Marcin Niesluchowski [Thu, 8 Aug 2013 17:26:18 +0000 (19:26 +0200)]
Removing bug regarding security-server first use.
[Issue#] SSDWSSP-449
[Bug/Feature] There should be difference between initiated password time and
first function call regarding password so that difference should
not cause SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER error.
[Cause] While security-server is called for the first time, it initiates
itself.
[Solution] N/A
[Verification] Running security-server ss-password tests. There should be no
error with SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER (value -17).
Change-Id: I67243269fc8ed0476f614ab4143d81f4c12e24ee
Bartlomiej Grzelewski [Thu, 8 Aug 2013 09:46:00 +0000 (11:46 +0200)]
Reduce number of logs.
Now core of security-server2 won't log any information
about timeouts. All debug logs in socket-manager were
removed. This patch should reduce number of logs for 50%.
[Issue#] SSDWSSP-447
[Bug/Problem] Security-server generates too many logs.
[Cause] New implementation was tested.
[Solution] Decrease number of logs.
[Verification] Build, run tests.
Change-Id: I9c3cec96f1ca4899e8a95c988cd9dc56cf2d9db5
Bartlomiej Grzelewski [Wed, 31 Jul 2013 09:22:11 +0000 (11:22 +0200)]
Add support for EINTR in client.
[Issue#] N/A
[Bug] Poll did not support EINTR code. This error
may break communication between security-server and client.
[Solution] Add support for EINTR.
[Verification] Compile, run tests.
Change-Id: I0c052f3895f351adf80908db0b7c1ac826f3c0e0
Krzysztof Jackiewicz [Wed, 7 Aug 2013 11:02:16 +0000 (13:02 +0200)]
Fix for unused variable warning/error
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Buildbreak caused by unused variables
[Cause] Dlog logging macros have been recently disabled
[Solution] Variables marked as unused
[Verification] Successfull compilation
Change-Id: Idbbc5741ed14dda4484daac0edc2dbc4759c99e9
Marcin Lis [Thu, 18 Jul 2013 08:35:32 +0000 (10:35 +0200)]
Get rid of build warnings
[Issue#] SSDWSSP-397
[Bug] Several warnings was appearing during package build
[Cause] These warnings mainly concern implicit functions declarations
and comparisons between variables of different types
[Solution] Adding function declarations, header file inclusions,
explicit cast operators.
Also 'Werror' flag is added to CMakeLists.txt .
[Verification] Successful compilation & all security tests successfully
completed on target device
Change-Id: I2387b829835319354097384497abd9f1eaec9636
Bartlomiej Grzelewski [Fri, 2 Aug 2013 09:16:55 +0000 (11:16 +0200)]
Fix bug in app-permissions module.
[Issue#] N/A
[Bug/Cause] Function security_server_app_disable_permissions
did not propagate success code.
[Solution] Add return in security_server_app_disable_permissions.
[Verification] Build, run tests.
Change-Id: I389e6a65ae4f3d2e1496bf14a048274ef6263def
Radoslaw Bartosiak [Mon, 29 Jul 2013 08:10:54 +0000 (10:10 +0200)]
Fix latest prevent defects
[Issue#] SSDWSSP-435
[Bug/Feature] Unitialized scalar variable.
[Cause] Using uninitialized value "cr.pid" when calling "get_exec_path(pid_t, std::string &)".
[Solution] Change of program execution flow and logging, change unique_ptr deleter.
[Verification] Analyzing execution flow, running prevent tests.
Change-Id: Iaaf0f938e6f7111419325898436245e399d652bd
Pawel Polawski [Thu, 25 Jul 2013 13:00:48 +0000 (15:00 +0200)]
Added API for APP enable and disable permissions
[Issue#] SSDWSSP-155
[Bug/Feature] Implement API for removing/adding API feature rules from
applications SMACK profile
[Cause] Need new API
[Solution] New API added
[Verification] Compile. No new tests should fail
Change-Id: Ib6e95f32fa0cf0ebb2fdfd787b1c1f156b5a96b6
Bartlomiej Grzelewski [Tue, 30 Jul 2013 11:20:25 +0000 (13:20 +0200)]
Security-server fix.
[Issue#] N/A
[Bug/Feature] Null dereference when client closes connection while
servier is writting.
[Cause] N/A
[Problem] N/A
[Solution] Add additional check in CloseSocket function.
[Verification] Build, run tests.
Change-Id: I026b4cff31868dd72a1d221b8bffad108fcdf350
Bartlomiej Grzelewski [Fri, 19 Jul 2013 09:11:12 +0000 (11:11 +0200)]
Add LogSecure* macros.
[Issue#] SSDWSSP-392
[Bug] N/A
[Cause] N/A
[Problem] Some security-server logs must marked as "secure".
[Solution] Add support for SECURE_SLOG macro in the project.
[Verification] Run tests.
Change-Id: Ic5b4058a39ff0c1acb191871b27bafaf25f3cad7
Bartlomiej Grzelewski [Thu, 18 Jul 2013 15:35:24 +0000 (17:35 +0200)]
Add configuration for systemd.
List of changes:
* change socket name for get-get api
* add systemd configuration for get-object-name api
* remove some useless logs from services
[Issue#] N/A
[Bug/Feature] Remove deprecated logs.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests.
Change-Id: I5eed0ab203dee6d3d777f64c6bd495ea01dbd4fb
Janusz Kozerski [Fri, 19 Jul 2013 11:55:14 +0000 (13:55 +0200)]
Remove API function security_server_launch_debug_tool()
[Issue#] SSDWSSP-369
[Bug] Function give an access to run any command as root.
[Cause] Re-witing security-server.
[Solution] Remove function.
[Verification] Build, install, run tests.
Change-Id: I19f202608d54bdd70b4bfd5edc9dcba816854d68
Jan Olszak [Tue, 9 Jul 2013 10:03:56 +0000 (12:03 +0200)]
Implemented security_server_get_object_name function in new framework.
[Issue#] Function for new security-server framework.
[Bug/Feature] Get name in new security-server.
[Cause] N/A
[Solution] Reimplemented solution.
[Verification] Build, install, run tests.
Change-Id: I432170b517f4a3ee20d2db4281e18f7bd7dd449d
Zofia Abramowska [Tue, 16 Jul 2013 10:01:42 +0000 (12:01 +0200)]
Rewriting client socket privilige part and adding exec path service
[Issue#] SSDWSSP-367
[Bug/Feature] N/A
[Cause] Rewriting client API and security-server socket privilige checks
functionality to match recently written security-server services
[Solution] Rewriting client API to use new implementation of sockets,
adding new service for get execution path request
[Verification] Successful build.
Run test 'security-server-test-client-smack'
with 'regexp=sock' argument and check dlog logs whether
execution path is being properly send
(This functionality is not in ss API, so no tests for
this specific service are available)
Change-Id: I49031860de14986f73899cb8c99f061241ede39b
Bartlomiej Grzelewski [Tue, 16 Jul 2013 17:06:47 +0000 (19:06 +0200)]
Fix sendToServer function.
Security server closes connection when protocol is broken.
Client was not able to handle this situation.
[Issue#] N/A
[Bug] Client program may hang.
[Cause] sendToServer function does not support
situation when read returns 0.
[Problem] N/A
[Solution] N/A
[Verification] Run tests.
Change-Id: Ie3002ae88c6ac4b55958b4e0d2d81ca5aacd5c43
Jan Cybulski [Fri, 12 Jul 2013 07:50:23 +0000 (09:50 +0200)]
Add implementation for check_privilege_by_pid in security server 2
[Issue#] SSDWSSP-368
[Bug/Feature] Check privilege by pid via security server 2
[Cause] N/A
[Solution] Old implementation ported to new framework.
[Verification] Build, install, run tests.
Change-Id: If8937113015a435ed14c31b76f9443b39776e030
Bartlomiej Grzelewski [Fri, 12 Jul 2013 11:29:59 +0000 (13:29 +0200)]
Change log destination to system journal.
[Issue#] SSDWSSP-392
[Bug] N/A
[Cause] N/A
[Problem] Security-server logs must be saved in system.
[Solution] N/A
[Verification] Run tests.
Change-Id: I95a0db02b860c961dbea4ea55138298793a295cd
Bartlomiej Grzelewski [Thu, 11 Jul 2013 16:38:26 +0000 (18:38 +0200)]
Add socket activation for get-gid api.
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Problem] Lack of socket activation for api get-gid.
[Solution] Add support for socket activation in security-server.
[Verification] Reinstall security-server. Reboot target. Run tests.
Change-Id: Ia3f1a1630df69da85398e5f53cf34a446d79bc94
Jan Olszak [Tue, 9 Jul 2013 10:03:56 +0000 (12:03 +0200)]
Implemented security_server_get_gid function in new framework.
[Issue#] Function for new security-server framework.
[Bug/Feature] Check GID in new security-server.
[Cause] N/A
[Solution] Used old implementation with small changes.
[Verification] Build, install, run tests.
Change-Id: I3032d80dc2af8d9fa40f4aa7ab8cbf9d0daa0919
Bartlomiej Grzelewski [Mon, 8 Jul 2013 12:56:53 +0000 (14:56 +0200)]
Remove deprecated code and scripts.
Removed:
* init scripts
* deprecated lines from spec file
* remove deprecated code from old security server
[Issue#] SSDWSSP-146
[Bug] N/A
[Cause] N/A
[Problem] Security server starts twice (by systemd and init).
[Solution] Remove init scripts.
[Verification] Reinstall security-server. Reboot target. Run tests.
Change-Id: Ibac028b8b452284e7447b7fcb81b9a8927aded68
Bartlomiej Grzelewski [Fri, 5 Jul 2013 16:54:23 +0000 (18:54 +0200)]
Convert to systemd API.
- enable socket activation
- enable sn_notify (start-up completion notification).
[Issue#] SSDWSSP-146
[Bug] N/A
[Cause] N/A
[Problem] Socket activation is required in security-server.
[Solution] Add support for socket activation in security-server.
[Verification] Reinstall security-server. Reboot target. Run tests.
Change-Id: I4d8c4f79bf1979df5e9e48b24bae9725441a9a14
Bartlomiej Grzelewski [Thu, 11 Jul 2013 11:16:53 +0000 (13:16 +0200)]
Takes compilation profile from command line.
This command will start compilation with debug(-O0 -g -ggdb)
gbs lb -A armv7l --define "build_type DEBUG"
Default command will use RELEASE profile(-02 -g):
gbs lb -A armv7l
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Problem] N/A
[Solution] N/A
[Verification] Run tests.
Change-Id: Ic1388759b720aebadcfcf98dc0fbd5a73d9eb384
Bartlomiej Grzelewski [Thu, 11 Jul 2013 10:28:26 +0000 (12:28 +0200)]
Remove compilation warnings in security-server-util-common.c
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Problem] N/A
[Solution] N/A
[Verification] Run tests.
Change-Id: Ieb1dfb3d3de91a070286d6dc33cfd5d1340d0700
Zofia Abramowska [Wed, 10 Jul 2013 11:28:10 +0000 (13:28 +0200)]
Refactoring common utility functions
[Issue#] N/A
[Bug/Feature] N/A
[Cause] Some utility functions were not extracted to util source
files. It is needed to properly write new services for ss2
[Solution] Moved some functions out of main file to util file
[Verification] Successfull build
Change-Id: I31af2fe3618dd58c77be7b0e23faeeb6e25d6c32
Bartlomiej Grzelewski [Mon, 8 Jul 2013 14:46:43 +0000 (16:46 +0200)]
Remove deprecated code connected with shared memory.
[Issue#] SSDWSSP-378
[Bug] N/A
[Cause] N/A
[Problem] Some code from tutorial was release on unknown licence.
[Solution] Code was removed.
[Verification] Run tests.
Change-Id: I302d168defb16cad32d665b9046a139843fd9523
Jan Olszak [Thu, 4 Jul 2013 12:59:07 +0000 (14:59 +0200)]
Changed dlog logging buffer.
[Issue#] dlog logged in a wrong buffer.
[Bug/Feature] Recent prevent bugs need fix.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run "dlogutil -c", run tests, run "dlogutil -b main SECURITY_SERVER" (no loggs), "dlogutil -b system SECURITY_SERVER" (loggs..)
Change-Id: I8680f74ab4452469147e6f348c2a3491b9063bf7
Jan Olszak [Tue, 2 Jul 2013 13:35:52 +0000 (15:35 +0200)]
Error code for empty passwords.
[Issue] No error code for empty passwords. Needed in tests.
[Feature] N/A
[Cause] N/A
[Solution] Added error code
[Verification] Build
Change-Id: Icb1d6aacaf5b346ab2733245d7d328d48a1e03f5
Marcin Niesluchowski [Fri, 5 Jul 2013 11:27:22 +0000 (13:27 +0200)]
Fixing prevent defects in security-server
* 63411; Critical; Resource leak; In function
SecurityServer::BinaryQueue::AppendUnmanaged(
void const*,
unsigned int,
void (*)(void const*, unsigned int, void *),
void *)
in src/server2/dpl/core/src/binary_queue.cpp
* 63374; Critical; Explicit null dereferenced; In function
SecurityServer::SharedMemoryService::readOne(SecurityServer::ConnectionID const&,
SecurityServer::SocketBuffer &)
in src/server2/service/data-share.cpp
[Issue#] SSDWSSP-356
[Bug/Feature] Prevent bugs need to be fixed.
[Cause] N/A
[Solution] N/A
[Verification] Running security-server tests.
Change-Id: I816e8b50ff94470256604d37a88a400dbeac59b5
Bartlomiej Grzelewski [Wed, 3 Jul 2013 08:17:35 +0000 (10:17 +0200)]
Socket won't have any smack label when smack is turn off.
[Issue#] SSDWSSP-68
[Bug] Security-server does not work without smack.
[Cause] Smack was mandatory.
[Solution] Add runtime check for smack existance.
[Verfication] Run tests.
Change-Id: I431a2c86a6f110f5c79b3795e07f32e49759cd28
Bartlomiej Grzelewski [Mon, 20 May 2013 09:11:27 +0000 (11:11 +0200)]
Security-server refactoring.
* Rewrite shared-memory-service.
* Each service will run in own thread.
* Import log and exception modules from DPL library.
* Add serialization.
* Hide symbols in client library.
[Issue#] SSDWSSP-68
[Bug] N/A
[Cause] N/A
[Solution] N/A
[Verification] Run security-server tests.
Change-Id: Ib353c4ddaccc2f4211f2bbce74dd890956fa60de
Marcin Niesluchowski [Fri, 21 Jun 2013 12:05:25 +0000 (14:05 +0200)]
Fixing prevent defects in security-server.
* 60575; Major; Unsigned compared against 0; In function security_server_thread
in src/server/security-server-main.c
* 52113; Minor; Unchecked return value; In function security_server_thread
in src/server/security-server-main.c
[Issue#] SSDWSSP-335
[Bug/Feature] Prevent detected new defects.
[Cause] N/A
[Solution] N/A
[Verification] Running tests.
Change-Id: Ie74a957585482b3435783c9bcba4dc1e7ce13ee2
Marcin Niesluchowski [Thu, 20 Jun 2013 07:57:50 +0000 (09:57 +0200)]
Changing some error logs to warnings and turning off debug logs on security-server.
[Issue#] SSDWSSP-331
[Bug/Feature] Too many error logs. Debug logs should be turned off.
[Cause] N/A
[Solution] N/A
[Verification] Checking logs and running tests.
Change-Id: I060a891700e161064980c97a5b90c32eef47fca6
Krzysztof Jackiewicz [Fri, 24 May 2013 15:24:46 +0000 (17:24 +0200)]
Added missing handler for executable path retrieval message
[Issue#] SSDWSSP-274
[Feature/Bug] N/A
[Problem] SECURITY_SERVER_MSG_TYPE_EXE_PATH_REQUEST is not handled
[Cause] Incorrectly resolved conflict. Part of code lost.
[Solution] Missing handler restored
[Verification] Build & install. Run security-server-tests-client-smack
--regexp=tc06_check_privilege_by_sockfd. Security server logs should contain
valid executable path in lines starting with SS_SMACK. There should be no
"Unknown msg ID" message in dlog
Change-Id: I8e384e645291a0563a1ffd4ce47496742e756742
Marcin Niesluchowski [Thu, 20 Jun 2013 12:35:52 +0000 (14:35 +0200)]
All *.c and *.h files changed by stylecheck-for-git.
[Issue#] SSDWSSP-322
[Bug/Feature] Standardization of repository coding style.
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: Ife70bac31e8fb6a5b0b678dfddbee840ace8c764
Marcin Niesluchowski [Fri, 14 Jun 2013 08:51:30 +0000 (10:51 +0200)]
Fixing prevent major defects in security-server.
In file src/client/security-server-cient.c:
Major "Integer overflowed argument" in function recv_exec_path_response()
In file src/server/security-server-main.c:
Major "Integer overflowed argument" in function security_server_thread()
Major "Various" in security_server_thread()
In file src/communication/sercurity-server-comm.c:
Major "Integer overflowed argument" in function recv_pid_privilege_request()
[Issue#] SSDWSSP-306
[Bug/Feature] Fix prevent defects
[Cause] Prevent server signalizes defects
[Solution] N/A
[Verification] Running tests and checking prevent output.
Change-Id: Iff331cd34c2f3447df79118cfa449e6c37c72091
Zbigniew Jasinski [Mon, 17 Jun 2013 13:41:10 +0000 (15:41 +0200)]
Log messages refactoring continued
[Issue#] SSDWSSP-323
[Bug/Feature] Log messages refactoring
[Cause] Legal issues with prohibited words in logs (ie. password)
[Solution] Use SECURE_LOG* macro
[Verification] Compile and run. No tests should fail
Change-Id: I5ed5815d1e105f31765162460350476cba574c00
Zbigniew Jasinski [Mon, 17 Jun 2013 13:39:23 +0000 (15:39 +0200)]
Log messages refactoring continued
[Issue#] SSDWSSP-323
[Bug/Feature] Log messages refactoring
[Cause] Legal issues with prohibited words in logs (ie. password)
[Solution] Use SECURE_LOG* macro
[Verification] Compile and run. No tests should fail
Change-Id: I8997084a6fbac44b21b253fa4a8765ebf6625ae9
Zbigniew Jasinski [Mon, 17 Jun 2013 13:34:53 +0000 (15:34 +0200)]
Log messages refactoring
[Issue#] SSDWSSP-323
[Bug/Feature] Log messages refactoring
[Cause] Legal issues with prohibited words in logs (ie. password)
[Solution] Use SECURE_LOG* macro
[Verification] Compile and run. No tests should fail
Change-Id: I060ce75cc308fd1890c5b249840e19f40b833fd6
Zbigniew Jasinski [Tue, 18 Jun 2013 08:40:23 +0000 (10:40 +0200)]
Added SECURE_LOG* macro
[Issue#] SSDWSSP-323
[Bug/Feature] Log messages refactoring
[Cause] SECURE_LOG* macro added for log messages refactoring
[Solution] Added SECURE_LOG* macro
[Verification] Compile with LOG_DEBUG_ENABLED and run. No tests should fail
Change-Id: Id9181d91c3bc571bd122edbc9e641fbcca39af7e
Pawel Polawski [Mon, 20 May 2013 09:06:33 +0000 (11:06 +0200)]
Add SMACK checking for SS API
[Issue#] SSDWSSP-272
[Bug/Feature] Add SMACK checking for each SS API
[Cause] No SMACK authorization in some SS API
[Solution] Added SMACK checking for each SS API
[Verification] Compile and run. No tests should fail
Change-Id: I4043c7eddd2bab1547f48ffbaf3ab7e28101550c
Krzysztof Jackiewicz [Fri, 24 May 2013 15:24:46 +0000 (17:24 +0200)]
Executable path retrieval moved to security-server
[Issue#] SSDWSSP-274
[Feature/Bug] N/A
[Problem] security_server_check_privilege_by_sockfd should not require root privileges
[Cause] The function reads /proc/[pid]/exe
[Solution] Executable retrieval moved to security-server.
[Verification] Build & install. Run security-server-tests-client-smack --regexp=tc06_check_privilege_by_sockfd
Security server logs should contain valid executable path in lines starting with SS_SMACK
Change-Id: Ib06414e80c9ee992108b7c49b33914e9047e5871
Zbigniew Jasinski [Mon, 27 May 2013 13:10:02 +0000 (15:10 +0200)]
Rewriting search_gid to use POSIX getgrnam_r
[Issue#] N/A
[Bug] N/A
[Cause] Instead of opening /etc/group and search for group name and ID we can
use POSIX getgrnam_r
[Solution] Rewriting function to use POSIX getgrnam_r.
[Verification] Build. Run all security-server tests.
Change-Id: Ia3591db1e11c013229ffd0a725697be797e0a2f1
Janusz Kozerski [Tue, 7 May 2013 12:19:09 +0000 (14:19 +0200)]
Use function smack_pid_have_access() from libprivilege-control instead smack_have_access()
[Issue#] SSDWSSP-220
[Feature] Using function smack_pid_have_access() from libprivilege-control instead smack_have_access()
[Problem] N/A
[Cause] N/A
[Solution] N/A
[Verification] Needs http://slp-info.sec.samsung.net/gerrit/#/c/197481/. Build, install, reboot.
Change-Id: I98b651f7e52c74d794fe96818a61644ece5c9ae5
Bartlomiej Grzelewski [Fri, 17 May 2013 12:06:14 +0000 (14:06 +0200)]
Fix data control api.
Data control must return SUCCESS on images without smack.
[Issue#] SSDWSSP-277
[Bug] security-server_app_give_access returns error on image
without smack.
[Cause] On image without smack user passed "" as a client label.
"" is not acceptable smack label.
[Solution] Function security_server_app_give_access returns SUCCESS
when smack is turn off.
[Verification] Build. Run all tests. No changes in result should be
noticed on smack image.
Change-Id: I0c740ecda07e3ed97f1d409c8e597bc3b1f0b773
Krzysztof Jackiewicz [Mon, 13 May 2013 15:17:47 +0000 (17:17 +0200)]
Cookie executable path logic fixed and refactored.
[Issue#] SSDWSSP-237 / P130508-4841
[Bug] Security-server has closed unexpectedly
[Problem] N/A
[Cause] Executable paths were improperly compared and triggered pid reusage code
branch.
[Solution] Executable paths logic fixed and refactored.
[Verification] Run all security-server tests
Change-Id: I68219631378be17c980b52fa8995d9bc37d69ed7
Zofia Abramowska [Mon, 13 May 2013 14:05:38 +0000 (16:05 +0200)]
Reimplementing process_app_get_access_request
[Issue#] SSDWSSP-229
[Feature] No revoking for label given by this function
[Cause] N/A
[Solution] Rewriting function inside security-server code,
not using libprivilege-control
[Verification] Build and run tests (testcases for revoking label
may fail)
Change-Id: Ie1d682f1dc76c108da7c602c958d8db9d33519ad
Krzysztof Jackiewicz [Fri, 10 May 2013 12:53:05 +0000 (14:53 +0200)]
Thread synchronisation fixed. Proper cookie copying.
[Issue#] SSDWSSP-237
[Feature/Bug] N/A
[Problem] security server crashes
[Cause] Because of incorrect synchronisation a race condition was possible
[Solution] Synchronisation fixed. Proper cookie copying applied.
[Verification] Run all security server tests
Change-Id: I464fb0cf05ec707191c32dde8b7b3de2b0fcdeb5
Bartlomiej Grzelewski [Wed, 8 May 2013 14:29:05 +0000 (16:29 +0200)]
Add SMACK_LOG in client_has_access.
Security-server must inform that client does not have access to
some service provided by him.
Fix problem with random pid client in security-server logs.
[Issue#] SSDWSSP-226
[Bug] Security server shows rundom value as client pid.
[Cause] Function responsible for client pid extraction wass comment out.
[Solution] N/A
[Verification] Run test. Check logs. Pid of client process should be
shown correctly.
Change-Id: Ifdb0712b1d6f22a71a3e90b2264666f0ec7146da
Pawel Polawski [Thu, 9 May 2013 09:37:56 +0000 (11:37 +0200)]
Change logs in SS to correct error logs.
[Issue#] SSDWSSP-234
[Bug/Feature] Security-server SMACK dlog should be "ERROR", not info
[Cause] N/A
[Solution] Log type changed to error
[Verification] Compile and run. SS should generate both: debug and
error logs on dlog
Change-Id: I8e4c609d30cc71ab4395e85ab5bf9c6a7e97abf9
Pawel Polawski [Thu, 25 Apr 2013 13:44:25 +0000 (15:44 +0200)]
Add binary path to SMACK log
[Issue#] SSDWSSP-203
[Bug/Feature] Change logs in security_server_check_privilege_by_sockfd
[Cause] N/A
[Solution] N/A
[Verification] Compile. Run tests.
Change-Id: I6ca2cfc97bc795eefa287c82b0a826f2d6c853a9
Rafal Krypa [Fri, 3 May 2013 13:44:18 +0000 (15:44 +0200)]
Merge missing code pieces from private repository.
[Issue#] N/A
[Bug] Patches applied in different version in RSA and private repository
[Cause] Developers not careful enough about applying patches in both places
[Solution] Move missing bits of code
[Verification] Build
Change-Id: If1f65e07b44e1a2ad40f9d67f0ae211511948632
Kidong Kim [Tue, 30 Apr 2013 12:39:33 +0000 (21:39 +0900)]
remove set_pmon
Change-Id: I7ac0c26573e52e8ed70e96a32de5962168548811
Bartlomiej Grzelewski [Mon, 27 Jan 2014 16:40:05 +0000 (17:40 +0100)]
Add #ifdef SMACK_ENABLED to private code.
With this define commented, all security-server API
should work as if there was no SMACK error and SMACK
allowed for everything.
[Issue#] SSDWSSP-206 & SSDWSSP-221
[Bug] N/A
[Cause] SS should work without SMACK enabled.
[Solution] As mentioned above.
[Verification] Build with and without ADD_DEFINITIONS( -DSMACK_ENABLED ).
1. SMACK enabled system.
1.1 -DSMACK_ENABLED on: SS tests should not fail
1.2 -DSMACK_ENABLED off: Following SS tests should fail:
-client-smack:
-tc04_security_server_get_gid_client_is_not_allowed
-tc05_check_privilege_by_cookie
-tc06_check_privilege_by_sockfd
-tc07_check_privilege_by_sockfd
-label:
-tc_security_server_get_smacklabel_cookie
-server:
-tc01a_security_server_app_give_access
-tc02_check_privilege_by_pid
There should be no missing SMACK rules for security server sockets in dmesg
2. SMACK disabled system. Same results for -DSMACK_ENABLED on and off. Beside tests
failing in 1.2 all test cases using smack_accesses_apply and smack_have_access will also fail.
Change-Id: Ia1074d9da4a07e3a60878030b9b8fc3760340c73
Bumjin Im [Sat, 27 Apr 2013 05:50:41 +0000 (14:50 +0900)]
Removing authentication of middleware
Change-Id: I276c83539a09db05500539dfa600bb05a64ceae0
Zofia Abramowska [Fri, 26 Apr 2013 10:17:45 +0000 (12:17 +0200)]
Fixing klocwork bugs
[Issue#] N/A
[Bug] Bugs found by klocwork
[Cause] N/A
[Solution] N/A
[Verficiation] Build and run all tests
Change-Id: I386f3e74820c518fd0437f082246c7fa1177ced4
Bartlomiej Grzelewski [Mon, 22 Apr 2013 15:02:45 +0000 (17:02 +0200)]
Implemet data control solution for OSP apps.
Function security_server_app_give_access may be called only by
priviledge process (process must have "rw" access to
"security-server::api-data-share"). In current implemnetation security
check is made in user space. It should be moved to kernel space by
creating separate socket with "security-server::api-data-share" label.
[Issue#] SSDWSSP-177
[Bug] N/A
[Cause] OPS application need to share memory.
[Solution] Add cross rules between OSP application.
[Verification] Build.
Change-Id: Ie6bad6e924bbcd1b37af58cb7650f65bebd5d57c
Bartlomiej Grzelewski [Mon, 22 Apr 2013 15:50:14 +0000 (17:50 +0200)]
Fix process_pid_privilege_check function.
Prevent function process_pid_privilege_check from closing random socket
when something fails.
[Issue#] N/A
[Bug] N/A
[Cause] Value was not initialized.
[Solution] N/A
[Verification] Build.
Change-Id: Id77c84c9f2ac1237c56f7cd5ff00258d40680459
Pawel Polawski [Tue, 23 Apr 2013 12:45:05 +0000 (14:45 +0200)]
Change logs in security server connected to SMACK
[Issue#] SSDWSSP-203
[Feature] New logs format
[Cause] Deprecated log format
[Solution] Log format changed
[Verification] Compile, no tests should fail
Change-Id: I38d227b99e341cc76f540a7dc56c4532704ce9e3
Pawel Polawski [Thu, 18 Apr 2013 07:20:02 +0000 (09:20 +0200)]
Add debug log for smack_have_acces in security-server
[Issue#] SSDWSSP-185
[Feature] New security-server API
[Problem] N/A
[Cause] N/A
[Solution] New log message added
[Verification] Build package
Change-Id: I69df34df93a3efec58073667c9ac1a0d4cba031c
Bartlomiej Grzelewski [Tue, 9 Apr 2013 16:03:52 +0000 (18:03 +0200)]
Implemet data control solution for OSP apps.
[Issue#] SSDWSSP-177
[Bug] N/A
[Cause] OPS application need to share memory.
[Solution] Add cross rules between OSP application.
[Verification] Build.
Change-Id: I5085e5f0130ff687aaa142006837110077ba00be
Krzysztof Jackiewicz [Mon, 13 May 2013 15:17:47 +0000 (17:17 +0200)]
Cookie executable path logic fixed and refactored.
[Issue#] SSDWSSP-237 / P130508-4841
[Bug] Security-server has closed unexpectedly
[Problem] N/A
[Cause] Executable paths were improperly compared and triggered pid reusage code
branch.
[Solution] Executable paths logic fixed and refactored.
[Verification] Run all security-server tests
Change-Id: I68219631378be17c980b52fa8995d9bc37d69ed7
Conflicts:
src/server/security-server-cookie.c
Krzysztof Jackiewicz [Tue, 14 May 2013 15:31:49 +0000 (17:31 +0200)]
Fixed compilation error
[Issue#] SSDWSSP-229
[Feature/Bug] Compilation error
[Problem] N/A
[Cause] Error logs are not yet available
[Solution] Changed to debug logs
[Verification] Successfull compilation
Change-Id: I29a8268cfefc41189e4c1e218387a20a48cf9142
Zofia Abramowska [Mon, 13 May 2013 14:05:38 +0000 (16:05 +0200)]
Reimplementing process_app_get_access_request
[Issue#] SSDWSSP-229
[Feature] No revoking for label given by this function
[Cause] N/A
[Solution] Rewriting function inside security-server code,
not using libprivilege-control
[Verification] Build and run tests (testcases for revoking label
may fail)
Change-Id: Ie1d682f1dc76c108da7c602c958d8db9d33519ad
Baptiste DURAND [Tue, 26 Nov 2013 14:00:08 +0000 (15:00 +0100)]
Fix for TIVI 2222 : Add build option to enable SMACK related features
Change-Id: I2069e76a88892ada0ce401451600566028014ca8
Signed-off-by: Baptiste DURAND <baptiste.durand@eurogiciel.fr>
Jean-Benoit MARTIN [Wed, 18 Sep 2013 07:32:56 +0000 (09:32 +0200)]
Change variable type for system observer thread
The event_callback is not correctly transmitted to the system
observer thread. Change so_config into static variable
Change-Id: I7572eedcbcbaa33027841c0b7fbf588c34a5d35b
Bug-Tizen: IVI-1793
Rusty Lynch [Fri, 23 Aug 2013 17:24:42 +0000 (10:24 -0700)]
Cleanup spec and remove defunct system V startup scripts
Fix several rpmlint errors and removed the pointless startup script
from the source and all the logic for installing it in the spec
Ismo Puustinen [Thu, 22 Aug 2013 07:28:58 +0000 (10:28 +0300)]
smack API has changed; smack_new_label_from socket returns the label
length.
Patrick McCarty [Mon, 15 Jul 2013 19:18:55 +0000 (12:18 -0700)]
Fix the manifest installation
Change-Id: I32c2c22ebfb91e1ae497a807791c2703f1667c1d
Patrick McCarty [Mon, 15 Jul 2013 19:18:55 +0000 (12:18 -0700)]
Fix the manifest installation
Change-Id: I32c2c22ebfb91e1ae497a807791c2703f1667c1d
Ryan Ware [Mon, 8 Jul 2013 17:07:09 +0000 (10:07 -0700)]
Merge "resetting manifest requested domain to floor" into tizen
Alexandru Cornea [Mon, 1 Jul 2013 14:32:26 +0000 (17:32 +0300)]
resetting manifest requested domain to floor
Alexandru Cornea [Fri, 28 Jun 2013 14:38:51 +0000 (17:38 +0300)]
resetting manifest requested domain to floor
Kidong Kim [Fri, 10 May 2013 08:59:48 +0000 (17:59 +0900)]
merge back from tizen_2.1_smack
Bumjin Im [Sat, 27 Apr 2013 05:50:41 +0000 (14:50 +0900)]
[Release] security-server_0.0.73
* Removed authentication of middleware
Change-Id: I430da7b68dc2f2645082e6e82b1e35a9f8e23bbc
Krzysztof Jackiewicz [Wed, 17 Apr 2013 10:17:49 +0000 (12:17 +0200)]
[Release] security-server_0.0.72
* fixed release commit message
Change-Id: I7c56fe03e85c5b906b0aac055ab352d18f3d2b2d
Krzysztof Jackiewicz [Tue, 16 Apr 2013 15:43:46 +0000 (17:43 +0200)]
[Release] security-server-0.0.72
* prevent bugfixes
* unnecessary package dependecies removed
Change-Id: I0820cc1656b6405db68aead4cfed609ad7c86175
Bartlomiej Grzelewski [Fri, 12 Apr 2013 13:57:07 +0000 (15:57 +0200)]
Fix bugs reported by prevent.
[Issue#] N/A
[Bug] Sizeof gets wrong argument.
[Cause] N/A
[Solution] Sizeof gets type of struct now.
[Verification] Build. Run security tests.
Change-Id: I300591ae3fa1040d9f316699551b522bf222acce
Bartlomiej Grzelewski [Fri, 12 Apr 2013 14:21:11 +0000 (16:21 +0200)]
Remove package from build dependency that are not requried druing build.
[Issue#] N/A
[Bug] N/A
[Caluse] N/A
[Solution] N/A
[Verification] Build.
Change-Id: Ib13ed0a3c837b85c410633a047212042447ebe27
Krzysztof Jackiewicz [Fri, 12 Apr 2013 14:05:43 +0000 (16:05 +0200)]
Merge remote-tracking branch 'rsa/tizen_2.1' into rsa_master
Change-Id: I15d1549c23d65fa677c10065dd5880647c4a3060
Krzysztof Jackiewicz [Fri, 12 Apr 2013 13:09:56 +0000 (15:09 +0200)]
[Release] security-server_0.0.71
* Remove usage of mw-list file in security-server
Change-Id: I6c47b7f6cbe5040147be837112a50a079893d1bd
Jan Cybulski [Thu, 11 Apr 2013 06:08:02 +0000 (08:08 +0200)]
Remove usage of mw-list file in security-server
[Issue#]SSDWSSP-186
[Feature/Bug] N/A
[Problem] N/A
[Cause] N/A
[Solution] Removing hardcoded set of trusted daemon binaries.
Removing function search_middleware_exe_path and file with mw-list entries.
[Verification] Build, tests
Change-Id: I3f7bd1d37bc0b315642884801c80d3e308f78a2a
Krzysztof Jackiewicz [Tue, 2 Apr 2013 08:55:26 +0000 (10:55 +0200)]
Middleware list check fixed.
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Empty line in mw-lists matches everything.
[Cause] N/A
[Solution] Commandline replaced by executable name. Fixed comparison of
executable name with mw-list entries. Empty line removed from mw-list. 50 chars
limit removed
[Verification] Run all security server tests
Change-Id: I872ad45a4089b484a30fc4caa1759ce9d6a584e4
Junfeng [Thu, 21 Mar 2013 13:31:23 +0000 (21:31 +0800)]
Fix for 64 bit compatibility.
- Fix hardcoding path.
- Use %cmake to set default paths.
Change-Id: I102e9d18662ec001eafc48c9826405bf427f6910
Junfeng [Thu, 21 Mar 2013 13:31:23 +0000 (21:31 +0800)]
Fix for 64 bit compatibility.
- Fix hardcoding path.
- Use %cmake to set default paths.
Change-Id: I102e9d18662ec001eafc48c9826405bf427f6910
Krzysztof Jackiewicz [Fri, 29 Mar 2013 10:17:37 +0000 (11:17 +0100)]
Merge remote-tracking branch 'rsa/tizen_2.1' into rsa_master
Krzysztof Jackiewicz [Thu, 28 Mar 2013 14:36:01 +0000 (15:36 +0100)]
[Release] security-server_0.0.70
* Prevent bugfixes from private repo
Change-Id: I52ea4353e5f4092672135323b30f5ae8e295f1d1
Bartlomiej Grzelewski [Fri, 8 Mar 2013 16:38:57 +0000 (17:38 +0100)]
Read or write may be interrupt.
This commits add suport for interruption of read or write. Please note
that we still need to add support for sitation when read or write
returns less that we expect.
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Solution] N/A
[Verification] Run all security-server tests.
Change-Id: I799fd41245cce004582458f98f49511a2860ff0e
Bartlomiej Grzelewski [Thu, 7 Mar 2013 17:32:28 +0000 (18:32 +0100)]
Reemove compilation warrnings.
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Solution] N/A
[Verification] Run all security-server tests.
Change-Id: Icedbece62623b2393eb16c3776a909db8443c073
Bartlomiej Grzelewski [Thu, 7 Mar 2013 16:21:12 +0000 (17:21 +0100)]
Fix defects reported by prevent.
[Issue#] SSDWSSP-115
[Bug] N/A
[Cause] N/A
[Soultion] N/A
[Verification] Run all security-server tests.
Change-Id: I61a437f604e94b6897d1b2b76aca8217893a307e
Krzysztof Jackiewicz [Thu, 21 Mar 2013 15:37:04 +0000 (16:37 +0100)]
[Release] security-server_0.0.69
* Table allocation bug fixed
* Password timeout changed
* Merged master into tizen_2.1
Change-Id: I85d41e0f8c1e10491a1fab07586058c1ef5f7271
Krzysztof Jackiewicz [Thu, 21 Mar 2013 10:07:11 +0000 (11:07 +0100)]
[Release] security-server_0.0.69
* Table allocation bug fixed
* Password timeout changed
Change-Id: I70b81639a80600fa83cf93ae08ebced1fa83fe84
Janusz Kozerski [Wed, 20 Mar 2013 10:27:28 +0000 (11:27 +0100)]
Change password timeout from 1 seconds to 500000 microseconds.
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Solution] N/A
[Verification] Run all security-server tests.
Jinkun Jang [Fri, 15 Mar 2013 16:17:58 +0000 (01:17 +0900)]
merge with master
Jinkun Jang [Tue, 12 Mar 2013 16:51:34 +0000 (01:51 +0900)]
Tizen 2.1 base
Pawel Polawski [Tue, 5 Mar 2013 10:28:38 +0000 (11:28 +0100)]
Fix bug in table allocation.
[Issue#] N/A
[Bug] Wrong pointer passed to allocating fuinction
[Cause] N/A
[Soultion] Changed to correct pointer
[Verification] No warnings while compilation
Change-Id: I54d00e11862f1986b0518009bdb30a5942f127b7
Bartlomiej Grzelewski [Mon, 4 Mar 2013 16:37:03 +0000 (17:37 +0100)]
[Release] security-server_0.0.67
* Fix bug with searching cookie with no privileges.
Change-Id: I46ab72148143df3f1a76956aa8f4474147ef3338
Pawel Polawski [Tue, 26 Feb 2013 07:51:09 +0000 (08:51 +0100)]
Fix bug with searching cookie with no privileges.
[Issue#] SSDWSSP-102
[Bug] Bug with get_smack_label in security-server
[Cause] Error in searching cookie with no privileges set
[Soulution] Special trading cookies with no privileges set
[Verification] Code compiles with success
Change-Id: I25debbc88315f316ed08b1cda2895bd3d9d90116
Mariusz Domanski [Wed, 27 Feb 2013 10:46:25 +0000 (11:46 +0100)]
[Release] security-server_0.0.65
* Proper %post and %postun scripts in spec file
* Removing unused code and separating deprecated files
* Fix for several issues detected by Prevent
Change-Id: I494fba79e6c11e9c298a4972a99a4847e9caffe6
Rafal Krypa [Mon, 25 Feb 2013 14:45:51 +0000 (23:45 +0900)]
Merge "Proper %post and %postun scripts in spec file"
Zofia Abramowska [Mon, 18 Feb 2013 12:44:57 +0000 (13:44 +0100)]
Removing unused code and separating deprecated files
[Issue#] SSDWSSP-98
[Feature] N/A
[Cause] Removal of unwanted files from security-server
[Solution] N/A
[Verification] Successful build
Change-Id: I27fbd9ca4d597c71b65400c4ed71458b406f557b