From: Yunjin Lee Date: Tue, 20 Jun 2017 07:11:25 +0000 (+0900) Subject: Add script to maintain mdm enabled policy X-Git-Tag: submit/tizen_3.0/20170630.064608^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Ftizen_3.0;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git Add script to maintain mdm enabled policy Change-Id: I316edb73c77eaba6667c67427ff14cb8618258c9 Signed-off-by: Yunjin Lee --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 9a6d5b6..e12d461 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -16,6 +16,7 @@ INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/security-config.conf DESTINATION /usr/l INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/90_user-content-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d) INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/91_user-dbspace-permissions.post DESTINATION ${SYSCONF_INSTALL_DIR}/gumd/useradd.d) INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/201.security_upgrade.sh DESTINATION /usr/share/upgrade/scripts) +INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/710.security_enabled_blacklist_upgrade.sh DESTINATION /usr/share/upgrade/scripts) INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/onlycap DESTINATION /etc/smack) INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/smack_default_labeling DESTINATION /usr/share/security-config) diff --git a/packaging/security-config.spec b/packaging/security-config.spec index 8228879..6f8da7c 100755 --- a/packaging/security-config.spec +++ b/packaging/security-config.spec @@ -101,6 +101,7 @@ rm /opt/share/security-config/test/capability_test/* %attr(755,root,root) /opt/share/security-config/test/smack_basic_test/* %attr(755,root,root) /opt/share/security-config/test/security_mount_option_test/* %attr(755,root,root) /usr/share/upgrade/scripts/201.security_upgrade.sh +%attr(755,root,root) /usr/share/upgrade/scripts/710.security_enabled_blacklist_upgrade.sh %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/90_user-content-permissions.post %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/91_user-dbspace-permissions.post diff --git a/upgrade/201.security_upgrade.sh b/upgrade/201.security_upgrade.sh index beecc8b..33e7c9d 100644 --- a/upgrade/201.security_upgrade.sh +++ b/upgrade/201.security_upgrade.sh @@ -24,11 +24,15 @@ SECURITY_MANAGER_DB_JOURNAL=/opt/dbspace/.security-manager.db-journal SECURITY_MANAGER_DIR=/opt/var/security-manager PRIVILEGE_CHECKER_POLICY_DB=/opt/dbspace/.policy.db PRIVILEGE_CHECKER_POLICY_DB_JOURNAL=/opt/dbspace/.policy.db-journal - +BLACKLIST_ENABLED_FILE=/opt/data/blacklist_enabled #-------------------------------------- # Start #-------------------------------------- +# save mdm blacklist enabled policy +touch $BLACKLIST_ENABLED_FILE +sqlite3 $SECURITY_SERVER_DB "SELECT app_name,name FROM app_permission_blacklist_view WHERE is_blacklist_enabled='1';" > $BLACKLIST_ENABLED_FILE + # remove non used directories/files rm $APPLICATION_RULES rm $PRIVACY_DB diff --git a/upgrade/710.security_enabled_blacklist_upgrade.sh b/upgrade/710.security_enabled_blacklist_upgrade.sh new file mode 100644 index 0000000..277878c --- /dev/null +++ b/upgrade/710.security_enabled_blacklist_upgrade.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +PATH=/bin:/usr/bin:/sbin:/usr/sbin + +#-------------------------------------- +# RW patch for FOTA/FUS upgrade +#-------------------------------------- + +# 3.0 rw partition security directoy +BLACKLIST_ENABLED_FILE=/opt/data/blacklist_enabled +#privilege_prefix="http://tizen.org/privilege/" +#smack prefix org.tizen.privilege +privilege_prefix="http://developer.samsung.com/tizen/privilege/" +#smack prefix com.developer.samsung.tizen.privilege. +for i in `cat $BLACKLIST_ENABLED_FILE` +do + pkgid=`echo $i | cut -d '|' -f1` + permission=`echo $i | cut -d '|' -f2` + privilege=`echo $permission | cut -d '.' -f6,7,8,9,10` + #privilege=`echo $permission | cut -d '.' -f4,5,6,7,8` + pkgsmack="User::Pkg::""$pkgid" + privilege_name="$privilege_prefix""$privilege" + cyad -s -k ADMIN -c $pkgsmack -u 5001 -p $privilege_name -t ALLOW +done + +rm $BLACKLIST_ENABLED_FILE