Release 2.0.0

    “...reality, however utopian, is something from which
    people feel the need of taking pretty frequent holidays....”

            ― Aldous Huxley, Brave New World

This release of security-manager intends NOT to differ at all in behaviour
on smack-enabled images.

Only one commit is related to bugfix on actual tizen branch that were done recenlty
on tizen_9.0 and tizen_8.0:

* Set HIGHEST priority to APP_CLEAN_NAMESPACE event

However, on images without smack (compiled with dev_wos GBS flag), this release
introduces UID-based sandboxing. Each app that would normally be sandbox-ed with its
unique Smack label, gets its own UID at launch (aka PUID). Like in smack-enabled
mode, hybrid apps in one package do get their individual PUIDs.

With this release (and paired cynara & security-config releases,
and also security-tests modifications to-date):

* application sandboxing works without Smack
* access control to app disk folders is done with DAC & ACLs
* privilege setup is done normally but for PUID
* cynara policy checks are configured to work based on caller's UID (PUID for apps)

As the no-smack compilation constitutes a PoC for now, there are some items not ready yet
that will be addressed in nearest future - as this release aims at unblocking modifications
of the rest of the system for the no-smack mode.

Known issues
------------
* internet & app debugging access control - used to be done with Smack, now its just permissive mode
* private sharing API between apps is not ported to use PUID and DAC yet (implementation in progress)
* not all security-tests pass in no-smack mode (work in progress on adjustment)
* migration script needs to be added IF this would get pushed to a device running previous Tizen versions
  (migration of DB, ACL permissions, etc. needed).
* (not dependent on security FW): the no-smack image may not boot homescreen due to launchpad issues
* (not dependent on security FW): access to parent directory of app sandbox may be blocked & changes
  in gumd may be needed (change to 755 in /etc/gumd/useradd.d/91_user-dbspace-permissions.post)
* (not dependent on security FW, mitigated here): access to /run/user/5001 for others is added
  on daemon startup to allow apps access (this should be re-engineered for multiuser later)

After this release, launchpad & aul-1 & other Tizen components need to adjust themselves
to new policy configuration in the absence of Smack.

Change-Id: Ib92c84e3216b663d68f631abb8469419f860c157

diff --git a/packaging/security-manager.changes b/packaging/security-manager.changes
index 9caf0ef1b03b2becc46c89e64a9041339a5cd733..336560652101e63e8b0990a87545dd7fcaadbe6a 100644 (file)
--- a/packaging/security-manager.changes
+++ b/packaging/security-manager.changes
@@ -1,3 +1,41 @@
+Release: 2.0.0
+Date:    2025.02.14
+Name:    Release 2.0.0
+Description:
+Add system_access to forbidden groups
+Set HIGHEST priority to APP_CLEAN_NAMESPACE event
+Configre app access to /run/user/<uid> for existing users
+Use app PUID when checking path privileges
+Make app identification APIs work on no-smack
+Implement security_manager_get_app_owner_uid for no-smack tizen
+Restore client authentication
+Use process UID as user for app permissions in cynara
+Add migrating apps installed as if in smack mode on no-smack image
+Adjust cynara policy to use UIDs instead of Smack labels on no-smack image
+Setup paths using DAC
+Refactor smack labeling
+Acl tests
+Fix ACL helper
+Add ACL helper
+Remove unused exec labeling code
+Refactor path_req
+Remove permissible file logic in no-smack
+Refactor labelPaths
+Add libacl dependency
+Add gid-by-name getter
+Disable Shared RO namespaces in no-smack
+Enable proper drop check
+Unlock security_manager_drop_process_privileges
+Enable namespace setup & cleanup in no-smack
+Use process UId & author GId in app preparation
+Skip author hash in no-smack mode
+Disable smack label tests
+Disable rules-loader test in no-smack mode
+Skip CAP_MAC_ADMIN check in no-smack mode
+Add process UId and author GId support in no-smack mode
+
+###############################
+
 Release: 1.9.18
 Date:    2025.02.05
 Name:    Release 1.9.18

diff --git a/packaging/security-manager.spec b/packaging/security-manager.spec
index dc75161954698a1ae39ff178262ed67fc865e282..90087820e6a2f66cd8ceeb9f6f9e84603e4f949a 100644 (file)
--- a/packaging/security-manager.spec
+++ b/packaging/security-manager.spec
@@ -2,7 +2,7 @@
 
 Name:       security-manager
 Summary:    Security manager and utilities
-Version:    1.9.18
+Version:    2.0.0
 Release:    0
 Group:      Security/Service
 License:    Apache-2.0

diff --git a/pc/security-manager.pc.in b/pc/security-manager.pc.in
index 07177d0adeda6eaf9d21ce15478b8d9094e3d168..fe22b720d0e53704c4766c284109fa6e8daa4d34 100644 (file)
--- a/pc/security-manager.pc.in
+++ b/pc/security-manager.pc.in
@@ -5,7 +5,7 @@ includedir=${prefix}/include
 
 Name: security-manager
 Description: Security Manager Package
-Version: 1.9.18
+Version: 2.0.0
 Requires:
 Libs: -L${libdir} -lsecurity-manager-client
 Cflags: -I${includedir}/security-manager