projects / platform / core / system / crash-worker.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8cb62d6)
Fix livedump API DBus access policy 61/223161/2
authorKarol Lewandowski <k.lewandowsk@samsung.com>
Thu, 23 Jan 2020 12:43:46 +0000 (13:43 +0100)
committerKarol Lewandowski <k.lewandowsk@samsung.com>
Thu, 23 Jan 2020 13:04:11 +0000 (14:04 +0100)
This commit partially reverts commit f24c53fb20 ("crash-service:
Restrict allow livedump API via privilege")

As discussed with SRPOL Security, the 'group membership' of given
process does not map directly to process 'having privilege', as
verified by Cynara/security-manager.  For now the checking has to
be done per-user for system services and via-privilege for apps.

Change-Id: I2a7b76174adb22be8ffe55e41678b48938d90bbb

src/crash-service/crash-service.conf patch | blob | history

diff --git a/src/crash-service/crash-service.conf b/src/crash-service/crash-service.conf
index 7aac3d0..dd38a30 100644 (file)
--- a/src/crash-service/crash-service.conf
+++ b/src/crash-service/crash-service.conf
@@ -13,6 +13,11 @@
                       send_interface="org.tizen.system.crash.livedump"
                       send_member="livedump_pid"/>
        </policy>
+       <policy user="stability_monitor">
+               <allow send_destination="org.tizen.system.crash.livedump"
+                      send_interface="org.tizen.system.crash.livedump"
+                      send_member="livedump_pid"/>
+       </policy>
        <policy context="default">
                <deny own="org.tizen.system.crash.livedump"/>
                <check privilege="http://tizen.org/privilege/internal/livecoredump"
Domain: System / System Framework;