Pawel Polawski [Tue, 3 Sep 2013 15:23:38 +0000 (17:23 +0200)]
Implement new API for get GID and UID by cookie
[Issue#] SSDWSSP-399
[Bug/Feature] New API to security-server
[Cause] Missing API to get UID and GID by cookie
[Solution] New API added
[Verification] Compile, run tests
Change-Id: Ie6f65378a31e65840b682b3a6dc2c9ab3f931ec2
Bartlomiej Grzelewski [Wed, 4 Sep 2013 09:52:33 +0000 (11:52 +0200)]
Remove support for DPL_USE_OLD_STYLE_* environment values in RELEASE build.
This environment values will be supported in DEBUG build only:
* DPL_USE_OLD_STYLE_LOGS
* DPL_USE_OLD_STYLE_PEDANTIC_LOGS
* DPL_USE_OLD_STYLE_LOGS_MASK
This commit turn off all logs except Error logs in RELEASE build.
[Issue#] SSDWSSP-447
[Problem] Security-server generates too many logs in RELEASE build.
Debug logs may be turn on by environment values.
[Solution] Remove support for environment values.
[Verification] Successful build.
Change-Id: I557a69c007e4d916b2b2ac2f92e21572a9fb9f37
Bartlomiej Grzelewski [Mon, 9 Sep 2013 09:23:00 +0000 (11:23 +0200)]
Enabling compilation under GCC-4.8.
[Issue#] N/A
[Bug] Build break.
[Problem] Lack of header files.
Space is required between strings that will be concatenated.
Remove compilation warning.
[Solution] N/A
[Verification] Build. Run tests.
Change-Id: I7c34508a17ccd539d987d887a530959b3f257b87
Bartlomiej Grzelewski [Wed, 4 Sep 2013 16:15:49 +0000 (18:15 +0200)]
Add missing header files in cookie module.
[Issue#] N/A
[Bug] Missing include sys/smack.h in cookie module.
[Cause] N/A
[Solution] Add missing header.
[Verification] Build, run tests.
Change-Id: I66809021fd99f4fed5fe9548e9662910d958530a
Bartlomiej Grzelewski [Wed, 4 Sep 2013 12:43:33 +0000 (14:43 +0200)]
Remove deprecated and unused code.
Service responsible for function security_server_check_privileges_by_pid
was written some time ago. This commit removes old implementation of
this function.
[Issue#] SSDWSSP-424
[Bug] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build. Run all tests.
Change-Id: I69706853b0851e1c686a543b61a4e5d8d45b1b3f
Bartlomiej Grzelewski [Tue, 3 Sep 2013 12:38:30 +0000 (14:38 +0200)]
After SIGTERM security-server crashes.
[Issue#] N/A
[Problem] NULL poiter dereference in SocketManager.
[Cause] Pointer to SocketManager was not set in SignalService.
[Solution] Set pointer in SignalService.
[Verification] Run command "systemctl restart security-server.service".
Security-server should restart without any errors.
Change-Id: I79e8c581c5a1d6479509713634a81521a947bfeb
Pawel Polawski [Thu, 1 Aug 2013 13:15:43 +0000 (15:15 +0200)]
Move security server cookie API to new framework
[Issue#] SSDWSSP-365
[Bug/Feature] Rewrite cookie functions to new security-server framework
[Cause] API functions in deprecated framework
[Solution] API functions moved to the new framework
[Verification] No tests should fail
Change-Id: If0a12680c8d966a78a940c3656920da1beaf4285
Bartlomiej Grzelewski [Mon, 26 Aug 2013 12:43:15 +0000 (14:43 +0200)]
This patch enable compilation under GCC-4.8
[Issue#] N/A
[Bug] Build break under GCC-4.8
[Cause] Services does not included required header files.
[Solution] Add headers to cpp files.
[Verification] Build.
Change-Id: I114ffb5592e6c7d600c0047fc1fb2d4dbceeb913
Marcin Niesluchowski [Mon, 19 Aug 2013 14:15:20 +0000 (16:15 +0200)]
Adding cap check after smack_have_access in security-server and displaying logs
regarding this call.
[Issue#] SSDWSSP-454
[Bug/Feature] SECURE_SLOG* macros used after smack_have_access() and its wrapper
don't write messages to dlog and CAP_MAC_OVERRIDE is not checked.
[Cause] SECURE_SLOG* macros depend on TIZEN_ENGINEER_MODE flag in dlog.h
which is turned off.
[Solution] Changing SECURE_SLOG* to SEC_SVR_* and Log* macros and adding check for
CAP_MAC_OVERRIDE after smack_have_access.
[Verification] Check dlogutil for those logs.
Change-Id: I167dea72f9c1bcbcc2c4ea7008eea3a6bbbd9c82
Jan Cybulski [Thu, 25 Jul 2013 09:54:50 +0000 (11:54 +0200)]
Adapt security-server for a new libsmack API
[Issue#] SSDWSSP-433
[Bug] N/A
[Cause] Changed API of libsmack.
[Problem] Function smack_new_label_from_socket() is now returning value greater than 0 on success, not 0 as it was before.
[Solution] Changes of expected function results
[Verification] Run tests.
Change-Id: I89aa91e69fccb0091dfb1eccd2fc2d6347cfcf3b
Bartlomiej Grzelewski [Thu, 1 Aug 2013 12:07:33 +0000 (14:07 +0200)]
Turn off environment CFLAGS cleaning.
CMAKE_C_FLAGS options will overwritten default environment flags.
This commit comments out this value so default evfironment values won't
be overwritten.
[Issue#] N/A
[Bug] N/A
[Cause] Enable executable tuning for cortex-a8.
[Solution] N/A
[Verfication] Successful compilation.
Change-Id: Id582c07c45d7042b4fcab73f68bda8de21872321
Krzysztof Jackiewicz [Tue, 13 Aug 2013 08:06:31 +0000 (10:06 +0200)]
Unused code causing buildbreak removed
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Buildbreak
[Cause] Ignored return value warning
[Solution] Code causing buildbreak is unused. It has been removed.
[Verification] Succesfull compilation. Tests should pass
Change-Id: Ibf4299964c091f478de384c7b7b4f2e6186ae0dd
Conflicts:
src/server/security-server-main.c
Krzysztof Jackiewicz [Mon, 12 Aug 2013 08:03:08 +0000 (10:03 +0200)]
Fix for proc/<pid>/status line extraction crash
[Issue#] SSDWSSP-448
[Feature/Bug] N/A
[Problem] Crash during cookie creation
[Cause] Buffer overflow
[Solution] Line extraction code rewritten to use getline
[Verification] Compile and run tests.
Change-Id: Ib69bc601847c93f8ea7f21f9520fa4c0f229bf32
Bartlomiej Grzelewski [Wed, 17 Jul 2013 14:46:34 +0000 (16:46 +0200)]
Clean up after SIGTERM.
[Issue#] N/A
[Bug] N/A
[Cause] Lack of SIGTERM support.
[Problem] N/A
[Solution] Add support for SIGTERM signal.
[Verification] Use "systemctl restart security-server.service" command.
Security server should be killed and restarted.
Change-Id: Ic41957bf3aaee60afb98cae6de841a057f3ad49a
Marcin Niesluchowski [Thu, 8 Aug 2013 11:02:04 +0000 (13:02 +0200)]
Empty string password bug fixed.
[Issue#] SSDWSSP-422
[Bug/Feature] Empty password should not be set.
[Cause] N/A
[Solution] N/A
[Verification] Running ss-pasword tests from http://slp-info.sec.samsung.net/gerrit/#/c/259674/ commit.
Change-Id: I0063f8b315e0f0be2631a9d51d3834f070f3eb2c
Marcin Niesluchowski [Thu, 8 Aug 2013 17:26:18 +0000 (19:26 +0200)]
Removing bug regarding security-server first use.
[Issue#] SSDWSSP-449
[Bug/Feature] There should be difference between initiated password time and
first function call regarding password so that difference should
not cause SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER error.
[Cause] While security-server is called for the first time, it initiates
itself.
[Solution] N/A
[Verification] Running security-server ss-password tests. There should be no
error with SECURITY_SERVER_ERROR_PASSWORD_RETRY_TIMER (value -17).
Change-Id: I67243269fc8ed0476f614ab4143d81f4c12e24ee
Bartlomiej Grzelewski [Thu, 8 Aug 2013 09:46:00 +0000 (11:46 +0200)]
Reduce number of logs.
Now core of security-server2 won't log any information
about timeouts. All debug logs in socket-manager were
removed. This patch should reduce number of logs for 50%.
[Issue#] SSDWSSP-447
[Bug/Problem] Security-server generates too many logs.
[Cause] New implementation was tested.
[Solution] Decrease number of logs.
[Verification] Build, run tests.
Change-Id: I9c3cec96f1ca4899e8a95c988cd9dc56cf2d9db5
Bartlomiej Grzelewski [Wed, 31 Jul 2013 09:22:11 +0000 (11:22 +0200)]
Add support for EINTR in client.
[Issue#] N/A
[Bug] Poll did not support EINTR code. This error
may break communication between security-server and client.
[Solution] Add support for EINTR.
[Verification] Compile, run tests.
Change-Id: I0c052f3895f351adf80908db0b7c1ac826f3c0e0
Krzysztof Jackiewicz [Wed, 7 Aug 2013 11:02:16 +0000 (13:02 +0200)]
Fix for unused variable warning/error
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Buildbreak caused by unused variables
[Cause] Dlog logging macros have been recently disabled
[Solution] Variables marked as unused
[Verification] Successfull compilation
Change-Id: Idbbc5741ed14dda4484daac0edc2dbc4759c99e9
Marcin Lis [Thu, 18 Jul 2013 08:35:32 +0000 (10:35 +0200)]
Get rid of build warnings
[Issue#] SSDWSSP-397
[Bug] Several warnings was appearing during package build
[Cause] These warnings mainly concern implicit functions declarations
and comparisons between variables of different types
[Solution] Adding function declarations, header file inclusions,
explicit cast operators.
Also 'Werror' flag is added to CMakeLists.txt .
[Verification] Successful compilation & all security tests successfully
completed on target device
Change-Id: I2387b829835319354097384497abd9f1eaec9636
Bartlomiej Grzelewski [Fri, 2 Aug 2013 09:16:55 +0000 (11:16 +0200)]
Fix bug in app-permissions module.
[Issue#] N/A
[Bug/Cause] Function security_server_app_disable_permissions
did not propagate success code.
[Solution] Add return in security_server_app_disable_permissions.
[Verification] Build, run tests.
Change-Id: I389e6a65ae4f3d2e1496bf14a048274ef6263def
Radoslaw Bartosiak [Mon, 29 Jul 2013 08:10:54 +0000 (10:10 +0200)]
Fix latest prevent defects
[Issue#] SSDWSSP-435
[Bug/Feature] Unitialized scalar variable.
[Cause] Using uninitialized value "cr.pid" when calling "get_exec_path(pid_t, std::string &)".
[Solution] Change of program execution flow and logging, change unique_ptr deleter.
[Verification] Analyzing execution flow, running prevent tests.
Change-Id: Iaaf0f938e6f7111419325898436245e399d652bd
Pawel Polawski [Thu, 25 Jul 2013 13:00:48 +0000 (15:00 +0200)]
Added API for APP enable and disable permissions
[Issue#] SSDWSSP-155
[Bug/Feature] Implement API for removing/adding API feature rules from
applications SMACK profile
[Cause] Need new API
[Solution] New API added
[Verification] Compile. No new tests should fail
Change-Id: Ib6e95f32fa0cf0ebb2fdfd787b1c1f156b5a96b6
Bartlomiej Grzelewski [Tue, 30 Jul 2013 11:20:25 +0000 (13:20 +0200)]
Security-server fix.
[Issue#] N/A
[Bug/Feature] Null dereference when client closes connection while
servier is writting.
[Cause] N/A
[Problem] N/A
[Solution] Add additional check in CloseSocket function.
[Verification] Build, run tests.
Change-Id: I026b4cff31868dd72a1d221b8bffad108fcdf350
Bartlomiej Grzelewski [Fri, 19 Jul 2013 09:11:12 +0000 (11:11 +0200)]
Add LogSecure* macros.
[Issue#] SSDWSSP-392
[Bug] N/A
[Cause] N/A
[Problem] Some security-server logs must marked as "secure".
[Solution] Add support for SECURE_SLOG macro in the project.
[Verification] Run tests.
Change-Id: Ic5b4058a39ff0c1acb191871b27bafaf25f3cad7
Bartlomiej Grzelewski [Thu, 18 Jul 2013 15:35:24 +0000 (17:35 +0200)]
Add configuration for systemd.
List of changes:
* change socket name for get-get api
* add systemd configuration for get-object-name api
* remove some useless logs from services
[Issue#] N/A
[Bug/Feature] Remove deprecated logs.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests.
Change-Id: I5eed0ab203dee6d3d777f64c6bd495ea01dbd4fb
Janusz Kozerski [Fri, 19 Jul 2013 11:55:14 +0000 (13:55 +0200)]
Remove API function security_server_launch_debug_tool()
[Issue#] SSDWSSP-369
[Bug] Function give an access to run any command as root.
[Cause] Re-witing security-server.
[Solution] Remove function.
[Verification] Build, install, run tests.
Change-Id: I19f202608d54bdd70b4bfd5edc9dcba816854d68
Jan Olszak [Tue, 9 Jul 2013 10:03:56 +0000 (12:03 +0200)]
Implemented security_server_get_object_name function in new framework.
[Issue#] Function for new security-server framework.
[Bug/Feature] Get name in new security-server.
[Cause] N/A
[Solution] Reimplemented solution.
[Verification] Build, install, run tests.
Change-Id: I432170b517f4a3ee20d2db4281e18f7bd7dd449d
Zofia Abramowska [Tue, 16 Jul 2013 10:01:42 +0000 (12:01 +0200)]
Rewriting client socket privilige part and adding exec path service
[Issue#] SSDWSSP-367
[Bug/Feature] N/A
[Cause] Rewriting client API and security-server socket privilige checks
functionality to match recently written security-server services
[Solution] Rewriting client API to use new implementation of sockets,
adding new service for get execution path request
[Verification] Successful build.
Run test 'security-server-test-client-smack'
with 'regexp=sock' argument and check dlog logs whether
execution path is being properly send
(This functionality is not in ss API, so no tests for
this specific service are available)
Change-Id: I49031860de14986f73899cb8c99f061241ede39b
Bartlomiej Grzelewski [Tue, 16 Jul 2013 17:06:47 +0000 (19:06 +0200)]
Fix sendToServer function.
Security server closes connection when protocol is broken.
Client was not able to handle this situation.
[Issue#] N/A
[Bug] Client program may hang.
[Cause] sendToServer function does not support
situation when read returns 0.
[Problem] N/A
[Solution] N/A
[Verification] Run tests.
Change-Id: Ie3002ae88c6ac4b55958b4e0d2d81ca5aacd5c43
Jan Cybulski [Fri, 12 Jul 2013 07:50:23 +0000 (09:50 +0200)]
Add implementation for check_privilege_by_pid in security server 2
[Issue#] SSDWSSP-368
[Bug/Feature] Check privilege by pid via security server 2
[Cause] N/A
[Solution] Old implementation ported to new framework.
[Verification] Build, install, run tests.
Change-Id: If8937113015a435ed14c31b76f9443b39776e030
Bartlomiej Grzelewski [Fri, 12 Jul 2013 11:29:59 +0000 (13:29 +0200)]
Change log destination to system journal.
[Issue#] SSDWSSP-392
[Bug] N/A
[Cause] N/A
[Problem] Security-server logs must be saved in system.
[Solution] N/A
[Verification] Run tests.
Change-Id: I95a0db02b860c961dbea4ea55138298793a295cd
Bartlomiej Grzelewski [Thu, 11 Jul 2013 16:38:26 +0000 (18:38 +0200)]
Add socket activation for get-gid api.
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Problem] Lack of socket activation for api get-gid.
[Solution] Add support for socket activation in security-server.
[Verification] Reinstall security-server. Reboot target. Run tests.
Change-Id: Ia3f1a1630df69da85398e5f53cf34a446d79bc94
Jan Olszak [Tue, 9 Jul 2013 10:03:56 +0000 (12:03 +0200)]
Implemented security_server_get_gid function in new framework.
[Issue#] Function for new security-server framework.
[Bug/Feature] Check GID in new security-server.
[Cause] N/A
[Solution] Used old implementation with small changes.
[Verification] Build, install, run tests.
Change-Id: I3032d80dc2af8d9fa40f4aa7ab8cbf9d0daa0919
Bartlomiej Grzelewski [Mon, 8 Jul 2013 12:56:53 +0000 (14:56 +0200)]
Remove deprecated code and scripts.
Removed:
* init scripts
* deprecated lines from spec file
* remove deprecated code from old security server
[Issue#] SSDWSSP-146
[Bug] N/A
[Cause] N/A
[Problem] Security server starts twice (by systemd and init).
[Solution] Remove init scripts.
[Verification] Reinstall security-server. Reboot target. Run tests.
Change-Id: Ibac028b8b452284e7447b7fcb81b9a8927aded68
Bartlomiej Grzelewski [Fri, 5 Jul 2013 16:54:23 +0000 (18:54 +0200)]
Convert to systemd API.
- enable socket activation
- enable sn_notify (start-up completion notification).
[Issue#] SSDWSSP-146
[Bug] N/A
[Cause] N/A
[Problem] Socket activation is required in security-server.
[Solution] Add support for socket activation in security-server.
[Verification] Reinstall security-server. Reboot target. Run tests.
Change-Id: I4d8c4f79bf1979df5e9e48b24bae9725441a9a14
Bartlomiej Grzelewski [Thu, 11 Jul 2013 11:16:53 +0000 (13:16 +0200)]
Takes compilation profile from command line.
This command will start compilation with debug(-O0 -g -ggdb)
gbs lb -A armv7l --define "build_type DEBUG"
Default command will use RELEASE profile(-02 -g):
gbs lb -A armv7l
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Problem] N/A
[Solution] N/A
[Verification] Run tests.
Change-Id: Ic1388759b720aebadcfcf98dc0fbd5a73d9eb384
Bartlomiej Grzelewski [Thu, 11 Jul 2013 10:28:26 +0000 (12:28 +0200)]
Remove compilation warnings in security-server-util-common.c
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Problem] N/A
[Solution] N/A
[Verification] Run tests.
Change-Id: Ieb1dfb3d3de91a070286d6dc33cfd5d1340d0700
Zofia Abramowska [Wed, 10 Jul 2013 11:28:10 +0000 (13:28 +0200)]
Refactoring common utility functions
[Issue#] N/A
[Bug/Feature] N/A
[Cause] Some utility functions were not extracted to util source
files. It is needed to properly write new services for ss2
[Solution] Moved some functions out of main file to util file
[Verification] Successfull build
Change-Id: I31af2fe3618dd58c77be7b0e23faeeb6e25d6c32
Bartlomiej Grzelewski [Mon, 8 Jul 2013 14:46:43 +0000 (16:46 +0200)]
Remove deprecated code connected with shared memory.
[Issue#] SSDWSSP-378
[Bug] N/A
[Cause] N/A
[Problem] Some code from tutorial was release on unknown licence.
[Solution] Code was removed.
[Verification] Run tests.
Change-Id: I302d168defb16cad32d665b9046a139843fd9523
Jan Olszak [Thu, 4 Jul 2013 12:59:07 +0000 (14:59 +0200)]
Changed dlog logging buffer.
[Issue#] dlog logged in a wrong buffer.
[Bug/Feature] Recent prevent bugs need fix.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run "dlogutil -c", run tests, run "dlogutil -b main SECURITY_SERVER" (no loggs), "dlogutil -b system SECURITY_SERVER" (loggs..)
Change-Id: I8680f74ab4452469147e6f348c2a3491b9063bf7
Jan Olszak [Tue, 2 Jul 2013 13:35:52 +0000 (15:35 +0200)]
Error code for empty passwords.
[Issue] No error code for empty passwords. Needed in tests.
[Feature] N/A
[Cause] N/A
[Solution] Added error code
[Verification] Build
Change-Id: Icb1d6aacaf5b346ab2733245d7d328d48a1e03f5
Marcin Niesluchowski [Fri, 5 Jul 2013 11:27:22 +0000 (13:27 +0200)]
Fixing prevent defects in security-server
* 63411; Critical; Resource leak; In function
SecurityServer::BinaryQueue::AppendUnmanaged(
void const*,
unsigned int,
void (*)(void const*, unsigned int, void *),
void *)
in src/server2/dpl/core/src/binary_queue.cpp
* 63374; Critical; Explicit null dereferenced; In function
SecurityServer::SharedMemoryService::readOne(SecurityServer::ConnectionID const&,
SecurityServer::SocketBuffer &)
in src/server2/service/data-share.cpp
[Issue#] SSDWSSP-356
[Bug/Feature] Prevent bugs need to be fixed.
[Cause] N/A
[Solution] N/A
[Verification] Running security-server tests.
Change-Id: I816e8b50ff94470256604d37a88a400dbeac59b5
Bartlomiej Grzelewski [Wed, 3 Jul 2013 08:17:35 +0000 (10:17 +0200)]
Socket won't have any smack label when smack is turn off.
[Issue#] SSDWSSP-68
[Bug] Security-server does not work without smack.
[Cause] Smack was mandatory.
[Solution] Add runtime check for smack existance.
[Verfication] Run tests.
Change-Id: I431a2c86a6f110f5c79b3795e07f32e49759cd28
Bartlomiej Grzelewski [Mon, 20 May 2013 09:11:27 +0000 (11:11 +0200)]
Security-server refactoring.
* Rewrite shared-memory-service.
* Each service will run in own thread.
* Import log and exception modules from DPL library.
* Add serialization.
* Hide symbols in client library.
[Issue#] SSDWSSP-68
[Bug] N/A
[Cause] N/A
[Solution] N/A
[Verification] Run security-server tests.
Change-Id: Ib353c4ddaccc2f4211f2bbce74dd890956fa60de
Marcin Niesluchowski [Fri, 21 Jun 2013 12:05:25 +0000 (14:05 +0200)]
Fixing prevent defects in security-server.
* 60575; Major; Unsigned compared against 0; In function security_server_thread
in src/server/security-server-main.c
* 52113; Minor; Unchecked return value; In function security_server_thread
in src/server/security-server-main.c
[Issue#] SSDWSSP-335
[Bug/Feature] Prevent detected new defects.
[Cause] N/A
[Solution] N/A
[Verification] Running tests.
Change-Id: Ie74a957585482b3435783c9bcba4dc1e7ce13ee2
Marcin Niesluchowski [Thu, 20 Jun 2013 07:57:50 +0000 (09:57 +0200)]
Changing some error logs to warnings and turning off debug logs on security-server.
[Issue#] SSDWSSP-331
[Bug/Feature] Too many error logs. Debug logs should be turned off.
[Cause] N/A
[Solution] N/A
[Verification] Checking logs and running tests.
Change-Id: I060a891700e161064980c97a5b90c32eef47fca6
Krzysztof Jackiewicz [Fri, 24 May 2013 15:24:46 +0000 (17:24 +0200)]
Added missing handler for executable path retrieval message
[Issue#] SSDWSSP-274
[Feature/Bug] N/A
[Problem] SECURITY_SERVER_MSG_TYPE_EXE_PATH_REQUEST is not handled
[Cause] Incorrectly resolved conflict. Part of code lost.
[Solution] Missing handler restored
[Verification] Build & install. Run security-server-tests-client-smack
--regexp=tc06_check_privilege_by_sockfd. Security server logs should contain
valid executable path in lines starting with SS_SMACK. There should be no
"Unknown msg ID" message in dlog
Change-Id: I8e384e645291a0563a1ffd4ce47496742e756742
Marcin Niesluchowski [Thu, 20 Jun 2013 12:35:52 +0000 (14:35 +0200)]
All *.c and *.h files changed by stylecheck-for-git.
[Issue#] SSDWSSP-322
[Bug/Feature] Standardization of repository coding style.
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: Ife70bac31e8fb6a5b0b678dfddbee840ace8c764
Marcin Niesluchowski [Fri, 14 Jun 2013 08:51:30 +0000 (10:51 +0200)]
Fixing prevent major defects in security-server.
In file src/client/security-server-cient.c:
Major "Integer overflowed argument" in function recv_exec_path_response()
In file src/server/security-server-main.c:
Major "Integer overflowed argument" in function security_server_thread()
Major "Various" in security_server_thread()
In file src/communication/sercurity-server-comm.c:
Major "Integer overflowed argument" in function recv_pid_privilege_request()
[Issue#] SSDWSSP-306
[Bug/Feature] Fix prevent defects
[Cause] Prevent server signalizes defects
[Solution] N/A
[Verification] Running tests and checking prevent output.
Change-Id: Iff331cd34c2f3447df79118cfa449e6c37c72091
Zbigniew Jasinski [Mon, 17 Jun 2013 13:41:10 +0000 (15:41 +0200)]
Log messages refactoring continued
[Issue#] SSDWSSP-323
[Bug/Feature] Log messages refactoring
[Cause] Legal issues with prohibited words in logs (ie. password)
[Solution] Use SECURE_LOG* macro
[Verification] Compile and run. No tests should fail
Change-Id: I5ed5815d1e105f31765162460350476cba574c00
Zbigniew Jasinski [Mon, 17 Jun 2013 13:39:23 +0000 (15:39 +0200)]
Log messages refactoring continued
[Issue#] SSDWSSP-323
[Bug/Feature] Log messages refactoring
[Cause] Legal issues with prohibited words in logs (ie. password)
[Solution] Use SECURE_LOG* macro
[Verification] Compile and run. No tests should fail
Change-Id: I8997084a6fbac44b21b253fa4a8765ebf6625ae9
Zbigniew Jasinski [Mon, 17 Jun 2013 13:34:53 +0000 (15:34 +0200)]
Log messages refactoring
[Issue#] SSDWSSP-323
[Bug/Feature] Log messages refactoring
[Cause] Legal issues with prohibited words in logs (ie. password)
[Solution] Use SECURE_LOG* macro
[Verification] Compile and run. No tests should fail
Change-Id: I060ce75cc308fd1890c5b249840e19f40b833fd6
Zbigniew Jasinski [Tue, 18 Jun 2013 08:40:23 +0000 (10:40 +0200)]
Added SECURE_LOG* macro
[Issue#] SSDWSSP-323
[Bug/Feature] Log messages refactoring
[Cause] SECURE_LOG* macro added for log messages refactoring
[Solution] Added SECURE_LOG* macro
[Verification] Compile with LOG_DEBUG_ENABLED and run. No tests should fail
Change-Id: Id9181d91c3bc571bd122edbc9e641fbcca39af7e
Pawel Polawski [Mon, 20 May 2013 09:06:33 +0000 (11:06 +0200)]
Add SMACK checking for SS API
[Issue#] SSDWSSP-272
[Bug/Feature] Add SMACK checking for each SS API
[Cause] No SMACK authorization in some SS API
[Solution] Added SMACK checking for each SS API
[Verification] Compile and run. No tests should fail
Change-Id: I4043c7eddd2bab1547f48ffbaf3ab7e28101550c
Krzysztof Jackiewicz [Fri, 24 May 2013 15:24:46 +0000 (17:24 +0200)]
Executable path retrieval moved to security-server
[Issue#] SSDWSSP-274
[Feature/Bug] N/A
[Problem] security_server_check_privilege_by_sockfd should not require root privileges
[Cause] The function reads /proc/[pid]/exe
[Solution] Executable retrieval moved to security-server.
[Verification] Build & install. Run security-server-tests-client-smack --regexp=tc06_check_privilege_by_sockfd
Security server logs should contain valid executable path in lines starting with SS_SMACK
Change-Id: Ib06414e80c9ee992108b7c49b33914e9047e5871
Zbigniew Jasinski [Mon, 27 May 2013 13:10:02 +0000 (15:10 +0200)]
Rewriting search_gid to use POSIX getgrnam_r
[Issue#] N/A
[Bug] N/A
[Cause] Instead of opening /etc/group and search for group name and ID we can
use POSIX getgrnam_r
[Solution] Rewriting function to use POSIX getgrnam_r.
[Verification] Build. Run all security-server tests.
Change-Id: Ia3591db1e11c013229ffd0a725697be797e0a2f1
Janusz Kozerski [Tue, 7 May 2013 12:19:09 +0000 (14:19 +0200)]
Use function smack_pid_have_access() from libprivilege-control instead smack_have_access()
[Issue#] SSDWSSP-220
[Feature] Using function smack_pid_have_access() from libprivilege-control instead smack_have_access()
[Problem] N/A
[Cause] N/A
[Solution] N/A
[Verification] Needs http://slp-info.sec.samsung.net/gerrit/#/c/197481/. Build, install, reboot.
Change-Id: I98b651f7e52c74d794fe96818a61644ece5c9ae5
Bartlomiej Grzelewski [Fri, 17 May 2013 12:06:14 +0000 (14:06 +0200)]
Fix data control api.
Data control must return SUCCESS on images without smack.
[Issue#] SSDWSSP-277
[Bug] security-server_app_give_access returns error on image
without smack.
[Cause] On image without smack user passed "" as a client label.
"" is not acceptable smack label.
[Solution] Function security_server_app_give_access returns SUCCESS
when smack is turn off.
[Verification] Build. Run all tests. No changes in result should be
noticed on smack image.
Change-Id: I0c740ecda07e3ed97f1d409c8e597bc3b1f0b773
Krzysztof Jackiewicz [Mon, 13 May 2013 15:17:47 +0000 (17:17 +0200)]
Cookie executable path logic fixed and refactored.
[Issue#] SSDWSSP-237 / P130508-4841
[Bug] Security-server has closed unexpectedly
[Problem] N/A
[Cause] Executable paths were improperly compared and triggered pid reusage code
branch.
[Solution] Executable paths logic fixed and refactored.
[Verification] Run all security-server tests
Change-Id: I68219631378be17c980b52fa8995d9bc37d69ed7
Zofia Abramowska [Mon, 13 May 2013 14:05:38 +0000 (16:05 +0200)]
Reimplementing process_app_get_access_request
[Issue#] SSDWSSP-229
[Feature] No revoking for label given by this function
[Cause] N/A
[Solution] Rewriting function inside security-server code,
not using libprivilege-control
[Verification] Build and run tests (testcases for revoking label
may fail)
Change-Id: Ie1d682f1dc76c108da7c602c958d8db9d33519ad
Krzysztof Jackiewicz [Fri, 10 May 2013 12:53:05 +0000 (14:53 +0200)]
Thread synchronisation fixed. Proper cookie copying.
[Issue#] SSDWSSP-237
[Feature/Bug] N/A
[Problem] security server crashes
[Cause] Because of incorrect synchronisation a race condition was possible
[Solution] Synchronisation fixed. Proper cookie copying applied.
[Verification] Run all security server tests
Change-Id: I464fb0cf05ec707191c32dde8b7b3de2b0fcdeb5
Bartlomiej Grzelewski [Wed, 8 May 2013 14:29:05 +0000 (16:29 +0200)]
Add SMACK_LOG in client_has_access.
Security-server must inform that client does not have access to
some service provided by him.
Fix problem with random pid client in security-server logs.
[Issue#] SSDWSSP-226
[Bug] Security server shows rundom value as client pid.
[Cause] Function responsible for client pid extraction wass comment out.
[Solution] N/A
[Verification] Run test. Check logs. Pid of client process should be
shown correctly.
Change-Id: Ifdb0712b1d6f22a71a3e90b2264666f0ec7146da
Pawel Polawski [Thu, 9 May 2013 09:37:56 +0000 (11:37 +0200)]
Change logs in SS to correct error logs.
[Issue#] SSDWSSP-234
[Bug/Feature] Security-server SMACK dlog should be "ERROR", not info
[Cause] N/A
[Solution] Log type changed to error
[Verification] Compile and run. SS should generate both: debug and
error logs on dlog
Change-Id: I8e4c609d30cc71ab4395e85ab5bf9c6a7e97abf9
Pawel Polawski [Thu, 25 Apr 2013 13:44:25 +0000 (15:44 +0200)]
Add binary path to SMACK log
[Issue#] SSDWSSP-203
[Bug/Feature] Change logs in security_server_check_privilege_by_sockfd
[Cause] N/A
[Solution] N/A
[Verification] Compile. Run tests.
Change-Id: I6ca2cfc97bc795eefa287c82b0a826f2d6c853a9
Rafal Krypa [Fri, 3 May 2013 13:44:18 +0000 (15:44 +0200)]
Merge missing code pieces from private repository.
[Issue#] N/A
[Bug] Patches applied in different version in RSA and private repository
[Cause] Developers not careful enough about applying patches in both places
[Solution] Move missing bits of code
[Verification] Build
Change-Id: If1f65e07b44e1a2ad40f9d67f0ae211511948632
Kidong Kim [Tue, 30 Apr 2013 12:39:33 +0000 (21:39 +0900)]
remove set_pmon
Change-Id: I7ac0c26573e52e8ed70e96a32de5962168548811
Bartlomiej Grzelewski [Mon, 27 Jan 2014 16:40:05 +0000 (17:40 +0100)]
Add #ifdef SMACK_ENABLED to private code.
With this define commented, all security-server API
should work as if there was no SMACK error and SMACK
allowed for everything.
[Issue#] SSDWSSP-206 & SSDWSSP-221
[Bug] N/A
[Cause] SS should work without SMACK enabled.
[Solution] As mentioned above.
[Verification] Build with and without ADD_DEFINITIONS( -DSMACK_ENABLED ).
1. SMACK enabled system.
1.1 -DSMACK_ENABLED on: SS tests should not fail
1.2 -DSMACK_ENABLED off: Following SS tests should fail:
-client-smack:
-tc04_security_server_get_gid_client_is_not_allowed
-tc05_check_privilege_by_cookie
-tc06_check_privilege_by_sockfd
-tc07_check_privilege_by_sockfd
-label:
-tc_security_server_get_smacklabel_cookie
-server:
-tc01a_security_server_app_give_access
-tc02_check_privilege_by_pid
There should be no missing SMACK rules for security server sockets in dmesg
2. SMACK disabled system. Same results for -DSMACK_ENABLED on and off. Beside tests
failing in 1.2 all test cases using smack_accesses_apply and smack_have_access will also fail.
Change-Id: Ia1074d9da4a07e3a60878030b9b8fc3760340c73
Bumjin Im [Sat, 27 Apr 2013 05:50:41 +0000 (14:50 +0900)]
Removing authentication of middleware
Change-Id: I276c83539a09db05500539dfa600bb05a64ceae0
Zofia Abramowska [Fri, 26 Apr 2013 10:17:45 +0000 (12:17 +0200)]
Fixing klocwork bugs
[Issue#] N/A
[Bug] Bugs found by klocwork
[Cause] N/A
[Solution] N/A
[Verficiation] Build and run all tests
Change-Id: I386f3e74820c518fd0437f082246c7fa1177ced4
Bartlomiej Grzelewski [Mon, 22 Apr 2013 15:02:45 +0000 (17:02 +0200)]
Implemet data control solution for OSP apps.
Function security_server_app_give_access may be called only by
priviledge process (process must have "rw" access to
"security-server::api-data-share"). In current implemnetation security
check is made in user space. It should be moved to kernel space by
creating separate socket with "security-server::api-data-share" label.
[Issue#] SSDWSSP-177
[Bug] N/A
[Cause] OPS application need to share memory.
[Solution] Add cross rules between OSP application.
[Verification] Build.
Change-Id: Ie6bad6e924bbcd1b37af58cb7650f65bebd5d57c
Bartlomiej Grzelewski [Mon, 22 Apr 2013 15:50:14 +0000 (17:50 +0200)]
Fix process_pid_privilege_check function.
Prevent function process_pid_privilege_check from closing random socket
when something fails.
[Issue#] N/A
[Bug] N/A
[Cause] Value was not initialized.
[Solution] N/A
[Verification] Build.
Change-Id: Id77c84c9f2ac1237c56f7cd5ff00258d40680459
Pawel Polawski [Tue, 23 Apr 2013 12:45:05 +0000 (14:45 +0200)]
Change logs in security server connected to SMACK
[Issue#] SSDWSSP-203
[Feature] New logs format
[Cause] Deprecated log format
[Solution] Log format changed
[Verification] Compile, no tests should fail
Change-Id: I38d227b99e341cc76f540a7dc56c4532704ce9e3
Pawel Polawski [Thu, 18 Apr 2013 07:20:02 +0000 (09:20 +0200)]
Add debug log for smack_have_acces in security-server
[Issue#] SSDWSSP-185
[Feature] New security-server API
[Problem] N/A
[Cause] N/A
[Solution] New log message added
[Verification] Build package
Change-Id: I69df34df93a3efec58073667c9ac1a0d4cba031c
Bartlomiej Grzelewski [Tue, 9 Apr 2013 16:03:52 +0000 (18:03 +0200)]
Implemet data control solution for OSP apps.
[Issue#] SSDWSSP-177
[Bug] N/A
[Cause] OPS application need to share memory.
[Solution] Add cross rules between OSP application.
[Verification] Build.
Change-Id: I5085e5f0130ff687aaa142006837110077ba00be
Krzysztof Jackiewicz [Mon, 13 May 2013 15:17:47 +0000 (17:17 +0200)]
Cookie executable path logic fixed and refactored.
[Issue#] SSDWSSP-237 / P130508-4841
[Bug] Security-server has closed unexpectedly
[Problem] N/A
[Cause] Executable paths were improperly compared and triggered pid reusage code
branch.
[Solution] Executable paths logic fixed and refactored.
[Verification] Run all security-server tests
Change-Id: I68219631378be17c980b52fa8995d9bc37d69ed7
Conflicts:
src/server/security-server-cookie.c
Krzysztof Jackiewicz [Tue, 14 May 2013 15:31:49 +0000 (17:31 +0200)]
Fixed compilation error
[Issue#] SSDWSSP-229
[Feature/Bug] Compilation error
[Problem] N/A
[Cause] Error logs are not yet available
[Solution] Changed to debug logs
[Verification] Successfull compilation
Change-Id: I29a8268cfefc41189e4c1e218387a20a48cf9142
Zofia Abramowska [Mon, 13 May 2013 14:05:38 +0000 (16:05 +0200)]
Reimplementing process_app_get_access_request
[Issue#] SSDWSSP-229
[Feature] No revoking for label given by this function
[Cause] N/A
[Solution] Rewriting function inside security-server code,
not using libprivilege-control
[Verification] Build and run tests (testcases for revoking label
may fail)
Change-Id: Ie1d682f1dc76c108da7c602c958d8db9d33519ad
Baptiste DURAND [Tue, 26 Nov 2013 14:00:08 +0000 (15:00 +0100)]
Fix for TIVI 2222 : Add build option to enable SMACK related features
Change-Id: I2069e76a88892ada0ce401451600566028014ca8
Signed-off-by: Baptiste DURAND <baptiste.durand@eurogiciel.fr>
Jean-Benoit MARTIN [Wed, 18 Sep 2013 07:32:56 +0000 (09:32 +0200)]
Change variable type for system observer thread
The event_callback is not correctly transmitted to the system
observer thread. Change so_config into static variable
Change-Id: I7572eedcbcbaa33027841c0b7fbf588c34a5d35b
Bug-Tizen: IVI-1793
Rusty Lynch [Fri, 23 Aug 2013 17:24:42 +0000 (10:24 -0700)]
Cleanup spec and remove defunct system V startup scripts
Fix several rpmlint errors and removed the pointless startup script
from the source and all the logic for installing it in the spec
Ismo Puustinen [Thu, 22 Aug 2013 07:28:58 +0000 (10:28 +0300)]
smack API has changed; smack_new_label_from socket returns the label
length.
Patrick McCarty [Mon, 15 Jul 2013 19:18:55 +0000 (12:18 -0700)]
Fix the manifest installation
Change-Id: I32c2c22ebfb91e1ae497a807791c2703f1667c1d
Patrick McCarty [Mon, 15 Jul 2013 19:18:55 +0000 (12:18 -0700)]
Fix the manifest installation
Change-Id: I32c2c22ebfb91e1ae497a807791c2703f1667c1d
Ryan Ware [Mon, 8 Jul 2013 17:07:09 +0000 (10:07 -0700)]
Merge "resetting manifest requested domain to floor" into tizen
Alexandru Cornea [Mon, 1 Jul 2013 14:32:26 +0000 (17:32 +0300)]
resetting manifest requested domain to floor
Alexandru Cornea [Fri, 28 Jun 2013 14:38:51 +0000 (17:38 +0300)]
resetting manifest requested domain to floor
Kidong Kim [Fri, 10 May 2013 08:59:48 +0000 (17:59 +0900)]
merge back from tizen_2.1_smack
Bumjin Im [Sat, 27 Apr 2013 05:50:41 +0000 (14:50 +0900)]
[Release] security-server_0.0.73
* Removed authentication of middleware
Change-Id: I430da7b68dc2f2645082e6e82b1e35a9f8e23bbc
Krzysztof Jackiewicz [Wed, 17 Apr 2013 10:17:49 +0000 (12:17 +0200)]
[Release] security-server_0.0.72
* fixed release commit message
Change-Id: I7c56fe03e85c5b906b0aac055ab352d18f3d2b2d
Krzysztof Jackiewicz [Tue, 16 Apr 2013 15:43:46 +0000 (17:43 +0200)]
[Release] security-server-0.0.72
* prevent bugfixes
* unnecessary package dependecies removed
Change-Id: I0820cc1656b6405db68aead4cfed609ad7c86175
Bartlomiej Grzelewski [Fri, 12 Apr 2013 13:57:07 +0000 (15:57 +0200)]
Fix bugs reported by prevent.
[Issue#] N/A
[Bug] Sizeof gets wrong argument.
[Cause] N/A
[Solution] Sizeof gets type of struct now.
[Verification] Build. Run security tests.
Change-Id: I300591ae3fa1040d9f316699551b522bf222acce
Bartlomiej Grzelewski [Fri, 12 Apr 2013 14:21:11 +0000 (16:21 +0200)]
Remove package from build dependency that are not requried druing build.
[Issue#] N/A
[Bug] N/A
[Caluse] N/A
[Solution] N/A
[Verification] Build.
Change-Id: Ib13ed0a3c837b85c410633a047212042447ebe27
Krzysztof Jackiewicz [Fri, 12 Apr 2013 14:05:43 +0000 (16:05 +0200)]
Merge remote-tracking branch 'rsa/tizen_2.1' into rsa_master
Change-Id: I15d1549c23d65fa677c10065dd5880647c4a3060
Krzysztof Jackiewicz [Fri, 12 Apr 2013 13:09:56 +0000 (15:09 +0200)]
[Release] security-server_0.0.71
* Remove usage of mw-list file in security-server
Change-Id: I6c47b7f6cbe5040147be837112a50a079893d1bd
Jan Cybulski [Thu, 11 Apr 2013 06:08:02 +0000 (08:08 +0200)]
Remove usage of mw-list file in security-server
[Issue#]SSDWSSP-186
[Feature/Bug] N/A
[Problem] N/A
[Cause] N/A
[Solution] Removing hardcoded set of trusted daemon binaries.
Removing function search_middleware_exe_path and file with mw-list entries.
[Verification] Build, tests
Change-Id: I3f7bd1d37bc0b315642884801c80d3e308f78a2a
Krzysztof Jackiewicz [Tue, 2 Apr 2013 08:55:26 +0000 (10:55 +0200)]
Middleware list check fixed.
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Empty line in mw-lists matches everything.
[Cause] N/A
[Solution] Commandline replaced by executable name. Fixed comparison of
executable name with mw-list entries. Empty line removed from mw-list. 50 chars
limit removed
[Verification] Run all security server tests
Change-Id: I872ad45a4089b484a30fc4caa1759ce9d6a584e4
Junfeng [Thu, 21 Mar 2013 13:31:23 +0000 (21:31 +0800)]
Fix for 64 bit compatibility.
- Fix hardcoding path.
- Use %cmake to set default paths.
Change-Id: I102e9d18662ec001eafc48c9826405bf427f6910
Junfeng [Thu, 21 Mar 2013 13:31:23 +0000 (21:31 +0800)]
Fix for 64 bit compatibility.
- Fix hardcoding path.
- Use %cmake to set default paths.
Change-Id: I102e9d18662ec001eafc48c9826405bf427f6910
Krzysztof Jackiewicz [Fri, 29 Mar 2013 10:17:37 +0000 (11:17 +0100)]
Merge remote-tracking branch 'rsa/tizen_2.1' into rsa_master