Zofia Abramowska [Fri, 13 Jan 2017 13:47:39 +0000 (14:47 +0100)]
Unify method names in CynaraAdmin to pascal case
Change-Id: I42dbad2e0e0f54140036e2c5e8e53b9acd425d4b
Zofia Abramowska [Fri, 13 Jan 2017 13:36:31 +0000 (14:36 +0100)]
Clean up cynara classes members names
Start member names with "m_" prefix and static member names with "s_".
Change-Id: I39c0e08981e797a188edd841c2c32c89f694d20c
Krzysztof Jackiewicz [Thu, 2 Mar 2017 07:24:07 +0000 (08:24 +0100)]
Free requests after processing them in cmd line tool
App installation and user management requests were not freed after their
processing is finished in security-manager-cmd. Pointers wrapped in
std::unique_ptr.
Change-Id: I689833dea78ccedb5aaac9267d3c0a06895f0568
Krzysztof Jackiewicz [Thu, 2 Mar 2017 13:28:28 +0000 (14:28 +0100)]
Add missing ')' in cmd line tool usage description
Change-Id: Iadbe5225f3eefd2048e0c5b17cdb1d643fd9181c
Rafal Krypa [Mon, 13 Mar 2017 15:28:28 +0000 (16:28 +0100)]
Allow version compatibility change during application upgrade
Security-manager should permit app installation request for cases where
the same app is already installed, but platform version for the app has
changed.
Change-Id: Ia8ffdc20c084b7ade18e3deeed6d17b081149a70
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Bartlomiej Grzelewski [Thu, 23 Feb 2017 10:47:50 +0000 (11:47 +0100)]
Remove dependency between SM and DBUS
Dependency between SM and DBUS was required to avoid deadlock.
Problem was already solved in DBUS initilization code commit:
https://review.tizen.org/gerrit/#/c/115757/
Change-Id: I34d98d1a75eb004bce0da0d664a64de61b9ab66a
Lukasz Pawelczyk [Fri, 20 Jan 2017 17:28:40 +0000 (02:28 +0900)]
Make it possible to use out-of-the-source build dir
Autogenerated files should be installed from the CMAKE_BINARY_DIR
instead of the CMAKE_SOURCE_DIR. This makes it possible to use the
build directory that's outside the source one.
Change-Id: I516b47f75dabed03bbf8253ea8cacad6c1b5001f
Radoslaw Bartosiak [Mon, 19 Dec 2016 16:32:48 +0000 (17:32 +0100)]
[Unit tests] for PrivilegeDb class - related to private path sharing
1) Split tests from test_privilege_db.cpp into smaller files.
2) Add functions for test parameters creation (reduce the number
of local parameters in the tests.
3) Add test for src/common/include/privilege_db.h functions:
GetPathSharingCount, GetOwnerTargetSharingCount,
GetTargetPathSharingCount, ApplyPrivateSharing, DropPrivateSharing,
GetAllPrivateSharing, GetPrivateSharingForOwner,
GetPrivateSharingForTarget, SquashSharing, ClearPrivateSharing.
Change-Id: I930d34589ddb27420e2700d6dac4bdd244b83cfb
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Mon, 2 Jan 2017 09:37:42 +0000 (10:37 +0100)]
Remove setting of CMAKE_C_FLAGS in the main CMakeLists.txt
This is a C++-only project that never included any C code.
Setting CFLAGS in CMake is a pure clutter.
Change-Id: I580decb504f670476342d45d35fb31a43e30a508
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Radoslaw Bartosiak [Wed, 25 Jan 2017 07:39:26 +0000 (08:39 +0100)]
Fix inconsistent types error
'lib_retcode' and 'int' both deduced for lambda return type caused buildbreak
Change-Id: Ic325edc33714853ca7c23e50e865c20c2c2e6fe4
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Mon, 2 Jan 2017 15:12:35 +0000 (16:12 +0100)]
Log appId in case of errors in security_manager_prepare_app
When security_manager_prepare_app fails, the launcher that called this
function is supposed to treat it as serious error and stop further
application launching. Security-manager logs error description, but it
didn't include appId in the logs.
Change-Id: Iefdd398ba32c9f16bde2c011abea31949da41b6b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 2 Jan 2017 11:05:28 +0000 (12:05 +0100)]
Remove setting of -DTIZEN_DEBUG_ENABLE compilation flag
This is a legacy flag inherited from security-server code base.
Nothing in the code uses it.
Change-Id: I86208743ea25b92f4a0612f7f94ea12ed7419ca4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Krzysztof Jackiewicz [Tue, 17 Jan 2017 08:16:13 +0000 (09:16 +0100)]
Remove unnecessary transaction rollback
Scoped transaction guarantees that changes will be rolled back in case of
exception. No need for another rollback.
Change-Id: If199dde2fb1c1cc19b4af710b6ebba2023e33eaa
Bartlomiej Grzelewski [Tue, 3 Jan 2017 17:36:54 +0000 (18:36 +0100)]
Remove empty lines from rules.merged file.
In some narrow case:
* file have size of page_size+1
* file ends with combination "\n\n"
kernel returns error during rules loading.
Change-Id: I6f24b76224c7b013c93003e8d0d6738b665c6949
Rafal Krypa [Mon, 24 Oct 2016 09:07:53 +0000 (11:07 +0200)]
Don't ignore errors in supplementary group setup during app launch preparation
API function security_manager_prepare_app calls several steps for setting
up application context. One of the steps, setting supplementary groups
based on application privileges, was allowed to fail. In such case
the function logged warning but proceeded ignoring the error.
This was introduced as a work-around for easier security-manager integration
on the platform. Back then, we had a platform that didn't register applications
in security-manager and tried to launch them. To allow such case temporarily,
security-manager tried to launch app even if it wasn't present in database.
This is no longer the case. All applications should be properly registered
in security-manager database prior to launching. And if they aren't, launching
will fail on another step that was added later.
Security-manager should not longer ignore errors and skip steps in
security_manager_prepare_app.
Change-Id: I07b49a40db93830b46137502f7743b6b95ad7fd5
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 11 Jan 2017 13:13:36 +0000 (14:13 +0100)]
Fix thread synchronization in Cynara class
Pass changes to cynaraFd and fd events to be polled via atomic variables
and over atomic_thread_fence to properly propagate changes to these
values between checking threads and communication thread.
Change-Id: I9b41a0f8e40365bc30cdd47ed04be8727521476e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
jooseong lee [Mon, 23 Jan 2017 01:57:12 +0000 (10:57 +0900)]
Release version 1.2.16
- Fix in generateAppPkgNameFromLabel implementation
- [Unit tests] Add test for src/common/include/smack-labels.h
- [Unit tests] Add test for src/common/include/smack-rules.h
- Remove default dependency in cleanup service
Change-Id: I7c907b3181bf0764899481530216a20e306fe2f5
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Sunmin Lee [Mon, 23 Jan 2017 01:39:19 +0000 (10:39 +0900)]
Remove default dependency in cleanup service
Although security-manager-cleanup.service is installed
at sysinit.target.wants, it has a dependency on basic.target.
It would cause undesirable dependency between sysinit and basic target.
Change-Id: I44a4a151fd247cbe9b182f657c0dd21af3cf5ce4
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Dariusz Michaluk [Wed, 28 Dec 2016 12:23:20 +0000 (13:23 +0100)]
[Unit tests] Add test for src/common/include/smack-rules.h
Change-Id: I5f3816c7559465c8a59a06d47c7ded51ef69b1ed
Dariusz Michaluk [Mon, 19 Dec 2016 13:19:10 +0000 (14:19 +0100)]
[Unit tests] Add test for src/common/include/smack-labels.h
Change-Id: I2cfdf300490509c77a6b65e11abf0b13aa4f951b
Dariusz Michaluk [Tue, 10 Jan 2017 09:37:46 +0000 (10:37 +0100)]
Fix in generateAppPkgNameFromLabel implementation
appName is not overwritten in case of non-hybrid apps.
Change-Id: I3063c10281ec3afcccbcca097076cd0f87936f6b
jooseong lee [Wed, 18 Jan 2017 01:03:56 +0000 (10:03 +0900)]
Relese version 1.2.15
- Split service cleanup in two parts to prevent std::terminate
- Use real path of skel dir
Change-Id: I95dcc4b4afc351f2de1e94e4b3b0d14f13812f72
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jin-gyu.kim [Mon, 16 Jan 2017 10:08:19 +0000 (19:08 +0900)]
Use real path of skel dir.
- Real path of skel dir can be diffrent based on target types.
- Convert skel dir in getSkelPkgDir to the real path.
- Add error handling in getSkelPkgDir
Change-Id: Ifdd94a07f69da091a8f07b7fd55223fd157284b6
Krzysztof Jackiewicz [Mon, 16 Jan 2017 15:37:44 +0000 (16:37 +0100)]
Split service cleanup in two parts to prevent std::terminate
If ServiceThread is being destroyed and it's about to process an event (the
service thread popped an event from m_eventQueue) it may lead to calling a
virtual function on a partially destroyed object.
Thread cleanup has been separated from ServiceThread destructor to avoid such
situations.
Change-Id: I31f08d18a72b597002063619bd2e84a5a1da0899
Tomasz Swierczek [Fri, 13 Jan 2017 13:20:13 +0000 (14:20 +0100)]
Relese version 1.2.14
- Add missing exception handler for TizenPlatformConfig
- Add support for blacklist privileges using policy manager
- Wake up Cynara async thread from statusCallback
- Make sure transaction is rolled back in case of error
Change-Id: I63601e59b3ca7f2857f2ec2aa88161910e98b7d5
Krzysztof Jackiewicz [Thu, 5 Jan 2017 08:36:33 +0000 (09:36 +0100)]
Add missing exception handler for TizenPlatformConfig
Change-Id: I97f58249c3d3b9df99aa14623252c597ae5f6e3a
Krzysztof Jackiewicz [Wed, 4 Jan 2017 14:34:21 +0000 (15:34 +0100)]
Add support for blacklist privileges using policy manager
Privilege privacy status (& default policy) now relies also on UID and application.
This patch introduces integration with privilege-checker API that allows to check
privilege status in context of these attributes.
Change-Id: I8bf25cf708ed21a7af9cc047f01fff3ff8410dcc
Rafal Krypa [Wed, 11 Jan 2017 08:38:52 +0000 (09:38 +0100)]
Wake up Cynara async thread from statusCallback
Until now the thread handling communication with Cynara was woken up
when new check was prepared for sending because cynara_async_create_request
was expected to trigger statusCallback. When new data is prepared for
sending to Cynara service, statusCallback requests that the cynara descriptor
must be polled for writing and when it's ready, cynara_async_process will
send the data to socket.
But since Cynara release 0.12.0, cynara_async_check_cache may also trigger
a statusCallback. This is because of underlying monotir entries and their
periodic flush to Cynara service. This behavior of Cynara is not documented.
To make sure that security-manager will restart polling of Cynara socket
each time after statusCallback is triggered, the callBack itself will now
take care of waking up the thread responsible for communication with Cynara.
Change-Id: I8f9bf323166fccd97612dd85ec35c9befe5d00f9
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Krzysztof Jackiewicz [Wed, 11 Jan 2017 13:34:34 +0000 (14:34 +0100)]
Make sure transaction is rolled back in case of error
Until now in case of error/exception during client request processing
(appInstall, appUninstall, pathsRegister) the database transaction was not
always rolled back.
All affected functions now use ScopedTransaction to guarantee the rollback.
Change-Id: I968739a05b845d3c74449dfdfe4078c68e8f3cf1
jin-gyu.kim [Thu, 5 Jan 2017 05:44:32 +0000 (14:44 +0900)]
Release version 1.2.13
- Fix memory leak in CynaraAdminPolicy move operator
- Fix memory leak in CheckProperDrop::getThreads()
- Don't put empty lines in generated Smack policy
- Set Cynara client cache size manually
- Fix compilation scripts.
- Replace read/write with send/recv
- Fix memory leak from cynara_async_configuration_create
- Fix comments in privilege_db.h regarding exceptions thrown by functions
- Fix in logs in IsPackageHybrid function
- Disable logs from SqlConnection
- Change auto_ptr to unique_ptr.
- Replace readdir_r to readdir.
- Don't accept wrong package id on app uninstall
- Remove ServicerImpl from derived Service class
- Fix in GetAllPrivateSharing implementation
- Enforce ownership of a shared path by one app.
- Change skel directory to /opt/etc/skel
Change-Id: If3885fd8f0908489fdd04ac31295f0932ffbbd1b
jin-gyu.kim [Thu, 5 Jan 2017 05:31:59 +0000 (14:31 +0900)]
Change skel directory to /opt/etc/skel
Change-Id: I25fa30e9fa8530d8e6214793e6c293a928036401
Radoslaw Bartosiak [Tue, 13 Dec 2016 08:10:26 +0000 (09:10 +0100)]
Enforce ownership of a shared path by one app.
owner_app_name is moved from table app_private_sharing to shared_path table.
Existing privilege_db constraints are used to assure that
a) a shared path is owned by one owner_app
b) a shared path's label is not changed
Change-Id: I36263fc5dc971c0da820fda44dad3b281d31c63e
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Mon, 12 Dec 2016 08:14:21 +0000 (09:14 +0100)]
Fix in GetAllPrivateSharing implementation
For every owner_app_name each path is now returned only once
Change-Id: Ie8362f7aad515a7000eedf772c0258f6fe7d3eb5
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Zofia Abramowska [Mon, 12 Dec 2016 14:26:16 +0000 (15:26 +0100)]
Remove ServicerImpl from derived Service class
ServiceImpl singleton was improperly stored in both
derived and base class resulting in two instances.
Change-Id: Ia27c9a45946bffabd37b23a0626c555ed2e7f0f6
Zofia Abramowska [Mon, 19 Dec 2016 16:44:09 +0000 (17:44 +0100)]
Don't accept wrong package id on app uninstall
Security-manager service shouldn't accept wrong package id
for application uninstall request.
Change-Id: Ia6836c6e668d39255069b0d0bf1a554457f25c6f
jin-gyu.kim [Tue, 20 Dec 2016 01:02:19 +0000 (10:02 +0900)]
Replace readdir_r to readdir.
- readdir_r causes warning in gnu11.
Change-Id: I237a5f9d56061807b94a1a261b95db58f19216e8
jin-gyu.kim [Fri, 16 Dec 2016 08:18:57 +0000 (17:18 +0900)]
Change auto_ptr to unique_ptr.
- Using auto_ptr causes warning in gnu11.
Change-Id: I89c09f29478639d9de9ad29edde62971754eb25e
Zofia Abramowska [Fri, 4 Nov 2016 10:03:27 +0000 (11:03 +0100)]
Disable logs from SqlConnection
Add DB_LOGS definition to switch db logs on/off.
Disable them by default.
Change-Id: I038242bd63cfad38cd7804b5ada0d47f35caaa54
Radoslaw Bartosiak [Mon, 5 Dec 2016 10:04:46 +0000 (11:04 +0100)]
Fix in logs in IsPackageHybrid function
Log description was wrong (copy and paste from previous function)
Change-Id: Id9e5aaece27b4a42d0e59b8b628bb2736692b9fa
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Mon, 5 Dec 2016 12:23:11 +0000 (13:23 +0100)]
Fix comments in privilege_db.h regarding exceptions thrown by functions
Change DB::SqlConnection::Exception::* to PrivilegeDb::Exception::*
Change-Id: I7e42d9b97f1a7e517757a8cd205c64f7b68ec9b6
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Mon, 2 Jan 2017 10:45:37 +0000 (11:45 +0100)]
Fix memory leak from cynara_async_configuration_create
The previous patch has introduced a memory leak by always passing NULL
pointer to cynara_async_configuration_destroy instead of proper pointer.
Change-Id: I252e3c36b02e493f6cac6b4718edddb282d0c9eb
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Bartlomiej Grzelewski [Thu, 15 Dec 2016 11:44:46 +0000 (12:44 +0100)]
Replace read/write with send/recv
New implementation does not require to mask SIGPILE singal in client.
Change-Id: I88338d10547f3ec521f12a83bfdb6d8391ef6bec
Bartlomiej Grzelewski [Wed, 24 Aug 2016 10:02:46 +0000 (12:02 +0200)]
Fix compilation scripts.
security-manager does not build when libraries are placed in
non standard directories.
Change-Id: I76f9900ac110c0f563b3948cd63a14d3b8e4ac45
Zofia Abramowska [Tue, 27 Dec 2016 16:37:37 +0000 (17:37 +0100)]
Set Cynara client cache size manually
Cynara client cache shouldn't take too much memory.
Setting cache size manually ensures low memory consumption.
Change-Id: I31c195de4f97f82f7c2090056d800c54617accab
Rafal Krypa [Wed, 14 Dec 2016 08:49:12 +0000 (09:49 +0100)]
Don't put empty lines in generated Smack policy
Empty lines in Smack policy are invalid. In most cases we get away with
them as kernel manages to filter them out and ignore.
There are however some nasty corner cases causing kernel to reject policy
with an empty line.
This change removes the cause for empty lines appearing in policy, updates
existing policy and modifies policy generation code to skip empty lines
by default, if they appear in policy templates again.
Change-Id: Id875523d2269ff8466898e9bef9b2a0b81387378
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Krzysztof Jackiewicz [Tue, 20 Dec 2016 12:36:43 +0000 (13:36 +0100)]
Fix memory leak in CheckProperDrop::getThreads()
Change-Id: If43c2d3bc49e55b432de91f31f8dd4eb9b1d7925
Krzysztof Jackiewicz [Mon, 19 Dec 2016 11:03:28 +0000 (12:03 +0100)]
Fix memory leak in CynaraAdminPolicy move operator
Free strings allocated in "this" object when another one is moved to it.
Provide default destructor to avoid unnecessary allocation/frees.
Change-Id: I9f3658102db33eca19fff07e0cb04d47c26ca195
jooseong lee [Wed, 14 Dec 2016 02:26:04 +0000 (11:26 +0900)]
Release version 1.2.12
-Allow privileged caller to configure privacy manager for other users
Change-Id: I38acd5508439a0aceb9cc1e7752064518b89e9ea
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Rafal Krypa [Tue, 13 Dec 2016 13:42:12 +0000 (14:42 +0100)]
Allow privileged caller to configure privacy manager for other users
When policy update is sent with security_manager_policy_update_send(),
the policy record type determines target Cynara bucket. For policies
targeted at privacy manager bucket, privileged caller might want to
set policies for other users.
This is now allowed if the caller has proper privilege.
Change-Id: Ibcf13a1d6a7e4b2b965f1d0ca7599e65ee8b616c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
jin-gyu.kim [Tue, 13 Dec 2016 08:55:02 +0000 (17:55 +0900)]
Release version 1.2.11
Change-Id: Ib51bc77625b73f4cbb6b7b3edfd4a1285cf69c15
jin-gyu.kim [Tue, 13 Dec 2016 04:51:09 +0000 (13:51 +0900)]
Map email privilege to priv_email
Change-Id: Ia61fae319b4d196891af503b8488581babd53fb6
jooseong lee [Fri, 9 Dec 2016 02:06:46 +0000 (11:06 +0900)]
Release version 1.2.10
- Add transmute rule between non-hybrid app and RW path
Change-Id: I623d615edff86a1029a8f393bd0fc8236450da1d
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Zofia Abramowska [Wed, 7 Dec 2016 10:23:36 +0000 (11:23 +0100)]
Add transmute rule between non-hybrid app and RW path
After app process label refactoring there were no more
rule for transmute between label of app process and
label of path RW for non-hybrid (because labels were
the same). This introduced problem with transmute
inheritance : main app directory had transmute,
but it wasn't inherited by subdirectories.
This commit brings back rule between app process label
and path RW label even when both labels are the same.
Also proper policy migration is created, so already
installed apps have this rule also generated.
Change-Id: I98a34a29b2c2490d1dcafd43a117b509a763d72e
jooseong lee [Wed, 7 Dec 2016 04:30:41 +0000 (13:30 +0900)]
Release version 1.2.9
- Properly handle case of unknown "Ask user" policy
Change-Id: I2d58cd7d4d0fabef3649dc0ebed6f235305c183a
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Krzysztof Jackiewicz [Tue, 6 Dec 2016 08:14:49 +0000 (09:14 +0100)]
Properly handle case of unknown "Ask user" policy
If askuser plugin is not registered in cynara (as in case of headless image)
CynaraAdmin::convertToPolicyType() couldn't find the policy type and was
throwing an exception.
In such cases security-manager will catch the exception and skip the code
related to askuser.
Change-Id: Ie2182a0936e62594a91bcdf22c39997ef9a65f9f
jooseong lee [Mon, 5 Dec 2016 02:16:39 +0000 (11:16 +0900)]
Release version 1.2.8
- Add new parameter of isPrivacy function - pkgName
Change-Id: Ic0ca86b1ef365334a96d007e9ec3942634522035
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Kidong Kim [Fri, 2 Dec 2016 10:46:46 +0000 (19:46 +0900)]
Add new parameter of isPrivacy function - pkgName
The preloaded application should have all privacy related privileges
except location privilege.
So privilege-checker will manage whitelist of preloaded package names
and package name should be stored in isPrivacy function.
This is work-around patch.
Change-Id: I3ded5561fe003bb4ca95dfa9ef87965ef39d1d04
Signed-off-by: Kidong Kim <kd0228.kim@samsung.com>
Bartlomiej Grzelewski [Thu, 1 Dec 2016 13:53:47 +0000 (14:53 +0100)]
Release version 1.2.7
- Fix in GetGroups implementation
- Add security_manager_shm_open
Change-Id: I4dd790362bbd9f14a54bfae22ef10c3a91a6dff7
Radoslaw Bartosiak [Tue, 29 Nov 2016 09:24:45 +0000 (10:24 +0100)]
[Unit tests] for PrivilegeDb class - related to privileges
Add test for src/common/include/privilege_db.h:
- GetGroups
- GetGroupsRelatedPrivileges
Change-Id: I877c5ea155855b2ad128cd86bffd215d067eace1
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Tue, 22 Nov 2016 09:47:00 +0000 (10:47 +0100)]
Fix in GetGroups implementation
SQL query is changed in order to return group only once.
Change-Id: Ibaec3ea6033544f35ebe67beec056580bcbea373
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Wed, 9 Nov 2016 11:01:20 +0000 (12:01 +0100)]
[Unit tests] for PrivilegeDb class - related to app add/remove
Add test for src/common/include/privilege_db.h
Change-Id: I66007e0170a290f958bb8070caa3c5f42a0dc599
signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Tue, 25 Oct 2016 08:13:07 +0000 (10:13 +0200)]
Use recently introduced ClientRequest class in security_manager_shm_open
Use helper class for client communication with service instead of manual
Serialize/sendToServer/Deserialize.
Change-Id: Ia18a9caa03e0f1626487c1048ba5b629fd8109b7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Bartlomiej Grzelewski [Mon, 13 Jun 2016 10:06:19 +0000 (12:06 +0200)]
Add security_manager_shm_open
This function will create file that may be used
by shm_open and mmap functions. If the file
exists noting is done.
Change-Id: Ifdfdf15df96fb67faa4340d113445527c77ba60f
Bartlomiej Grzelewski [Mon, 13 Jun 2016 10:05:46 +0000 (12:05 +0200)]
Modify SmackLabels module
Added:
* getSmackLabelFromFd - extracts smack label from file descriptor
* setSmackLabelForFd - sets smack label for file connected with fd
Modify:
* pathSetSmack - use libsmack instead of lsetxattr
Change-Id: Ia5ceda42afc98dde0c8b7db2c0d0a0827efc4fa2
Radoslaw Bartosiak [Thu, 22 Sep 2016 11:49:24 +0000 (13:49 +0200)]
Cleanup: Usage of pragma once instead guard names in headers
Additionally: fixes in @files, remove of multiple newlines at EOF
Change-Id: I58d8b1e11fbc4709dc61229ea6e83098217c67dd
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Wed, 19 Oct 2016 07:47:28 +0000 (09:47 +0200)]
Use new libsmack function smack_new_label_from_process
Drop custom implementation of fetch Smack label from a running process.
Replace it with libsmack function smack_new_label_from_process, introcuded
in version 1.3.0 of the library.
Change-Id: If90845c565c47980f8b4b407b0b19906a957372e
Radoslaw Bartosiak [Fri, 18 Nov 2016 11:18:41 +0000 (12:18 +0100)]
Remove unused local variables in service_impl.cpp
Change-Id: I56fa74d7e338419375f1d1cb0f4fdb5f937eb792
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Mon, 24 Oct 2016 13:39:43 +0000 (15:39 +0200)]
Fix GetUserType function
Add lacking support for SM_USER_TYPE_SECURITY
Change-Id: I9f51d9d7bc4f3c59ae2fcf48eb17a9952787a024
jooseong lee [Fri, 11 Nov 2016 06:03:50 +0000 (15:03 +0900)]
Release version 1.2.6
- Fix sigaction() on x86_64 arch
- Add 'l' permission to sharedRO Smack rule
Change-Id: I762b2c0d73c2fe7914ef5662a98d24a183c5c57e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Thu, 10 Nov 2016 05:16:08 +0000 (14:16 +0900)]
Add 'l' permission to sharedRO Smack rule
DB in shared/data cannot be accessed by other applications.
File lock permission is also needed.
Change-Id: I90f05fabfa2e4a62df8a3e1c40a48c341ecb86f2
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Dariusz Michaluk [Tue, 8 Nov 2016 14:56:53 +0000 (15:56 +0100)]
Fix sigaction() on x86_64 arch.
If sa_restorer is not set, kernel will lead to segmentation fault.
In other arch, if sa_restorer is not set, kernel can do the correct work.
Change-Id: I8b2486282284c806aafc8410cbf699599f929753
jooseong lee [Tue, 8 Nov 2016 01:24:36 +0000 (10:24 +0900)]
Release version 1.2.5
- Fix build break on 64 bits architectures.
Change-Id: I08c8d4a67164f125baa1b69ea275ae6d6ea34f92
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Dariusz Michaluk [Wed, 2 Nov 2016 13:36:32 +0000 (14:36 +0100)]
Fix build break on 64 bits architectures.
- error: 'SYS_sigaction' was not declared in this scope
Aarch64/x64 is missing the "SYS_sigaction" definition.
Replace "SYS_sigaction" used in thread synchronization code with "SYS_rt_sigaction".
- error: invalid cast from type 'SecurityManager::IStream' to type 'long unsigned int'
revert to previous implementation
Change-Id: I58041f66c988934d5577daf7a574bb7b9a2b394a
jooseong lee [Tue, 1 Nov 2016 06:07:04 +0000 (15:07 +0900)]
Release version 1.2.4
- Enable security-manager support for starting without systemd
Change-Id: I73916efcb2fc54de991001eb387c601c40f4d5ed
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Tue, 1 Nov 2016 05:07:01 +0000 (14:07 +0900)]
Enable security-manager support for starting without systemd
Create socket memually if a socket is not provided by systemd.
Change-Id: Iab565644988f7e6551922810b9043217fd2f4cc7
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Mon, 24 Oct 2016 04:28:56 +0000 (13:28 +0900)]
Release version 1.2.3
- Update policy set for 'security' user type
- Cleanup Fix ListUsers parameter description
- SM : Unify Smack rules of System access to application
- Use smack_check() helper function instead of manually calling libsmack
- Provide proper placeholder file for global apps-labels
- Don't hard-code /usr/share directory in FOTA script
- Add FOTA script for security-manager policy update
- Use SIGSETXID for security synchronization across threads
- [Unit tests] for FileLocker class
- Fix retrieving of current process credentials for off-line client
- Extend ClientOffline
- client: extract common code for communication with service
- Improve handling of uncaught exceptions in client library
- server: add missing linking against pthread
- Treat web only privilege as core privilege
Change-Id: Ibd5252fe49d236b8caff1ed1eb66c8996aee9acb
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Yunjin Lee [Wed, 28 Sep 2016 01:30:12 +0000 (10:30 +0900)]
Treat web only privilege as core privilege
refer to https://review.tizen.org/gerrit/#/c/88685/
Change-Id: I27c0a9c1b7390cec52af5a65ff679f9ea29ae16d
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Rafal Krypa [Fri, 21 Oct 2016 08:05:02 +0000 (10:05 +0200)]
server: add missing linking against pthread
Server code uses pthread_sigmask() function but we never had explicitly
linked it against pthread library.
Fixing this in CMake for the server component.
Change-Id: I0c8a43a0fe26a00aa7848b539044dcc62bb67eb8
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 21 Oct 2016 07:45:54 +0000 (09:45 +0200)]
Improve handling of uncaught exceptions in client library
For easier debugging of unexpected client behaviour where an unexpected
exception is caught in try_cacth wrapper, make the following enhancements:
- Catch all SecurityManager::Exceptions instead of letting them to be
caught by last resort "catch(...)". This will enable proper error messages.
- Print the information about unexpected exception to stderr of the caller.
Change-Id: I67edc718daa89023d5844e31f52b745257914e1f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 21 Oct 2016 08:14:57 +0000 (10:14 +0200)]
client: extract common code for communication with service
Instead of repeating the same code pattern in every client function,
extract it into ClientRequest class, that will handle communication with
service.
Change-Id: I5f3d23fea9b01c8378074b758c30971978dd0ac3
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Bartlomiej Grzelewski [Wed, 20 Jul 2016 11:35:33 +0000 (13:35 +0200)]
Extend ClientOffline
Two security-manager functions will be used by systemd. This functions
must not wake up security-manager service because it will cause
deadlock.
Change-Id: Id83256df9ee282285522db513304b2f4240e18fd
Rafal Krypa [Thu, 20 Oct 2016 16:32:04 +0000 (18:32 +0200)]
Fix retrieving of current process credentials for off-line client
Try to work even if fetching Smack label of current process fails in
off-line client mode. In most cases it won't be needed anyway.
It is needed for proper image building by mic. When mic is run on system
that doesn't support Smack natively (e.g. developer's workstation), fetching
process Smack label will fail. Somehow it managed to work despite that
problem until now, but libsmack 1.3.0 has better checks in function
smack_new_label_from_self, validating the label before sending it to the
caller.
Change-Id: I3a96851cab5e71bde749c68413b967571690e162
Radoslaw Bartosiak [Mon, 19 Sep 2016 12:49:29 +0000 (14:49 +0200)]
[Unit tests] for FileLocker class
1) Add test directory for unit test using Boost.Test
2) Add tests for common/include/file-lock.h
Change-Id: Ic0151fa228045d53d6c202416e5f718f1f843b42
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Tue, 27 Sep 2016 13:27:12 +0000 (15:27 +0200)]
Use SIGSETXID for security synchronization across threads
Hijack NPTL's special signal SIGSETXID for synchronization of Smack labels
and capabilities across threads. Glibc implementation of NPTL uses this
signal number for similar purpose, when synchronizing UIDs and groups.
Glibc functions for signal manipulation doesn't allow programs to utilize
SIGSETXID. Attempting to do that causes the function to return EINVAL.
The good side of this is that every thread should have this signal unmasked.
This solves the problem we had with threads not receiving our synchronization
signal because they have masked all signals previously.
The bad side is that security-manager cannot use glibc sigaction() to set
custom signal handler for SIGSETXID. A bare call to syscall() function must
be used instead.
Change-Id: Ib1b28bb27d981601d6a002a896fb5823e6367ecc
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 11 Oct 2016 11:59:37 +0000 (13:59 +0200)]
Add FOTA script for security-manager policy update
The policy migration script was called only in rpm %post section. But FOTA
is not based on RPM packages, so the script must be also included in FOTA
script dir.
Change-Id: I4d8b627734439cb427380aa0fac5886d487c1656
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 11 Oct 2016 11:56:56 +0000 (13:56 +0200)]
Don't hard-code /usr/share directory in FOTA script
Use TZ_SYS_RO_SHARE variabe from tizen-platform.conf instead of the hard-
coded directory.
Change-Id: I46539a5a050e74ee81eb3fe0eee2545b3a18ce50
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 12 Oct 2016 06:39:28 +0000 (08:39 +0200)]
Provide proper placeholder file for global apps-labels
In commit 16e879b, security_manager_monitor implementation has changed,
passing application labels from service to client instead of application
names. Internal files for passing that information were renamed to reflect
that change (apps-names => apps-labels). But the empty placeholder created in
the spec file remained unchanged.
Change-Id: Iadca1c67c353b9fbc4c2a912f753a2de5d9cd906
Rafal Krypa [Fri, 30 Sep 2016 09:36:27 +0000 (11:36 +0200)]
Use smack_check() helper function instead of manually calling libsmack
The smack_check() helper provides functionality for checking whether Smack
is available on the platform. It properly wraps libsmack check function and
remembers the result in static variable.
Use it where applicable, replacing custom checks.
Change-Id: Ie8ee27c700831c4fea8a8d837271f2604ca0b588
Mateusz Forc [Thu, 6 Oct 2016 12:47:27 +0000 (14:47 +0200)]
SM : Unify Smack rules of System access to application
Please test with : https://review.tizen.org/gerrit/#/c/91931/
Change-Id: If94b6d719d5404965c8bbcec9598d35cb30e4526
Radoslaw Bartosiak [Thu, 29 Sep 2016 12:56:25 +0000 (14:56 +0200)]
Cleanup Fix ListUsers parameter description
ListUsers does not clear the output vector.
Change-Id: Ibc9c9693d05c068d82f60734ea690f811474fa41
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
jooseong lee [Tue, 11 Oct 2016 01:54:58 +0000 (10:54 +0900)]
Update policy set for 'security' user type
Deprecated privileges
- http://tizen.org/privilege/dpm.settings
- http://tizen.org/privilege/vpnservice.admin
New privileges
- http://tizen.org/privilege/fido.client
http://tizen.org/privilege/internal/service
Change-Id: I07a9d3443a756a4055fe2bbb56b542a98d2937f4
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Seongwook Chung [Mon, 10 Oct 2016 00:51:27 +0000 (09:51 +0900)]
Release version 1.2.2
- Add packagemanager.info privilege for 'User::Shell' domain
- Limit number of sql queries during installation
- Explicitly instantiate LogSystemSingleton
- PrivilegeDb: Add getting packages installed for user
- ServiceImpl: Optimize generating package process labels
- Remove Cynara singleton
- PermissibleSet: Remove PrivilegeDb usage
- Remove PrivilegeDb singleton
- Remove CynaraAdmin singleton
Change-Id: Iad4cc0b5d5b454a61b323e025f20d55b0dbe7211
Signed-off-by: Seongwook Chung <seong.chung@samsung.com>
Zbigniew Jasinski [Fri, 7 Oct 2016 16:36:53 +0000 (18:36 +0200)]
Remove CynaraAdmin singleton
Change-Id: Ib13d1a8306f2abd8bcf40765185a079840edaf11
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Zbigniew Jasinski [Fri, 7 Oct 2016 16:24:37 +0000 (18:24 +0200)]
Remove PrivilegeDb singleton
Change-Id: Iabec786bdcbb403af0b4d402b96509f90c17f9f3
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Zofia Abramowska [Fri, 7 Oct 2016 15:41:53 +0000 (17:41 +0200)]
PermissibleSet: Remove PrivilegeDb usage
Change-Id: I34a33ef2f80c9c02e9bdc41e9535632b9ab76f99
Zofia Abramowska [Fri, 7 Oct 2016 09:53:26 +0000 (11:53 +0200)]
Remove Cynara singleton
Change-Id: Ia7aee968e142639373d1b9bc146b8162673504ba
Zofia Abramowska [Fri, 7 Oct 2016 14:53:38 +0000 (16:53 +0200)]
ServiceImpl: Optimize generating package process labels
Change-Id: If4edb2621d73e178e9009e0d5c25829bbab87157
Zofia Abramowska [Fri, 7 Oct 2016 14:50:13 +0000 (16:50 +0200)]
PrivilegeDb: Add getting packages installed for user
Change-Id: I6be6d8b438918408df20d12b34204e10a0ca750e
Krzysztof Jackiewicz [Thu, 29 Sep 2016 12:25:16 +0000 (14:25 +0200)]
Explicitly instantiate LogSystemSingleton
To guarantee that a template class is instantiated only once it has to be
instantiated explicitly. This should solve the problem with "doubletons". Also,
it makes logs from libsecurity-manager-commons library visible.
Change-Id: I45bc6d6330a7ff27bacf9dfdfcd6a24f1e1225bf
Krzysztof Jackiewicz [Fri, 30 Sep 2016 09:56:53 +0000 (11:56 +0200)]
Limit number of sql queries during installation
Change-Id: Iaad44912ae806544822d26f66add6ce8f0908d0b