev rules fixed by Kidong Kim.
+
+ -- Rafal Krypa <r.krypa@samsung.com> Fri, 27 Jul 2012 11:59:21 +0200
+
+libprivilege-control (0.0.3) unstable; urgency=low
+
+ * Add initial mapping of wrt devcaps to SMACK accesses.
+ * Pass some path definitions as compiler macros instead of hardcoding in source.
+ * Remove APIs - add & delete user and group for 3rd party applications.
+ * Packaging: fix udev rules installation in the spec file.
+ * Add SMACK functions for WRT.
+ * Add API function set_exec_label.
+
+ -- Rafal Krypa <r.krypa@samsung.com> Tue, 17 Jul 2012 18:56:44 +0200
+
+libprivilege-control (0.0.2-43) unstable; urgency=low
+
+ * change permission of usb_mtp_gadget device node
+ * Tag: libprivilege-control_0.0.2-43
+ * Git: slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 21 May 2012 10:35:31 +0900
+
+libprivilege-control (0.0.2-42) unstable; urgency=low
+
+ * one rule for udev "/dev/srp" has been added
+ * Tag: libprivilege-control_0.0.2-42
+ * Git: slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Fri, 23 Mar 2012 11:43:58 +0900
+
+libprivilege-control (0.0.2-41) unstable; urgency=low
+
+ * add app user into video_tel group
+ * Tag: libprivilege-control_0.0.2-41
+ * Git: slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Sat, 11 Feb 2012 16:49:35 +0900
+
libprivilege-control (0.0.2-40) unstable; urgency=low
* Remove 'inhouse' directory
* Tag: libprivilege-control_0.0.2-40
- * Git: pkgs/l/libprivilege-control
+ * Git: slp/pkgs/l/libprivilege-control
-- Kidong Kim <kd0228.kim@samsung.com> Thu, 09 Feb 2012 17:41:32 +0900
+
+libprivilege-control (0.0.2-39) unstable; urgency=low
+
+ * add new group - video_tel(6528)
+ * Tag: libprivilege-control_0.0.2-39
+ * Git: slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Tue, 07 Feb 2012 16:51:55 +0900
+
+libprivilege-control (0.0.2-38) unstable; urgency=low
+
+ * change ownership and permission of user home directory
+ * Tag: libprivilege-control_0.0.2-38
+ * Git: slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Fri, 20 Jan 2012 08:49:29 +0900
+
+libprivilege-control (0.0.2-37) unstable; urgency=low
+
+ * remove a string 'inhouse' from all codes
+ * Tag: libprivilege-control_0.0.2-37
+ * Git: slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 18 Jan 2012 12:06:34 +0900
+
+libprivilege-control (0.0.2-36) unstable; urgency=low
+
+ * change user name 'inhouse' of /etc/group file to 'app'
+ * Tag: libprivilege-control_0.0.2-36
+ * Git: slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Sat, 14 Jan 2012 13:36:36 +0900
+
+libprivilege-control (0.0.2-35) unstable; urgency=low
+
+ * unify all application's user account to 'app' account
+ * Tag: libprivilege-control_0.0.2-35
+ * Git: slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Tue, 10 Jan 2012 10:54:19 +0900
+
+libprivilege-control (0.0.2-34) unstable; urgency=low
+
+ * 11/12/23
+ * - add package name prefix - org. (for using tizen)
+ * Tag: libprivilege-control_0.0.2-34
+ * Git: slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Fri, 23 Dec 2011 15:13:36 +0900
+
+libprivilege-control (0.0.2-33) unstable; urgency=low
+
+ * 11/12/05
+ * - make /etc/passwd and /etc/group symbolic link
+ * - original files are located in /opt/etc/
+ * Tag: libprivilege-control_0.0.2-33
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 05 Dec 2011 17:04:14 +0900
+
+libprivilege-control (0.0.2-32) unstable; urgency=low
+
+ * 11/12/02
+ * - change license : LGPL -> apache
+ * Tag: libprivilege-control_0.0.2-32
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Fri, 02 Dec 2011 17:00:47 +0900
+
+libprivilege-control (0.0.2-31) unstable; urgency=low
+
+ * 11/11/30
+ * - fix permission of developer home directory
+ * - fix problem not to launch application which has org. prefix in pacakage name
+ * Tag: libprivilege-control_0.0.2-31
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 30 Nov 2011 17:23:12 +0900
+
+libprivilege-control (0.0.2-30) unstable; urgency=low
+
+ * fix boiler-plate
+ * Tag: libprivilege-control_0.0.2-30
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 13 Jul 2011 10:17:20 +0900
+
+libprivilege-control (0.0.2-29) unstable; urgency=low
+
+ * change dialer package name - phone
+ * Tag: libprivilege-control_0.0.2-29
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Thu, 23 Jun 2011 13:42:26 +0900
+
+libprivilege-control (0.0.2-28) unstable; urgency=low
+
+ * add new executable - kill_app
+ * Tag: libprivilege-control_0.0.2-28
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 13 Jun 2011 15:35:59 +0900
+
+libprivilege-control (0.0.2-27) unstable; urgency=low
+
+ * fix package name bug
+ * Tag: libprivilege-control_0.0.2-27
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 11 Apr 2011 14:45:41 +0900
+
+libprivilege-control (0.0.2-26) unstable; urgency=low
+
+ * fix inhouse package name (temporary)
+ * Tag: libprivilege-control_0.0.2-26
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 11 Apr 2011 11:50:06 +0900
+
+libprivilege-control (0.0.2-25) unstable; urgency=low
+
+ * add new error code
+ * if fail to execute setuid or setgid or setenv, do not execute new app
+ * Tag: libprivilege-control_0.0.2-25
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Tue, 15 Mar 2011 15:08:41 +0900
+
+libprivilege-control (0.0.2-24) unstable; urgency=low
+
+ * fix dependency - add libssl-dev
+ * Tag: libprivilege-control_0.0.2-24
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 14 Mar 2011 17:38:52 +0900
+
+libprivilege-control (0.0.2-23) unstable; urgency=low
+
+ * fix dependency problem - misuse tag
+ * Tag: libprivilege-control_0.0.2-23
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 14 Mar 2011 09:14:04 +0900
+
+libprivilege-control (0.0.2-22) unstable; urgency=low
+
+ * change user name to hashing value to have equal length.
+ * fix prevent bug
+ * Tag: libprivilege-control_0.0.2-22
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Tue, 08 Mar 2011 15:55:06 +0900
+
+libprivilege-control (0.0.2-21) unstable; urgency=low
+
+ * modify not to check password when logging by developer
+ * Tag: libprivilege-control_0.0.2-21
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Fri, 18 Feb 2011 16:01:31 +0900
+
+libprivilege-control (0.0.2-20) unstable; urgency=low
+
+ * add new executables for SDK
+ * Tag: libprivilege-control_0.0.2-20
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Fri, 11 Feb 2011 09:56:35 +0900
+
+libprivilege-control (0.0.2-19) unstable; urgency=low
+
+ * fix 3rd party app launching problem
+ * Tag: libprivilege-control_0.0.2-19
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Tue, 11 Jan 2011 16:51:17 +0900
+
+libprivilege-control (0.0.2-18) unstable; urgency=low
+
+ * fix strtoul problem
+ * Tag: libprivilege-control_0.0.2-18
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 03 Jan 2011 16:56:15 +0900
+
+libprivilege-control (0.0.2-17) unstable; urgency=low
+
+ * fix postinst script
+ * Tag: libprivilege-control_0.0.2-17
+ * Git: 165.213.180.234:slp/pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 15 Dec 2010 10:00:57 +0900
+
+libprivilege-control (0.0.2-16) unstable; urgency=low
+
+ * preparations for limo contribution
+ * Tag: libprivilege-control_0.0.2-16
+ * Git: 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Fri, 26 Nov 2010 15:55:20 +0900
+
+libprivilege-control (0.0.2-15) unstable; urgency=low
+
+ * fix package types
+ * Tag: libprivilege-control_0.0.2-15
+ * Git: 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 24 Nov 2010 15:00:30 +0900
+
+libprivilege-control (0.0.2-14) unstable; urgency=low
+
+ * fix java package
+ * Tag: libprivilege-control_0.0.2-14
+ * Git: 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 24 Nov 2010 12:03:37 +0900
+
+libprivilege-control (0.0.2-13) unstable; urgency=low
+
+ * modify package name
+ * Tag: libprivilege-control_0.0.2-13
+ * Git: 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 22 Nov 2010 14:18:14 +0900
+
+libprivilege-control (0.0.2-12) unstable; urgency=low
+
+ * add environment variables
+ * Tag: libprivilege-control_0.0.2-12
+ * Git: 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 27 Oct 2010 08:07:45 +0900
+
+libprivilege-control (0.0.2-11) unstable; urgency=low
+
+ * modify bug in case that current user is inhouse
+ * Tag: libprivilege-control_0.0.2-11
+ * Git: 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Thu, 21 Oct 2010 12:03:57 +0900
+
+libprivilege-control (0.0.2-10) unstable; urgency=low
+
+ * add new function
+ * Tag: libprivilege-control_0.0.2-10
+ * Git: 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 20 Oct 2010 19:31:24 +0900
+
+libprivilege-control (0.0.2-9) unstable; urgency=low
+
+ * modify doxygen group
+ * Tag : libprivilege-control_0.0.2-9
+ * Git : 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Mon, 27 Sep 2010 17:56:04 +0900
+
+libprivilege-control (0.0.2-8) unstable; urgency=low
+
+ * git tag typing error
+ * Tag : libprivilege-control_0.0.2-8
+ * Git : 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 01 Sep 2010 17:21:00 +0900
+
+libprivilege-control (0.0.2-7) unstable; urgency=low
+
+ * Change copyright context
+ * Tag : libprivilege-conteol_0.0.2-7
+ * Git : 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 01 Sep 2010 17:09:31 +0900
+
+libprivilege-control (0.0.2-6) unstable; urgency=low
+
+ * Add home directory of inhouse account
+ * Tag : libprivilege-control_0.0.2-6
+ * Git : 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Sat, 31 Jul 2010 13:53:37 +0900
+
+libprivilege-control (0.0.2-5) unstable; urgency=low
+
+ * Add boiler-plate in header file
+ * Tag : libprivilege-control_0.0.2-5
+ * Git : 165.213.180.234:/git/slp/pkgs/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Sat, 24 Jul 2010 10:48:19 +0900
+
+libprivilege-control (0.0.2-4) unstable; urgency=low
+
+ * fix tagging problem
+ * Tag : libprivilege-control_0.0.2-4
+ * Git : 165.213.180.234:/git/slp2.0/slp2.0-pkgs/libprivilege-control-0
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 09 Jun 2010 15:24:41 +0900
+
+libprivilege-control (0.0.2-3) unstable; urgency=low
+
+ * modify source code to change GID
+ * Tag : libprivilege-control_0.0.2-3
+ * Git : 165.213.180.234:/git/slp2.0.slp2.0-pkgs/libprivilege-control-0
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 09 Jun 2010 11:49:40 +0900
+
+libprivilege-control (0.0.2-2) unstable; urgency=low
+
+ * modify postinst to switch DAC flag
+ * Tag : libprivilege-control_0.0.2-2
+ * Git : 165.213.180.234:/git/slp2.0/slp2.0-pkgs/libprivilege-control-0
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Thu, 03 Jun 2010 17:49:39 +0900
+
+libprivilege-control (0.0.2-1) unstable; urgency=low
+
+ * add flag to determine DAC
+ * Tag : libprivilege-control_0.0.2-1
+ * Git : 165.213.180.234:/git/slp2.0/slp2.0-pkgs/libprivilege-control-0
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Wed, 02 Jun 2010 13:49:56 +0900
+
+libprivilege-control (0.0.1-1) unstable; urgency=low
+
+ * Initial Release.
+ * Tag : libprivilege-control_0.0.1-1
+ * Git : 165.213.180.234:/git/slp2.0/slp2.0-pkgs/libprivilege-control-0
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Thu, 13 May 2010 19:28:13 +0900
Source: libprivilege-control
Priority: extra
Maintainer: Kidong Kim <kd0228.kim@samsung.com>
-Build-Depends: debhelper (>= 5), autotools-dev, libsecurity-server-client-dev, libssl-dev, openssl
+Build-Depends: debhelper (>= 5), autotools-dev, libsmack-dev
Standards-Version: 3.7.2
Section: base
Homepage: N/A
Package: libprivilege-control-dev
Section: libs
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, libprivilege-control-0 (= ${Source-Version}), libssl-dev
+Depends: ${shlibs:Depends}, ${misc:Depends}, libprivilege-control-0 (= ${Source-Version})
Description: development pacakge of library to control privilege of in-house application
Package: libprivilege-control-0
/usr/lib/libprivilege-control.so
/usr/lib/libprivilege-control.so.*
/usr/bin/slp-su
-/usr/bin/debug-util
-/usr/bin/kill_app
/usr/share/privilege-control/*
/opt/etc/passwd
/opt/etc/group
/*
* libprivilege control
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
#ifndef _PRIVILEGE_CONTROL_H_
#define _PRIVILEGE_CONTROL_H_
+/* Macros for converting preprocessor token to string */
+#define STRINGIFY(x) #x
+#define TOSTRING(x) STRINGIFY(x)
+
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
int set_privilege(const char* pkg_name);
-/* added APIs - add & delete user and group for 3rd party applications */
-int add_user_and_group(const char* pkg_name, const char* permissions);
+/**
+ * Set process SMACK label from EXEC label of a file.
+ * This function is emulating EXEC label behaviour of SMACK for programs
+ * run by dlopen/dlsym instead of execv.
+ *
+ * @param path file path to take label from
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int set_exec_label(const char* path);
+
+/* APIs for WRT */
+
+/**
+ * Reset all SMACK permissions for a widget.
+ * This function should be called during preparation for widget run.
+ * It would be a good idea to also call it after widget has terminated.
+ * It must be called by privileged user.
+ *
+ * @param widget_id widget identifier from WRT
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int wrt_permissions_reset(unsigned long long widget_id);
+
+/**
+ * Grant SMACK permissions required to use selected devcaps.
+ * This function should be called during preparation for widget run
+ * (after wrt_permissions_reset()) and whenever widget is supposed to
+ * gain any new devcap permissions.
+ * It must be called by privileged user.
+ *
+ * @param widget_id widget identifier from WRT
+ * @param devcap_list array of devcap names, last element must be NULL
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int wrt_permissions_add(unsigned long long widget_id, const char** devcap_list);
+
+/**
+ * Recursively set SMACK labels for a widget source directory.
+ * This function should be called once during widget installation, after
+ * widget's source is unpacked in it's destination directory.
+ * Results will be persistent on the file system.
+ * It must be called by privileged user.
+ *
+ * @param widget_id widget identifier from WRT
+ * @param path parent directory path with widget's source
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int wrt_set_src_dir(unsigned long long widget_id, const char *path);
-int delete_user_and_group(const char* pkg_name);
+/**
+ * Recursively set SMACK labels for a widget data directory.
+ * This function should be called once during widget installation, after
+ * widget's initial data is unpacked in it's destination directory.
+ * Results will be persistent on the file system.
+ * It must be called by privileged user.
+ *
+ * @param widget_id widget identifier from WRT
+ * @param path parent directory path with widget's data
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int wrt_set_data_dir(unsigned long long widget_id, const char *path);
+
+/**
+ * Assign SMACK label to a process and drop root permissions.
+ * Also grant default SMACK permissions (not related to any devcaps).
+ * This function should be called by before executing widget code.
+ * It must be called by privileged user. After the function returns,
+ * privileges will be dropped.
+ *
+ * @param widget_id widget identifier from WRT
+ * @return PC_OPERATION_SUCCESS on success, PC_ERR_* on error
+ */
+int wrt_set_privilege(unsigned long long widget_id);
#ifdef __cplusplus
}
Name: libprivilege-control
Description: Library to control privilege of application
Version: @VERSION@
-Requires: openssl
Libs: -L${libdir} -lprivilege-control
Cflags: -I${includedir}/
--- /dev/null
+* Mon Aug 08 2012 Tomasz Swierczek - 0.0.6
+- Another attempt to push to OBS
+- Changed udev configuration file (rear_flash)
+* Thu Aug 02 2012 Rafal Krypa - 0.0.5
+- Fix generated Smack labels for WRT widgets.
+- Extend semantics of SMACK configuration files for WRT.
+- Add missing permissions for WRT widgets.
+* Fri Jul 27 2012 Rafal Krypa - 0.0.4
+- Remove debug-util and kill_app.
+- Some udev rules fixed by Kidong Kim.
+* Tue Jul 17 2012 Rafal Krypa - 0.0.3
+- Add initial mapping of wrt devcaps to SMACK accesses.
+- Pass some path definitions as compiler macros instead of hardcoding in source.
+- Remove APIs - add & delete user and group for 3rd party applications.
+- Packaging: fix udev rules installation in the spec file.
+- Add SMACK functions for WRT.
+- Add API function set_exec_label.
Name: libprivilege-control
Summary: Library to control privilege of application
-Version: 0.0.2
-Release: 1.1
+Version: 0.0.6
+Release: 1
Group: System/Security
License: Apache 2.0
Source0: %{name}-%{version}.tar.gz
-BuildRequires: cmake
-BuildRequires: pkgconfig(openssl)
-BuildRequires: pkgconfig(security-server)
+BuildRequires: cmake
+BuildRequires: pkgconfig(libsmack)
%description
development package of library to control privilege of in-house application
Library to control privilege of application (devel)
%package conf
-Summary: Control privilege of application files
+Summary: Control privilege of application files
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
ln -sf /opt/etc/group /etc/group
-
-# FIXME: should split to separate binaries package
%files
/usr/lib/*.so.*
-/usr/bin/debug-util
-/usr/bin/kill_app
/usr/bin/slp-su
/usr/share/privilege-control/*
-/lib/udev/rules.d/95-permissions-slp.rules
+/lib/udev/rules.d/*
%files conf
/opt/etc/group
--- /dev/null
+_ rw
+db-wrt w
+isf_data r
+db-app_info rw
+vconf rwx
+vconf_setting rw
+db-vcore rw
+db-ace rw
+db-wrt rw
+font_config r
+dbus rw
+xorg wx
+timezone_data rx
+system_logging w
+home_dir rx
+browser x
+console rwx
+@ launcher rx
--- /dev/null
+db-appsvc rw
+browser x
+menu-screen rx
--- /dev/null
+mdm-server w
--- /dev/null
+db-calendar-svc rw
--- /dev/null
+db-contacts-svc rw
--- /dev/null
+vconf_drm rwx
+db-drm rw
--- /dev/null
+db-media rw
--- /dev/null
+db-media rw
+msg-server w
+db-email-service rw
+email-service w
+db-msg_service rw
--- /dev/null
+policy-mdm-server rx
--- /dev/null
+policy-mdm-server rx
--- /dev/null
+db-email-service rw
+msg-server x
+db-msg_service r
--- /dev/null
+db-calendar-svc r
--- /dev/null
+db-calendar-svc rw
--- /dev/null
+db-contacts-svc rw
--- /dev/null
+db-calendar-svc r
--- /dev/null
+db-calendar-svc rw
+++ /dev/null
-/*
- * libprivilege control
- *
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#include <pwd.h>
-#include <errno.h>
-#include "privilege-control.h"
-#include <openssl/md2.h>
-
-#define FIRST_UID 20001
-#define USERNAME_SIZE 128
-#define HOMEDIR_SIZE 128
-#define FILENAME_SIZE 128
-#define PASSWD_LINE 256
-#define GROUP_LINE 256
-
-#define base64table "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
-#define base64pad '='
-
-int md2_hashing(unsigned char* in, unsigned char* out)
-{
- MD2_CTX mctx;
-
- if(!MD2_Init(&mctx))
- return PC_ERR_INVALID_PARAM;
- if(!MD2_Update(&mctx, in, strlen((char*)in)))
- return PC_ERR_INVALID_PARAM;
- if(!MD2_Final(out, &mctx))
- return PC_ERR_INVALID_PARAM;
-
- return PC_OPERATION_SUCCESS;
-}
-
-int base64_encode(unsigned char* in, unsigned long int in_len, char** out, unsigned long int* out_len)
-{
- unsigned char* current = in;
- long int out_num = 0;
- int str_len = 0;
-
- if((in == NULL) || (in_len <= 0) || (out == NULL))
- return -1; // error
-
- *out_len = (((in_len + 2) / 3) * 4) + 1;
- *out = (char*)malloc(*out_len);
-
- if(*out == NULL)
- return 0;
-
- while(in_len > 2)
- {
- /* keep going until we have less than 24 bits */
- ((char*)*out)[out_num++] = base64table[current[0] >> 2];
- ((char*)*out)[out_num++] = base64table[((current[0] & 0x03) << 4) + (current[1] >> 4)];
- ((char*)*out)[out_num++] = base64table[((current[1] & 0x0f) << 2) + (current[2] >> 6)];
- ((char*)*out)[out_num++] = base64table[current[2] & 0x3f];
-
- current += 3;
- in_len -= 3;
- str_len += 4;
- }
- /* now deal with the tail end of things */
- if (in_len != 0)
- {
- ((char*)*out)[out_num++] = base64table[current[0] >> 2];
- if (in_len > 1)
- {
- ((char*)*out)[out_num++] = base64table[((current[0] & 0x03) << 4) + (current[1] >> 4)];
- ((char*)*out)[out_num++] = base64table[(current[1] & 0x0f) << 2];
- ((char*)*out)[out_num++] = base64pad;
- }
- else
- {
- ((char*)*out)[out_num++] = base64table[(current[0] & 0x03) << 4];
- ((char*)*out)[out_num++] = base64pad;
- ((char*)*out)[out_num++] = base64pad;
- }
- str_len += 4;
- }
- ((char*)*out)[out_num++] = '\0';
-
- return PC_OPERATION_SUCCESS;
-}
-
-int convert_user_name_from_pkgname(const char* pkg_name, char* user_name)
-{
- char* hashing = NULL;
- char* base64 = NULL;
- unsigned long int len = 0;
- int ret = PC_OPERATION_SUCCESS;
-
- if(!pkg_name || !user_name)
- {
- ret = PC_ERR_INVALID_PARAM;
- goto err;
- }
-
- hashing = (char*)malloc(sizeof(char) * MD2_DIGEST_LENGTH);
- memset(hashing, 0x00, MD2_DIGEST_LENGTH);
-
- if(md2_hashing((unsigned char*)pkg_name, (unsigned char*)hashing) != PC_OPERATION_SUCCESS)
- {
- fprintf(stderr, "[ERR] Fail to hashing\n");
- ret = PC_ERR_INVALID_OPERATION;
- goto err;
- }
-
- if(base64_encode((unsigned char*)hashing, MD2_DIGEST_LENGTH, &base64, &len) != PC_OPERATION_SUCCESS)
- {
- fprintf(stderr, "[ERR] Fail to encode\n");
- ret = PC_ERR_INVALID_OPERATION;
- goto err;
- }
-
- strncpy(user_name, base64, 16);
- user_name[16] = '\0';
-
-err:
- if(hashing != NULL)
- free(hashing);
- return ret;
-}
-
-API int add_user_and_group(const char* pkg_name, const char* permissions)
-{
- FILE* fp_passwd = NULL;
- FILE* fp_passwd2 = NULL;
- FILE* fp_group = NULL;
- FILE* fp_group2 = NULL;
- FILE* fp_perm = NULL;
- char user_name[USERNAME_SIZE];
- char homedir[HOMEDIR_SIZE];
- char linebuf[USERNAME_SIZE + HOMEDIR_SIZE + 128];
- char linebuf2[USERNAME_SIZE + 20];
- char buf_passwd[PASSWD_LINE];
- char buf_group[GROUP_LINE];
- char conf_filename[FILENAME_SIZE];
- char perm_group[20];
- char chown_cmd[32];
- char str_orig[256];
- char seps[] = ", \t\n\r";
- int result = PC_OPERATION_SUCCESS;
- int uid = -1, gid = -1, i = 0, cnt = 0, flag = 0;
- char* expr = "3rd party user\0";
- char* shell = "/bin/sh\0";
- char* linebuf3 = NULL;
- char* tempbuf = NULL;
- char* token = NULL;
- int inputed, pid, ret;
-
- memset(user_name, 0x00, USERNAME_SIZE);
- memset(homedir, 0x00, HOMEDIR_SIZE);
- memset(linebuf, 0x00, (USERNAME_SIZE + HOMEDIR_SIZE + 128));
- memset(linebuf2, 0x00, (USERNAME_SIZE + 20));
- memset(buf_passwd, 0x00, PASSWD_LINE);
- memset(buf_group, 0x00, GROUP_LINE);
- memset(conf_filename, 0x00, FILENAME_SIZE);
- memset(perm_group, 0x00, 20);
- memset(str_orig, 0x00, 256);
- memset(chown_cmd, 0x00, 32);
-
- /* 0. this user MUST be 'root' */
- if(getuid() != 0) { // not root
- fprintf(stderr, "%s", "[ERR] Only root user can add new user\n");
- result = PC_ERR_NOT_PERMITTED;
- goto error;
- }
-
- /* 1. convert pkg_name to real user name */
- result = convert_user_name_from_pkgname(pkg_name, user_name);
- if(result != PC_OPERATION_SUCCESS) {
- fprintf(stderr, "%s", "[ERR] Fail to convert pkg name\n");
- result = PC_ERR_INVALID_OPERATION;
- goto error;
- }
- /* 1.1. check there is a same user or not */
- if(getpwnam(user_name)) {
- fprintf(stderr, "%s", "[ERR] Fail to add new user - already exist\n");
- result = PC_ERR_INVALID_OPERATION;
- goto error;
- }
-
- /* 2. add user into /etc/passwd */
- /* 2.1. get uid, gid */
- uid = FIRST_UID;
- while(getpwuid(uid) != NULL) // is there same uid?
- uid++;
- gid = uid;
- /* 2.2. get home directory and make home directory */
- snprintf(homedir, HOMEDIR_SIZE, "/opt/apps/%s", pkg_name);
- if(mkdir(homedir, 0755) != 0) { // fail to make directory
- if(errno == EEXIST) {
- fprintf(stderr, "%s%s%s", "[LOG] ", homedir, " is already exist. Does NOT make new one.\n");
- }
- else {
- fprintf(stderr, "%s", "[ERR] Fail to make home directory\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- }
- memset(homedir, 0x00, HOMEDIR_SIZE);
- snprintf(homedir, HOMEDIR_SIZE, "/opt/apps/%s/data", pkg_name);
- if(mkdir(homedir, 0755) != 0) { // fail to make directory
- if(errno == EEXIST) {
- fprintf(stderr, "%s%s%s", "[LOG] ", homedir, " is already exist. Does NOT make new one.\n");
- }
- else {
- fprintf(stderr, "%s", "[ERR] Fail to make home directory\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- }
-
- pid = fork();
- if(pid == 0) {
- snprintf(chown_cmd, 32, "%d:%d", uid, gid);
- ret = execl("/bin/chown", "/bin/chown", "-R", chown_cmd, homedir, NULL);
- if(ret == -1) {
- fprintf(stderr, "%s", "[ERR] fail to execute execl()\n");
- perror("Fail to execute execl()");
- exit(-1);
- }
- }
- else if(pid > 0) {
- wait((int*)0);
- }
- else {
- fprintf(stderr, "%s", "[ERR] fail to execute fork()\n");
- exit(-1);
- }
- /* 2.3. make one line of /etc/passwd */
- snprintf(linebuf, (USERNAME_SIZE + HOMEDIR_SIZE + 128), "%s:x:%d:%d:%s:%s:%s", user_name, uid, gid, expr, homedir, shell);
- uid = FIRST_UID;
- /* 2.4. write to /etc/passwd */
- if((fp_passwd = fopen("/opt/etc/passwd", "r")) == NULL) { // open original passwd file
- fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- if((fp_passwd2 = fopen("/opt/etc/passwd-modi", "w")) == NULL) { // open mofified file
- fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd-modi\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
-
- while(fgets(buf_passwd, PASSWD_LINE, fp_passwd))
- fprintf(fp_passwd2, "%s", buf_passwd);
- fprintf(fp_passwd2, "%s\n", linebuf);
-
- fclose(fp_passwd);
- fp_passwd = NULL;
- fclose(fp_passwd2);
- fp_passwd2 = NULL;
-
- if(rename("/opt/etc/passwd", "/opt/etc/passwd-") != 0) { // if fail,
- fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd)\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- if(rename("/opt/etc/passwd-modi", "/opt/etc/passwd") != 0) { // if fail,
- fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd-modi)\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- /* 2.5. make one line of /etc/group */
- snprintf(linebuf2, (USERNAME_SIZE + 20), "%s:x:%d:", user_name, gid);
- /* 2.6. write to /etc/group */
- if((fp_group = fopen("/opt/etc/group", "r")) == NULL) {
- fprintf(stderr, "%s", "[ERR] Fail to open /etc/grup\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- if((fp_group2 = fopen("/opt/etc/group-modi", "w")) == NULL) {
- fprintf(stderr, "%s", "[ERR] Fail to open /etc/group-modi\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
-
- while(1) {
- linebuf3 = (char*)malloc(sizeof(char) * 128);
- if(linebuf3 == NULL) {
- fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n");
- result = PC_ERR_MEM_OPERATION;
- goto error;
- }
- memset(linebuf3, 0x00, 128);
- cnt = 128;
- i = 0;
-
- while(1) { // get one line from /etc/group
- inputed = fgetc(fp_group);
- if(inputed == EOF) // end of /etc/group,
- goto end_of_while;
- else if((char)inputed == '\n') {
- linebuf3[i] = '\0';
- break;
- }
- else if((i == cnt) && ((char)inputed != '\n')) {
- tempbuf = (char*)realloc(linebuf3, sizeof(char) * (i + 128));
- if(tempbuf == NULL) {
- fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n");
- result = PC_ERR_MEM_OPERATION;
- goto error;
- }
- linebuf3 = tempbuf;
- linebuf3[i] = (char)inputed;
- cnt = i + 128;
- }
- else
- linebuf3[i] = (char)inputed;
-
- i++;
- }
-
- /* 3. get real group name from permissions */
- strncpy(str_orig, permissions, strlen(permissions));
- token = strtok(str_orig, seps);
- while(token != NULL) {
- /* 3.1. make dat file name */
- snprintf(conf_filename, FILENAME_SIZE, "/usr/share/privilege-control/%s.dat", token);
- if((fp_perm = fopen(conf_filename, "r")) == NULL) {
- fprintf(stderr, "%s%s%s", "[ERR] Fail to open ", conf_filename, "\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- while(fgets(perm_group, 20, fp_perm)) {
- perm_group[strlen(perm_group) - 1] = ':';
- perm_group[strlen(perm_group)] = '\0';
- if(strncmp(linebuf3, perm_group, strlen(perm_group)) == 0) { // found!!
- if(!strncmp(linebuf3, user_name, strlen(user_name))) { // already have same user
- flag = 1;
- fprintf(fp_group2, "%s\n", linebuf3);
- break;
- }
- if(linebuf3[strlen(linebuf3) - 1] == ':')
- strncat(linebuf3, user_name, strlen(user_name));
- else {
- strncat(linebuf3, ",", 1);
- strncat(linebuf3, user_name, strlen(user_name));
- }
- flag = 1;
-
- fprintf(fp_group2, "%s\n", linebuf3);
- break;
- }
- }
- if(fp_perm != NULL) {
- fclose(fp_perm);
- fp_perm = NULL;
- }
- memset(conf_filename, 0x00, FILENAME_SIZE);
- memset(perm_group, 0x00, 20);
-
- if(flag == 1)
- break;
-
- token = strtok(NULL, seps);
- }
-
- if(flag != 1)
- fprintf(fp_group2, "%s\n", linebuf3);
-
- flag = 0;
- if(linebuf3 != NULL) {
- free(linebuf3);
- linebuf3 = NULL;
- }
- }
-end_of_while:
- fprintf(fp_group2, "%s\n", linebuf2);
-
- fclose(fp_group);
- fp_group = NULL;
- fclose(fp_group2);
- fp_group2 = NULL;
-
- if(rename("/opt/etc/group", "/opt/etc/group-") != 0) { // if fail,
- fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group)\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- if(rename("/opt/etc/group-modi", "/opt/etc/group") != 0) { // if fail,
- fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group-modi)\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
-
-error:
- if(fp_passwd != NULL)
- fclose(fp_passwd);
- if(fp_passwd2 != NULL)
- fclose(fp_passwd2);
- if(fp_group != NULL)
- fclose(fp_group);
- if(fp_group2 != NULL)
- fclose(fp_group2);
- if(fp_perm != NULL)
- fclose(fp_perm);
-
- if(linebuf3 != NULL)
- free(linebuf3);
-
- return result;
-}
-
-API int delete_user_and_group(const char* pkg_name)
-{
- FILE* fp_passwd = NULL;
- FILE* fp_passwd2 = NULL;
- FILE* fp_group = NULL;
- FILE* fp_group2 = NULL;
- char user_name[USERNAME_SIZE];
- char user_name2[USERNAME_SIZE];
- char linebuf[512];
- char* linebuf2 = NULL;
- char* linebuf3 = NULL;
- char* tempbuf = NULL;
- char* start = NULL;
- char* end = NULL;
- int i = 0, cnt = 0, flag = 0;
- int result = PC_OPERATION_SUCCESS;
- int inputed;
- char* temp = NULL;
-
- memset(user_name, 0x00, USERNAME_SIZE);
- memset(user_name2, 0x00, USERNAME_SIZE);
- memset(linebuf, 0x00, 512);
-
- /* 0. user MUST be 'root' */
- if(getuid() != 0) { // not root
- fprintf(stderr, "%s", "[ERR] Only root user can add new user\n");
- result = PC_ERR_NOT_PERMITTED;
- goto error;
- }
-
- /* 1. convert pkg_name to real user name */
- result = convert_user_name_from_pkgname(pkg_name, user_name);
- if(result != PC_OPERATION_SUCCESS) {
- fprintf(stderr, "%s", "[ERR] Fail to convert pkg name\n");
- result = PC_ERR_INVALID_OPERATION;
- goto error;
- }
- /* 1.1. check there is a same user or not */
- if(!getpwnam(user_name)) {
- fprintf(stderr, "%s", "[ERR] Fail to delete user - not exist\n");
- result = PC_ERR_INVALID_OPERATION;
- goto error;
- }
-
- /* 2. delete user from /etc/passwd */
- /* 2.1. open */
- if((fp_passwd = fopen("/opt/etc/passwd", "r")) == NULL) { // open original passwd file
- fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- if((fp_passwd2 = fopen("/opt/etc/passwd-modi", "w")) == NULL) { // open mofified file
- fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd-modi\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
-
- /* 2.2. write */
- strncpy(user_name2, user_name, (strlen(user_name) + 1));
- user_name2[strlen(user_name)] = ':';
-
- while(fgets(linebuf, 512, fp_passwd)) {
- if(!strncmp(linebuf, user_name2, strlen(user_name2))) // found
- continue;
- fprintf(fp_passwd2, "%s", linebuf);
- }
-
- /* 2.3. rename file */
- if(rename("/opt/etc/passwd", "/opt/etc/passwd-") != 0) { // if fail,
- fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd)\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- if(rename("/opt/etc/passwd-modi", "/opt/etc/passwd") != 0) { // if fail,
- fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd-modi)\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
-
- /* 3. delete group from /etc/group */
- /* 3.1. open */
- if((fp_group = fopen("/opt/etc/group", "r")) == NULL) {
- fprintf(stderr, "%s", "[ERR] Fail to open /etc/grup\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- if((fp_group2 = fopen("/opt/etc/group-modi", "w")) == NULL) {
- fprintf(stderr, "%s", "[ERR] Fail to open /etc/group-modi\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
-
- /* 3.2. search and delete */
- while(1) {
- linebuf2 = (char*)malloc(sizeof(char) * 128);
- if(linebuf2 == NULL) {
- fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n");
- result = PC_ERR_MEM_OPERATION;
- goto error;
- }
- memset(linebuf2, 0x00, 128);
- cnt = 128;
- i = 0;
-
- while(1) {
- inputed = fgetc(fp_group);
- if(inputed == EOF)
- goto end_of_while;
- else if((char)inputed == '\n') {
- linebuf2[i] = '\0';
- break;
- }
- else if((i == cnt) && ((char)inputed != '\n')) {
- tempbuf = (char*)realloc(linebuf2, sizeof(char) * (i + 128));
- if(tempbuf == NULL) {
- fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n");
- result = PC_ERR_MEM_OPERATION;
- goto error;
- }
- linebuf2 = tempbuf;
- linebuf2[i] = (char)inputed;
- cnt = i + 128;
- }
- else
- linebuf2[i] = (char)inputed;
-
- i++;
- }
-
- if(strncmp(linebuf2, user_name2, strlen(user_name2)) == 0) // group of user
- continue;
-
- if((start = strstr(strchr(linebuf2, ':'), user_name)) != NULL) { // found!!
- linebuf3 = (char*)malloc(sizeof(char) * strlen(linebuf2));
- memset(linebuf3, 0x00, strlen(linebuf2));
-
-repeat:
- end = start + strlen(user_name);
- // end MUST be ',' or '\0'
- if(end[0] == ',')
- end = end + 1;
- else if(end[0] == '\0') {
- temp = start - 1;
- if(temp[0] == ',')
- start = start - 1;
- }
- else {
- start = strstr(end, user_name);
- if(start[0] != '\0')
- goto repeat;
- }
-
- strncpy(linebuf3, linebuf2, ((int)start - (int)linebuf2));
- linebuf3 = strcat(linebuf3, end);
- fprintf(fp_group2, "%s\n", linebuf3);
- flag = 1;
- }
-
- if(flag != 1)
- fprintf(fp_group2, "%s\n", linebuf2);
- flag = 0;
-
- if(linebuf2 != NULL) {
- free(linebuf2);
- linebuf2 = NULL;
- }
- if(linebuf3 != NULL) {
- free(linebuf3);
- linebuf3 = NULL;
- }
- }
-end_of_while:
- fclose(fp_group);
- fp_group = NULL;
- fclose(fp_group2);
- fp_group2 = NULL;
-
- if(rename("/opt/etc/group", "/opt/etc/group-") != 0) { // if fail,
- fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group)\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
- if(rename("/opt/etc/group-modi", "/opt/etc/group") != 0) { // if fail,
- fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group-modi)\n");
- result = PC_ERR_FILE_OPERATION;
- goto error;
- }
-
-error:
- if(fp_passwd != NULL)
- fclose(fp_passwd);
- if(fp_passwd2 != NULL)
- fclose(fp_passwd2);
- if(fp_group != NULL)
- fclose(fp_group);
- if(fp_group2 != NULL)
- fclose(fp_group2);
-
- if(linebuf2 != NULL)
- free(linebuf2);
- if(linebuf3 != NULL)
- free(linebuf3);
-
- return result;
-}
+++ /dev/null
-/*
- * libprivilege control
- *
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-
-#include "security-server.h"
-#include "privilege-control.h"
-
-#define DEVELOPER_UID 5100
-
-int main(int argc, char *argv[])
-{
- int uid = 0, ret = -1;
-
- uid = getuid();
-
- if(uid == DEVELOPER_UID) {
- fprintf(stderr, "%s", "[LOG] Sending request to security server...\n");
- ret = security_server_launch_debug_tool(argc - 1, (const char **)argv + 1);
- if(ret != SECURITY_SERVER_API_SUCCESS) {
- fprintf(stderr, "[ERR] Failed to launch tool, [%d]\n", ret);
- return 0;
- }
- return 1;
- }
- else if(uid == 0) {
- fprintf(stderr, "%s", "[LOG] Executed as root privilege\n");
-
- /*
- * argv[0] : /usr/bin/debug-util
- *
- * argv[1] : package name
- * argv[2] : command of developer(SDK)
- * argv[3] ~ : parameter(s) of argv[2]
- */
- if(!strncmp(argv[1], "/usr/bin/launch_app", 19) || !strncmp(argv[1], "/usr/bin/kill_app", 17)) {
- ret = execve(argv[1], (char * const*)argv + 1, NULL);
- if(ret == -1) {
- perror("[ERR] 1. Fail to execute execve()");
- }
- }
- else if(set_privilege(argv[1]) == 0) { // success
- if(!strncmp(argv[2], "/bin/gdbserver", 14) || !strncmp(argv[2], "/usr/bin/opcontrol", 18) || !strncmp(argv[2], "/usr/bin/valgrind", 17 )) {
- ret = execve(argv[2], (char * const*)argv + 2, NULL);
- if(ret == -1) { // error
- perror("[ERR] 2. Fail to execute execve()");
- }
- }
- }
- else
- fprintf(stderr, "[ERR] Fail to execute set_privilege()\n");
- }
- else {
- fprintf(stderr, "[ERR] Wrong uid: %d\n", uid);
- fprintf(stderr, "[ERR] You must run %s under root user or developer(%d) user\n", argv[0], DEVELOPER_UID);
- return 0;
- }
-
- return 1;
-}
+++ /dev/null
-/*
- * libprivilege control
- *
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <signal.h>
-//#include <errno.h>
-
-#define FILE_NAME "/tmp/.testpkg"
-
-int main()
-{
- int uid = -1;
- int pid = -1;
- FILE* fp_in = NULL;
-
- /* if not root, fail */
- uid = getuid();
- if(uid != 0) { // not root
- fprintf(stderr, "[ERR][kill_app] You MUST be root.\n");
- goto err;
- }
-
- /* open file - /tmp/.testpkg */
- if(!(fp_in = fopen(FILE_NAME, "r"))) {
- fprintf(stderr, "[ERR][kill_app] Fail to open file, [%s]\n", FILE_NAME);
- perror("err: ");
- goto err;
- }
-
- /* get pid */
- fscanf(fp_in, "%d", &pid);
- if(pid <= 0) {
- fprintf(stderr, "[ERR][kill_app] Invalid pid.\n");
- goto err;
- }
-
- /* kill that process */
- if(kill(pid, SIGKILL) < 0) {
- fprintf(stderr, "[ERR][kill_app] Fail to kill application which has the pid [%d]\n", pid);
- perror("err: ");
- goto err;
- }
-
- /* delete the file */
- if(unlink(FILE_NAME) < 0) {
- fprintf(stderr, "[ERR][kill_app] Fail to delete file, [%s]\n", FILE_NAME);
- perror("err: ");
- goto err;
- }
-
-err:
- if(fp_in != NULL)
- fclose(fp_in);
-
- return 0;
-}
/*
* libprivilege control
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
*
*/
+#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-
#include <sys/types.h>
#include <unistd.h>
#include <pwd.h>
#include <grp.h>
+#include <fts.h>
#include <errno.h>
-
#include <math.h>
#include <sys/time.h>
+#include <sys/stat.h>
+#include <sys/smack.h>
#include "privilege-control.h"
#define APP_USER_NAME "app"
#define DEV_USER_NAME "developer"
-#define APP_HOME_DIR "/opt/home/app"
-#define DEV_HOME_DIR "/opt/home/developer"
+#define APP_HOME_DIR TOSTRING(HOMEDIR) "/app"
+#define DEV_HOME_DIR TOSTRING(HOMEDIR) "/developer"
-#define APP_GROUP_PATH "/usr/share/privilege-control/app_group_list"
-#define DEV_GROUP_PATH "/usr/share/privilege-control/dev_group_list"
+#define APP_GROUP_PATH TOSTRING(SHAREDIR) "/app_group_list"
+#define DEV_GROUP_PATH TOSTRING(SHAREDIR) "/dev_group_list"
+
+#define SMACK_SRC_FILE_SUFFIX "_src_file"
+#define SMACK_SRC_DIR_SUFFIX "_src_dir"
+#define SMACK_DATA_SUFFIX "_data"
+#define WRT_BASE_DEVCAP "WRT"
#ifdef USE_PRIVILEGE_CONTROL
if(getuid() == APP_UID) // current user is 'app'
return PC_OPERATION_SUCCESS;
- if(set_privilege("org.tizen.") == PC_OPERATION_SUCCESS)
+ if(set_privilege("com.samsung.") == PC_OPERATION_SUCCESS)
return PC_OPERATION_SUCCESS;
else
return PC_ERR_NOT_PERMITTED;
/*
* in case of dialer, add admin to glist
*/
- if(!strncmp(pkg_name, "org.tizen.phone", 15))
+ if(!strncmp(pkg_name, "com.samsung.phone", 17) || !strncmp(pkg_name, "org.tizen.phone", 15))
{
glist = (gid_t*)realloc(glist, sizeof(gid_t) * (glist_cnt + 1));
glist[glist_cnt] = ADMIN_GROUP; // 6504
return result;
}
+API int set_exec_label(const char* path)
+{
+ int ret;
+ char* label;
+
+ ret = smack_lgetlabel(path, &label, SMACK_LABEL_EXEC);
+ if (ret != 0)
+ return PC_ERR_INVALID_OPERATION;
+
+ if (label == NULL)
+ /* No label to set, just return with success */
+ ret = PC_OPERATION_SUCCESS;
+ else
+ ret = smack_set_label_for_self(label);
+
+ free(label);
+ return ret;
+}
+
+static inline char* wrt_smack_label(unsigned long long widget_id, const char* suffix)
+{
+ int ret;
+ char* label;
+
+ ret = asprintf(&label, "wrt_widget_%llu%s", widget_id,
+ (suffix ? suffix : ""));
+
+ if (ret == -1)
+ return NULL;
+
+ if (strlen(label) > SMACK_LABEL_LEN) {
+ free(label);
+ return NULL;
+ }
+
+ return label;
+}
+
+static inline int devcap_to_smack(struct smack_accesses* smack, const char* widget_label, const char* devcap)
+{
+ int ret = PC_OPERATION_SUCCESS;
+ char* path = NULL;
+ FILE* file = NULL;
+
+ if (asprintf(&path, TOSTRING(SHAREDIR) "/%s.smack", devcap) == -1)
+ return PC_ERR_MEM_OPERATION;
+
+ file = fopen(path, "r");
+ if (file == NULL) {
+ ret = PC_ERR_FILE_OPERATION;
+ goto out;
+ }
+
+ while (1) {
+ char smack_label[SMACK_LABEL_LEN + 1];
+ char smack_perm[10];
+ char* smack_subject;
+ char* smack_object;
+
+ if (fscanf(file, "%" TOSTRING(SMACK_LABEL_LEN) "s", smack_label) != 1)
+ goto out;
+ if (!strcmp(smack_label, "@")) {
+ /* Detected format: @ <LABEL> <PERM>
+ * Meaning: give <LABEL> access to this widget for <PERM> */
+ if (fscanf(file, "%" TOSTRING(SMACK_LABEL_LEN) "s", smack_label) != 1)
+ goto out;
+ smack_subject = smack_label;
+ smack_object = widget_label;
+ } else {
+ /* Expecting default format: @ <PERM>
+ * Meaning: give this widget access to <LABEL> for <PERM> */
+ smack_subject = widget_label;
+ smack_object = smack_label;
+ }
+ if (fscanf(file, "%8s\n", smack_perm) != 1)
+ goto out;
+
+ if (smack_accesses_add_modify(smack, smack_subject, smack_object, smack_perm, "") != 0) {
+ ret = PC_ERR_INVALID_OPERATION;
+ goto out;
+ }
+ }
+
+out:
+ free(path);
+ if (file != NULL)
+ fclose(file);
+ return ret;
+}
+
+API int wrt_permissions_reset(unsigned long long widget_id)
+{
+ int ret = PC_OPERATION_SUCCESS;
+ char* label = NULL;
+
+ label = wrt_smack_label(widget_id, NULL);
+ if (label == NULL)
+ return PC_ERR_MEM_OPERATION;
+
+ if (smack_revoke_subject(label))
+ ret = PC_ERR_INVALID_OPERATION;
+
+ free(label);
+ return ret;
+}
+
+API int wrt_permissions_add(unsigned long long widget_id, const char** devcap_list)
+{
+ int ret = PC_OPERATION_SUCCESS;
+ char* widget_label = NULL;
+ struct smack_accesses* smack = NULL;
+ int i;
+
+ widget_label = wrt_smack_label(widget_id, NULL);
+ if (widget_label == NULL)
+ return PC_ERR_MEM_OPERATION;
+
+ if (smack_accesses_new(&smack)) {
+ ret = PC_ERR_MEM_OPERATION;
+ goto out;
+ }
+
+ for (i = 0; devcap_list[i] != NULL; ++i) {
+ ret = devcap_to_smack(smack, widget_label, devcap_list[i]);
+ if (ret != PC_OPERATION_SUCCESS)
+ goto out;
+ }
+
+ if (smack_accesses_apply(smack) != 0) {
+ ret = PC_ERR_INVALID_OPERATION;
+ goto out;
+ }
+
+out:
+ smack_accesses_free(smack);
+ free(widget_label);
+ return ret;
+}
+
+static int dir_set_smack_r(const char *path, const char* label,
+ enum smack_label_type type, mode_t type_mask)
+{
+ int ret;
+ const char* path_argv[] = {path, NULL};
+ FTS *fts = NULL;
+ FTSENT *ftsent;
+
+ ret = PC_ERR_FILE_OPERATION;
+
+ fts = fts_open((char * const *) path_argv, FTS_PHYSICAL | FTS_NOCHDIR, NULL);
+ if (fts == NULL)
+ goto out;
+
+ while ((ftsent = fts_read(fts)) != NULL) {
+ /* Check for error (FTS_ERR) or failed stat(2) (FTS_NS) */
+ if (ftsent->fts_info == FTS_ERR || ftsent->fts_info == FTS_NS)
+ goto out;
+
+ if (ftsent->fts_statp->st_mode & S_IFMT & type_mask)
+ if (smack_lsetlabel(ftsent->fts_path, label, type) != 0)
+ goto out;
+ }
+
+ /* If last call to fts_read() set errno, we need to return error. */
+ if (errno == 0)
+ ret = PC_OPERATION_SUCCESS;
+
+out:
+ if (fts != NULL)
+ fts_close(fts);
+ return ret;
+}
+
+API int wrt_set_src_dir(unsigned long long widget_id, const char *path)
+{
+ char* widget_label = NULL;
+ char* src_label_dir = NULL;
+ char* src_label_file = NULL;
+ int ret;
+
+ ret = PC_ERR_MEM_OPERATION;
+
+ widget_label = wrt_smack_label(widget_id, NULL);
+ if (widget_label == NULL)
+ goto out;
+
+ src_label_dir = wrt_smack_label(widget_id, SMACK_SRC_DIR_SUFFIX);
+ if (src_label_dir == NULL)
+ goto out;
+
+ src_label_file = wrt_smack_label(widget_id, SMACK_SRC_FILE_SUFFIX);
+ if (src_label_file == NULL)
+ goto out;
+
+ /* Set label for directories */
+ ret = dir_set_smack_r(path, src_label_dir, SMACK_LABEL_ACCESS, S_IFDIR);
+ if (ret != PC_OPERATION_SUCCESS)
+ goto out;
+
+ /* Set label for non-directories */
+ ret = dir_set_smack_r(path, src_label_file, SMACK_LABEL_ACCESS, ~S_IFDIR);
+
+out:
+ free(widget_label);
+ free(src_label_dir);
+ free(src_label_file);
+ return ret;
+}
+
+API int wrt_set_data_dir(unsigned long long widget_id, const char *path)
+{
+ char* widget_label = NULL;
+ char* data_label = NULL;
+ struct stat st;
+ int ret;
+
+ ret = PC_ERR_FILE_OPERATION;
+ /* Check whether path exists */
+ if (lstat(path, &st) == 0) {
+ if (!S_ISDIR(st.st_mode))
+ /* Exists, but it's not a directory? */
+ goto out;
+ } else {
+ if (errno != ENOENT)
+ /* Some other error than "no such file or directory" */
+ goto out;
+ if (mkdir(path, S_IRWXU) != 0)
+ /* Error while creating the directory */
+ goto out;
+ if (chown(path, APP_UID, APP_GID)) {
+ /* Error while setting the directory owner */
+ int e = errno;
+ rmdir(path);
+ errno = e;
+ goto out;
+ }
+ }
+
+ ret = PC_ERR_MEM_OPERATION;
+
+ widget_label = wrt_smack_label(widget_id, NULL);
+ if (widget_label == NULL)
+ goto out;
+
+ data_label = wrt_smack_label(widget_id, SMACK_DATA_SUFFIX);
+ if (data_label == NULL)
+ goto out;
+
+ /* Set label for everything inside data path */
+ ret = dir_set_smack_r(path, data_label, SMACK_LABEL_ACCESS, ~0);
+ if (ret != PC_OPERATION_SUCCESS)
+ goto out;
+
+ /* Enable transmute on all directories */
+ ret = dir_set_smack_r(path, "1", SMACK_LABEL_TRANSMUTE, S_IFDIR);
+ if (ret != PC_OPERATION_SUCCESS)
+ goto out;
+
+out:
+ free(widget_label);
+ free(data_label);
+ return ret;
+}
+
+API int wrt_set_privilege(unsigned long long widget_id)
+{
+ char* widget_label = NULL;
+ char* src_label_file = NULL;
+ char* src_label_dir = NULL;
+ char* data_label = NULL;
+ struct smack_accesses* smack = NULL;
+ int ret;
+
+ ret = PC_ERR_MEM_OPERATION;
+
+ widget_label = wrt_smack_label(widget_id, NULL);
+ if (widget_label == NULL)
+ goto out;
+
+ src_label_file = wrt_smack_label(widget_id, SMACK_SRC_FILE_SUFFIX);
+ if (src_label_file == NULL)
+ goto out;
+
+ src_label_dir = wrt_smack_label(widget_id, SMACK_SRC_DIR_SUFFIX);
+ if (src_label_file == NULL)
+ goto out;
+
+ data_label = wrt_smack_label(widget_id, SMACK_DATA_SUFFIX);
+ if (data_label == NULL)
+ goto out;
+
+ if (smack_accesses_new(&smack) != 0)
+ goto out;
+
+ ret = PC_ERR_INVALID_OPERATION;
+
+ if (smack_set_label_for_self(widget_label) != 0)
+ goto out;
+
+ /* Allow widget to only read and execute it's source directories */
+ if (smack_accesses_add(smack, widget_label, src_label_dir, "rx") != 0)
+ goto out;
+
+ /* Allow widget to only read read it's source files */
+ if (smack_accesses_add(smack, widget_label, src_label_file, "r") != 0)
+ goto out;
+
+ /* Allow widget to do everything with it's data */
+ /*
+ * FIXME: If a malicious widget finds a way to execute files, it will be
+ * able to execute it's data files, which are fully controlled by the
+ * widget itself. This currently cannot be prevented by SMACK, so other
+ * means must be used.
+ */
+ if (smack_accesses_add(smack, widget_label, data_label, "rwxat") != 0)
+ goto out;
+
+ ret = devcap_to_smack(smack, widget_label, WRT_BASE_DEVCAP);
+ if (ret != PC_OPERATION_SUCCESS)
+ goto out;
+
+ if (smack_accesses_apply(smack) != 0)
+ ret = PC_ERR_INVALID_OPERATION;
+
+out:
+ smack_accesses_free(smack);
+ free(widget_label);
+ free(src_label_file);
+ free(src_label_dir);
+ free(data_label);
+
+ if (ret)
+ return ret;
+ else
+ /* TODO: are widgets supposed to get a dedicated user id? */
+ return set_privilege("wrt-widget");
+}
+
#else // USE_PRIVILEGE_CONTROL
API int control_privilege(void)
return 0;
}
+API int set_exec_label(const char* path)
+{
+ return 0;
+}
+
+API int wrt_permissions_reset(unsigned long long widget_id)
+{
+ return 0;
+}
+
+API int wrt_permissions_add(unsigned long long widget_id, char** devcap_list)
+{
+ return 0;
+}
+
+API int wrt_set_src_dir(unsigned long long widget_id, const char *path)
+{
+ return 0;
+}
+
+API int wrt_set_data_dir(unsigned long long widget_id, const char *path)
+{
+ return 0;
+}
+
+API int wrt_set_privilege(unsigned long long widget_id)
+{
+ return 0;
+}
#endif // USE_PRIVILEGE_CONTROL
/*
* libprivilege control
*
- * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Kidong Kim <kd0228.kim@samsung.com>
*
KERNEL=="ump", MODE="0666"
KERNEL=="mali", MODE="0666"
KERNEL=="slp_global_lock", MODE="0666"
+KERNEL=="usb_mtp_gadget", MODE="0666"
+KERNEL=="usb_accessory", MODE="0666"
# Marvell
KERNEL=="uio[0-9]", MODE="0666"
SUBSYSTEM=="leds", ATTR{brightness}=="?*", RUN+="/bin/chmod 0664 %S/%p/brightness", RUN+="/bin/chown :system_torch %S/%p/brightness"
SUBSYSTEM=="backlight", ATTR{brightness}=="?*", RUN+="/bin/chmod 0664 %S/%p/brightness", RUN+="/bin/chown :system_bklight %S/%p/brightness"
+# flash (7/16 added)
+SUBSYSTEM=="flash", RUN+="/bin/chmod 0666 %S/%p/rear_flash"
+
+# mDNIe
+DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/mode"
+DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/scenario"
+DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/tone"
+DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/outdoor"
+DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/tune"
+
# Video4Linux
SUBSYSTEM!="video4linux", GOTO="v4l_slp_end"
IMPORT{program}="v4l_id %N"
projects / framework / security / libprivilege-control.git / commitdiff