add smack rules

add new smack rule for WRT

[Release] libprivilege-control_0.0.32.TIZEN

* Fix bugs reported by prevent tool.
* Sensitive information will be loged with SECURE_LOGE instead of C_LOGD.

Change-Id: If57c46e699868c644018a9488c8a85f4ddd217ca

add smack default rules

Fixing prevent critical defects in libprivilege-control and some log messages.
Critical "Explicit null dereferenced" in function add_api_feture() in src/privilege-control.c fixed.
Critical "Explicit null dereferenced" in function get_all_ids_internal() in src/access-db.c
seems to be false warning.

[Issue#]        SSDWSSP-306
[Bug/Feature]   Fix prevent defects
[Cause]         Prevent server signalizes defects
[Solution]      N/A
[Verification]  Running tests and checking prevent output.

Change-Id: Ia0e407428629ddaa7da3df4a672e00cc0cd6bcf6

Log messages refactoring

Also fixed segfault in message logging

[Issue#]        SSDWSSP-323
[Bug/Feature]   Log messages refactoring
[Cause]         Legal issues with prohibited words in logs (ie. password)
[Solution]      Use SECURE_LOG* macro
[Verification]  Compile with LOG_DEBUG_ENABLED and run. No tests should fail

Change-Id: I760846428d8708cce5a1beeb88fd2bfdcbaa1a57

add smack rules for WRT app

Merge "Added SECURE_LOG* macro"

Added SECURE_LOG* macro

[Issue#]        SSDWSSP-323
[Bug/Feature]   Log messages refactoring
[Cause]         SECURE_LOG* macro added for log messages refactoring
[Solution]      Added SECURE_LOG* macro
[Verification]  Compile with LOG_DEBUG_ENABLED and run. No tests should fail

Change-Id: Id2926d7a880f83c890f597aead7adc73b9e0dc72

add smack rules for WRT app

add smack rule of OSP apps for e17

[Release] libprivilege-control_0.0.31.TIZEN

* Another release because previous one was not triggered

Change-Id: Ibc371f520e73c9a49e0f8a35906ae222bb54d59c

[Release] libprivilege-control_0.0.30.TIZEN

* Remaining smack_accesses_add replaced with smack_accesses_add_modify

Change-Id: I57e3bcc96adc4928d23a990b893e074a1a5d35cc

Added missing part of fix for rule overwriting issue

[Issue#]       N/A
[Bug]          Some rules in apps rule file were overwriting rules
[Cause]        smack_accesses_add used instead of smack_accesses_add_modify. Not all required changes from
86da6484f2e4cad76565b8ddac0d126e3b5327fb have been applied on rsa.
[Solution]     changed function
[Verification] Install FtApp and see if rules for aospd* label are rx or rwx (should be latter)

Change-Id: Ic863b013b069e9a97d3b04e79c84f5c1a54f1f2a

add new rules for OSP app

add smack rules

fix rules and labeling on db

add smack rules for app-package::db

Merge rsa/tizen_2.2 into rsa/master

Change-Id: Ia2e52cf82801cc5bae0575bf53991d0340a5054f

[Release] libprivilege-control_0.0.29.TIZEN

* Fixed creation of rule sets with missing ----- (change-rule interface)
* New app_type_t values (partner and platform)
* Add error logs in app_give_access.
* Add implementation for appsetting privilege
* Change parameter names app_id to pkg_id in API functions
* Comment to app_revoke_permissions() changed.
* Fast boot optimization
* Add value APP_PATH_ANY_LABEL to enum app_path_type_t.
* Fixing Rule Loading fail for livebox apps on next reboot

Change-Id: Iff3099b508c2927f6c8c4eddcf55fa730a08d0c1

Fixing Rule Loading fail for livebox apps on next reboot

[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Solution] Fixing Rule Loading fail for livebox apps on next reboot

Change-Id: Ia99c5d3bbb0c207a226fe7c70c1bc7652f431746

synchronize OSP/WRT rules with private repository

synchronize OSP/WRT rules with private repository

Add value APP_PATH_ANY_LABEL to enum app_path_type_t.

[Issue#]   SSDWSSP-307
[Bug]      N/A
[Cause]    Some directories must be set up by installer manually.
[Solution] N/A

[Verification] Run libprivilege-control tests.

Change-Id: Iff482d43b6f5e08603a0c74820b713f8e8def5c9

Fast boot optimization

[Issue#]       SSDWSSP-295
[Feature]      Rules for each app are now loaded while first run of the application.
[Cause]        N/A
[Solution]     N/A

[Verification] Build, install, reboot target. Run libprivilege-control tests.

Change-Id: I11b2c1738a4cfb7770fc680dbc02c88435e995f7

Comment to app_revoke_permissions() changed.

[Issue#]        SSDWSSP-260
[Bug/Feature]   Comment to app_revoke_permissions() was not consistent with actual function requirements.
[Cause]         N/A
[Solution]      N/A
[Verification]  N/A

Change-Id: I639247fa2af81d4adb1a153d193e94f48b1edc83

Change parameter names app_id to pkg_id in API functions

        [Issue#]        SSDWSSP-290
        [Bug/Feature]   N/A
        [Cause]         N/A
        [Solution]      N/A
        [Verification]  Build, run libprivilege tests.

Change-Id: I27a44c9c7a1491b0ff2c3827d76bf1eea4b2e2f2

Add implementation for appsetting privilege

    [Issue#]        SSDWSSP-241
    [Bug/Feature]   Implement an unique feature for an appsetting privilege.
                    The privilege should give RWX access to all registered
                    setting folders and RX access to all applications.
    [Cause]         N/A
    [Solution]      Change in app_add_permissions_internal.
    [Verification]  Run libprivilege tests.
                    Test privilege_control16_appsettings_privilege should pass

Change-Id: Icdb2b6dc44395ec7a723064bc2db56ef634e609d

Add error logs in app_give_access.

[Issue#]   SSDWSSP-226
[Bug]      N/A
[Cause]    N/A
[Solution] N/A

[Verification] Successful compilation. Run test.

Change-Id: I7bb100c39a6fb139414a88e72a73c60282f4168f

privilege-control.c and privilege-control.h extended by new app_type_t values. New WRT_partner.smack, WRT_platform.smack, OSP_partner.smack and OSP_platform.smack created from WRT.smack and OSP.smack.

[Issue#]        SSDWSSP-270
[Bug/Feature]   Change app_enable_permissions() input app type - extend to new app types.
[Cause]         N/A
[Solution]      N/A
[Verification]  Creating and running tests for new app types.

Change-Id: I4c5525d2dfc9c626b07a8dae33f073db7460ce9c

Fixed creation of rule sets with missing ----- (change-rule interface)

[Issue#]       N/A
[Bug]          Some rules in apps rule file were overwriting rules
[Cause]        smack_accesses_add used instead of smack_accesses_add_modify
[Solution]     changed function
[Verification] Install FtApp and see if rules for aospd* label are rx or rwx (should be latter)

Change-Id: I66e2cae21865bd4be1b885df8d958a5fa0409d52

Conflicts:

src/privilege-control.c

[Release] libprivilege-control_0.0.28.TIZEN

* smack_pid_have_access and get_smack_label_from_process added.
* special handling for http://tizen.org/privilege/antivirus
* New API for labeling directories and files
* Changing way of mapping feature to file name
* refactoring

Change-Id: I0eb10d8dd99178c226cb678263d2026e459f7fb1

Changing way of mapping feature to file name

[Issue#] SSDWSSP-292
[Feature] Supporting wider variety of feature names
[Cause] Previously there was no difference in mapping features
named like http://<something>/feature.name, no matter what
<something> was. This isn't proper anymore.
[Solution] Mapping whole feature name to file name
[Verification] Build. Run tests. Test for adding api features will fail.

Change-Id: I4c459e845215c7dcab522a415a560e86936b057a

New API for labeling directories and files.

[Issue#]       SSDWSSP-240
[Feature]      New API for labeling directories and files
[Cause]        Redesigned with new requested feature implementation
[Solution]     Provide new function app_setup_path(), deprecate app_label_dir(), app_label_shared_dir() and app_add_shared_dir_readers()
[Verification] Build, install, reboot target. Run libprivilege-control tests.

Change-Id: I9e8ad0c279fc8edfe2ef3764382d6726f5615dcc

Code refactoring, new internal function for adding single rule for an application.

[Issue#]       N/A
[Feature]      New static function app_add_rule()
[Cause]        The same functionality implemented in several places.
[Solution]     Refactoring for better code reuse.
[Verification] Build, install, reboot target. Run libprivilege-control tests.

Change-Id: Id76ae8a435e38092c219ed40b65b11b0f4690b42

Implement special handling for tizen.org/privilege/antivirus

[Issue#]        SSDWSSP-239
[Bug/Feature]   Implement special handling for http://tizen.org/privilege/antivirus
[Cause]         app_register_av() is deprecated.
[Solution]      N/A
[Verification]  Build, install. Install apps.installer.rpm from task (in CAM), and try to install McAfee anti virus (in CAM).

Change-Id: Icd2ba4f8385dedc53fe1e380bef1463e228bcc2e

Merge remote-tracking branch 'rsa/tizen_2.1' into rsa_master

Add API functions smack_pid_have_access and get_smack_label_from_process.

[Issue#]   SSDWSSP-220
[Feature]  Add new function: smack_pid_have_access. This function calls smack_have_access, and if there's no access granted then check if process have CAP_MAC_OVERRIDE.
[Problem]  N/A
[Cause]    N/A
[Solution] N/A

[Verification] Build, install.

Change-Id: If319fd7b176d9a7e1ecb38458f6178e5e7f9865c

[Release] libprivilege-control_0.0.27.TIZEN

* Executable link labeling. API deprecation.

Change-Id: Ie9669c42b31aa066fc9955c80c282bcb41f9d04d

Revert "Fixing app_revoke_internal() used by app_revoke_permissions()"

This reverts commit 8b61c02bade31201966fdeb822569b2b5c2da5b3

add new smack rule

WRT binary link handling updated.

[Issue#] N/A
[Feature/Bug] N/A
[Problem] WRT application label should be retrieved from link to executable
xattrs. Currently widget_id is the label.
[Cause] N/A
[Solution] Smack label is retrieved from link to executable. app_label_dir
has been modified to label links to executable files with proper exec label.

[Verification] Run libprivilege-control-test. Reboot, install a widget and
launch it. http://slp-info.sec.samsung.net/gerrit/#/c/204855/

Change-Id: Iae87854283989f0d3ff0b76c9092c10654f47c7c

Fixing app_revoke_internal() used by app_revoke_permissions()

[Issue#]        SSDWSSP-260
[Bug/Feature]   Libprivilege-control tests fail
[Cause]         N/A
[Solution]      N/A
[Verification]  Running tests

Change-Id: I72f654279998f4622ce2a9564580242b29ec9d80

Marking app_give_access & app_revoke_access as deprecated

[Issue#] SSDWSSP-229
[Bug/Feature] N/A
[Cause] Reimplementing process_app_give_access in security-server
[Solution] N/A
[Verification] Successful build

Change-Id: Id81146bc2892353ec2f55976a4d77077d2744e43

add rule for wrt_launchpad_daemon

Adjusting Rules for boolmark

add smack rules for sdcard

add smack rules for osp/web app

Merge "Update .smack files 2" into tizen_2.1

Update .smack files 2

add new rules for system::share

[Release] libprivilege-control_0.0.26.TIZEN

* Added rules for OSP/WRT apps for app_give_access API usage in security-server

Change-Id: Ia529d15219f89d53f27c504b9715207acf1f8ab0

Added rules for OSP/WRT apps for app_give_access API usage in security-server

[Issue#]        TDIS-5744
[Bug/Feature]   Missing SMACK rules for runtime check for access to API.
[Cause]         N/A
[Solution]      Added rules - temporarily to OSP.smack and WRT.smack
[Verification]  use app_enable_permissions() - rule file should contain rule for security-server::api-data-share

Change-Id: Iefc140b1a93e5eec5507e466ea2db11641cff222

Added rules for OSP/WRT apps for app_give_access API usage in security-server

[Issue#]        TDIS-5744
[Bug/Feature]   Missing SMACK rules for runtime check for access to API.
[Cause]         N/A
[Solution]      Added rules - temporarily to OSP.smack and WRT.smack
[Verification]  use app_enable_permissions() - rule file should contain rule for security-server::api-data-share

Change-Id: I63fbe3dadbc147aef663c9bd0b6a5cdfd390702e

add new label and rules - system::share

Adding x rules for osp-*-services

Adjusting overwrapped Rule

Removing Label for so files

Modifying Smack rules for Apps

Modifying Smack rules for Apps

Modifying Smack rules for Apps

Modifying Smack rules for Apps

Update .smack files

add default rules

merge back from tizen_2.1_smack

Revert "Bug in app_install() fixed"

This reverts commit 618655f8840efd978b073ce9239a16e1d061d14b.

Merge "Merge remote-tracking branch 'tizendev/tizen_2.1_smack' into tizendev"

Clean up libprivilege-control code

[Issue#] SSDWSSP-207
[Feature/Bug] N/A
[Problem] Cleanup the code
[Cause] N/A
[Solution] Unnecessary code removed. Comments updated

[Verification] Successfull compilation

Change-Id: I0bfe450301aee4b6f4f1b94336fef75d5c38dd60

Bug in app_install() fixed

[Issue#]        SSDWSSP-223
[Bug/Feature]   Fix bugs that make libprivilege-control test fail
[Cause]         N/A
[Solution]      N/A
[Verification]  N/A

Change-Id: I88712168c64c8d35e7700124ff9da4ffefa32493

Merge remote-tracking branch 'tizendev/tizen_2.1_smack' into tizendev

add new labels for vconf

Empty commit to trigger OBS build.

Change-Id: I642fcd66b10fef0f4a0152ae4e383deb6832f50a

permissions: unify smack config files with private repository

Files are now identical in both repositories, with respect to
com.samsung => org.tizen changes.

[Issue#]       N/A
[Feature]      Unify Smack configuration
[Cause]        Transition of Smack configuration from private to RSA repo
[Solution]     N/A
[Verification] N/A

Change-Id: I0be7d73a14746b4e52843b337ed7a4680c7b60cd

Merge remote-tracking branch 'tizendev/master' into tizen_2.1_smack

Merge missing code pieces from private repository.

[Issue#]       N/A
[Bug]          Patches applied in different version in RSA and private repository
[Cause]        Developers not careful enough about applying patches in both places
[Solution]     Move missing bits of code
[Verification] N/A

Change-Id: I69234dc73666e146458eb44783c870676a9c523c

Allow multiple call of app_give_access.

If some permissions were set twice or more by app_give_access
libprivilege should save state from "first call".

[Issue#]   N/A
[Feature]  N/A
[Cause]    N/A
[Solution] N/A

[Verification] N/A

Change-Id: I62392864550cab1f355b3921399ccaa47a1eeffe

Merge remote-tracking branch 'tizendev/tizen_2.1' into tizendev

Conflicts:
packaging/libprivilege-control-conf.manifest
permissions/OSP.smack
src/privilege-control.c

Change-Id: I9ead94857033456cfddc4face120e0cfde07682f

add new smack labels for vconf and support IPv6

Add DAC config files for DB access control.

[Issue#]       SSDWSSP-175
[Feature]      Add application to additional groups based on allowe permissions.
[Cause]        SQlite databases require SMACK write permissions to be readable (locking).
[Solution]     This patch adds config files for already existing code.
[Verification] N/A

Change-Id: I759871b20c764813676085edc114f9aae531f47f

Klocwork bugfixes

[Issue#] SSDWSSP-213
[Feature/Bug] N/A
[Problem] Issues reported by Klocwork
[Cause] N/A
[Solution] Issues fixed

[Verification] Build and run libprivilege tests

Change-Id: I3328b94d351edf263f316a1c7ae3019604195d22

Add AV custom rule set support

[Issue#]       SSDWSSP-205
[Bug]          N/A
[Cause]        N/A
[Solution]     Add predefined rules for antivirus (antiviurs some_app rwx, some_app antivirus rx).
[Verification] Build, install, reboot target, run tests - the 10th test (app_register_av) should fail now.

Change-Id: I1019173b8c31cf6e984c3b12be00bd61dfe84e7e

Fix for complimentary groups setting.

[Issue#]       N/A
[Bug]          Adding applications to additional groups depends on SMACK.
[Cause]        In AUL context app_id is unknown and it was guessed from current SMACK label.
[Solution]     Read SMACK label from file xattrs, which are available even without SMACK support in kernel.
[Verification] Build, install on non-SMACK system, reboot target, run some apps.

Change-Id: Ie69ea5d60b48a0358bb0a266281a146a05aa9eb1

Remove SMACK_ENABLED ifdefs.

[Issue#]       N/A
[Feature]      Remove possibility to compile this lib with no SMACK support.
[Cause]        The code is highly SMACK specific, and there is a run time check for SMACK anyway.
[Solution]     Remove ifdefs and alternative code.
[Verification] Build.

Change-Id: I3fb546829d9a8701bcbadce77dd9aefb77292ce0

Conflicts:

src/privilege-control.c

Setting WebAPP label to pkgId again. This reverts commit 9bbaf8f2f2be6b59b2b6fc0c1624fc9cf58878a0.

[Issue#]       SSDWSSP-94
[Feature]      Changed WebApp SMACK label set in AUL
[Cause]        N/A
[Solution]     Hybrid apps need this
[Verification] Build, install, reboot target. Run any widget. It should run properly.

Change-Id: I3efe0731d72941337df579589f922ff382e835bb

Simplify cleanup code by using GCC extension for variable scoping.

[Issue#]       N/A
[Feature]      Simplify cleanup code in functions.
[Cause]        N/A
[Solution]     Use GCC's cleanup attribute for automatic resource reclaim.
[Verification] Build, install, reboot target. Run tests from security-tests.

Change-Id: Id874ff958f2065b61c04875c362ec3331d603865

Conflicts:

src/privilege-control.c

app_shared_dir_add_readers() accepts NULL in 'app_list' not ""

    [Issue#] SSDWSSP-196
    [Feature/Bug] app_shared_dir_add_readers() does not accept NULL in a list of arguments
    [Problem] N/A
    [Cause] Unification to other API functions
    [Solution] check if there if a NULL in a list of readers. Threat it as an end of a list.
    [Verification] libprivilege-control-test --output=text

Change-Id: I13079b349b9cdfb1ca6a01924e4e0f563f1b7e0f

Create separate source file for internal, common code.

[Issue#]       N/A
[Feature]      Refactorization.
[Cause]        Code starts to be duplicated.
[Solution]     Common internal source file.
[Verification] Build, install, run tests.

Change-Id: I233eede546d6a7bb9c0ab9cefd1e349be10364b1

Conflicts:

src/privilege-control.c

add new smack rules for tizenprv00.privacy-popup

Don't delete SMACK rules file for app in function app_reset_permissions()

[Issue#]       N/A
[Bug]          app_reset_permission() should only read the file, but it removes it afterwards.
[Cause]        Internal usage of app_revoke_permissions(), which should remove the file.
[Solution]     Create internal version of app_revoke_permissions(), that takes additional argument.
[Verification] Build, install, reboot target. Run tests, launch a widget twice.

Change-Id: I2c62dc1dbf99738a3752b3959412d68c032c60e1

Temporary workaround for complimentary groups not working on non-SMACK system.

[Issue#]       N/A
[Bug]          set_app_privilege() fails when SMACK is not available.
[Cause]        Complimentary groups setting depend on getting app_id from process' SMACK label.
[Solution]     Temporarily turn this off for non-SMACK systems.
[Verification] Build, install on non-SMACK system, reboot target, run some apps.

Change-Id: I9733c1d28ab810de6b40c56a2a79747978ab2911

Re-enable Smack setting for native apps.

[Issue#] SSDWSSP-184
[Feature] Re-enable Smack support.
[Cause] Runtime Smack support ready for integration.
[Solution] Re-enable existing Smack support.
[Verification] Build, install, reboot target. Verify running of native applications and widgets.

Change-Id: I314e7252e17ecf97d74133868787e3dc27be2dce

Full set of SMACK rules support for OSP and WRT

[Issue#]       SSDWSSP-184
[Feature]      Temporarily provide full set of rules in base permission.
[Cause]        During integration applications must continue to work.
[Solution]     Provide full set of Smack rules even without API features enabled.
[Verification] N/A

Change-Id: I9dad1bd15fd6d4c428db5ea373590b127d48f274

Added support for gids in add_new_feature API

[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] add_new_feature API needed
[Solution] Support for guids implemented

[Verification] libprivilege-control-test --output=text --regexp=add_api_feature
should pass

Change-Id: Ib2ee5c2f5f429031c4595bc26d0dabb89942b145

Add check if app_label and shared_label are different in app_label_shared_dir

    [Issue#]    SSDWSSP-154
    [Feature]   API function app_label_shared_dir checks if app_label and shared_label are different
    [Cause]   New API feature
    [Verification] Build and tests

Change-Id: I7a923a196a0d93590c96a506caaa6afc0ee07eac

Add implementation of API function add_shared_dir_readers.

[Issue#] SSDWSSP-154
[Feature] API function add_shared_dir_readers adds rx rules to an subject with shared_label for a list of applications with labels listed as a second parameter
[Cause] New API feature
[Solution] adds SMACK rx rules for listed application identifiers to shared_label.
[Verification]

Change-Id: I7eda467fe4738f9cff4f00b24156ac21c444294f

Implement adding apps to additional groups based on enabled permissions.

[Issue#]       SSDWSSP-175
[Feature]      Mixing DAC and SMACK for proper database access control.
[Cause]        SQlite databases require SMACK write permissions to be readable (locking).
[Solution]     Use both DAC and SMACK to control access to databases.
[Verification] Build, install, reboot target, run tests.

Change-Id: Ic5c7da4484d857513f0015582c6ea15dfe8d0d18

Truncate Smack file for app in app_revoke_permissions().

[Issue#]       N/A
[Feature]      The function removed rules from kernel, but not from disk.
[Cause]        It used to remove the file, but removal is now done in app_uninstall().
[Solution]     Add explicit truncate.
[Verification] Run tests from security-tests package.

Change-Id: I17e0cf25c95f59762a3b8fcc53a1cdf1d113d3e0

Change implementation of have_smack()

[Issue#]       N/A
[Feature]      More reliable checking whether Smack is available in runtime.
[Cause]        Code reuse.
[Solution]     Use function provided in libsmack to check usability of smackfs.
[Verification] Run tests from security-tests.

Change-Id: Ib237a0a6ddbcdd966daac35bc8c416338c501af2

Unify code indentation.

[Issue#]       N/A
[Bug/Feature]  N/A
[Cause]        Previously commited code not compatible with standard used in this project.
[Solution]     Replace space indents with tabs.
[Verification] Build.

Change-Id: I9d1d557e1fa34358413438d9d8660b7a23c414f3

Fix logging ifdefs in slp-su.c.

[Issue#]       N/A
[Feature]      slp-su has logging disabled.
[Cause]        Typo.
[Solution]     Correct the typo.
[Verification] Build.

Change-Id: Ifacdc02732b39c269bdb2b880b3a472ea6c742ba