Modify for 3.0 Security policy

Change-Id: Id0b3a3b32e55a3d2b4c956f200a314f001916b9e

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5456ff9..50b4671 100755 (executable)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -77,7 +77,6 @@ INSTALL(FILES ${CMAKE_BINARY_DIR}/msg-service.pc DESTINATION ${LIBDIR}/pkgconfig
 
 # LICENSE file
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/LICENSE.APLv2 DESTINATION /usr/share/license/msg-service)
-INSTALL(FILES ${CMAKE_SOURCE_DIR}/msg-service.rule DESTINATION /etc/smack/accesses.d/)
 
 #Install sysinfo file to provide which features are supported.
 IF(_FEATURE_SMS_CDMA)

diff --git a/msg-service.manifest b/msg-service.manifest
index 138d9d6..11a159f 100755 (executable)
--- a/msg-service.manifest
+++ b/msg-service.manifest
@@ -5,10 +5,72 @@
                        <label name="msg-service::read"/>
                        <label name="msg-service::write"/>
                </provide>
+
+               <permit>
+                       <smack permit="net-config" type="rw"/>
+                       <smack permit="connman" type="rw"/>
+                       <smack permit="system::use_internet" type="rw"/>
+                       <smack permit="org.tizen.quickpanel" type="rx"/>
+                       <smack permit="org.tizen.indicator" type="rwx"/>
+                       <smack permit="org.tizen.lockscreen" type="rx"/>
+                       <smack permit="media-server" type="rx"/>
+               </permit>
+
+               <request>
+                       <smack request="msg-service::db" type="rw"/>
+                       <smack request="system::use_internet" type="rw"/>
+                       <smack request="media-server" type="rw"/>
+                       <smack request="system::media" type="rx"/>
+                       <smack request="telephony_framework::api_network" type="rw"/>
+                       <smack request="telephony_framework::api_sms" type="rwx"/>
+                       <smack request="telephony_framework::api_sim" type="rw"/>
+                       <smack request="telephony_framework::api_sat" type="x"/>
+                       <smack request="telephony_framework::api_ps_public" type="rw"/>
+                       <smack request="telephony_framework::api_ps_private" type="rw"/>
+                       <smack request="telephony_framework::api_ps_profile" type="rw"/>
+                       <smack request="telephony_framework::properties" type="rw"/>
+                       <smack request="contacts-service" type="rwx"/>
+                       <smack request="contacts-service::svc" type="rl"/>
+                       <smack request="contacts-service::phonelog" type="rw"/>
+                       <smack request="data-provider-master::notification" type="rw"/>
+                       <smack request="data-provider-master::notification.client" type="w"/>
+                       <smack request="data-provider-master::badge" type="rw"/>
+                       <smack request="data-provider-master::badge.client" type="w"/>
+                       <smack request="deviced::display" type="rw"/>
+                       <smack request="net-config" type="rw"/>
+                       <smack request="connman" type="rw"/>
+                       <smack request="connman::get" type="rw"/>
+                       <smack request="connman::set" type="rw"/>
+                       <smack request="connman::profile" type="rw"/>
+                       <smack request="aul::launch" type="x"/>
+                       <smack request="alarm-server::alarm" type="rw"/>
+                       <smack request="security-server::api-get-gid" type="w"/>
+                       <smack request="security-server::api-cookie-check" type="w"/>
+                       <smack request="security-server::api-privilege-by-pid" type="w"/>
+                       <smack request="device::app_logging" type="rw"/>
+                       <smack request="device::sys_logging" type="rw"/>
+                       <smack request="system::share" type="rwx"/>
+                       <smack request="pkgmgr::db" type="rwl"/>
+                       <smack request="badge::db" type="rwl"/>
+                       <smack request="notification::db" type="rwl"/>
+                       <smack request="org.tizen.setting::default-resources" type="rxl"/>
+
+                       <smack request="tizen::vconf::camcorder" type="rl"/>
+                       <smack request="tizen::vconf::message" type="rw"/>
+                       <smack request="tizen::vconf::public::r" type="rl"/>
+                       <smack request="tizen::vconf::platform::r" type="rl"/>
+                       <smack request="tizen::vconf::platform::rw" type="rw"/>
+                       <smack request="tizen::vconf::public::r::platform::rw" type="rw"/>
+                       <smack request="tizen::vconf::setting::admin" type="rl"/>
+                       <smack request="tizen::vconf::setting" type="rl"/>
+                       <smack request="tizen::vconf::telephony::admin" type="rl"/>
+               </request>
        </define>
+
        <request>
-               <domain name="msg-service"/>
+               <domain name="_"/>
        </request>
+
        <assign>
                <filesystem path="/usr/lib/libmsg_mapi.so.0" label="_"/>
                <filesystem path="/usr/lib/libmsg_mapi.so.0.1.0" label="_"/>

diff --git a/msg-service.rule b/msg-service.rule
deleted file mode 100755 (executable)
index e25824a..0000000
--- a/msg-service.rule
+++ /dev/null
@@ -1,55 +0,0 @@
-msg-service msg-service::db rw---- ------
-msg-service system::use_internet rw---- ------
-msg-service media-server rw---- ------
-msg-service system::media r-x--- ------
-msg-service telephony_framework::api_network rw---- ------
-msg-service telephony_framework::api_sms rwx--- ------
-msg-service telephony_framework::api_sim rw---- ------
-msg-service telephony_framework::api_sat --x--- ------
-msg-service telephony_framework::api_ps_public rw---- ------
-msg-service telephony_framework::api_ps_private rw---- ------
-msg-service telephony_framework::api_ps_profile rw---- ------
-msg-service telephony_framework::properties rw---- ------
-msg-service contacts-service rwx--- ------
-msg-service contacts-service::svc r----l ------
-msg-service contacts-service::phonelog rw---- ------
-msg-service data-provider-master::notification rw---- ------
-msg-service data-provider-master::notification.client -w---- ------
-msg-service data-provider-master::badge rw---- ------
-msg-service data-provider-master::badge.client -w---- ------
-msg-service deviced::display rw---- ------
-msg-service net-config rw---- ------
-msg-service connman rw---- ------
-msg-service connman::get rw---- ------
-msg-service connman::set rw---- ------
-msg-service connman::profile rw---- ------
-msg-service aul::launch --x--- ------
-msg-service alarm-server::alarm rw---- ------
-msg-service security-server::api-get-gid -w---- ------
-msg-service security-server::api-cookie-check -w---- ------
-msg-service security-server::api-privilege-by-pid -w---- ------
-msg-service device::app_logging rw---- ------
-msg-service device::sys_logging rw---- ------
-msg-service system::share rwx--- ------
-msg-service pkgmgr::db rw---l ------
-msg-service badge::db rw---l ------
-msg-service notification::db rw---l ------
-msg-service org.tizen.setting::default-resources r-x--l ------
-
-net-config msg-service rw---- ------
-connman msg-service rw---- ------
-system::use_internet msg-service rw---- ------
-org.tizen.quickpanel msg-service r-x--- ------
-org.tizen.indicator msg-service rwx--- ------
-org.tizen.lockscreen msg-service r-x--- ------
-media-server msg-service r-x--- ------
-
-msg-service tizen::vconf::camcorder r----l ------
-msg-service tizen::vconf::message rw---- ------
-msg-service tizen::vconf::public::r r----l ------
-msg-service tizen::vconf::platform::r r----l ------
-msg-service tizen::vconf::platform::rw rw---- ------
-msg-service tizen::vconf::public::r::platform::rw rw---- ------
-msg-service tizen::vconf::setting::admin r----l ------
-msg-service tizen::vconf::setting r----l ------
-msg-service tizen::vconf::telephony::admin r----l ------

diff --git a/packaging/msg-server.service b/packaging/msg-server.service
index 9ea252a..15944e5 100755 (executable)
--- a/packaging/msg-server.service
+++ b/packaging/msg-server.service
@@ -5,7 +5,6 @@ After=contacts-service.service
 [Service]
 User=system
 Group=system
-SmackProcessLabel=msg-service
 Type=simple
 ExecStart=/usr/bin/msg-server
 Restart=always

diff --git a/packaging/msg-server.socket b/packaging/msg-server.socket
index 7efea11..12e9496 100644 (file)
--- a/packaging/msg-server.socket
+++ b/packaging/msg-server.socket
@@ -2,9 +2,7 @@
 SocketUser=system
 SocketGroup=system
 ListenStream=/tmp/.msgfw_socket
-SmackLabelIPIn=msg-service
-SmackLabelIPOut=msg-service
 Service=msg-server.service
-       
+
 [Install]
-WantedBy=sockets.target 
\ No newline at end of file
+WantedBy=sockets.target
\ No newline at end of file

diff --git a/packaging/msg-service.spec b/packaging/msg-service.spec
index 59ba34a..974c37a 100755 (executable)
--- a/packaging/msg-service.spec
+++ b/packaging/msg-service.spec
@@ -221,7 +221,6 @@ fi
 %{_libdir}/systemd/system/sockets.target.wants/msg-server.socket
 %{_libdir}/systemd/system/msg-server.socket
 /usr/share/license/msg-service/LICENSE.APLv2
-/etc/smack/accesses.d/msg-service.rule
 /etc/config/*
 
 %files -n sms-plugin