Tomasz Swierczek [Mon, 31 Jul 2023 13:50:15 +0000 (15:50 +0200)]
Fixed SAM warning
Change-Id: If59a07a32183184e786c8030b436aa3d8735abbb
Tomasz Swierczek [Thu, 6 Jul 2023 07:53:18 +0000 (09:53 +0200)]
Fix static analysis issue
Change-Id: I7819ebf0e53e70ed94440affe29db0ea2c8cbedf
yeji01.kim [Mon, 3 Jul 2023 10:10:50 +0000 (19:10 +0900)]
Fix build error
Change-Id: I07dd4132663a05fff7689d65d59aedd60c538972
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
yeji01.kim [Thu, 30 Jan 2020 08:32:10 +0000 (17:32 +0900)]
Fix coverity issue
- add return value check
Change-Id: I92a56325afd4ec623c84579d437bd67239677663
Signed-off-by: yeji01.kim <yeji01.kim@samsung.com>
Sangwan Kwon [Tue, 7 Jan 2020 04:01:07 +0000 (13:01 +0900)]
Change fallocate() to posix_fallocate()
For the portable, POSIX.1-specified method of ensuring that
space is allocated for a file.
The main reason of this patch is to support GCC 9.2.
ref) https://review.tizen.org/gerrit/gitweb?p=platform%2Fcore%2Fsecurity%2Fode.git;a=shortlog;h=refs%2Fheads%2Fsandbox%2Fakazmin%2Ftizen_6.0_build
Change-Id: I8baf4feb5fce364f6ecf0ba08c46b90ac7ca1457
Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
Andrey Kazmin [Thu, 12 Dec 2019 13:38:31 +0000 (16:38 +0300)]
Fixed missed <functional> header include
Change-Id: I8631a8ce817c2f2bea54b1b12e420fd286056eef
Signed-off-by: Andrey Kazmin <a.kazmin@partner.samsung.com>
Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
Krzysztof Jackiewicz [Fri, 7 Jun 2019 16:17:18 +0000 (18:17 +0200)]
Stop listening for storaged dbus signals
Oded is now socket & dbus activated and won't listen for dbus
signals. Additionally the default sd card mountpoint will be
removed. From now on oded will expect passing mountpoint via dbus
call.
Launch the sd card UI with file activation instead of dbus call as the
sd card UI is now a user service.
To be merged after storaged starts using the dbus service.
Change-Id: Ic5fb3f4ec4a74d0a8a0a3ec61876498b7a3527f6
Krzysztof Jackiewicz [Thu, 6 Jun 2019 13:03:14 +0000 (15:03 +0200)]
Enable dbus activation
- Register dbus service for external card notification
- Activate ode on dbus service method call
- Store external card mount point in vconf/buxton
- Lazily initialize ecryptfs engine
- Stop ode service after 5s from dbus wakeup
- Use the old sd card mountpoint if not given via dbus call
- Apply security policy
Change-Id: Ibea2663689f99a3812692895dd5efb12e068e121
Krzysztof Jackiewicz [Mon, 17 Jun 2019 10:18:06 +0000 (12:18 +0200)]
Fix uses after free starring c_str()
Change-Id: I94af1d2e129c23c1538076cb135a2c36fc1bab16
Krzysztof Jackiewicz [Fri, 7 Jun 2019 14:58:26 +0000 (16:58 +0200)]
Use proper service for external password UI
Change-Id: I95c0d24041130df973e0817744c2ff4893bd006c
Krzysztof Jackiewicz [Thu, 30 May 2019 11:45:45 +0000 (13:45 +0200)]
Enable socket activation
Enable oded socket activation. Stop service after ~5s of inactivity. Do
not stop the service if it was started manually and no request has
arrived.
Change-Id: I4d65b278df314b3e16453ab0e1e521b3e80e58e7
INSUN PYO [Tue, 2 Jul 2019 07:15:01 +0000 (16:15 +0900)]
Remove unnecessary setting
Change-Id: Ib839751ad22f54d74f9e9daf715540f7a3ce7733
Jaemin Ryu [Fri, 14 Jun 2019 04:17:49 +0000 (13:17 +0900)]
Change openssl dependency to 1.1.1
Change-Id: Icfeea3c6143a33956b94d68f63c23437c4efd220
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
s414.kim [Mon, 13 May 2019 10:19:57 +0000 (19:19 +0900)]
Support to use internal encryption prepare APIs
- If the crypto state is prepared, does not stopSystemdUnit and unmountInternalStorage.
- Add 'internal_prepare' option to cli tool
Change-Id: I1e7d92aa93b03a6eb80312feef5d7025d16e7ed6
Signed-off-by: s414.kim <s414.kim@samsung.com>
s414.kim [Mon, 13 May 2019 06:21:33 +0000 (15:21 +0900)]
Add start encryption/decryption API for internal storage
- Depending on UX changes, add those APIs to set start flags and to reboot
Change-Id: Ib97f6101e890aa02b210b28536d40d21ddcdf751
Signed-off-by: s414.kim <s414.kim@samsung.com>
Krzysztof Jackiewicz [Wed, 15 May 2019 09:44:55 +0000 (11:44 +0200)]
Use libext2fs to read ext4 params and block bitmap
Until now the ext4 params and the block bitmap was calculated
manually. In some cases it could lead to buffer oveflow. This commit
replaces manual calculations with libext2fs calls.
Change-Id: I54d36a88f1950dd95d0b2a53c3dab605e308250d
s414.kim [Thu, 18 Apr 2019 07:47:27 +0000 (16:47 +0900)]
Set 'PATH' in ode_softreset.sh
Change-Id: I80521f7c13924d7bf0cdc8ddc17e1b20d634126d
Signed-off-by: s414.kim <s414.kim@samsung.com>
s414.kim [Thu, 11 Apr 2019 05:32:17 +0000 (14:32 +0900)]
Remove dead code
Change-Id: I399848286392074437e841aae24c86b4a9428084
Signed-off-by: s414.kim <s414.kim@samsung.com>
Krzysztof Jackiewicz [Thu, 28 Mar 2019 14:23:04 +0000 (15:23 +0100)]
Chown token file instead of changing oded gid
Ode-fota is executed as system_shared uid/gid. The token file needs proper
access rights to be readable by ode-fota.
Chown() the token file to root:system_shared instead of modifying oded gid.
Change-Id: I83b12d3a95d4b23ed68f97d66d096befe0249c54
Krzysztof Jackiewicz [Thu, 7 Feb 2019 10:16:12 +0000 (11:16 +0100)]
Merge tizen_4.0 into tizen
Change-Id: Ibc4f1105aad26c5df9a640775e81bfc761403c5a
seolheui, kim [Mon, 14 Jan 2019 11:06:04 +0000 (20:06 +0900)]
Print force killed process list for debugging
Change-Id: Ia4105b6047b4ec419aa83a557114df1844fe8d77
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Tue, 15 Jan 2019 10:03:30 +0000 (19:03 +0900)]
Emit 'unmount' signal before it stop the units
Change-Id: Idf91f3321a51878abf295c81e7b88e6c0c815158
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Mon, 14 Jan 2019 07:37:54 +0000 (16:37 +0900)]
Stop units with the same pid and pgid
Change-Id: I4ddba0760664ebb5424d623c93a9bd26d83951c6
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Mon, 14 Jan 2019 04:35:57 +0000 (13:35 +0900)]
Change the log level to debug stopped unit names
Change-Id: I310f6fffe443b430d3e0e4d5dce6f22fea1c58e1
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
Krzysztof Jackiewicz [Wed, 9 Jan 2019 10:30:19 +0000 (11:30 +0100)]
Make execAndWait logs distinct
Change-Id: I473f37929141288b3dc63dc1c75683d545dac4ec
Krzysztof Jackiewicz [Tue, 8 Jan 2019 06:54:37 +0000 (07:54 +0100)]
Fix internal hex conversion tests
Expected answer was using uppercase letters and the returned answer was using
lowercase. Fixed.
Change-Id: I2145a98ccbb5f483f494a4d5732d6dcdc3cc9f4d
Krzysztof Jackiewicz [Tue, 8 Jan 2019 13:05:15 +0000 (14:05 +0100)]
Use systemd API to decode unit name
Change-Id: I07538d74d9fcb97f29a0a884a0c728aac85d9807
Krzysztof Jackiewicz [Tue, 8 Jan 2019 07:08:06 +0000 (08:08 +0100)]
Remove dependency to capi-base-common
Change-Id: Ic58a3495a689e5d4f7c681d296614c2eb0cc0713
seolheui, kim [Fri, 4 Jan 2019 02:08:17 +0000 (11:08 +0900)]
Remove unused value from file-sink
Change-Id: Ifd245f199c97a7c83765bf0a58798e9b0323a257
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Fri, 4 Jan 2019 01:03:44 +0000 (10:03 +0900)]
Change std::localtime to localtime_r in file-sink.cpp
- To guarantee of thread-safe
Change-Id: I707173361df0d5f0b2d901d30d4f588178301575
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Wed, 26 Dec 2018 02:48:26 +0000 (11:48 +0900)]
Check return value to avoid null pointer dereference
Change-Id: Iba8672046ed58b89e4b92e86e9758fe27255d916
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Fri, 28 Dec 2018 02:56:38 +0000 (11:56 +0900)]
Exclude dbus service from stop units
Change-Id: I4e1a00207b3889c957eda8c978520d7fa833b1d4
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Fri, 28 Dec 2018 01:42:44 +0000 (10:42 +0900)]
Fix improper use of log macros
Change-Id: I70c48c06ddb7708874a998872ae89904ce61997c
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Fri, 28 Dec 2018 01:38:47 +0000 (10:38 +0900)]
Fix write build error
Change-Id: I9d19a4ade99aa43a49fa06d873eb8fcc42efdc74
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
Jaemin Ryu [Thu, 27 Dec 2018 10:53:57 +0000 (10:53 +0000)]
Merge "Force to set mount key" into tizen_4.0
Jaemin Ryu [Thu, 27 Dec 2018 10:53:48 +0000 (10:53 +0000)]
Merge "Add fail-safe code for key migration" into tizen_4.0
seolheui, kim [Thu, 27 Dec 2018 10:46:00 +0000 (19:46 +0900)]
Force to set mount key
Change-Id: Ie043387998a1067ba30afd695617cd8d0ff46200
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Wed, 12 Sep 2018 09:31:04 +0000 (18:31 +0900)]
Add file logger to server
- To get the log of failed encryption or decryption after reboot
Change-Id: I67c2fcf054d24feab23772ef9d507f1eb6294ded
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
Jaemin Ryu [Thu, 27 Dec 2018 09:58:21 +0000 (18:58 +0900)]
Add fail-safe code for key migration
Change-Id: Ibed92f38d5dfd3de1ecc7faff5f1ffdb9ff68c02
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
Jaemin Ryu [Fri, 14 Dec 2018 01:26:37 +0000 (10:26 +0900)]
Update engine state only if cryto device is properly created
Change-Id: I1d3c9d11932afa22a2b7ea2dc101eba36ec39cf7
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
Jaemin Ryu [Wed, 5 Dec 2018 06:52:15 +0000 (15:52 +0900)]
Add support for CSC mode decryption
Change-Id: I3e3f44338a510e6ef4dcf71e4905bda2930934a3
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
Krzysztof Jackiewicz [Mon, 26 Nov 2018 13:59:10 +0000 (14:59 +0100)]
Fix SVACE and C++ issues
Change-Id: I34adcda30e84fd0622f912d9ce0288e719c43199
Krzysztof Jackiewicz [Tue, 2 Oct 2018 08:07:10 +0000 (10:07 +0200)]
Use proper numeric types in ext4 tool
Modify the numeric types used to represent filesystem features to solve
the problem of unnecessary casts, loss of precision and possible integer
overflow.
Simplify few related parts:
- Add template function in ProgressBar to handle different integer
types.
- Move duplicated fast encryption logic inside copyInPlace.
- Remove unnecessary variables and calculations from
Ext4Tool::readInfo().
Change-Id: Id4fc83390e9b26cc84fcb7e08cde6e467a6a93c4
seolheui, kim [Wed, 28 Nov 2018 05:15:40 +0000 (14:15 +0900)]
Fix upgrade script to support fota
Change-Id: I1a10059cd366c6bd1093bf80f8730b9331c7ea69
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Mon, 29 Oct 2018 07:11:22 +0000 (16:11 +0900)]
Add upgrade scripts
- To initialize unsupported vconf values, when the platform upgrade from 3.0 to 4.0
Change-Id: Ie7c434a4ff13efa8eefa913b3d7d438415d3103f
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Mon, 8 Oct 2018 07:24:46 +0000 (16:24 +0900)]
Add NotSupported status for synchronization with 3.0
Change-Id: Ibc8b55a135b25b74c75c4506a8129b732d299848
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Thu, 4 Oct 2018 07:40:04 +0000 (16:40 +0900)]
For permanent lock of display power on encryption
Change-Id: Ifb4cd48de0fb2da25d78e5717c117dc22fd6dee8
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
Sungbae Yoo [Mon, 1 Oct 2018 07:59:05 +0000 (16:59 +0900)]
Fix catch to get all exceptions
This is for fixing a SVACE issue
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I44f6d6a39a4fbd83b1f3290aae48a188b083749f
seolheui, kim [Thu, 13 Sep 2018 08:09:15 +0000 (17:09 +0900)]
Fix to set state of encryption process
Change-Id: Iebb2101fe7a41ba54b745c9b417d2297b5831e99
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Tue, 11 Sep 2018 10:09:15 +0000 (19:09 +0900)]
Fix to stop user session
Change-Id: I3ac1317b762978372ce7857a8aa45df83f49d4fc
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Thu, 30 Aug 2018 01:20:14 +0000 (10:20 +0900)]
Optimize JobWatch for systemd
Change-Id: Iaf10d01f97e4bec52963b098b56ed37d23709228
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Fri, 31 Aug 2018 07:42:14 +0000 (16:42 +0900)]
Add time out to JobWatch
Change-Id: Idfac8fcb7bf1e5da993a5382bf68e2a392f052e3
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Fri, 31 Aug 2018 08:12:01 +0000 (17:12 +0900)]
Fix invalid exception handling
Change-Id: I66dca4e1c879a1043f8c771ee8334df2cb8f1a8c
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Tue, 28 Aug 2018 09:00:48 +0000 (18:00 +0900)]
Add preprocessUnits list to stop user session first
Change-Id: I8ab93c13bd416e2bb11d5c09e4ee3b390ab974c6
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Tue, 28 Aug 2018 07:17:08 +0000 (16:17 +0900)]
Remove stopKnownSystemdUnits()
Change-Id: I77c23c92aa021dd54f60e442843c7ef1403390ca
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
INSUN PYO [Thu, 23 Aug 2018 23:58:09 +0000 (08:58 +0900)]
Remove unnecessary code.
Lazy mount is refactored and no longer need to create /run/.unlock_mnt after mounting /opt/usr.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I75bf738ca5783ebd153fe1714a6be83dde9e4b7e
seolheui, kim [Fri, 13 Jul 2018 10:59:24 +0000 (19:59 +0900)]
Add ode_internal_encryption_is_mounted() API.
Change-Id: I3da5818cd9e83a641151bb2c287484e59d693520
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
Krzysztof Jackiewicz [Wed, 27 Jun 2018 09:08:57 +0000 (11:08 +0200)]
Support for migration from 3.0
There are products based on Tizen 3.0 using different encryption scheme and
footer format. To properly migrate their internal memory encryption key the
flag marking the beginning of an upgrade is left by ode-fota.
During the first device unlock(attempt to mount encrypted partition) after the
upgrade the flag presence is checked. The flag is removed but if it was
present, oded will try to use the product specific key storage plugin to load
the master key for internal encryption.
If it succeeds it will encrypt the master key using given password. Otherwise
it will fall back to normal operation, that is, decrypt the master key using
given password.
Any attempt to decrypt the master key using a password will result in removal
of the upgrade flag.
It is assumed that affected products verify the password prior to passing it to
ode_internal_encryption_set_mount_password().
For unaffected products that do not require the migration it's enough to remove
the flag or the master key stored for the purpose of the upgrade before calling
ode_internal_encryption_set_mount_password(). Note that it is advised to remove
the master key stored for the purpose of the upgrade as soon as possible after
the upgrade due to security reasons. Even if the flag and master key are
present, the encryption introduced in this commit won't break anything as long
as the password is correct.
Change-Id: I86c83366c432aa8ce1d4f25c9beeed98d4f672c3
INSUN PYO [Mon, 23 Jul 2018 07:31:30 +0000 (16:31 +0900)]
Fix wrong lazy mount files.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I47ea4b06de957f4df879f85007eb583176bf56ec
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
seolheui kim [Mon, 2 Jul 2018 06:20:59 +0000 (15:20 +0900)]
Apply lazy-umount and kill processes to unmount user partition
Change-Id: If6164ea25259877a88604c935fb4488765584872
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 27 Jun 2018 07:01:20 +0000 (16:01 +0900)]
Add getDecodedPath for decoding unit name
Change-Id: I7a1d4afe615e4369d33c0f64755d7e80e23891cf
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Jaemin Ryu [Mon, 9 Jul 2018 02:22:15 +0000 (11:22 +0900)]
Fix type mismatch in ode_internal_encryption_mount_ex
Change-Id: Id0356844f4307f5e5697210a26d61bf63779d071
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
Jaemin Ryu [Fri, 6 Jul 2018 07:55:00 +0000 (16:55 +0900)]
Add ode_internal_encryption_mount_ex API
Change-Id: I66143553b9c0b23a3989abb679e8e67f3556c7aa
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
seolheui kim [Fri, 6 Jul 2018 02:42:42 +0000 (11:42 +0900)]
Add ode-fota umount and fix DMCryptEngine::umount,mount
- fix DMCryptEngine::umount : ignore exception on umount /opt/usr/apps
- fix DMCryptEngine::mount : check if target mapper exists or not
Change-Id: Ibbbbce89eb269841a904a65b1dd601370e249443
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 5 Jul 2018 08:39:54 +0000 (17:39 +0900)]
Remove LaunchPad and AppBundle
- Remove launchpad and app-bundle to remove dependence on aul and bundle.
- Using launchpad is replaced with using ode-password service.
- ode-key-storage-plugin : need to dependency of capi-base-common by this change.
Change-Id: I5fe07b951738ab72deec80b271f7714929269a24
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 5 Jul 2018 09:11:23 +0000 (18:11 +0900)]
Add ode-fota input argument for mount path
Change-Id: If6249abe4c5bb79293b4b7fcd69fc9fc0644f99d
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Jaemin Ryu [Wed, 4 Jul 2018 04:49:02 +0000 (13:49 +0900)]
Add metafile backup script for softreset
Change-Id: I3cb3398b1bebdc928235e81ecd9113ca7c666948
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
Jaemin Ryu [Wed, 4 Jul 2018 01:15:04 +0000 (10:15 +0900)]
Use blkid to identify partition
Change-Id: I16f5681b21e87a65d77b642d14f102f71f8605b8
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
Sungbae Yoo [Mon, 2 Jul 2018 02:29:51 +0000 (11:29 +0900)]
Change ode-fota to link static version of klay
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Id3e46fe647549331f78cf7ecc1e8eacf2eaf4881
seolheui kim [Thu, 28 Jun 2018 08:53:18 +0000 (17:53 +0900)]
Remove the check empty token and add catch the exception
Change-Id: I2b1e66c4ad138d8d210c70e9e5801c34360e059d
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 28 Jun 2018 08:13:54 +0000 (17:13 +0900)]
Remove the check for empty token
Change-Id: Id707b50fd27e70c7a077bd2edc6625499df90c50
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 27 Jun 2018 08:59:41 +0000 (17:59 +0900)]
Modify the permission of token file
- fota is running as system_share user and group.
Change-Id: Ia79cdf471b0e82a0773e8af9f96dab6aa907095c
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Tue, 26 Jun 2018 06:29:16 +0000 (15:29 +0900)]
Add flag file to check ode progress for mount unit
- create & remove "/opt/etc/.odeprogress" file
- fix to use klay filesystem for flag files
Change-Id: Id0188a59468bc8a4aeb94f058cdf0bdec2916e66
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Fri, 22 Jun 2018 04:39:24 +0000 (13:39 +0900)]
Hot Fix for delay of unit stop
Change-Id: I7f436995cecfefe313d36549b308ddbf459abeb3
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 21 Jun 2018 10:54:02 +0000 (19:54 +0900)]
Hot Fix to internal storage decryption
Change-Id: I3c7dc2b114e892f2d1b2bcb31548fb0afa4d0051
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Tue, 19 Jun 2018 08:14:25 +0000 (17:14 +0900)]
Add flag file to check ode progress for mount unit
- create & remove "/opt/etc/.odeprogress" file
- fix to use klay filesystem for flag files
Change-Id: Iae42716b6edd907ebe8fd21a7050cfa1f488a4bd
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Tue, 12 Jun 2018 02:22:01 +0000 (11:22 +0900)]
Modify enum values for corrupted encryption
- combine State::CorruptedEncryption and State::CorruptedDecryption with State::Corrupted
to avoid build break since State::Corrupted is used in other packages.
Change-Id: I14ba9ee1c51dc35240a7151f7ddf545453555ced
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Jaemin Ryu [Tue, 12 Jun 2018 01:22:07 +0000 (01:22 +0000)]
Merge "Change to require libcrypto instead of openssl" into tizen
seolheui kim [Mon, 11 Jun 2018 05:27:47 +0000 (14:27 +0900)]
Separate corrupted error and fix external recovery API
- separate corrupted error into "error_partially_encrypted" and "error_partially_decrypted"
- fix to expose the external recovery API and add it to cli tool
Change-Id: I601a83a6a72e22be5c44d13ff830896300c5e578
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Sungbae Yoo [Mon, 11 Jun 2018 08:28:41 +0000 (17:28 +0900)]
Change to require libcrypto instead of openssl
This is for a fota issue that openssl can't be used in fota progress
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: If619d47f6c823b0560fb44cb7f5467fef5838d3e
seolheui kim [Fri, 8 Jun 2018 07:24:28 +0000 (16:24 +0900)]
Fix reboot dbus name
Change-Id: I4839ff93dcd5cd50ce0bf8c965c5917fee0cce53
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Fri, 8 Jun 2018 06:51:29 +0000 (15:51 +0900)]
fix reboot parameter to send dbus in recovery method
Change-Id: Ie0e898c2b4badebc776df40efbc9687f9b95bf4e
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 7 Jun 2018 12:53:33 +0000 (21:53 +0900)]
Fix recovery method for internal encryption
- add recovery method to expose to client
- fix logic of recovery
- add recovery command to ode-admin-cli
Change-Id: I6eb162a83bb2796fd597f3b118a788b304939a41
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 24 May 2018 05:19:10 +0000 (14:19 +0900)]
Fix showProgressUI service name
Change-Id: I8be450868943589c352d9741d4f4a20aed5ff6a4
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 9 May 2018 12:31:43 +0000 (21:31 +0900)]
Apply encryption progress UI service
Change-Id: Ibfe33fb459bf57a16a660bcabb9b9d34c878d7b0
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Tue, 24 Apr 2018 06:02:59 +0000 (15:02 +0900)]
Fix coverity issues
- fix to catch exceptions from division by zero
- fix to unchecked return values
- remove logically dead code and unused value
Change-Id: I9b9e9c88fd12034a7a737e871d9626b96a736407
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 4 Apr 2018 04:05:19 +0000 (13:05 +0900)]
oded : Add Partial RELRO for excutables
Change-Id: I221c074730ae30c2ea3c073c895d18620f841cef
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Krzysztof Jackiewicz [Wed, 7 Feb 2018 09:44:20 +0000 (10:44 +0100)]
Release version 0.0.5
Change-Id: I1015edf4ed9a75f5d1ce55b4783e458a64c5ce8d
Krzysztof Jackiewicz [Thu, 1 Feb 2018 14:02:34 +0000 (15:02 +0100)]
Wait for unit to stop instead of sleeping
Oded asks systemd to stop certain units before unmounting /opt/usr but it
doesn't wait for confirmation. Instead it performs sleep(1).
This commit implements a mechanism that waits for unit stop confirmation from
systemd.
Change-Id: I50d4ca8d234221b8af457852548a5d9230f4ec2b
Krzysztof Jackiewicz [Wed, 31 Jan 2018 16:01:47 +0000 (17:01 +0100)]
Stop security-manager before unmounting /opt/usr
Security-manager creates mounts in a mount namespace that are invisible to
oded. Although /opt/usr is unmounted in oded's namespace it is still mounted
in the one used by SM. As a result device mapper can't use the device to
load the table.
This commit adds security-manager.service and socket to the list of known units
that have to be killed before unmounting /opt/usr. Socket is stopped to prevent
security-manager from being restarted. This is just a temporary solution. It
does not prevent other services from blocking ode by using mount namespaces.
Change-Id: I53584f17efc56fa39a503025d4f68010c3b3dbb3
Krzysztof Jackiewicz [Tue, 30 Jan 2018 12:26:24 +0000 (13:26 +0100)]
Improve internal memory unmounting
On some devices there are multiple mounts under /opt/usr. We have to unmount
all the others to unlock the /opt/usr unmounting.
With this commit ode will iterate over all matching entries and try to unmount
all of them. Some of them are unmounted externally and may disappear before the
call to umount() in ode causing EINVAL error. Ode will ignore it.
Change-Id: I306cc61436e4c151a8396a6d26fefc32a9f93826
Krzysztof Jackiewicz [Thu, 1 Feb 2018 08:36:45 +0000 (09:36 +0100)]
Fix indentation of device mapper buffer description
Change-Id: I4b1303677b4418faa40d934a86eb945ee357d927
seolheui kim [Fri, 2 Feb 2018 06:38:10 +0000 (15:38 +0900)]
Fix gmainloop to run in main context.
To receive dbus signals subscribed in main context, replace gmainloop.
Change-Id: I05c08b61ae4165fcbd1a298d26d047af87631b11
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Krzysztof Jackiewicz [Tue, 19 Dec 2017 15:34:24 +0000 (16:34 +0100)]
Release version 0.0.4
Change-Id: Ibaab7ad74ac3fb807472729fc109c4eb3fae5376
Krzysztof Jackiewicz [Tue, 19 Dec 2017 13:43:14 +0000 (14:43 +0100)]
Fix API functions' names
Change-Id: Ibae1919e0f0c490d762ee05f58f01138347f6a22
Krzysztof Jackiewicz [Thu, 30 Nov 2017 08:13:53 +0000 (09:13 +0100)]
Release version 0.0.3
Change-Id: Iec02d56812d5293312751762a05f620d3e30655a
Krzysztof Jackiewicz [Wed, 29 Nov 2017 15:18:46 +0000 (16:18 +0100)]
Remove unused dependencies
Change-Id: I0b0036424ccca0faa206302b964c6251c283e733
Krzysztof Jackiewicz [Fri, 24 Nov 2017 10:03:45 +0000 (11:03 +0100)]
Protect file footer from concurrent access
Add mutex synchronisation.
Can't use runtime::File locks because it's not possible to truncate a file
during writing without closing the descriptor (and unlocking the lock).
Derivation won't help either as the descriptor is private.
Change-Id: I5e22b21dca48b1b3d17ae6b2e4084c1029f84089
Krzysztof Jackiewicz [Fri, 17 Nov 2017 13:46:47 +0000 (14:46 +0100)]
Add upgrade related operations to ode-admin-cli
Change-Id: I6157f0071a84fbdf157545abcf20d8462d7d5e6a
Krzysztof Jackiewicz [Wed, 15 Nov 2017 09:08:59 +0000 (10:08 +0100)]
Add executable for mounting internal memory during FOTA
Change-Id: Idb5f1ed392d3cb0a110242de76acb44f8db8e07a
projects / platform / core / security / ode.git / log