platform/core/security/security-manager.git
8 years agoDo not exit when security_manager_prepare_app fails 26/77826/4
Kidong Kim [Fri, 1 Jul 2016 07:59:11 +0000 (16:59 +0900)]
Do not exit when security_manager_prepare_app fails

Because security_manager_prepare_app is called by launcher directly,
I think the launcher should do error handling by itself. This is problem
reported by product team, and identified as being successful after
applying this patch

Change-Id: Icf94ef07ef92bff8e2ce631bb72026e999ef6c15
Signed-off-by: Kidong Kim <kd0228.kim@samsung.com>
8 years agoFix return type in setup_smack function 16/77316/2
Oskar Świtalski [Wed, 29 Jun 2016 07:41:53 +0000 (09:41 +0200)]
Fix return type in setup_smack function

Change-Id: I52c8390beb6264ae0fddfcf3e02062fbafaed7b7
Signed-off-by: Oskar Świtalski <o.switalski@samsung.com>
8 years agoDon't store application privileges in db 13/68013/4
Rafal Krypa [Thu, 30 Jun 2016 13:59:01 +0000 (15:59 +0200)]
Don't store application privileges in db

Application privileges are now retrieved from Cynara whenever needed.
Private database of security-manager doesn't need to duplicate this data,
Cynara now acts as storage for app-privilege assignment.

Change-Id: I5b799e88dddbd622ac44b88e41baf8e88c9327d0

8 years agoRelease version 1.1.9 47/77047/1 accepted/tizen/common/20160703.130059 accepted/tizen/ivi/20160630.003149 accepted/tizen/mobile/20160630.003052 accepted/tizen/tv/20160630.003133 accepted/tizen/wearable/20160630.003103 submit/tizen/20160629.063625 submit/tizen_common/20160701.180000
Tomasz Swierczek [Tue, 28 Jun 2016 10:22:51 +0000 (12:22 +0200)]
Release version 1.1.9

Define PATH environment variable in scripts.
Fix wrong tizen2X apps fetching on app uninstall

Change-Id: I29e336f633a4e79ed5fedb7f8b1a72a3167d8df7

8 years agoDefine PATH environment variable in scripts. 90/76990/1
jin-gyu.kim [Tue, 28 Jun 2016 07:55:58 +0000 (16:55 +0900)]
Define PATH environment variable in scripts.

Change-Id: I0b144b5dac51f84ff2256dfa0abcb8e5872af603

8 years agoFix wrong tizen2X apps fetching on app uninstall 10/76610/2
Zofia Abramowska [Fri, 24 Jun 2016 11:01:49 +0000 (13:01 +0200)]
Fix wrong tizen2X apps fetching on app uninstall

Change-Id: I9fea05b7c765b0bd9e36cf9d6f211f0f225b245e

8 years agoRelease version 1.1.8 87/76387/1 accepted/tizen/common/20160627.191623 accepted/tizen/ivi/20160624.064306 accepted/tizen/mobile/20160624.063945 accepted/tizen/tv/20160624.063911 accepted/tizen/wearable/20160624.064248 submit/tizen/20160624.011528
Tomasz Swierczek [Thu, 23 Jun 2016 14:52:34 +0000 (16:52 +0200)]
Release version 1.1.8

Fix global apps deinstallation
Remove DPL String class and dependencies on it
Add internal privilege for web only privilege
ServiceImpl: remove sharing rules on application uninstall
PrivilegeDB: Add private sharing squashing
PrivilegeDB: Add getters for fetching owner/target private sharing
Return error when private sharing doesn't exist

Change-Id: I66f63e3d17ef3d2344a4606e60daf1a037d8fed8

8 years agoFix global apps deinstallation 84/76384/2
Radoslaw Bartosiak [Thu, 23 Jun 2016 14:33:12 +0000 (16:33 +0200)]
Fix global apps deinstallation

Change-Id: I374ad96218304714af15f23dbfdf1173fbd56c3a
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
8 years agoRemove DPL String class and dependencies on it 92/76292/1
Rafal Krypa [Thu, 23 Jun 2016 09:24:59 +0000 (11:24 +0200)]
Remove DPL String class and dependencies on it

Security-manager doesn't use DPL String, it was taken in as requirement
of DPL SQLConnection. The DPL String class introduces needless dependency
on libicu. Since our code doesn't operate on UTF-8 strings and doesn't
really need libicu, it's better to drop DPL String altogether.

Change-Id: Ia64a7e8ac8237642b0aae8b74bed28ddcaefe8c4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoAdd internal privilege for web only privilege 15/74215/3
Yunjin Lee [Mon, 13 Jun 2016 08:13:16 +0000 (17:13 +0900)]
Add internal privilege for web only privilege
Some web APIs are not a wrapper of native API so web privileges for those have no mapping native privilege.
They all are mapped to http://tizen.org/privilege/notexist now so web application with one of those privilege can get access to other web only privilged APIs.
Therefore we add internal privileges for them to check the permission properly. (format of http://tizen.org/privilege/internal/web/xxxx)
If web privilege name is http://tizen.org/privilege/websetting then mapping internal privilege name is http://tizen.org/privilege/internal/web/websetting.

Change-Id: I8385fa80c17e2b830c944aaa07c6ea3e5758b898
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
8 years agoServiceImpl: remove sharing rules on application uninstall 72/65172/7
Rafal Krypa [Wed, 15 Jun 2016 14:10:14 +0000 (16:10 +0200)]
ServiceImpl: remove sharing rules on application uninstall

Drop all related private sharing to uninstalled application
(where it appears as owner application or target application).

Change-Id: I3b9b73f325486c5463b6a38be23d0bad2bce5399

8 years agoPrivilegeDB: Add private sharing squashing 71/65171/6
Rafal Krypa [Wed, 18 May 2016 08:02:22 +0000 (10:02 +0200)]
PrivilegeDB: Add private sharing squashing

Squash specific private sharing so counter is set to 1.
This makes it easier to remove private sharing for
uninstalled applications.

Change-Id: Ide7360d4381ffa26492a176fe1d2d64247b22d31

8 years agoPrivilegeDB: Add getters for fetching owner/target private sharing 70/65170/5
Zofia Abramowska [Fri, 26 Feb 2016 16:08:51 +0000 (17:08 +0100)]
PrivilegeDB: Add getters for fetching owner/target private sharing

Add getter functions to privilege db to fetch sharing info for
specified owner application or specified target application.
These are required to properly drop rules on application
uninstallation.

Change-Id: I7ea9933d65f453cf8838c519759be9a4036dacb9

8 years agoReturn error when private sharing doesn't exist 69/65169/5
Zofia Abramowska [Thu, 7 Apr 2016 10:57:01 +0000 (12:57 +0200)]
Return error when private sharing doesn't exist

Change-Id: Ib2f79da356c9b6830afe0654e79f70b627842ec4

8 years agoRelease version 1.1.7 88/75088/3 accepted/tizen/common/20160620.163323 accepted/tizen/ivi/20160620.081707 accepted/tizen/mobile/20160620.081621 accepted/tizen/tv/20160620.081635 accepted/tizen/wearable/20160620.081653 submit/tizen/20160617.094501
Tomasz Swierczek [Thu, 16 Jun 2016 12:22:12 +0000 (14:22 +0200)]
Release version 1.1.7

Add internal privilege for app debugging
Add core privileges
Add check if privileges were properly dropped
Threads security context synchronization
Added parameter mode and made more generic getDirContents function
Prepare setup_smack client function for running without CAP_MAC_ADMIN
Fix installation user mangling
Disable ASKUSER policy by default
Fix policy access control for accessing another user's policy
Add proper policy setup for privacy-related privileges
Fix doxygen comments

Change-Id: I72faf5a7c10fe28cde0e6ed22bb8fe7c82189109

8 years agoAdd internal privilege for app debugging : when specific option is set, app-installer... 67/68867/2
Yunjin Lee [Tue, 10 May 2016 06:58:21 +0000 (15:58 +0900)]
Add internal privilege for app debugging : when specific option is set, app-installers will add this privilege to app privilege list

Change-Id: I75cd6c567d67c3963e0629c2dd2f2e5e7c7bebdf
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
8 years agoAdd core privileges 86/75186/1
Yunjin Lee [Fri, 17 Jun 2016 04:20:31 +0000 (13:20 +0900)]
Add core privileges
- antivirus.* privileges: antivirus.admin, antivirus.scan, antivirus.webprotect
- dpm.* privileges: dpm.bluetooth, dpm.browser, dpm.camera, dpm.clipboard, dpm.debugging, dpm.email, dpm.location, dpm.lock, dpm.message, dpm.microphone, dpm.password, dpm.security, dpm.settings, dpm.storage, dpm.usb, dpm.wifi, dpm.wipe, dpm.zone

It refers to https://review.tizen.org/gerrit/#/c/75182/

Change-Id: I8740097ba9ef12100426e56e9f69ca6799c449b4
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
8 years agoAdd check if privileges were properly dropped 64/49164/12
Rafal Krypa [Thu, 14 Jan 2016 15:48:19 +0000 (16:48 +0100)]
Add check if privileges were properly dropped

Check if every thread in process has same stats as thread
calling security_manager_prepare_app() and exit from process
if they do not.

Change-Id: I008c2b8e442edb6a5f9f1d74bf13f95465b6bdca
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoThreads security context synchronization 90/72590/13
Zbigniew Jasinski [Wed, 1 Jun 2016 15:43:29 +0000 (17:43 +0200)]
Threads security context synchronization

- use lambda as signal handler
- return error if not all threads synced
- change NULL to nullptr
- added std::atomic_thread_fence for memory synchronization
- block SIGUSR1 signal during threads counting
- set signal set to empty
- added waiting loop for signal propagation
- reset signal handler after threads synced, not before
- synchronization of both: Smack labels and Linux capabilities

Change-Id: Ia9d6a503e88523c387ab1ba30e0e9a5a94f05a5c
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
8 years agoAdded parameter mode and made more generic getDirContents function 20/73520/5
Zbigniew Jasinski [Wed, 8 Jun 2016 10:03:26 +0000 (12:03 +0200)]
Added parameter mode and made more generic getDirContents function

Like previously, for files in dir use getFilesFromDirectory.
For listing directories only - getDirsFromDirectory.

Change-Id: Ic7ed060fcbaef90e3a6f15d8815a3f1ec522d062
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
8 years agoPrepare setup_smack client function for running without CAP_MAC_ADMIN 37/74037/4
Tomasz Swierczek [Fri, 10 Jun 2016 11:59:00 +0000 (13:59 +0200)]
Prepare setup_smack client function for running without CAP_MAC_ADMIN

Without CAP_MAC_ADMIN we'll not be able to relabel opened sockets, which,
after analysis, seems unnecessary.

Change-Id: I2c2d7af60cbfe79e9a5edc9ee56ef5e1ed9edbf7

8 years agoFix installation user mangling 70/74070/2
Radoslaw Bartosiak [Fri, 10 Jun 2016 15:14:09 +0000 (17:14 +0200)]
Fix installation user mangling

Set global user as the owner of preloaded applications and
applications installed globally.

Change-Id: Idb3f194aacefa7afaa047de6bfdfdb1bee6b8736
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
8 years agoDisable ASKUSER policy by default 64/73464/2
Tomasz Swierczek [Wed, 8 Jun 2016 07:50:36 +0000 (09:50 +0200)]
Disable ASKUSER policy by default

This is needed for UI-less Tizen (potential) profiles.

Change-Id: Icb4a801b598c074412c770047cbc7686780ed704

8 years agoFix policy access control for accessing another user's policy 10/73010/3
Tomasz Swierczek [Fri, 3 Jun 2016 12:04:19 +0000 (14:04 +0200)]
Fix policy access control for accessing another user's policy

Test with: https://review.tizen.org/gerrit/#/c/73009/

Change-Id: I8eb503d6a2ffb21afecf65206fdef28458734283

8 years agoAdd proper policy setup for privacy-related privileges 68/72568/9
Tomasz Swierczek [Wed, 1 Jun 2016 13:44:47 +0000 (15:44 +0200)]
Add proper policy setup for privacy-related privileges

Thanks to privielge-checker module API we can setup
"ASK-USER"/popup Cynara policy for privacy-related privileges.

Test with https://review.tizen.org/gerrit/#/c/72604/

Change-Id: I6bb8bc1dffc1e607c09b7722c6fac33b29620b4e

8 years agoFix doxygen comments 36/74036/2
Lukasz Pawelczyk [Fri, 10 Jun 2016 11:42:52 +0000 (13:42 +0200)]
Fix doxygen comments

This fixes all of the doxygen comment tags (/**) and a plethora of other
errors and inconsistencies. Mostly missing argument names for \param.

This is not a comprehensive doxygen comments review, but it does fix all
the doxygen errors and warnings and makes it possible to generate
somewhat correct doxygen documentation.

Change-Id: Ib030dab7a5c116a8a6a9ccb3665dd79163a7b632

8 years agoRelease version 1.1.6 60/71460/10 accepted/tizen/common/20160602.140046 accepted/tizen/ivi/20160602.022851 accepted/tizen/mobile/20160602.023024 accepted/tizen/tv/20160602.022552 accepted/tizen/wearable/20160602.022739 submit/tizen/20160531.024853
Tomasz Swierczek [Wed, 25 May 2016 11:12:55 +0000 (13:12 +0200)]
Release version 1.1.6

Changes:

Fix issues with local user app instalaltion and inotify file watches.
Fix and generalize generation of default "apps-names" configuration files
Allow application directories to be placed in /etc/skel/apps_rw
Introduce an interface class for tzplatform-config
Implement API for managing list of permitted labels for launcher
Simplify and fix code generating SharedRO Smack rules
Cleanup around Tizen2X apps/packages generation functions
Add tizen version handling to the cmd line tool
Add dlog log provider. Make log backend configurable.
Revert "Completely remove dlog remainings"

Change-Id: I0ec94afe33c98a5023836ba1e19460e4525d9628

8 years agoRemove executable bit from non-executable files 78/68478/2
Rafal Krypa [Wed, 4 May 2016 14:24:15 +0000 (16:24 +0200)]
Remove executable bit from non-executable files

Source files should not be marked as executable.

Change-Id: I44d9bea2cb0979dbb82cc03b451ded57c95f2041

8 years agoFix issues with local user app instalaltion and inotify file watches. 24/71424/10
Tomasz Swierczek [Wed, 25 May 2016 09:50:56 +0000 (11:50 +0200)]
Fix issues with local user app instalaltion and inotify file watches.

Added per-user context to usage of tzplatform-config.

Change-Id: I20b145169d056bbbd3683713167c9b9655bdcbbd

8 years agoFix and generalize generation of default "apps-names" configuration files 87/71387/4
Rafal Krypa [Wed, 25 May 2016 07:47:09 +0000 (09:47 +0200)]
Fix and generalize generation of default "apps-names" configuration files

Per user "apps-names" files are used by recently merged functionality for
app label monitor for the application launcher.
The following fixes are provided:
- Don't hardcode /etc/skel/apps_rw, generate it from tzplatform-config
- Apply Smack labels in %post instead of %install to make the labels
  effective. RPM packages don't keep file xattrs, Smack labels must always
  be applied in package %post or in manifest.
- Mark the files as config files to avoid overwrite of apps-names in
  TZ_SYS_RW_APP when security-manager is upgraded

Change-Id: I18a3cc81fad0759b453a1c3b1b14ddea443bde56
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoAllow application directories to be placed in /etc/skel/apps_rw 35/70935/3
Rafal Krypa [Mon, 23 May 2016 09:55:43 +0000 (11:55 +0200)]
Allow application directories to be placed in /etc/skel/apps_rw

For the purpose of registering paths for each user, including users that
aren't yet created, installer wants to place some initial files or
directories in /etc/skel. If installation request in security-manager is
of type SM_APP_INSTALL_GLOBAL or SM_APP_INSTALL_PRELOADED, it will now
allow such paths.

Change-Id: I270034db426dce306bc149e27099290c7c26b10d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoIntroduce an interface class for tzplatform-config 27/71027/2
Rafal Krypa [Mon, 23 May 2016 15:43:59 +0000 (17:43 +0200)]
Introduce an interface class for tzplatform-config

Create TizenPlatrofmConfig wrapper class for tzplatform-config library.
The wrapper takes care of error checking, user context and type conversions.

Change-Id: I1bd8e7cbcd525ece909cecf4f14a9b7c6fa5d5f4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoImplement API for managing list of permitted labels for launcher 93/67993/20
Radoslaw Bartosiak [Fri, 29 Apr 2016 14:16:22 +0000 (16:16 +0200)]
Implement API for managing list of permitted labels for launcher

Four new API functions:
- security_manager_app_labels_monitor_init
- security_manager_app_labels_monitor_finish
- security_manager_app_labels_monitor_get_fd
- security_manager_app_labels_monitor_process

They provide functionality needed for the launcher to run without
CAP_MAC_ADMIN. It will rely on new feature of Smack:
relabel-self list of labels, that a process can change its label
to without special capabilities.
The new APIs will enable the launcher to wait for changes of
apps labels list (when an app is installed or uninstalled) and
to update its relabel-list with a separate, dedicated function.

Change-Id: I1d8a7bce8c081ba27e7c388ee096c7c07005d92d
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
8 years agoSimplify and fix code generating SharedRO Smack rules 93/70593/3
Rafal Krypa [Fri, 20 May 2016 11:55:04 +0000 (13:55 +0200)]
Simplify and fix code generating SharedRO Smack rules

Smack rules for cross-package access to SharedRO labels are now kept in
a separate file that is fully regenerated after a Tizen 2.x application
is installed or removed.

This also fixes error that the previous implementation had, with superflous
Smack rule from Tizen 2.x applications to SharedRO rule of their own pkg.
Such rules collided with rules of the same subject and object but different
access modes. Each app gets such rule for SharedRO label of own package
from app-rules-template.smack template, but with RW access. Overwrite of
such rule by cross-package RO rule lead to incorrect access.

Change-Id: I70ee47606c7548d1c0d2dee83eacaae4b64cea9c

8 years agoCleanup around Tizen2X apps/packages generation functions 80/69480/3
Lukasz Pawelczyk [Thu, 12 May 2016 10:56:11 +0000 (12:56 +0200)]
Cleanup around Tizen2X apps/packages generation functions

Create two separate functions, one for apps and one for packages. This
way we remove code duplication that was there before.
Remove the exclusion rule from the "packages" part. It wouldn't even work
properly when there were more then one app from the same package and was
just confusing. Further commits in this series are about handling
possible duplicates properly.

Change-Id: I31f3cb032cb1baab2940e9847547e3d2e3921335

8 years agoAdd tizen version handling to the cmd line tool 79/69479/3
Lukasz Pawelczyk [Wed, 11 May 2016 12:50:27 +0000 (14:50 +0200)]
Add tizen version handling to the cmd line tool

Change-Id: I4ce2d523599131f64999f227251d31620e3f1749

8 years agoAdd dlog log provider. Make log backend configurable. 09/68109/3
Dariusz Michaluk [Mon, 2 May 2016 08:11:29 +0000 (10:11 +0200)]
Add dlog log provider. Make log backend configurable.

Change-Id: I5474b0eb641e0349d8f2c6b30080f527fe8be53d

8 years agoRevert "Completely remove dlog remainings" 08/68108/2
Dariusz Michaluk [Mon, 2 May 2016 07:03:15 +0000 (09:03 +0200)]
Revert "Completely remove dlog remainings"

This reverts commit 756ca93d1b5cb1024919aae81723a7a03434c9a3.

Change-Id: Ic05a47a70cdce84b88fdd1727dff1d8747f05d9c

8 years agoRelease version 1.1.5 53/70053/1 accepted/tizen/common/20160519.191037 accepted/tizen/ivi/20160518.090610 accepted/tizen/mobile/20160518.090530 accepted/tizen/tv/20160518.090543 accepted/tizen/wearable/20160518.090521 submit/tizen/20160518.015500
jooseong lee [Wed, 18 May 2016 01:50:36 +0000 (10:50 +0900)]
Release version 1.1.5

Changes:

Fixing small spelling error in db.sql, reproduction only with building new image with MIC
Require usermanagement permission for local app installation for other users
Fix the update of package cross-rules during uninstallation
Path registration requests - server side implementation
Path registration requests - client side implementation
Move author_id to pkg - server code adjustment
Move author_id to pkg - db migration
Add path registration API stub
Add privilege-group mapping for tethering.admin privilege

Change-Id: If05b9ead7643cfa971f65d680879bacb9d48030e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoFixing small spelling error in db.sql, reproduction only with building new image... 61/69961/2
Tomasz Swierczek [Tue, 17 May 2016 11:34:43 +0000 (13:34 +0200)]
Fixing small spelling error in db.sql, reproduction only with building new image with MIC

At image-build time DB was created from scratch and one SQL command was broken.
Column name was fixed.

Change-Id: I9d4be97489299529a18d7345cf253ab00e2ee752
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
8 years agoRequire usermanagement permission for local app installation for other users 64/68964/2
Rafal Krypa [Tue, 10 May 2016 16:06:50 +0000 (18:06 +0200)]
Require usermanagement permission for local app installation for other users

When installation type is set to SM_APP_INSTALL_LOCAL, but uid in the
request is different that uid of the calling user, security-manager will
now require the usermanagement permission, i.e.:

http://tizen.org/privilege/internal/usermanagement

The following API functions are affected:
- security_manager_app_install
- security_manager_app_uninstall
- security_manager_paths_register

Change-Id: Ic9e583e4da923ea391987fbb0cfff7f0abbbc2bb

8 years agoFix the update of package cross-rules during uninstallation 51/68451/7
Krzysztof Jackiewicz [Wed, 4 May 2016 09:26:46 +0000 (11:26 +0200)]
Fix the update of package cross-rules during uninstallation

[Problem] During app uninstallation the package rules are updated basing on the
list of apps being a part of the package. However the app being uninstalled is
not removed from this list which may generate unwanted smack rules.
[Solution] Remove uninstalled app from package contents list.

[Verification] Test is not yet implemented.

Change-Id: I867e65a996d0c797dfab9bcaaf15bbaf1a4261c4

8 years agoPath registration requests - server side implementation 52/68152/15
Krzysztof Jackiewicz [Mon, 2 May 2016 09:16:16 +0000 (11:16 +0200)]
Path registration requests - server side implementation

[Feature] Provide API for package path registration
[Solution] Update server side logic.

[Verification] Run tests

Change-Id: Ie20db0c0764d48b97ef195ea422aa120f38c7125

8 years agoPath registration requests - client side implementation 40/68140/10
Krzysztof Jackiewicz [Mon, 2 May 2016 07:28:33 +0000 (09:28 +0200)]
Path registration requests - client side implementation

[Feature] Provide API for package path registration.
[Solution] Add client side implementation + communication.

[Verification] Run tests. TODO prepare tests.

Change-Id: Iae9a03894a9780fb4b0a9242e278e940d2e2989d

8 years agoMove author_id to pkg - server code adjustment 39/68139/7
Krzysztof Jackiewicz [Mon, 2 May 2016 10:31:58 +0000 (12:31 +0200)]
Move author_id to pkg - server code adjustment

[Problem] Author is not a feature of app anymore. Server code needs to be
adjusted.
[Solution] Get author via pkg instead of app. Rename variables and functions.
Update author's rules in existing ones if a new app with different author is
installed. Separate author rules for app from app-rules-template.smack

[Verification] Run tests (especially author related ones)
TODO: Add author update test case.

Change-Id: I8e42877170809e9e71c8c676b566119e3b16fbd5

8 years agoMove author_id to pkg - db migration 98/67998/7
Krzysztof Jackiewicz [Thu, 28 Apr 2016 15:26:28 +0000 (17:26 +0200)]
Move author_id to pkg - db migration

[Problem] Paths will be registered per pkg but path can be shared between apps
of the same author and the author is a feature of an app.
[Solution] Make author a feature of a pkg. Modify db accordingly and add proper
migration script.

[Verification] Install on v2 version and run tests.

Change-Id: I6a9933ec25094a92f20b76b3f72cbd4064f060c7

8 years agoAdd path registration API stub 44/67844/8
Krzysztof Jackiewicz [Wed, 27 Apr 2016 09:19:43 +0000 (11:19 +0200)]
Add path registration API stub

[Problem] Path registration is package specific and requires a separate
processing.
[Solution] Create API for package path registration.

[Verification] Successfull compilation

Change-Id: Ie31d756b7dc7ca9bca82305b03dd8000ba6b9bc5

8 years agoAdd privilege-group mapping for tethering.admin privilege 83/69083/1
jooseong lee [Wed, 11 May 2016 11:06:59 +0000 (20:06 +0900)]
Add privilege-group mapping for tethering.admin privilege

Refer to :
 * https://review.tizen.org/gerrit/69079
 * https://review.tizen.org/gerrit/69071

Change-Id: Idb914ceaaed4ca208e1de725a22395fd5e82b7d5
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoRelease version 1.1.4 00/68700/1 accepted/tizen/common/20160510.050958 accepted/tizen/ivi/20160510.002733 accepted/tizen/mobile/20160510.002727 accepted/tizen/tv/20160510.002730 accepted/tizen/wearable/20160510.002719 submit/tizen/20160509.103316
jooseong lee [Mon, 9 May 2016 10:29:44 +0000 (19:29 +0900)]
Release version 1.1.4

Changes:

Use wildcard user in cynara policy installing a preloaded app

Change-Id: I695c9422a1ff77c493484e18f07fcd9090a2af4e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoUse wildcard user in cynara policy installing a preloaded app 47/68647/1
jooseong lee [Mon, 9 May 2016 06:19:17 +0000 (15:19 +0900)]
Use wildcard user in cynara policy installing a preloaded app

Preloaded app is a global app, which is installed in TZ_SYS_RO.
User credential in cynara app policy should be wildcard.

Change-Id: I54841d051d1e7671e23e2cecae0a1ed1a601395a
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoRelease version 1.1.3 71/68071/1 accepted/tizen/common/20160504.125034 accepted/tizen/ivi/20160503.011618 accepted/tizen/mobile/20160503.011518 accepted/tizen/tv/20160503.011539 accepted/tizen/wearable/20160503.011559 submit/tizen/20160502.103854
Tomasz Swierczek [Mon, 2 May 2016 05:51:39 +0000 (07:51 +0200)]
Release version 1.1.3

Changes:

Change logic of security_manager_set_process_groups_from_appid
Don't check permissions on API calls in off-line mode
Fix implementation of filesystem.cpp
Move smack files to new directory
refactoring: use common function template for getting label by libsmack
Add installation types (global, local, preloaded).
Integrate with Cynara, clients must be privileged
db: update schema to version 2
Add constraint error in database logic.
More error messages
Use app instead of app_pkg_view in sqlite queries
security-manager-policy-reload: don't print errors on image build
Add privilege-group mapping for iotcon
Remove unused table version
Adjust Cynara privileges required by privacy manager APIs
Revert "Add installation types (global, local, preloaded)."
DB: Change app ids to app names in private sharing
Revoke subject label of uninstalled application

Change-Id: I0882ea1a261643b942e35cf528d0367599293c3d
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
8 years agoChange logic of security_manager_set_process_groups_from_appid 81/67981/3
Rafal Krypa [Fri, 29 Apr 2016 18:06:00 +0000 (20:06 +0200)]
Change logic of security_manager_set_process_groups_from_appid

The API function sets groups in application candidate process.
The following changes are applied:
- groups are based on privileges assigned to appId, not pkgId - don't
  consider privileges granted to other apps in the package
- if the process was previously added to any group that is mapped to
  a privilege and app doesn't have access to that privilege, the group
  will be removed from the process
- no group will be added to the process more than once

Change-Id: Ifbb5fe48f2ad0bcc69ca00c13e6d7f2a20b148a2
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoDon't check permissions on API calls in off-line mode 17/68017/1
Rafal Krypa [Fri, 29 Apr 2016 17:44:12 +0000 (19:44 +0200)]
Don't check permissions on API calls in off-line mode

Off-line mode was introduced to be used during image creation, when no
services are running. It enables root to perform some security-manager
operations on the client side.

But in off-line mode not only security-manager isn't running. No services
run, including cynara service. When libsecurity-manager-client tries to
check whether the off-line mode user has access to proper privilege, it
fails because cynara_check() has no off-line mode.

Permission checking in such scenario isn't required. The user is already
checked for UID 0 and even if it gets away from that check, it wouldn't be
able to perform actual operations without being super user.

Change-Id: I087bbc6b29a702a445d4498b96a950ca1e919efd
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoFix implementation of filesystem.cpp 33/67833/1
Bartlomiej Grzelewski [Thu, 28 Apr 2016 13:06:46 +0000 (15:06 +0200)]
Fix implementation of filesystem.cpp

The function getFilesFromDirectory should not follow
links. It should return the list of files in directlry.

Change-Id: I142f8e0bc3a992da2f14d69e758426aff5df2ab6

8 years agoMove smack files to new directory 96/64996/9
Bartlomiej Grzelewski [Tue, 5 Apr 2016 18:35:53 +0000 (20:35 +0200)]
Move smack files to new directory

All smack rules generated by security-manager will be merged to one
file. This will speed up start process as reading one big file is
much faster than opening and reading a lot of small ones.

The rules related with apps are loaded by security-manager-rules-loader
service after local-fs.target. Before local-fs.terget smack rules
related to user app are not required. We may load this rules in
service that is triggered after local-fs.target and improve systemd
start time.

Change-Id: I64c961b90ee84772815f41dceefa15b567399763

8 years agorefactoring: use common function template for getting label by libsmack 29/61929/2
Rafal Krypa [Fri, 11 Mar 2016 08:10:21 +0000 (09:10 +0100)]
refactoring: use common function template for getting label by libsmack

Merging repeated code pattern where a libsmack function is used to fetch
Smack label, the result must be wrapped into std::string and memory
allocated by libsmack safely freed.

Change-Id: I67136fc5f78fd7974d27feafb0ee2d3164df9461
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoAdd installation types (global, local, preloaded). 95/62995/11
Rafal Krypa [Wed, 20 Apr 2016 15:27:50 +0000 (17:27 +0200)]
Add installation types (global, local, preloaded).

Before this commit installation type was based on UID.
With this commit it is possible to set type of installation (global, local,
preloaded) during app installation request. If type is not specified,
and installation is performed by global user, default 'SM_APP_INSTALL_GLOBAL'
type of installation is set. Otherwise installation type is set to
'SM_APP_INSTALL_LOCAL'.

New API function avaliable:

* int security_manager_app_inst_req_set_install_type(app_inst_req *p_req,
    const enum app_install_type type)

Change-Id: I1abfff547482c7adfedc09d9832569a294752d41

8 years agoIntegrate with Cynara, clients must be privileged 24/61024/14
Rafal Krypa [Wed, 13 Apr 2016 14:55:51 +0000 (16:55 +0200)]
Integrate with Cynara, clients must be privileged

Several API functions now require the caller to hold appropriate privilege.
Ultimately new internal privileges will be created and used by security-manager.
For now, when appropriate privilege is missing, use "notexist" privilege
placeholder.

Privileges required per API:
- security_manager_app_install
  * http://tizen.org/privilege/notexist (private installation)
  * http://tizen.org/privilege/notexist (global installation)

- security_manager_app_uninstall
  * http://tizen.org/privilege/notexist (private uninstallation)
  * http://tizen.org/privilege/notexist (global uninstallation)

- security_manager_private_sharing_apply
  * http://tizen.org/privilege/notexist

- security_manager_private_sharing_drop
  * http://tizen.org/privilege/notexist

- security_manager_policy_update_send
  * http://tizen.org/privilege/notexist (for setting own policy)
  * http://tizen.org/privilege/internal/usermanagement (for setting policy for other or all)

- security_manager_get_configured_policy_for_admin
  * http://tizen.org/privilege/internal/usermanagement

- security_manager_get_configured_policy_for_self
  * http://tizen.org/privilege/notexist

- security_manager_get_policy
  * http://tizen.org/privilege/notexist (for fetching own policy)
  * http://tizen.org/privilege/internal/usermanagement (for fetching policy for other or all)

- security_manager_user_add
  * http://tizen.org/privilege/internal/usermanagement

- security_manager_user_delete
  * http://tizen.org/privilege/internal/usermanagement

Change-Id: Id67473db434b13d977fbd2fa704db3ac1bd1c32b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agodb: update schema to version 2 87/65987/4
Rafal Krypa [Thu, 14 Apr 2016 09:03:16 +0000 (11:03 +0200)]
db: update schema to version 2

Since last release database schema was modified. We now have proper tools
for handling such changes. The update to version 2 covers all schema
differences since last release.

Change-Id: I5bbc3297065468f17f28d15c28c5232c34d3507f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agodb: Add update script 73/62573/13
Lukasz Kostyra [Wed, 16 Mar 2016 15:36:47 +0000 (16:36 +0100)]
db: Add update script

The script performs update of current security-manager database
by using intermediate schema updaters (located in db/updates) and
by applying views from main db schema (db/db.sql).

Verification:
    Build with higher package version, upgrade package with rpm -Uh.
    The script will activate and update DB version on target to 1.

Change-Id: I4d185f7e47d4ae9df53349627b8f97be22ef2642
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoAdd constraint error in database logic. 49/65349/6
Krzysztof Jackiewicz [Fri, 8 Apr 2016 13:23:38 +0000 (15:23 +0200)]
Add constraint error in database logic.

[Problem] Constraint errors can't be distinguished from othes.
[Solution] Introduce constraint error, update documentation and add fix
exception handling in service_impl.cpp.

[Verification] Run tests

Change-Id: Ie16e02bdf7028fc28df0e4981d77879cb65eb3bf

8 years agoMore error messages 51/65851/4
Zbigniew Jasinski [Wed, 13 Apr 2016 14:05:05 +0000 (16:05 +0200)]
More error messages

Some error messages were missing. One could get misleading error messages.
For example, during app installation, if app directory doesn't exist,
one get "Failed getting app dir for user uid: ..."

* added more error messages
* added errno info for realpath()

Change-Id: I1cddc007b53417ca664e40a08fd60cf05adb9654
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
8 years agoUse app instead of app_pkg_view in sqlite queries 48/65348/5
Krzysztof Jackiewicz [Wed, 6 Apr 2016 14:01:27 +0000 (16:01 +0200)]
Use app instead of app_pkg_view in sqlite queries

[Problem] Few existing queries use app_pkg_view although the app itself is
sufficient.
[Solution] Use app instead of app_pkg_view in queries where possible.

[Verification] Run security-manager-tests

Change-Id: I212651e95982644004876ca426a213fd1a08bc65

8 years agosecurity-manager-policy-reload: don't print errors on image build 08/65808/2
Rafal Krypa [Tue, 12 Apr 2016 14:41:44 +0000 (16:41 +0200)]
security-manager-policy-reload: don't print errors on image build

The policy reload script, when recreating user type buckets for Cynara,
first tries to erase them and then create fresh ones. But on the first run,
during image build, there are no user type buckets in Cynara.

The error during erase is ignored by the script, as it should be, but misleading
error messages are also printed to stderr.
The error messagess should be silenced.

Change-Id: Ib09651560f15263793d758698e792a01471e1657

8 years agoAdd privilege-group mapping for iotcon 96/65296/2
jooseong lee [Fri, 8 Apr 2016 08:21:25 +0000 (17:21 +0900)]
Add privilege-group mapping for iotcon

iotcon service change server-client APIs to library.
This library need to check access to resources using DAC groups
corresponding to privileges, network.get and internet.

Refers to : https://review.tizen.org/gerrit/#/c/64715/

Change-Id: I8e23a0b25fb06f5196a1db177c1f610da09d1ecd
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoRemove unused table version 75/65175/2
Krzysztof Jackiewicz [Thu, 7 Apr 2016 14:39:37 +0000 (16:39 +0200)]
Remove unused table version

[Problem] Version table is unused
[Solution] Remove it

[Verification] Run tests

Change-Id: Ib0b3b1800a8231928e607ca83fd2386828be001b

8 years agoAdjust Cynara privileges required by privacy manager APIs 18/65118/2
Rafal Krypa [Thu, 7 Apr 2016 08:50:08 +0000 (10:50 +0200)]
Adjust Cynara privileges required by privacy manager APIs

The privilege required for administrative policy management APIs is now:
http://tizen.org/privilege/internal/usermanagement

The privilege required for self policy management by users is now:
http://tizen.org/privilege/notexist
(a place holder until proper privilege is created)

Change-Id: Ia2892af7dd6a64ba6aace8c18fb57988b08e4f82
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoRevert "Add installation types (global, local, preloaded)." 19/65119/1
Rafal Krypa [Thu, 7 Apr 2016 07:35:42 +0000 (09:35 +0200)]
Revert "Add installation types (global, local, preloaded)."

Reverting functionality for explicit setting of application type during
installation. This code must be redone to be fully compatible with old
implicit behaviour of security-manager.

This reverts commit 94a21181f58b2ab6570ff06082913c7c751e4e51.
This reverts commit 46fb8b487d05fc36959e8595c742fc10e5fc2ff2.

Change-Id: Ibf1b4e27ad2977c74436c331a6c16d3c508e9cbd

8 years agoDB: Change app ids to app names in private sharing 96/61396/4
Zofia Abramowska [Thu, 3 Mar 2016 15:55:31 +0000 (16:55 +0100)]
DB: Change app ids to app names in private sharing

Applications can be uninstalled during active private sharing.
Having foreign keys from private sharing table to application table
makes uninstallation fail.

Change-Id: Ib9217f6974e13c5542c16daa13a08288e76b9095

8 years agoRevoke subject label of uninstalled application 71/61371/4
Zofia Abramowska [Mon, 7 Mar 2016 09:46:29 +0000 (10:46 +0100)]
Revoke subject label of uninstalled application

Revoking enables better and easier cleanup of dynamic
rules for e.g. private sharing.

Change-Id: Ifbeba447b82d0576d5561c7334d42113a7d98571

8 years agoUpdate release version to 1.1.2 81/63281/1 accepted/tizen/common/20160323.184826 accepted/tizen/ivi/20160323.140558 accepted/tizen/mobile/20160323.134903 accepted/tizen/tv/20160323.135349 accepted/tizen/wearable/20160323.134947 submit/tizen/20160323.060626
Yunjin Lee [Wed, 23 Mar 2016 05:20:41 +0000 (14:20 +0900)]
Update release version to 1.1.2

Change-Id: Ic682dd5aebca3f9ea1b5591f13f24230a0df214f
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
8 years agoAdd core privilege: vpnservice, vpnservice.admin 78/63278/1
Yunjin Lee [Wed, 23 Mar 2016 05:17:46 +0000 (14:17 +0900)]
Add core privilege: vpnservice, vpnservice.admin

Change-Id: I38c52ae7e7145d61d868f2d13469e9b7d647a5c3
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
8 years agoUpdated version for release 89/62889/1 accepted/tizen/common/20160321.150442 accepted/tizen/ivi/20160322.084408 accepted/tizen/mobile/20160321.113345 accepted/tizen/tv/20160321.113417 accepted/tizen/wearable/20160321.113437 submit/tizen/20160321.014821 submit/tizen_ivi/20160322.052829
keeho.yang [Mon, 21 Mar 2016 04:40:32 +0000 (13:40 +0900)]
Updated version for release

Change-Id: I0de26fc1debe43dc915e5cb06ac8f85c2705fd21

8 years agoRevert "Revert "Fix enum."" 88/62888/2
keeho yang [Mon, 21 Mar 2016 04:31:33 +0000 (21:31 -0700)]
Revert "Revert "Fix enum.""

This reverts commit b8f55196ada616f688d6d9c3b15cd14f696bdee1.

Change-Id: I371c3be10192ec0eab0e22b9e41c05f10dae080c

8 years agoRevert "Revert "Add installation types (global, local, preloaded)."" 86/62886/1
keeho yang [Mon, 21 Mar 2016 04:27:58 +0000 (21:27 -0700)]
Revert "Revert "Add installation types (global, local, preloaded).""

This reverts commit 23a5ce599a85820625250456d1f770ffb835d46a.

Change-Id: If965ebb18f561732b2511fd0e312f10349d18bab

8 years agoRevert "Add installation types (global, local, preloaded)." 38/62738/2 accepted/tizen/common/20160318.145801 accepted/tizen/ivi/20160318.023939 accepted/tizen/mobile/20160318.023831 accepted/tizen/tv/20160318.023854 accepted/tizen/wearable/20160318.023915 submit/tizen/20160318.010420
Yunjin Lee [Fri, 18 Mar 2016 00:55:23 +0000 (17:55 -0700)]
Revert "Add installation types (global, local, preloaded)."

This reverts commit 46fb8b487d05fc36959e8595c742fc10e5fc2ff2.

Change-Id: I67496a1682467ba45a4d368ca8924804f414cc58

8 years agoRevert "Fix enum." 37/62737/2
Yunjin Lee [Fri, 18 Mar 2016 00:54:55 +0000 (17:54 -0700)]
Revert "Fix enum."

This reverts commit 94a21181f58b2ab6570ff06082913c7c751e4e51.

Change-Id: I9380fe1828eb56554a734336f64e892ec59a2cbd

8 years agoChange strerror to strerror_r for SVACE 95/62495/4
keeho.yang [Wed, 16 Mar 2016 10:30:41 +0000 (19:30 +0900)]
Change strerror to strerror_r for SVACE

Change-Id: I3c56f677042b9d4c9acbc4530ae0d3453016aceb

8 years agoFix enum. 53/62553/2 accepted/tizen/common/20160317.160102 accepted/tizen/ivi/20160317.115553 accepted/tizen/mobile/20160317.115507 accepted/tizen/tv/20160317.115519 accepted/tizen/wearable/20160317.115541 submit/tizen/20160316.235943
Zbigniew Jasinski [Wed, 16 Mar 2016 12:56:29 +0000 (13:56 +0100)]
Fix enum.

Change-Id: I809a70832f35981fb1162be3a9bbe1d3b1eb02c7

8 years agoAdd core privilege: location.coarse 60/62060/7 submit/tizen/20160316.111312
Yunjin Lee [Mon, 14 Mar 2016 06:20:59 +0000 (15:20 +0900)]
Add core privilege: location.coarse

Change-Id: I73b61261c1319ee5f00618fbd77f8d991bce6625
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
8 years agoAdd new internal privilege for inputdevice block/unblock requests 35/62435/2
jooseong.lee [Wed, 16 Mar 2016 05:44:48 +0000 (14:44 +0900)]
Add new internal privilege for inputdevice block/unblock requests

Refers to : https://review.tizen.org/gerrit/#/c/61466/

Change-Id: I7b5e72446f05a3567cff4e8092e3d8e21fe4622d
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
8 years agoAdd privilege-group mapping for mapservice 94/62394/2
Yunjin Lee [Wed, 16 Mar 2016 01:58:11 +0000 (10:58 +0900)]
Add privilege-group mapping for mapservice

Change-Id: I36c0a8be95b201176980bf6fed303a48885a01dc
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
8 years agoAdd installation types (global, local, preloaded). 12/61812/15
Zbigniew Jasinski [Thu, 10 Mar 2016 14:46:55 +0000 (15:46 +0100)]
Add installation types (global, local, preloaded).

Before this commit installation type was based on UID.
With this commit it is possible to set type of installation (global, local,
preloaded) during app installation request. If type is not specified,
and installation is performed by global user, default 'SM_APP_INSTALL_GLOBAL'
type of installation is set. Otherwise installation type is set to
'SM_APP_INSTALL_LOCAL'.

New API function avaliable:

* int security_manager_app_inst_req_set_install_type(app_inst_req *p_req,
    const enum app_install_type type)

Change-Id: I745da8fc7a7393c360ed6d281a1f729d22bb89e6

8 years agoResolve symlinks in TZ_SYS_RW_APP/TZ_USER_APP before validating app paths 39/62139/1 accepted/tizen/common/20160316.155924 accepted/tizen/ivi/20160315.122946 accepted/tizen/mobile/20160315.122847 accepted/tizen/tv/20160315.122909 accepted/tizen/wearable/20160315.122929 submit/tizen/20160315.072217
Rafal Krypa [Mon, 14 Mar 2016 13:17:18 +0000 (14:17 +0100)]
Resolve symlinks in TZ_SYS_RW_APP/TZ_USER_APP before validating app paths

Change-Id: Iefa723380df60af802e33bbeb95d4d0ebe543444
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoChange TZ_SYS_RO_SHARE from TZ_SYS_SHARE 35/61835/1 accepted/tizen/ivi/20160311.061827 accepted/tizen/mobile/20160311.061736 accepted/tizen/tv/20160311.061744 accepted/tizen/wearable/20160311.061808 submit/tizen/20160311.044055
keeho.yang [Fri, 11 Mar 2016 02:07:47 +0000 (11:07 +0900)]
Change TZ_SYS_RO_SHARE from TZ_SYS_SHARE

Change-Id: I99c921a7cfe5a03920e8787087b9d38157df851d

8 years agoSanitize naming convention for id/name of an app/pkg/author 17/60617/3
Rafal Krypa [Mon, 29 Feb 2016 10:11:23 +0000 (11:11 +0100)]
Sanitize naming convention for id/name of an app/pkg/author

Until now it was very confusing for security-manager developers what
variables like "appId" or "authorId" meant. We had a mixed convention
for both textual identifiers, supplied by API users and internal numerical
identifiers, assigned by security-manager database.

Since now a new convention is established:
- textual identifiers of application, package or author are called
  respectively: app name, pkg name and author name
- numerical identifiers, assigned by security-manager database are called
  app id, pkg id and author id

For now there remains one exception from the above rules - public headers
of libsecurity-manager-client. API function names and parameters specified
in public headers remain unchanged for backward compatibility.
We might change those too in the future.

Change-Id: Id0df5da9b68f29c6ef0969521cd02732f4f880d4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoSplit very long public header to smaller, logically consistent parts 07/60507/2
Rafal Krypa [Fri, 26 Feb 2016 15:16:36 +0000 (16:16 +0100)]
Split very long public header to smaller, logically consistent parts

The header security-manager.h is now split into the following parts:
- app-manager.h
- app-runtime.h
- app-sharing.h
- user-manager.h
- policy-manager.h

The original header includes all new headers, so depending applications don't
need to change their code.

Change-Id: I8dd56124b20e675c76daa86752ccb0cbd0126927
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoSmall fixes in functions generating Smack labels 87/60487/1
Rafal Krypa [Fri, 26 Feb 2016 13:05:34 +0000 (14:05 +0100)]
Small fixes in functions generating Smack labels

- properly release memory in SmackLabels::getSmackLabelFromSocket()
- use libsmack function in SmackLabels::getSmackLabelFromPath()

Change-Id: I837947a16dff90d84e751176cab0692cd70278c0

8 years agoRemove d2d.admin and d2d.appcontrol and Add use_ir privilege 13/60013/1 accepted/tizen/common/20160301.120646 accepted/tizen/ivi/20160223.232535 accepted/tizen/mobile/20160223.232444 accepted/tizen/tv/20160223.232456 accepted/tizen/wearable/20160223.232516 submit/tizen/20160223.085802 submit/tizen_common/20160229.190608
Yunjin Lee [Mon, 22 Feb 2016 09:02:04 +0000 (18:02 +0900)]
Remove d2d.admin and d2d.appcontrol and Add use_ir privilege

Change-Id: I2fb4ad8b4a35f498f3a27bfb882b77973ffd9b44
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
8 years agoUpdated version for release 35/59935/1 accepted/tizen/ivi/20160222.012529 accepted/tizen/mobile/20160222.012338 accepted/tizen/tv/20160222.012421 accepted/tizen/wearable/20160222.012456 submit/tizen/20160219.124039
Zbigniew Jasinski [Fri, 19 Feb 2016 12:18:13 +0000 (13:18 +0100)]
Updated version for release

Version:    1.1.0
Release:    3

Change-Id: I2ea66996980c7c61fef3c662479e04eec68c5bc9

8 years agoAdded 'nether' package as required for install. 88/57488/5
Zbigniew Jasinski [Wed, 20 Jan 2016 11:04:27 +0000 (12:04 +0100)]
Added 'nether' package as required for install.

Change-Id: Id1d90aeb108b7f5bec751006bf740fb9087b1c4b

8 years agoUpdated version for release 02/59602/1 accepted/tizen/mobile/20160217.011427 accepted/tizen/tv/20160217.011445 accepted/tizen/wearable/20160217.011505 submit/tizen/20160216.163356 submit/tizen_common/20160218.142243
Zbigniew Jasinski [Tue, 16 Feb 2016 16:29:13 +0000 (17:29 +0100)]
Updated version for release

Version:    1.1.0
Release:    2

Change-Id: I49569d258b16bc02bc920215c618afe6692184ef

8 years agoMove pkg rules to new template file. 18/59318/3
Bartlomiej Grzelewski [Thu, 11 Feb 2016 15:05:03 +0000 (16:05 +0100)]
Move pkg rules to new template file.

Change-Id: Ibc0a79a8f0d850ab47d43236a20a975186dfcfbe

8 years agoMove authors rules to new template file. 75/59075/5
Bartlomiej Grzelewski [Tue, 9 Feb 2016 11:09:36 +0000 (12:09 +0100)]
Move authors rules to new template file.

Change-Id: Ic5341e94823ef9e7be44705aeae3e5833b2b2b7b

8 years agoSimplify error codes in project. 94/58994/8
Bartlomiej Grzelewski [Fri, 5 Feb 2016 16:41:05 +0000 (17:41 +0100)]
Simplify error codes in project.

Change-Id: I8cd78e66cd0e7ebda56f148b7bc52229b73f45c4

8 years agoRemove master and slave mode. 00/58900/8
Bartlomiej Grzelewski [Thu, 4 Feb 2016 15:38:37 +0000 (16:38 +0100)]
Remove master and slave mode.

Change-Id: Ia02b2ba10deef665eea203a0147cce301d46db8c

8 years agoSecurity manager reports error druing author removal. 70/58370/5
Bartlomiej Grzelewski [Fri, 29 Jan 2016 15:24:28 +0000 (16:24 +0100)]
Security manager reports error druing author removal.

The function Step will return false if you
run DELETE command in sql language. It's not an error.

Change-Id: I7f6abdb26a5ae9e1e192f3d6477020a4a868e398

8 years agoRemove functionality for handling privilege mapping between Tizen versions 81/57181/2
Rafal Krypa [Thu, 4 Feb 2016 11:14:51 +0000 (12:14 +0100)]
Remove functionality for handling privilege mapping between Tizen versions

This functionality is now implemented in privilege-checker, where it belongs.

Change-Id: Ib6bafa0e4cf5255f6dfec72a21f9d7978e26b4de
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoAdd cleanup service for shared private paths 39/58339/18
Zofia Abramowska [Fri, 29 Jan 2016 10:39:31 +0000 (11:39 +0100)]
Add cleanup service for shared private paths

Add new systemd service, which at system startup relabels all files
shared before reboot to proper label for application pkd.
This is only required when private sharings aren't dropped before
system shutdwon.

Change-Id: Ie1b6de01c2b8a5fc02de11b67f23d3b3ff545fbf

8 years agoImplement logic of apply/drop sharing in ServiceImpl 38/58338/15
Zofia Abramowska [Fri, 29 Jan 2016 10:06:31 +0000 (11:06 +0100)]
Implement logic of apply/drop sharing in ServiceImpl

Change-Id: I23ca6948cb523c336857f80ec0530f6cfebd25bc