Rafal Krypa [Wed, 25 May 2016 07:47:09 +0000 (09:47 +0200)]
Fix and generalize generation of default "apps-names" configuration files
Per user "apps-names" files are used by recently merged functionality for
app label monitor for the application launcher.
The following fixes are provided:
- Don't hardcode /etc/skel/apps_rw, generate it from tzplatform-config
- Apply Smack labels in %post instead of %install to make the labels
effective. RPM packages don't keep file xattrs, Smack labels must always
be applied in package %post or in manifest.
- Mark the files as config files to avoid overwrite of apps-names in
TZ_SYS_RW_APP when security-manager is upgraded
Change-Id: I18a3cc81fad0759b453a1c3b1b14ddea443bde56
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 23 May 2016 09:55:43 +0000 (11:55 +0200)]
Allow application directories to be placed in /etc/skel/apps_rw
For the purpose of registering paths for each user, including users that
aren't yet created, installer wants to place some initial files or
directories in /etc/skel. If installation request in security-manager is
of type SM_APP_INSTALL_GLOBAL or SM_APP_INSTALL_PRELOADED, it will now
allow such paths.
Change-Id: I270034db426dce306bc149e27099290c7c26b10d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 23 May 2016 15:43:59 +0000 (17:43 +0200)]
Introduce an interface class for tzplatform-config
Create TizenPlatrofmConfig wrapper class for tzplatform-config library.
The wrapper takes care of error checking, user context and type conversions.
Change-Id: I1bd8e7cbcd525ece909cecf4f14a9b7c6fa5d5f4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Radoslaw Bartosiak [Fri, 29 Apr 2016 14:16:22 +0000 (16:16 +0200)]
Implement API for managing list of permitted labels for launcher
Four new API functions:
- security_manager_app_labels_monitor_init
- security_manager_app_labels_monitor_finish
- security_manager_app_labels_monitor_get_fd
- security_manager_app_labels_monitor_process
They provide functionality needed for the launcher to run without
CAP_MAC_ADMIN. It will rely on new feature of Smack:
relabel-self list of labels, that a process can change its label
to without special capabilities.
The new APIs will enable the launcher to wait for changes of
apps labels list (when an app is installed or uninstalled) and
to update its relabel-list with a separate, dedicated function.
Change-Id: I1d8a7bce8c081ba27e7c388ee096c7c07005d92d
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Fri, 20 May 2016 11:55:04 +0000 (13:55 +0200)]
Simplify and fix code generating SharedRO Smack rules
Smack rules for cross-package access to SharedRO labels are now kept in
a separate file that is fully regenerated after a Tizen 2.x application
is installed or removed.
This also fixes error that the previous implementation had, with superflous
Smack rule from Tizen 2.x applications to SharedRO rule of their own pkg.
Such rules collided with rules of the same subject and object but different
access modes. Each app gets such rule for SharedRO label of own package
from app-rules-template.smack template, but with RW access. Overwrite of
such rule by cross-package RO rule lead to incorrect access.
Change-Id: I70ee47606c7548d1c0d2dee83eacaae4b64cea9c
Lukasz Pawelczyk [Thu, 12 May 2016 10:56:11 +0000 (12:56 +0200)]
Cleanup around Tizen2X apps/packages generation functions
Create two separate functions, one for apps and one for packages. This
way we remove code duplication that was there before.
Remove the exclusion rule from the "packages" part. It wouldn't even work
properly when there were more then one app from the same package and was
just confusing. Further commits in this series are about handling
possible duplicates properly.
Change-Id: I31f3cb032cb1baab2940e9847547e3d2e3921335
Lukasz Pawelczyk [Wed, 11 May 2016 12:50:27 +0000 (14:50 +0200)]
Add tizen version handling to the cmd line tool
Change-Id: I4ce2d523599131f64999f227251d31620e3f1749
Dariusz Michaluk [Mon, 2 May 2016 08:11:29 +0000 (10:11 +0200)]
Add dlog log provider. Make log backend configurable.
Change-Id: I5474b0eb641e0349d8f2c6b30080f527fe8be53d
Dariusz Michaluk [Mon, 2 May 2016 07:03:15 +0000 (09:03 +0200)]
Revert "Completely remove dlog remainings"
This reverts commit
756ca93d1b5cb1024919aae81723a7a03434c9a3.
Change-Id: Ic05a47a70cdce84b88fdd1727dff1d8747f05d9c
jooseong lee [Wed, 18 May 2016 01:50:36 +0000 (10:50 +0900)]
Release version 1.1.5
Changes:
Fixing small spelling error in db.sql, reproduction only with building new image with MIC
Require usermanagement permission for local app installation for other users
Fix the update of package cross-rules during uninstallation
Path registration requests - server side implementation
Path registration requests - client side implementation
Move author_id to pkg - server code adjustment
Move author_id to pkg - db migration
Add path registration API stub
Add privilege-group mapping for tethering.admin privilege
Change-Id: If05b9ead7643cfa971f65d680879bacb9d48030e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Tomasz Swierczek [Tue, 17 May 2016 11:34:43 +0000 (13:34 +0200)]
Fixing small spelling error in db.sql, reproduction only with building new image with MIC
At image-build time DB was created from scratch and one SQL command was broken.
Column name was fixed.
Change-Id: I9d4be97489299529a18d7345cf253ab00e2ee752
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
Rafal Krypa [Tue, 10 May 2016 16:06:50 +0000 (18:06 +0200)]
Require usermanagement permission for local app installation for other users
When installation type is set to SM_APP_INSTALL_LOCAL, but uid in the
request is different that uid of the calling user, security-manager will
now require the usermanagement permission, i.e.:
http://tizen.org/privilege/internal/usermanagement
The following API functions are affected:
- security_manager_app_install
- security_manager_app_uninstall
- security_manager_paths_register
Change-Id: Ic9e583e4da923ea391987fbb0cfff7f0abbbc2bb
Krzysztof Jackiewicz [Wed, 4 May 2016 09:26:46 +0000 (11:26 +0200)]
Fix the update of package cross-rules during uninstallation
[Problem] During app uninstallation the package rules are updated basing on the
list of apps being a part of the package. However the app being uninstalled is
not removed from this list which may generate unwanted smack rules.
[Solution] Remove uninstalled app from package contents list.
[Verification] Test is not yet implemented.
Change-Id: I867e65a996d0c797dfab9bcaaf15bbaf1a4261c4
Krzysztof Jackiewicz [Mon, 2 May 2016 09:16:16 +0000 (11:16 +0200)]
Path registration requests - server side implementation
[Feature] Provide API for package path registration
[Solution] Update server side logic.
[Verification] Run tests
Change-Id: Ie20db0c0764d48b97ef195ea422aa120f38c7125
Krzysztof Jackiewicz [Mon, 2 May 2016 07:28:33 +0000 (09:28 +0200)]
Path registration requests - client side implementation
[Feature] Provide API for package path registration.
[Solution] Add client side implementation + communication.
[Verification] Run tests. TODO prepare tests.
Change-Id: Iae9a03894a9780fb4b0a9242e278e940d2e2989d
Krzysztof Jackiewicz [Mon, 2 May 2016 10:31:58 +0000 (12:31 +0200)]
Move author_id to pkg - server code adjustment
[Problem] Author is not a feature of app anymore. Server code needs to be
adjusted.
[Solution] Get author via pkg instead of app. Rename variables and functions.
Update author's rules in existing ones if a new app with different author is
installed. Separate author rules for app from app-rules-template.smack
[Verification] Run tests (especially author related ones)
TODO: Add author update test case.
Change-Id: I8e42877170809e9e71c8c676b566119e3b16fbd5
Krzysztof Jackiewicz [Thu, 28 Apr 2016 15:26:28 +0000 (17:26 +0200)]
Move author_id to pkg - db migration
[Problem] Paths will be registered per pkg but path can be shared between apps
of the same author and the author is a feature of an app.
[Solution] Make author a feature of a pkg. Modify db accordingly and add proper
migration script.
[Verification] Install on v2 version and run tests.
Change-Id: I6a9933ec25094a92f20b76b3f72cbd4064f060c7
Krzysztof Jackiewicz [Wed, 27 Apr 2016 09:19:43 +0000 (11:19 +0200)]
Add path registration API stub
[Problem] Path registration is package specific and requires a separate
processing.
[Solution] Create API for package path registration.
[Verification] Successfull compilation
Change-Id: Ie31d756b7dc7ca9bca82305b03dd8000ba6b9bc5
jooseong lee [Wed, 11 May 2016 11:06:59 +0000 (20:06 +0900)]
Add privilege-group mapping for tethering.admin privilege
Refer to :
* https://review.tizen.org/gerrit/69079
* https://review.tizen.org/gerrit/69071
Change-Id: Idb914ceaaed4ca208e1de725a22395fd5e82b7d5
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Mon, 9 May 2016 10:29:44 +0000 (19:29 +0900)]
Release version 1.1.4
Changes:
Use wildcard user in cynara policy installing a preloaded app
Change-Id: I695c9422a1ff77c493484e18f07fcd9090a2af4e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Mon, 9 May 2016 06:19:17 +0000 (15:19 +0900)]
Use wildcard user in cynara policy installing a preloaded app
Preloaded app is a global app, which is installed in TZ_SYS_RO.
User credential in cynara app policy should be wildcard.
Change-Id: I54841d051d1e7671e23e2cecae0a1ed1a601395a
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Tomasz Swierczek [Mon, 2 May 2016 05:51:39 +0000 (07:51 +0200)]
Release version 1.1.3
Changes:
Change logic of security_manager_set_process_groups_from_appid
Don't check permissions on API calls in off-line mode
Fix implementation of filesystem.cpp
Move smack files to new directory
refactoring: use common function template for getting label by libsmack
Add installation types (global, local, preloaded).
Integrate with Cynara, clients must be privileged
db: update schema to version 2
Add constraint error in database logic.
More error messages
Use app instead of app_pkg_view in sqlite queries
security-manager-policy-reload: don't print errors on image build
Add privilege-group mapping for iotcon
Remove unused table version
Adjust Cynara privileges required by privacy manager APIs
Revert "Add installation types (global, local, preloaded)."
DB: Change app ids to app names in private sharing
Revoke subject label of uninstalled application
Change-Id: I0882ea1a261643b942e35cf528d0367599293c3d
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
Rafal Krypa [Fri, 29 Apr 2016 18:06:00 +0000 (20:06 +0200)]
Change logic of security_manager_set_process_groups_from_appid
The API function sets groups in application candidate process.
The following changes are applied:
- groups are based on privileges assigned to appId, not pkgId - don't
consider privileges granted to other apps in the package
- if the process was previously added to any group that is mapped to
a privilege and app doesn't have access to that privilege, the group
will be removed from the process
- no group will be added to the process more than once
Change-Id: Ifbb5fe48f2ad0bcc69ca00c13e6d7f2a20b148a2
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 29 Apr 2016 17:44:12 +0000 (19:44 +0200)]
Don't check permissions on API calls in off-line mode
Off-line mode was introduced to be used during image creation, when no
services are running. It enables root to perform some security-manager
operations on the client side.
But in off-line mode not only security-manager isn't running. No services
run, including cynara service. When libsecurity-manager-client tries to
check whether the off-line mode user has access to proper privilege, it
fails because cynara_check() has no off-line mode.
Permission checking in such scenario isn't required. The user is already
checked for UID 0 and even if it gets away from that check, it wouldn't be
able to perform actual operations without being super user.
Change-Id: I087bbc6b29a702a445d4498b96a950ca1e919efd
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Bartlomiej Grzelewski [Thu, 28 Apr 2016 13:06:46 +0000 (15:06 +0200)]
Fix implementation of filesystem.cpp
The function getFilesFromDirectory should not follow
links. It should return the list of files in directlry.
Change-Id: I142f8e0bc3a992da2f14d69e758426aff5df2ab6
Bartlomiej Grzelewski [Tue, 5 Apr 2016 18:35:53 +0000 (20:35 +0200)]
Move smack files to new directory
All smack rules generated by security-manager will be merged to one
file. This will speed up start process as reading one big file is
much faster than opening and reading a lot of small ones.
The rules related with apps are loaded by security-manager-rules-loader
service after local-fs.target. Before local-fs.terget smack rules
related to user app are not required. We may load this rules in
service that is triggered after local-fs.target and improve systemd
start time.
Change-Id: I64c961b90ee84772815f41dceefa15b567399763
Rafal Krypa [Fri, 11 Mar 2016 08:10:21 +0000 (09:10 +0100)]
refactoring: use common function template for getting label by libsmack
Merging repeated code pattern where a libsmack function is used to fetch
Smack label, the result must be wrapped into std::string and memory
allocated by libsmack safely freed.
Change-Id: I67136fc5f78fd7974d27feafb0ee2d3164df9461
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 20 Apr 2016 15:27:50 +0000 (17:27 +0200)]
Add installation types (global, local, preloaded).
Before this commit installation type was based on UID.
With this commit it is possible to set type of installation (global, local,
preloaded) during app installation request. If type is not specified,
and installation is performed by global user, default 'SM_APP_INSTALL_GLOBAL'
type of installation is set. Otherwise installation type is set to
'SM_APP_INSTALL_LOCAL'.
New API function avaliable:
* int security_manager_app_inst_req_set_install_type(app_inst_req *p_req,
const enum app_install_type type)
Change-Id: I1abfff547482c7adfedc09d9832569a294752d41
Rafal Krypa [Wed, 13 Apr 2016 14:55:51 +0000 (16:55 +0200)]
Integrate with Cynara, clients must be privileged
Several API functions now require the caller to hold appropriate privilege.
Ultimately new internal privileges will be created and used by security-manager.
For now, when appropriate privilege is missing, use "notexist" privilege
placeholder.
Privileges required per API:
- security_manager_app_install
* http://tizen.org/privilege/notexist (private installation)
* http://tizen.org/privilege/notexist (global installation)
- security_manager_app_uninstall
* http://tizen.org/privilege/notexist (private uninstallation)
* http://tizen.org/privilege/notexist (global uninstallation)
- security_manager_private_sharing_apply
* http://tizen.org/privilege/notexist
- security_manager_private_sharing_drop
* http://tizen.org/privilege/notexist
- security_manager_policy_update_send
* http://tizen.org/privilege/notexist (for setting own policy)
* http://tizen.org/privilege/internal/usermanagement (for setting policy for other or all)
- security_manager_get_configured_policy_for_admin
* http://tizen.org/privilege/internal/usermanagement
- security_manager_get_configured_policy_for_self
* http://tizen.org/privilege/notexist
- security_manager_get_policy
* http://tizen.org/privilege/notexist (for fetching own policy)
* http://tizen.org/privilege/internal/usermanagement (for fetching policy for other or all)
- security_manager_user_add
* http://tizen.org/privilege/internal/usermanagement
- security_manager_user_delete
* http://tizen.org/privilege/internal/usermanagement
Change-Id: Id67473db434b13d977fbd2fa704db3ac1bd1c32b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 14 Apr 2016 09:03:16 +0000 (11:03 +0200)]
db: update schema to version 2
Since last release database schema was modified. We now have proper tools
for handling such changes. The update to version 2 covers all schema
differences since last release.
Change-Id: I5bbc3297065468f17f28d15c28c5232c34d3507f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Kostyra [Wed, 16 Mar 2016 15:36:47 +0000 (16:36 +0100)]
db: Add update script
The script performs update of current security-manager database
by using intermediate schema updaters (located in db/updates) and
by applying views from main db schema (db/db.sql).
Verification:
Build with higher package version, upgrade package with rpm -Uh.
The script will activate and update DB version on target to 1.
Change-Id: I4d185f7e47d4ae9df53349627b8f97be22ef2642
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Krzysztof Jackiewicz [Fri, 8 Apr 2016 13:23:38 +0000 (15:23 +0200)]
Add constraint error in database logic.
[Problem] Constraint errors can't be distinguished from othes.
[Solution] Introduce constraint error, update documentation and add fix
exception handling in service_impl.cpp.
[Verification] Run tests
Change-Id: Ie16e02bdf7028fc28df0e4981d77879cb65eb3bf
Zbigniew Jasinski [Wed, 13 Apr 2016 14:05:05 +0000 (16:05 +0200)]
More error messages
Some error messages were missing. One could get misleading error messages.
For example, during app installation, if app directory doesn't exist,
one get "Failed getting app dir for user uid: ..."
* added more error messages
* added errno info for realpath()
Change-Id: I1cddc007b53417ca664e40a08fd60cf05adb9654
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Krzysztof Jackiewicz [Wed, 6 Apr 2016 14:01:27 +0000 (16:01 +0200)]
Use app instead of app_pkg_view in sqlite queries
[Problem] Few existing queries use app_pkg_view although the app itself is
sufficient.
[Solution] Use app instead of app_pkg_view in queries where possible.
[Verification] Run security-manager-tests
Change-Id: I212651e95982644004876ca426a213fd1a08bc65
Rafal Krypa [Tue, 12 Apr 2016 14:41:44 +0000 (16:41 +0200)]
security-manager-policy-reload: don't print errors on image build
The policy reload script, when recreating user type buckets for Cynara,
first tries to erase them and then create fresh ones. But on the first run,
during image build, there are no user type buckets in Cynara.
The error during erase is ignored by the script, as it should be, but misleading
error messages are also printed to stderr.
The error messagess should be silenced.
Change-Id: Ib09651560f15263793d758698e792a01471e1657
jooseong lee [Fri, 8 Apr 2016 08:21:25 +0000 (17:21 +0900)]
Add privilege-group mapping for iotcon
iotcon service change server-client APIs to library.
This library need to check access to resources using DAC groups
corresponding to privileges, network.get and internet.
Refers to : https://review.tizen.org/gerrit/#/c/64715/
Change-Id: I8e23a0b25fb06f5196a1db177c1f610da09d1ecd
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Krzysztof Jackiewicz [Thu, 7 Apr 2016 14:39:37 +0000 (16:39 +0200)]
Remove unused table version
[Problem] Version table is unused
[Solution] Remove it
[Verification] Run tests
Change-Id: Ib0b3b1800a8231928e607ca83fd2386828be001b
Rafal Krypa [Thu, 7 Apr 2016 08:50:08 +0000 (10:50 +0200)]
Adjust Cynara privileges required by privacy manager APIs
The privilege required for administrative policy management APIs is now:
http://tizen.org/privilege/internal/usermanagement
The privilege required for self policy management by users is now:
http://tizen.org/privilege/notexist
(a place holder until proper privilege is created)
Change-Id: Ia2892af7dd6a64ba6aace8c18fb57988b08e4f82
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 7 Apr 2016 07:35:42 +0000 (09:35 +0200)]
Revert "Add installation types (global, local, preloaded)."
Reverting functionality for explicit setting of application type during
installation. This code must be redone to be fully compatible with old
implicit behaviour of security-manager.
This reverts commit
94a21181f58b2ab6570ff06082913c7c751e4e51.
This reverts commit
46fb8b487d05fc36959e8595c742fc10e5fc2ff2.
Change-Id: Ibf1b4e27ad2977c74436c331a6c16d3c508e9cbd
Zofia Abramowska [Thu, 3 Mar 2016 15:55:31 +0000 (16:55 +0100)]
DB: Change app ids to app names in private sharing
Applications can be uninstalled during active private sharing.
Having foreign keys from private sharing table to application table
makes uninstallation fail.
Change-Id: Ib9217f6974e13c5542c16daa13a08288e76b9095
Zofia Abramowska [Mon, 7 Mar 2016 09:46:29 +0000 (10:46 +0100)]
Revoke subject label of uninstalled application
Revoking enables better and easier cleanup of dynamic
rules for e.g. private sharing.
Change-Id: Ifbeba447b82d0576d5561c7334d42113a7d98571
Yunjin Lee [Wed, 23 Mar 2016 05:20:41 +0000 (14:20 +0900)]
Update release version to 1.1.2
Change-Id: Ic682dd5aebca3f9ea1b5591f13f24230a0df214f
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 23 Mar 2016 05:17:46 +0000 (14:17 +0900)]
Add core privilege: vpnservice, vpnservice.admin
Change-Id: I38c52ae7e7145d61d868f2d13469e9b7d647a5c3
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
keeho.yang [Mon, 21 Mar 2016 04:40:32 +0000 (13:40 +0900)]
Updated version for release
Change-Id: I0de26fc1debe43dc915e5cb06ac8f85c2705fd21
keeho yang [Mon, 21 Mar 2016 04:31:33 +0000 (21:31 -0700)]
Revert "Revert "Fix enum.""
This reverts commit
b8f55196ada616f688d6d9c3b15cd14f696bdee1.
Change-Id: I371c3be10192ec0eab0e22b9e41c05f10dae080c
keeho yang [Mon, 21 Mar 2016 04:27:58 +0000 (21:27 -0700)]
Revert "Revert "Add installation types (global, local, preloaded).""
This reverts commit
23a5ce599a85820625250456d1f770ffb835d46a.
Change-Id: If965ebb18f561732b2511fd0e312f10349d18bab
Yunjin Lee [Fri, 18 Mar 2016 00:55:23 +0000 (17:55 -0700)]
Revert "Add installation types (global, local, preloaded)."
This reverts commit
46fb8b487d05fc36959e8595c742fc10e5fc2ff2.
Change-Id: I67496a1682467ba45a4d368ca8924804f414cc58
Yunjin Lee [Fri, 18 Mar 2016 00:54:55 +0000 (17:54 -0700)]
Revert "Fix enum."
This reverts commit
94a21181f58b2ab6570ff06082913c7c751e4e51.
Change-Id: I9380fe1828eb56554a734336f64e892ec59a2cbd
keeho.yang [Wed, 16 Mar 2016 10:30:41 +0000 (19:30 +0900)]
Change strerror to strerror_r for SVACE
Change-Id: I3c56f677042b9d4c9acbc4530ae0d3453016aceb
Zbigniew Jasinski [Wed, 16 Mar 2016 12:56:29 +0000 (13:56 +0100)]
Fix enum.
Change-Id: I809a70832f35981fb1162be3a9bbe1d3b1eb02c7
Yunjin Lee [Mon, 14 Mar 2016 06:20:59 +0000 (15:20 +0900)]
Add core privilege: location.coarse
Change-Id: I73b61261c1319ee5f00618fbd77f8d991bce6625
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jooseong.lee [Wed, 16 Mar 2016 05:44:48 +0000 (14:44 +0900)]
Add new internal privilege for inputdevice block/unblock requests
Refers to : https://review.tizen.org/gerrit/#/c/61466/
Change-Id: I7b5e72446f05a3567cff4e8092e3d8e21fe4622d
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
Yunjin Lee [Wed, 16 Mar 2016 01:58:11 +0000 (10:58 +0900)]
Add privilege-group mapping for mapservice
Change-Id: I36c0a8be95b201176980bf6fed303a48885a01dc
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Zbigniew Jasinski [Thu, 10 Mar 2016 14:46:55 +0000 (15:46 +0100)]
Add installation types (global, local, preloaded).
Before this commit installation type was based on UID.
With this commit it is possible to set type of installation (global, local,
preloaded) during app installation request. If type is not specified,
and installation is performed by global user, default 'SM_APP_INSTALL_GLOBAL'
type of installation is set. Otherwise installation type is set to
'SM_APP_INSTALL_LOCAL'.
New API function avaliable:
* int security_manager_app_inst_req_set_install_type(app_inst_req *p_req,
const enum app_install_type type)
Change-Id: I745da8fc7a7393c360ed6d281a1f729d22bb89e6
Rafal Krypa [Mon, 14 Mar 2016 13:17:18 +0000 (14:17 +0100)]
Resolve symlinks in TZ_SYS_RW_APP/TZ_USER_APP before validating app paths
Change-Id: Iefa723380df60af802e33bbeb95d4d0ebe543444
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
keeho.yang [Fri, 11 Mar 2016 02:07:47 +0000 (11:07 +0900)]
Change TZ_SYS_RO_SHARE from TZ_SYS_SHARE
Change-Id: I99c921a7cfe5a03920e8787087b9d38157df851d
Rafal Krypa [Mon, 29 Feb 2016 10:11:23 +0000 (11:11 +0100)]
Sanitize naming convention for id/name of an app/pkg/author
Until now it was very confusing for security-manager developers what
variables like "appId" or "authorId" meant. We had a mixed convention
for both textual identifiers, supplied by API users and internal numerical
identifiers, assigned by security-manager database.
Since now a new convention is established:
- textual identifiers of application, package or author are called
respectively: app name, pkg name and author name
- numerical identifiers, assigned by security-manager database are called
app id, pkg id and author id
For now there remains one exception from the above rules - public headers
of libsecurity-manager-client. API function names and parameters specified
in public headers remain unchanged for backward compatibility.
We might change those too in the future.
Change-Id: Id0df5da9b68f29c6ef0969521cd02732f4f880d4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 26 Feb 2016 15:16:36 +0000 (16:16 +0100)]
Split very long public header to smaller, logically consistent parts
The header security-manager.h is now split into the following parts:
- app-manager.h
- app-runtime.h
- app-sharing.h
- user-manager.h
- policy-manager.h
The original header includes all new headers, so depending applications don't
need to change their code.
Change-Id: I8dd56124b20e675c76daa86752ccb0cbd0126927
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 26 Feb 2016 13:05:34 +0000 (14:05 +0100)]
Small fixes in functions generating Smack labels
- properly release memory in SmackLabels::getSmackLabelFromSocket()
- use libsmack function in SmackLabels::getSmackLabelFromPath()
Change-Id: I837947a16dff90d84e751176cab0692cd70278c0
Yunjin Lee [Mon, 22 Feb 2016 09:02:04 +0000 (18:02 +0900)]
Remove d2d.admin and d2d.appcontrol and Add use_ir privilege
Change-Id: I2fb4ad8b4a35f498f3a27bfb882b77973ffd9b44
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Zbigniew Jasinski [Fri, 19 Feb 2016 12:18:13 +0000 (13:18 +0100)]
Updated version for release
Version: 1.1.0
Release: 3
Change-Id: I2ea66996980c7c61fef3c662479e04eec68c5bc9
Zbigniew Jasinski [Wed, 20 Jan 2016 11:04:27 +0000 (12:04 +0100)]
Added 'nether' package as required for install.
Change-Id: Id1d90aeb108b7f5bec751006bf740fb9087b1c4b
Zbigniew Jasinski [Tue, 16 Feb 2016 16:29:13 +0000 (17:29 +0100)]
Updated version for release
Version: 1.1.0
Release: 2
Change-Id: I49569d258b16bc02bc920215c618afe6692184ef
Bartlomiej Grzelewski [Thu, 11 Feb 2016 15:05:03 +0000 (16:05 +0100)]
Move pkg rules to new template file.
Change-Id: Ibc0a79a8f0d850ab47d43236a20a975186dfcfbe
Bartlomiej Grzelewski [Tue, 9 Feb 2016 11:09:36 +0000 (12:09 +0100)]
Move authors rules to new template file.
Change-Id: Ic5341e94823ef9e7be44705aeae3e5833b2b2b7b
Bartlomiej Grzelewski [Fri, 5 Feb 2016 16:41:05 +0000 (17:41 +0100)]
Simplify error codes in project.
Change-Id: I8cd78e66cd0e7ebda56f148b7bc52229b73f45c4
Bartlomiej Grzelewski [Thu, 4 Feb 2016 15:38:37 +0000 (16:38 +0100)]
Remove master and slave mode.
Change-Id: Ia02b2ba10deef665eea203a0147cce301d46db8c
Bartlomiej Grzelewski [Fri, 29 Jan 2016 15:24:28 +0000 (16:24 +0100)]
Security manager reports error druing author removal.
The function Step will return false if you
run DELETE command in sql language. It's not an error.
Change-Id: I7f6abdb26a5ae9e1e192f3d6477020a4a868e398
Rafal Krypa [Thu, 4 Feb 2016 11:14:51 +0000 (12:14 +0100)]
Remove functionality for handling privilege mapping between Tizen versions
This functionality is now implemented in privilege-checker, where it belongs.
Change-Id: Ib6bafa0e4cf5255f6dfec72a21f9d7978e26b4de
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Zofia Abramowska [Fri, 29 Jan 2016 10:39:31 +0000 (11:39 +0100)]
Add cleanup service for shared private paths
Add new systemd service, which at system startup relabels all files
shared before reboot to proper label for application pkd.
This is only required when private sharings aren't dropped before
system shutdwon.
Change-Id: Ie1b6de01c2b8a5fc02de11b67f23d3b3ff545fbf
Zofia Abramowska [Fri, 29 Jan 2016 10:06:31 +0000 (11:06 +0100)]
Implement logic of apply/drop sharing in ServiceImpl
Change-Id: I23ca6948cb523c336857f80ec0530f6cfebd25bc
Zofia Abramowska [Wed, 27 Jan 2016 11:59:18 +0000 (12:59 +0100)]
Add dummy support for apply/drop sharing rules in Master
Add new MasterReq functions for sending Smack rules request
to Master service and dummy handling on Master service side.
Change-Id: I638be66e61f06686a1ffc7d6c15c3e3bcfe991ae
Zofia Abramowska [Tue, 26 Jan 2016 18:06:42 +0000 (19:06 +0100)]
Add dummy handling of apply/drop sharing in server
Change-Id: I64dbb7a18296a09617bdbad82794ec246ae716c9
Zofia Abramowska [Thu, 28 Jan 2016 14:36:40 +0000 (15:36 +0100)]
Support labeling shared private paths
Created labels are unique per path by using crypt()
with salt generated from owner package id and path passed as
parameters.
Added getting smack label from file, this will be required to
ascertain that path is a private path of application.
Change-Id: Id82ee50249795be4158acecc6c377e1390ae2d85
Zofia Abramowska [Fri, 29 Jan 2016 14:58:26 +0000 (15:58 +0100)]
Add default empty authorsId to setupPath
Change-Id: I7e11e6eeab09b7db372003f832f89f38fe0074cf
Zofia Abramowska [Wed, 27 Jan 2016 18:47:07 +0000 (19:47 +0100)]
Support rules for apply/drop sharing in SmackRules
Change-Id: I25c25853dd8af6c77b554505fc9f5d0231fea389
Zofia Abramowska [Tue, 26 Jan 2016 15:27:53 +0000 (16:27 +0100)]
Support private sharing in PrivilegeDb
Add proper methods in PrivilegeDb class for handling application
private path sharing.
Change-Id: I280ade4fb8daea7c4f2eac7355bcfa0a1ece73f3
Zofia Abramowska [Tue, 26 Jan 2016 11:13:17 +0000 (12:13 +0100)]
Add private sharing to sqlite database
This patch introduces changes to database schema required to store
information about private path sharing.
Change-Id: I5c31decb1af2e062e5fb23108ffc9236c82763b6
Zofia Abramowska [Mon, 25 Jan 2016 15:05:32 +0000 (16:05 +0100)]
Add dummy API for private sharing apply/drop
This patch introduces new client API for sharing private files
between two applications. New request type is added : private_sharing_req,
and functions to send new request to server:
* security_manager_private_sharing_apply()
* security_manager_private_sharing_drop()
Change-Id: Ia718a9bb5abeb1dfe886149985b7515242900fa3
Bartlomiej Grzelewski [Fri, 29 Jan 2016 10:04:47 +0000 (11:04 +0100)]
Support for removing application.
Change-Id: Ic36c335fcd1f7e2f56f1db7d56cb1d1329e52823
Bartlomiej Grzelewski [Tue, 26 Jan 2016 14:13:39 +0000 (15:13 +0100)]
Support SECURITY_MANAGER_PATH_TRUSTED_RW during installation.
All trusted paths should be properly labelled after package
installation.
Change-Id: I766aa029d1f1e85e84ebc388ded389620faa757c
Bartlomiej Grzelewski [Fri, 29 Jan 2016 13:47:54 +0000 (14:47 +0100)]
Store author information in database.
Change database schema. New schema will allow to store author
information. Change implementaion of privilege. It is able
to insert author information to database.
Change-Id: I5b16e76dd7d9a1896f63120fbe6928e634b08898
Krzysztof Jackiewicz [Tue, 19 Jan 2016 11:25:55 +0000 (12:25 +0100)]
Add author id serialization
[Verification] Run tests
Change-Id: I07ffd72cc951ac669a9eac22f6cb72804392738c
Krzysztof Jackiewicz [Wed, 13 Jan 2016 13:31:13 +0000 (14:31 +0100)]
Prepare API stubs for trusted/shared path support
[Verification] Compile & run tests.
Change-Id: I8ba2d7fe641292b5d10d2eb90b71059690bde9a9
Maciej J. Karpiuk [Tue, 26 Jan 2016 12:26:14 +0000 (13:26 +0100)]
shared folder backward compatibility
Added support for declaring specific shared folder for 2.X apps only.
Added support for installing apps with declared target tizen API type.
When installing app, the package shared folder gets specific label.
The owner application has RWX rules to it's shared folder.
All other applications get no access if are targetted to Tizen 3.0 version,
or RO access when are targetted to Tizen 2.X.
If the installed app is targetted to Tizen 2.X version, it get rules to shared
folders of other 2.X packages.
Change-Id: Ibffebc824176874e627c3f84e51718de1457357a
Rafal Krypa [Fri, 15 Jan 2016 15:17:48 +0000 (16:17 +0100)]
Introduce API for checking application privileges based on app_id
New API security_manager_app_has_privilege() will enable privilege checks
against applications that are not running at the moment and cannot be
checked against a running process.
The function checks permission against Cynara database, while using a
proper application identifier (Smack label) derived from app_id.
Change-Id: I9ef82896fecf3ac7a20324155f9e7f130c2a071b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 19 Jan 2016 11:26:38 +0000 (12:26 +0100)]
cynara: fix casting Cynara answer into bool type
Cynara check API returns either CYNARA_API_PERMISSION_DENIED (=1)
CYNARA_API_PERMISSION_ALLOWED (=2). This was badly cast in
SecurityManager::Cynara class to bool type, causing both return values
to be interpreted as true.
Change-Id: I5c96cfab5156e7aae81103cf8cf0d91d1b8293ab
Adam Malinowski [Tue, 29 Sep 2015 06:16:11 +0000 (08:16 +0200)]
Add 'socket/pid to appId and pkgId' functionality
This patch introduces client functions for obtaining package Id
and application Id of an application with given socket descriptor
or process identifiers.
To test this functionality run tests added in patch:
https://review.tizen.org/gerrit/#/c/48887/
Change-Id: Ib9bd924563ea932ecf64d421f90bc3dde3bb38ec
Rafal Krypa [Thu, 14 Jan 2016 16:29:33 +0000 (17:29 +0100)]
security-manager-cmd: adjust acceptable path types to supported values
Change-Id: Ife4354fd2b892ae46658fa8886f2c3599d3ed316
Janusz Kozerski [Wed, 9 Dec 2015 15:29:43 +0000 (16:29 +0100)]
Fix issue with mutiple install the same app for different users
If the same application has been installed for more than one user,
then while uninstallation Smack rule file should remain in the system
until the last "instance" of application is present.
Change-Id: Ice8b1b7afe036028efcabf5a77732db0811763c4
Rafal Krypa [Wed, 23 Dec 2015 08:39:23 +0000 (09:39 +0100)]
Fix security-manager-policy-reload erasing existing entries
The policy reload script, while reloading user type buckets, used to
unintentionally erase existing entries mapping users to user types.
This was caused by the way in which user type buckets were reloaded:
by removing the bucket and recreating it with intended contents.
Erasing the bucket is wrong - it also erases all links to it.
Changing the reload mechanism to clean the bucket instead.
Change-Id: I6279b2f75d1b7136679edf228d89eb2b001bd76b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Patrick Ohly [Wed, 19 Aug 2015 13:02:32 +0000 (15:02 +0200)]
security-manager-policy-reload: do not depend on GNU sed
\U (= make replacement uppercase) is a GNU sed extension which is not
supported by other sed implementation's (like the one from
busybox). When using busybox, the bucket for user profiles became
USER_TYPE_Uadmin instead USER_TYPE_ADMIN.
To make SecurityManager more portable, better use tr to turn the
bucket name into uppercase.
Change-Id: I425256d3e9bd6619678763cbe1657e926116d48d
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Patrick Ohly [Tue, 24 Mar 2015 11:54:03 +0000 (04:54 -0700)]
systemd: stop using compat libs
libsystemd-journal and libsystemd-daemon are considered obsolete
in systemd since 2.09 and may not be available (not compiled
by default).
The code works fine with the current libsystemd, so just
use that.
Change-Id: I5a272bc3ad1e93dd3bb5001b537a134a4ef856bc
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
José Bollo [Fri, 8 Jan 2016 15:53:46 +0000 (16:53 +0100)]
socket-manager: removes tizen specific call
The function 'smack_fgetlabel' is specific to Tizen
and is no more maintained upstream.
Change-Id: I3802742b1758efe37b33e6d968ff727d68f2fd1f
Signed-off-by: José Bollo <jobol@nonadev.net>
jooseong.lee [Mon, 21 Dec 2015 04:50:33 +0000 (13:50 +0900)]
Add new native privileges(d2d.admin, d2d.appcontrol, d2d.datasharing)
Refers to: https://review.tizen.org/gerrit/#/c/54954/
Change-Id: I967d6ee7045854a7621212ee42e72a78bd26fdad
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
jooseong.lee [Thu, 17 Dec 2015 07:52:25 +0000 (16:52 +0900)]
Add privilege-group mapping for message.read privilege
Refer to :
https://review.tizen.org/gerrit/#/c/54684/
Change-Id: Ida34724ac3ad1eece34110ef56de17c855b1757a
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
Yunjin Lee [Mon, 7 Dec 2015 07:53:49 +0000 (16:53 +0900)]
Apply ASLR on security-manager
Change-Id: I80bc8cb24195db96f98dd7d50fa71fa1ce315fc4
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jooseong.lee [Thu, 26 Nov 2015 10:21:53 +0000 (19:21 +0900)]
Fix getting a zone name from gid
Assume there are no containers if cpuset dosen't present
Change-Id: If97fd885595a3ace9691fe2ad88ec4219f43909f
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
Oskar Świtalski [Thu, 19 Nov 2015 13:26:55 +0000 (14:26 +0100)]
Fix klocwork issues
Change-Id: I3f3df9132638e4690ebd6b133c5458867fd52404
Signed-off-by: Oskar Świtalski <o.switalski@samsung.com>
Radoslaw Bartosiak [Tue, 6 Oct 2015 15:37:30 +0000 (17:37 +0200)]
Add privilege-group mapping for four privileges
According to Tizen security policy, services might be allowed to check
access to resources using DAC groups corresponding to privileges
https://wiki.tizen.org/wiki/Security/User_and_group_ID_assignment_policy.
This commit introduces mapping between groups and privileges needed by
libmm-camcorder and media-content projects.
Change-Id: I8763bb83a8b294c05b4623c0a921e739d3be7bc5
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
projects / platform / core / security / security-manager.git / log