platform/core/security/security-server.git
10 years agoreplace hardpath with rpm macro 64/27764/3 accepted/tizen_3.0.2014.q3_common accepted/tizen_3.0.2015.q2_common accepted/tizen_3.0.m14.3_ivi accepted/tizen_3.0_ivi accepted/tizen_common accepted/tizen_ivi accepted/tizen_mobile accepted/tizen_tv accepted/tizen_wearable tizen tizen_3.0.2014.q3_common tizen_3.0.2014.q4_common tizen_3.0.2015.q1_common tizen_3.0.2015.q2_common tizen_3.0.m14.3_ivi tizen_3.0.m1_mobile tizen_3.0.m1_tv tizen_3.0_ivi accepted/tizen/3.0.2015.q2/common/20150615.091746 accepted/tizen/common/20140930.170930 accepted/tizen/ivi/20141009.080610 accepted/tizen/ivi/20160218.023734 submit/tizen_3.0.2015.q2_common/20150615.075539 submit/tizen_common/20140929.110645 submit/tizen_ivi/20141007.444444 submit/tizen_ivi/20160217.000000 submit/tizen_ivi/20160217.000003 submit/tizen_mobile/20141120.000000 tizen_3.0.2014.q3_common_release tizen_3.0.m14.3_ivi_release tizen_3.0.m1_mobile_release tizen_3.0.m1_tv_release tizen_3.0.m2.a1_mobile_release tizen_3.0.m2.a1_tv_release tizen_3.0_ivi_release
Ronan Le Martret [Thu, 18 Sep 2014 14:40:40 +0000 (16:40 +0200)]
replace hardpath with rpm macro

 - increase yocto compliance
 - improve rpmlint score
 - remove bashism

Change-Id: I057d9ed746d905a5fa69b83c90fdd3810be8ab5d
Signed-off-by: Ronan Le Martret <ronan@fridu.net>
10 years agoFix potential buffer overflow error CID: 40674 14/26814/2
Krzysztof Jackiewicz [Thu, 28 Aug 2014 15:44:08 +0000 (17:44 +0200)]
Fix potential buffer overflow error CID: 40674

Change-Id: Ib534fbd6c753624526afb904ca7595f50a288b28

10 years agoRemove unused define - relict of security-manager service times 61/25161/1
Lukasz Wojciechowski [Tue, 29 Jul 2014 17:59:38 +0000 (19:59 +0200)]
Remove unused define - relict of security-manager service times

Change-Id: Iffd22bc2a7fc1826c292c727ac4ae3974930002c
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
10 years agoAdd missing gcc option -pthread to build correctly 33/25033/3 accepted/tizen/common/20140728.172456 accepted/tizen/ivi/20140731.164236 submit/tizen_common/20140728.142410 submit/tizen_common/20140728.162339 submit/tizen_ivi/20140729.000000 submit/tizen_ivi/20140731.124540
Stephane Desneux [Fri, 25 Jul 2014 13:20:39 +0000 (15:20 +0200)]
Add missing gcc option -pthread to build correctly

Bug-Tizen: TC-1445
Change-Id: If3ba73190f651baffb8a4cd26d33b970f332ef80
Signed-off-by: Stephane Desneux <stephane.desneux@open.eurogiciel.org>
10 years agoRaise security-server version 64/24864/1
Marcin Niesluchowski [Wed, 23 Jul 2014 14:45:08 +0000 (16:45 +0200)]
Raise security-server version

Change-Id: I604ccaf632bd326d1f0fc91f7fba5cf04dfe6acb

10 years agoFix minor errors in code. 37/24437/2
Bartlomiej Grzelewski [Wed, 9 Jul 2014 12:59:56 +0000 (14:59 +0200)]
Fix minor errors in code.

* m_maxDesc was used without initialization.
* client-common module passed wrong value to poll if
  connect returns EINPROGRESS (was POLLIN, should be  POLLOUT)

Change-Id: I814a2b3779cd3fbb5a9d5db1a34f4f644c82fa94

10 years agoFixed directories creating error in password module 76/23476/1
Pawel Polawski [Thu, 26 Jun 2014 07:25:56 +0000 (09:25 +0200)]
Fixed directories creating error in password module

Change-Id: Ibf6430fcb857abfb6ae9086094cf8408a8d2e34a

10 years agoUpgrade version number in spec 24/22824/3 accepted/tizen/common/20140724.164902 submit/rv/20140618.160634 submit/tizen/20140618.160954
Jan Cybulski [Wed, 11 Jun 2014 12:37:37 +0000 (14:37 +0200)]
Upgrade version number in spec

Change-Id: Id59e14e13d5bd5db35818a85095423e6a1a249b4
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoRevert "Added security-manager API" 23/22823/3
Jan Cybulski [Wed, 11 Jun 2014 12:29:14 +0000 (14:29 +0200)]
Revert "Added security-manager API"

This revert is due to moving security-manager to separate repository
This reverts commit 0e304eda6b2f62dc0444fa3f813fc89e7593c237.

Change-Id: I2f7bc0b9b0ad7ca154b02c6fc8f685ef3417be9c
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoRevert "Implement installer service" 22/22822/3
Jan Cybulski [Wed, 11 Jun 2014 12:25:07 +0000 (14:25 +0200)]
Revert "Implement installer service"

This revert is due to moving security-manager to separate repository
This reverts commit b8b7da06d5d45305493bd094c252671e4154a3b4.

Change-Id: I0a0062fea697ab93b6d55f21afe1ea8129b2f366
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoRevert "Fix security manager socket path." 21/22821/3
Jan Cybulski [Wed, 11 Jun 2014 12:20:46 +0000 (14:20 +0200)]
Revert "Fix security manager socket path."

This revert is due to moving security-manager to separate repository
This reverts commit dec63b007bbb1ce9f74b938d86a012c4a56970da.

Change-Id: Ie5a25e935d73bc78d17cb8306d983b777e0cc1dd
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoRevert "security manager: add generateAppLabel" 20/22820/3
Jan Cybulski [Wed, 11 Jun 2014 12:20:19 +0000 (14:20 +0200)]
Revert "security manager: add generateAppLabel"

This revert is due to moving security-manager to separate repository
This reverts commit 9843fa406cdd374633e2ef59fadae4aab2555986.

Change-Id: I195f03d5096f5a11b9354ff403b0fae0841b577c
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoRevert "Installation/uninstallation of package-specific smack rules" 19/22819/3
Jan Cybulski [Wed, 11 Jun 2014 12:20:05 +0000 (14:20 +0200)]
Revert "Installation/uninstallation of package-specific smack rules"

This revert is due to moving security-manager to separate repository
This reverts commit ed1e558fb166d8019512b6c02e899d1a1544e756.

Change-Id: Id498da105404cc73098443a8b5b7731a209f940f
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoRevert "security manager: function for labeling dirs" 18/22818/3
Jan Cybulski [Wed, 11 Jun 2014 12:19:55 +0000 (14:19 +0200)]
Revert "security manager: function for labeling dirs"

This revert is due to moving security-manager to separate repository
This reverts commit af33bcce7f9788be9545175dd41340e10b376dbd.

Change-Id: If52936a90d8881618b11dde7decc7fc9efdf2347
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoRevert "Add smackfs check to Installer service." 17/22817/3
Jan Cybulski [Wed, 11 Jun 2014 12:19:40 +0000 (14:19 +0200)]
Revert "Add smackfs check to Installer service."

This revert is due to moving security-manager to separate repitory
This reverts commit 9d7d2f242d036ed8f07e4afa108709524b1af409.

Change-Id: I40281c8094b58561eef05e3f5941ae74b380fb55
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoRevert "Fix memory leak and add EINTR error handling." 56/23156/2
Marcin Niesluchowski [Wed, 18 Jun 2014 12:44:24 +0000 (14:44 +0200)]
Revert "Fix memory leak and add EINTR error handling."

This revert is due to moving security-manager to separate repository
This reverts commit 2c9421804005c397d53911199b1817204261ed33.

Change-Id: Ia99d6f501291c5ccf6707fa14281366cc8bd2df3

10 years agoFix memory leak and add EINTR error handling. 60/22760/5
Marcin Lis [Wed, 11 Jun 2014 08:39:54 +0000 (10:39 +0200)]
Fix memory leak and add EINTR error handling.

One memory leak was missed in the Installer service.
Introduce retries on EINTR error while trying to open a file.
Also add close() error handling.

Change-Id: I946ba0b7effbe8a2fd429a86d5d7b387be076546
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agoAdd smackfs check to Installer service. 69/22669/2
Marcin Lis [Mon, 9 Jun 2014 15:55:09 +0000 (17:55 +0200)]
Add smackfs check to Installer service.

The app installation was failing under the non-smack environment.
One additional check for the existence of the smack is now added to
prevent the Installer from applying smack rules to the kernel, when
there is no smack security enabled.

The same kind of check is also added to uninstall-app functionality.

Change-Id: I9ed29e7d60e34639173317ac83c1f5314100d6e4
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agosecurity manager: function for labeling dirs 83/21483/22
Jan Cybulski [Fri, 23 May 2014 05:39:36 +0000 (07:39 +0200)]
security manager: function for labeling dirs

Security manager used libprivilege-control's perm_app_setup_path.
This commit removes this dependency by reimplementing the code
that labels directories as internal function of installer service
in security-manager.

Change-Id: I57738ef310afddda235fe2bb45d95ee54d2ed587
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoInstallation/uninstallation of package-specific smack rules 30/21830/5
Jacek Bukarewicz [Tue, 27 May 2014 12:46:06 +0000 (14:46 +0200)]
Installation/uninstallation of package-specific smack rules

On installation rules are generated from predefined template, applied
to the kernel and saved to disk so they are loaded on system boot.
On uninstallation package-specific rules are revoked from kernel and
removed from disk.

Change-Id: Ib3ce4ecf909c4fe3c6bc1f5a77e24737b7acf918

10 years agosecurity manager: add generateAppLabel 66/21566/6
Jan Cybulski [Fri, 23 May 2014 05:41:34 +0000 (07:41 +0200)]
security manager: add generateAppLabel

The similar function was declared as part of libprivilege-control
Now as security manager is going to drop dependency
on privilege-control, there is a need of implementing
this function as part of security-manager.

Change-Id: Ieb06e278fb7938a0a34e7592b5be7efa33af9b2d
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoFix security manager socket path. 68/21468/2 tizen_3.0.m14.2_ivi accepted/tizen/common/20140521.233615 submit/tizen/20140521.102910 submit/tizen_ivi/20140618.000000 submit/tizen_ivi/20140618.000001 submit/tizen_ivi/20140619.000000 submit/tizen_ivi/20140622.000000 submit/tizen_ivi/20140623.000000 submit/tizen_ivi/20140624.064036 submit/tizen_ivi/20140626.125712 submit/tizen_ivi/20140626.130032 submit/tizen_ivi/20140626.144348 tizen_3.0.m14.2_ivi_release
Adam Malinowski [Wed, 21 May 2014 08:10:40 +0000 (10:10 +0200)]
Fix security manager socket path.

Path of socket for installer has been changed incorrectly
during mooving sockets from /tmp to /run

Verification:
-> flash target with new image
-> install security-server
-> install security-tests
-> security-tests.sh security-manager --output=text
   (test should pass)

Change-Id: I501206d09c5830892f856acb1807cd18c176e141
Signed-off-by: Adam Malinowski <a.malinowsk2@partner.samsung.com>
10 years agoMerge changes I3f480808,Ie3102c86 into tizen
Zbigniew Jasinski [Fri, 16 May 2014 11:15:50 +0000 (04:15 -0700)]
Merge changes I3f480808,Ie3102c86 into tizen

* changes:
  Change socket paths from /tmp... to /run...
  Fixed name mismatch in systemd socket

10 years agoChange socket paths from /tmp... to /run... 65/21165/1
Lukasz Wojciechowski [Thu, 15 May 2014 14:30:35 +0000 (16:30 +0200)]
Change socket paths from /tmp... to /run...

[Cause]        Sockets should not be created in /tmp folder
[Solution]     Change systemd socket description
               and protocol defines

[Verification] Build and install Security Server.
               Check if sockets created by systemd are placed in:
               /run/security-server and /run/security-manager

Change-Id: I3f480808d2d3f1bd78b8713d795602da7ccc7dfb
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
10 years agoFixed name mismatch in systemd socket 05/21005/2
Pawel Polawski [Wed, 14 May 2014 11:27:19 +0000 (13:27 +0200)]
Fixed name mismatch in systemd socket

Change-Id: Ie3102c8665601a3fe3ddd5d5562bbcaa0e496f63
Signed-off-by: Pawel Polawski <p.polawski@samsung.com>
10 years agoAdjust security_server_app_has_privilege to Tizen 3.0 model. 28/20528/7
Lukasz Wojciechowski [Thu, 8 May 2014 19:41:49 +0000 (21:41 +0200)]
Adjust security_server_app_has_privilege to Tizen 3.0 model.

[Cause]    security_server_app_has_privilege function
           uses perm_app_has_permission.
           https://review.tizen.org/gerrit/#/c/20519/
           redefined application identifier to smack label.
[Solution] change from app_id to app_label

[Verification] compile and install security-server

Change-Id: If7f3d1b72b26117b2680ce34dd6bd980a4859949
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
10 years agoBring back part of app-permissions service 27/20527/5
Lukasz Wojciechowski [Thu, 8 May 2014 19:23:43 +0000 (21:23 +0200)]
Bring back part of app-permissions service

[Cause]    security_server_app_has_permission function
           is needed for temporary cynara (bootstrap) version
[Solution] roll back part of commit
           ed1815535d0383bc343bb92062fe934b44f4e53d

[Verification] compile and install security-server

Change-Id: I3a51ee09a554a5561d559f0a30dc25f9b74e2d76
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
10 years agoUpgrade version number in spec. 63/20863/1
Marcin Niesluchowski [Tue, 13 May 2014 09:04:31 +0000 (11:04 +0200)]
Upgrade version number in spec.

Old version number causes dependency errors for new security-manager
package.

Verification:
-> Build and install libsecurity-manager-client-* rpms.

Change-Id: I68e3d23f954ab1535351a76856ce5a0a14f49453

10 years agoImplement installer service 41/20441/4
Michal Witanowski [Tue, 4 Mar 2014 08:40:00 +0000 (09:40 +0100)]
Implement installer service

[Bug/Feature]  Create new Security Server's service interfacing
               with libprivilege-control API.
[Cause]        N/A
[Solution]     Create PrivilegeControlSevice and implement protocol
               supporting libprivilege-control's API used by
               installers.
[Verification] Build and install Security Server.

Change-Id: I95a0e9a7cb69952e8f3b71665fcd7d9867939759
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>
10 years agoAdded security-manager API 93/20393/4
Pawel Polawski [Fri, 2 May 2014 15:15:49 +0000 (17:15 +0200)]
Added security-manager API

Added new header containing set of new API functions and generation
new rpm packages with security-manager-library

Change-Id: I2c01f5f911bbc32ead7082d427762d72bf55b35c
Signed-off-by: Pawel Polawski <p.polawski@samsung.com>
10 years agoRemove dead code 10/19610/1 sandbox/ppolawski/cynara_devel
Zofia Abramowska [Tue, 15 Apr 2014 13:36:49 +0000 (15:36 +0200)]
Remove dead code

Remove unnecessary check on memcpy return and thus unused
memory exception type.

Change-Id: I95c47cb36cc178b4219bbfa337aa21991cfc0b67

10 years agoSignalling attempt to access a non-existent service 11/18911/6
Radoslaw Bartosiak [Wed, 2 Apr 2014 16:28:20 +0000 (18:28 +0200)]
Signalling attempt to access a non-existent service

[Bug]       Connect function does not notify on nonexisting service
[Cause]     N/A
[Solution]  New return code SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE is used
[Problem]   N/A

[Verification] build, run security-server tests

Change-Id: I1fcf9bf7ba46d02cb43585e3de6095829685d9e9
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
10 years agoFix build break introduced by previous commit. 64/19264/1
Bartlomiej Grzelewski [Wed, 9 Apr 2014 13:16:14 +0000 (15:16 +0200)]
Fix build break introduced by previous commit.

[Bug]      Last commit left unused parameters in api without marked them
           as unused.
[Cause]    N/A
[Solution] Add all unused parameteres with __attribute__((unused))

[Verificaiton] N/A

Change-Id: I1c035ae968367be778c8ba725e9000d07df078c2

10 years agoComment out Security-server API checking privileges of process 43/19243/2
jooseong.lee [Wed, 9 Apr 2014 08:01:35 +0000 (17:01 +0900)]
Comment out Security-server API checking privileges of process

Below Security-server APIs can be return 'access deny" by 3-domain smack policy.
And it makes bootting and running issue.
So we should comment out them temporarily untill implement of Cynara.
- security_server_check_privilege_by_sockfd
- security_server_check_privilege_by_pid
- security_server_check_privilege_by_cookie

visit below site:
https://wiki.tizen.org/wiki/Security:Cynara

Change-Id: Idcf379a1cd6ee38c80d21b952cdf52b067813603
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
10 years agoMerge "Fix build configuration for build_type=DEBUG [PROFILING]" into tizen accepted/tizen_ivi_panda tizen_ivi_panda accepted/tizen/ivi/panda/20140403.014953 submit/tizen_ivi_panda/20140403.011904
Bartlomiej Grzelewski [Mon, 31 Mar 2014 13:45:47 +0000 (06:45 -0700)]
Merge "Fix build configuration for build_type=DEBUG [PROFILING]" into tizen

10 years agoRemove unnecessary include dependency of privilege-control.h 86/18586/2 accepted/tizen_generic accepted/tizen/generic/20140331.081832 accepted/tizen/ivi/20140410.190738 accepted/tizen/ivi/panda/20140329.033145 submit/tizen/20140328.213722
Radoslaw Bartosiak [Wed, 26 Mar 2014 15:57:58 +0000 (16:57 +0100)]
Remove unnecessary include dependency of privilege-control.h

[Issue#]    N/A
[Bug]       N/A
[Cause]     N/A
[Solution]  Remove the include from security-server.h
[Problem]   N/A

[Verification] build

Change-Id: I25f568c142b9f0959eccc1c71f32fc9e2f1da7c2
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
10 years agoFix build configuration for build_type=DEBUG [PROFILING] 88/18588/2
Radoslaw Bartosiak [Wed, 26 Mar 2014 16:59:50 +0000 (17:59 +0100)]
Fix build configuration for build_type=DEBUG [PROFILING]

[Issue#]    N/A
[Bug]       GBS build with  --define "build_type DEBUG" failed
[Cause]     N/A
[Solution]  Disable the FORTIFY_SOURCE compiler option
[Problem]   N/A

[Verification] build

Change-Id: I1a0c557a2986792514f3fec48d861bdeb97c1aba
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
10 years agofix build in x86_64 11/17911/1 accepted/tizen/generic/20140319.144216 accepted/tizen/ivi/20140322.235626 accepted/tizen/ivi/panda/20140321.020536 submit/tizen/20140319.142020
Stephane Desneux [Wed, 12 Mar 2014 09:32:23 +0000 (10:32 +0100)]
fix build in x86_64

Change-Id: I294e913ab5f2d481e9c7187ec5885b92a7eb8424
Signed-off-by: Stephane Desneux <stephane.desneux@open.eurogiciel.org>
10 years agoRemove services open-for and app-permissions. sandbox/ade/samsung_devel accepted/tizen/generic/20140307.163312 accepted/tizen/ivi/20140307.201029 accepted/tizen/mobile/20140310.030259 submit/tizen/20140307.131547
Bartlomiej Grzelewski [Wed, 5 Mar 2014 16:03:36 +0000 (17:03 +0100)]
Remove services open-for and app-permissions.

[Issue#]   N/A
[Bug]      N/A
[Cause]    This services were not used on tizen.org
[Solution] N/A

[Verification] N/A

Change-Id: Iae627af04af789fd3219ce85c3e5131f112dbb08

10 years agoAdd missing descriptions in security-server.h
Bartlomiej Grzelewski [Tue, 4 Mar 2014 16:14:37 +0000 (17:14 +0100)]
Add missing descriptions in security-server.h

[Issue#]   N/A
[Bug]      N/A
[Cause]    N/A
[Solution] N/A
[Problem]  N/A

[Verification] N/A

Change-Id: Iecdf65af3cbdf17a5128cd2e94738d9f00127493

10 years agoFix error code return by shared memory service.
Bartlomiej Grzelewski [Tue, 4 Mar 2014 16:05:06 +0000 (17:05 +0100)]
Fix error code return by shared memory service.

[Issue#]   N/A
[Bug]      Security-server returns SECURITY_SERVER_API_BAD_REQUEST
           instead of SECURITY_SERVER_API_ERROR_GETTING_SOCKET_LABEL_FAILED
[Cause]    N/A
[Solution] Fix in code.

[Verification] Build, run security-server tests.

Change-Id: I39db4da7cf8ccb81f6dceb958bc090b618f0d52e

10 years agoRemove fsync in audit-smack-log
Marek Smolinski [Fri, 14 Feb 2014 07:11:11 +0000 (08:11 +0100)]
Remove fsync in audit-smack-log

Synchronization kernel buffer by a fsync call is unnecessary

[Issue#]   N/A
[Bug]      N/A
[Cause]    N/A
[Verfication] Build

Change-Id: Ife04d92f108adc4a29facebd710d0ced1521702c

10 years agoCorrect security_server_reset_pwd description in header.
Lukasz Kostyra [Thu, 13 Feb 2014 12:35:11 +0000 (13:35 +0100)]
Correct security_server_reset_pwd description in header.

[Issue#]        PSDAC-106
[Bug]           security_server_reset_pwd performed no checks connected with new password. Header
                didn't include this information in security_server_reset_pwd description.
[Cause]         N/A
[Solution]      Correct information included in security-server.h header.
[Verification]  N/A

Change-Id: I38e8b565121a8b5f3d087fbe0425042a59f73ae0

10 years agoAdded checking for binary path in case of reused cookie
Pawel Polawski [Mon, 10 Feb 2014 10:12:07 +0000 (11:12 +0100)]
Added checking for binary path in case of reused cookie

[Issue#]        N/A
[Bug/Feature]   Protection aganist reuse cookie
[Cause]         Possible use cookie of other process
[Solution]      Added process path checking
[Verification]  Compile, run tests

Change-Id: I0b34eab693026c5e63f269dfc912890a5e5c5dd8

10 years agoDocumentation comments correction.
Lukasz Wojciechowski [Fri, 7 Feb 2014 14:28:17 +0000 (15:28 +0100)]
Documentation comments correction.

[Issue#]    N/A
[Bug]       N/A
[Cause]     N/A
[Problem]   N/A
[Solution]  N/A

[Verifcation] Build, generate documentation.

Change-Id: I8b6c19b6b2fd2b854cc29d2072101dee5a65b5a8

10 years agoData-share service test wrong value returned from smack_new_label_from_socket.
Zbigniew Jasinski [Mon, 17 Feb 2014 12:42:11 +0000 (13:42 +0100)]
Data-share service test wrong value returned from smack_new_label_from_socket.

[Issue#]    PSDAC-46
[Bug]       Failing tests:
            * tc01a_security_server_app_give_access
            * tc07_check_API_data_share_allow
[Cause]     Wrong check of return value.
[Solution]  Check proper return value from smack_new_label_from_socket

[Verifcation] Build, run tests.

10 years agoPrepare release for tizen.org
Bartlomiej Grzelewski [Thu, 23 Jan 2014 17:03:27 +0000 (18:03 +0100)]
Prepare release for tizen.org

Changes:
 * Reset manifest.
 * Security policy for security-server sockets has been removed.
 * Minor fixes required by g++ 4.8.
 * Removed unused code.
 * Version update.
 * Fix conflicts in manifest file.

[Issue#]   SSDWSSP-816
[Bug]      N/A
[Cause]    N/A
[Solution] N/A

[Verification] N/A

Change-Id: I39e55c0355f561465b8f3ae777e6bcd46097ec86

10 years agoFix implementation and rename FstreamHelper to FstreamAccessros.
Bartlomiej Grzelewski [Wed, 12 Feb 2014 14:19:50 +0000 (15:19 +0100)]
Fix implementation and rename FstreamHelper to FstreamAccessros.

[Issue#]    N/A
[Bug]       FstreamHelper always inherited from fstream::__filebuf but it gets
            as param ofstream and should inherits from
            ofstream::__filebuf.
[Cause]     Name FstreamHelper was miningless.
[Solution]  N/A

[Verfication] Build, run tests.

Change-Id: I2a884860032d84f7cac05084dab4d3e3a2a5bbe9

10 years agoAdd FstreamHelper class to get FD from fstream objects
Marek Smolinski [Tue, 4 Feb 2014 14:07:32 +0000 (15:07 +0100)]
Add FstreamHelper class to get FD from fstream objects

Rewrite the way of fsync calls, and add fsync in SmackAuditLog

    [Issue#]   N/A
    [Bug]      N/A
    [Cause]    N/A

[Verfication] Build, test fsync(DPL::FstreamHelper::getFd) on local pc.

Change-Id: I835df13a3b6b988afda7bade35fb5020d46efacd

10 years agoRemove errors reported by Prevent.
Bartlomiej Grzelewski [Thu, 23 Jan 2014 09:47:57 +0000 (10:47 +0100)]
Remove errors reported by Prevent.

[Issue#]   N/A
[Bug]      Lack of break in switch.
[Cause]    N/A

[Verfication] Build, run tests.

Change-Id: I2c05d0256c2ed0c323d220796d55f176e342f5b7

10 years agoRemoved temporary systemd socket
Pawel Polawski [Tue, 17 Dec 2013 12:43:25 +0000 (13:43 +0100)]
Removed temporary systemd socket

[Issue#]        N/A
[Bug/Feature]   After enabled smack protection for security-server
                API temporary unprotected socket is no longer needed
[Cause]         Deprecated temporary socket used
[Solution]      Socket removed
[Verification]  Compiule, run tests

Change-Id: Ifef2aefc0b017b208f2d64a93f68d7ee95be6050

10 years agoClean up password service.
Bartlomiej Grzelewski [Fri, 6 Dec 2013 15:46:52 +0000 (16:46 +0100)]
Clean up password service.

* Remove PASSWORD_INFINITE_EXPIRATION_TIME from protocol* files.
* Add anonymous namespace in password-file.cpp
* Change PASSWORD_INFINITE_EXPIRATION_TIME value from -1 to max time_t.
* Remove cast between int/unsigned int/time_t in the code.

[Issue#]    N/A
[Bug]       N/A
[Cause]     N/A
[Problem]   N/A
[Solution]  N/A

[Verifcation] Build, run tests.

Change-Id: If41b690a7f4ac882281fc17bcdb79d20bfa9cb8d

10 years agoFix compilation under gcc 4.8
Piotr Bartosiewicz [Fri, 17 Jan 2014 12:27:17 +0000 (13:27 +0100)]
Fix compilation under gcc 4.8

[Issue#]        N/A
[Bug/Feature]   Security-server does not build under GCC 4.8
[Cause]         * monotonic_clock was renamed in gcc 4.7 to steady_clock
                * lack of header files
                * invalid use of lambda capture
[Solution]      N/A
[Verification]  Build, run tests

Change-Id: I0c9235131e082eb7d053f13be4ead9b1ff044f4a

10 years agoExtensions to security_server_open_for function.
Zbigniew Jasinski [Tue, 26 Nov 2013 14:05:38 +0000 (15:05 +0100)]
Extensions to security_server_open_for function.

Base function extended by new argument 'reader_label':

* int security_server_sharedfile_open(const char *filename, const char *reader_label, int *fd);

Introduced two new functions:

* int security_server_sharedfile_reopen(const char *filename, int *fd);
* int security_server_sharedfile_delete(const char *filename);

[Issue#]        SSDWSSP-398
[Bug/Feature]   New SS API functions.
[Cause]         *open_for* needed more security.
[Solution]      Added new functions.
[Verification]  Build and run new tests:
                security-server-tests-server --output=text --regexp='open_for'

Change-Id: I00dcf1c24c4a2186942b2dff4511e6667a6c5188

10 years agoReplaced std::unique_lock with std::lock_quard.
Marek Smolinski [Thu, 2 Jan 2014 07:38:11 +0000 (08:38 +0100)]
Replaced std::unique_lock with std::lock_quard.

[Issue#]        N/A
[Bug]           N/A
[Cause]         lock_quard is simpler and security-server does not used
                additional benefits from unique_lock.
[Solution]      N/A

[Verification]  Build, run ss tests

Change-Id: I91c626760c13b58e7909752252c86892815fadd7

10 years agoAdd missing header files.
Bartlomiej Grzelewski [Wed, 15 Jan 2014 14:50:43 +0000 (15:50 +0100)]
Add missing header files.

[Issue#]    N/A
[Problem]   Build break.
[Cause]     Lack of header file unistd.h (function unlink was
            undefined) in open-for-manager.cpp and password-file.cpp
            (function close was undefined).
[Solution]  Fix header list.

[Verification] Build.

Change-Id: If5b4d4f76677431162fded7f833fcaf915f65db9

10 years agoAdd security-server.target unit.
Bartlomiej Grzelewski [Mon, 16 Dec 2013 14:15:24 +0000 (15:15 +0100)]
Add security-server.target unit.

Service key-storage requires security-server but it should not use
security-server.socket in Requires field because it's part of private
implementation. This commit creates synchronization point
security-server.target that should be used by other services to add
requirement to security-server.

[Issue#]     N/A
[Bug/Cause]  N/A
[Problem]    key-storage is not able to start because new
             security-server does not create security-server.socket.
[Solution]   create synchronization point for key-storage

[Verification] Build, install, reboot device.

Change-Id: Id54e9187edf671eec047787bdeb27a8c2acca29e

10 years agoPassword file versioning, support for old versions
Piotr Bartosiewicz [Wed, 11 Dec 2013 14:26:10 +0000 (15:26 +0100)]
Password file versioning, support for old versions

[Issue#]        SSDWSSP-711
[Bug/Feature]   Security server crashes after update to version with a
                new password file format.
[Cause]         There was no backward compatibility support.
[Solution]      Introduce a new password file format with versioning and
                algorithm identifier associated with every password
                entry. Additionally security server can read all old
                password file formats, but can only save in the newest.
                Also incorrect file mask was fixed.
[Verification]  Build, install, run tests. Check migration from old
                password file formats to the new one (folder:
                /opt/data/security-server, old file name: password.pwd,
                new file name: password).

Change-Id: If25952ddc467172fc8032fb98a31e9413762882e

10 years agoSecure all critical sockets with smack label.
Bartlomiej Grzelewski [Thu, 12 Dec 2013 17:06:49 +0000 (18:06 +0100)]
Secure all critical sockets with smack label.

[Issue#]     721
[Bug]        Sockets were not secured.
[Cause]      We need to wait for platform developers to adopt.
[Solution]   All critical sockets were secured.

[Verification] Build, run tests.

Change-Id: Ide775b00427b4848718e16e0b60aec2c4368fc7d

10 years agoFix incorrect security server service description.
Lukasz Kostyra [Wed, 11 Dec 2013 06:20:29 +0000 (07:20 +0100)]
Fix incorrect security server service description.

[Issue#]        N/A
[Bug]           Service description had a spelling error - "Scoket" instead of "Socket".
[Cause]         N/A
[Solution]      Correct service description.
[Verification]  Build, install, reboot target. Call "journalctl | grep security". You should
                see informations with all sockets being started.

Change-Id: I3abb0d82f0d553dd00e594c26d9945665ff26930

10 years agoRemove retry timeout check
Lukasz Wojciechowski [Mon, 9 Dec 2013 15:36:16 +0000 (16:36 +0100)]
Remove retry timeout check

[Issue#]       SSDWSSP-709
[Feature/Bug]  Retry timeout check is not required
[Problem]      Rapid password check sequences should be possible.
[Cause]        Retry timeout check cause may cause unnecessary failure.
[Solution]     Remove retry timeout check.
[Verification] Succesfull build and run of tests:
               security-tests.sh ss-password --output=text
               --regexp=no_retry_timeout

Change-Id: I802e5e067792182fcf7a5833f608bfb63e84b468

10 years agoFix isPwdValid. Correct logs. Change history related function names.
Lukasz Kostyra [Thu, 5 Dec 2013 07:34:55 +0000 (08:34 +0100)]
Fix isPwdValid. Correct logs. Change history related function names.

[Issue#]        N/A
[Bug]           Wrong value returned by isPwdValid. Some logs showed up incorrectly as error.
                History related functions had misleading names.
[Cause]         Incorrect casting in isPwdValid.
[Solution]      Add condition correcting returned time by isPwdValid. Correct log types. Change
                historySize related functions to maxHistorySize.
[Verification]  Build, run tests. Test tc43 should pass, others should work as earlier. Commit with
                tc43 - http://slp-info.sec.samsung.net/gerrit/#/c/357776/

Change-Id: Ic9ce0423f2ec233f3c1d8703dba8ab92e998632d

10 years agoFix improper description in header
Zofia Abramowska [Thu, 28 Nov 2013 14:12:29 +0000 (15:12 +0100)]
Fix improper description in header

[Issue#] N/A
[Feature/Bug] N/A
[Cause] Header contained wrong information about rules needed for
using security_server_check_privilege_by_sockfd
[Solution] Fixed description in header.
[Verification] Build.

Change-Id: I4ce035086268eff6f0d9d46834fe297206788923

10 years agoAdd flag checking if password is set. Correct history behaviour
Lukasz Kostyra [Tue, 3 Dec 2013 14:49:11 +0000 (15:49 +0100)]
Add flag checking if password is set. Correct history behaviour

[Issue#]        N/A
[Bug]           N/A
[Cause]         N/A
[Solution]      N/A
[Verification]  Build, install, run tests. Should pass as they passed earlier.

Change-Id: I1ab45c23564e0592c8f5912c03a96dc4cb146ead

10 years agoIncrease attempt count before checking max attempts.
Lukasz Kostyra [Tue, 3 Dec 2013 12:53:58 +0000 (13:53 +0100)]
Increase attempt count before checking max attempts.

[Issue#]        N/A
[Bug]           N/A
[Cause]         N/A
[Solution]      N/A
[Verification]  Build, install, run tests. Tests which checked for correctly returned attempt count
                should return error due to incorrect attempt count. Others should pass.

Change-Id: I120e7339e3af591374ddad5207ab8c0c8894b973

10 years agoAdd new constants to password service. Change infinite expiration time.
Lukasz Kostyra [Mon, 2 Dec 2013 14:16:11 +0000 (15:16 +0100)]
Add new constants to password service. Change infinite expiration time.

[Issue#]        SSDWSSP-700
[Feature/Bug]   Add PASSWORD_INFINITE_EXPIRATION_TIME and PASSWORD_INFINITE_ATTEMPT_COUNT constant
                to password service. Change infinite expiration time.
[Cause]         Infinite expiration time and infinite attempt count were inputed directly to
                variables in multiple places. Other infinite expiration time
[Solution]      Constants were added for simplier switching between different infinite expiration
                times and infinite attempt  counts.
[Verification]  Build, install, run tests. All should pass, except tests that treated infinite
                expiration time as 0 value.

Change-Id: I49877154e97f57ac444dbc37924bb571f4fa3abe

10 years agoChange debug flag from TIZEN_ENGINEER_MODE to TIZEN_DEBUG_ENABLE
Zbigniew Jasinski [Fri, 29 Nov 2013 10:13:14 +0000 (11:13 +0100)]
Change debug flag from TIZEN_ENGINEER_MODE to TIZEN_DEBUG_ENABLE

Also changes in spec file reflecting flag change.

[Issue#]      SSDWSSP-697
[Feature/Bug] N/A
[Problem]     Many issues in user binaries.
[Cause]       N/A
[Solution]    Add debug not only for engineering packages.

[Verification] Build with debug flag, run tests.

Change-Id: I0de009b02813785fd540e555b8c6dd5de7d0cec5

10 years agoRemove deprecated code related to sockets.
Bartlomiej Grzelewski [Wed, 27 Nov 2013 11:39:43 +0000 (12:39 +0100)]
Remove deprecated code related to sockets.

Socket "exec-path" was deprecated and was not used.
Service "echo" was removed and definition in protocol.h is not required.

[Issue#]       N/A
[Bug/Solution] N/A
[Problem]      Security-server have got 1 additional socket open.
[Solution]     Remove deprecated code and systemd configuration.

[Verification] Build, run tests.

Change-Id: If1ce352b2ecfa5e9d14e5367d4e3b1b2f8f85d07

10 years agoChange label of security-server binary.
Bartlomiej Grzelewski [Tue, 26 Nov 2013 16:17:21 +0000 (17:17 +0100)]
Change label of security-server binary.

[Issue#]   N/A
[Bug]      N/A
[Cause]    N/A
[Solution] N/A

[Verification] Build, run tests.

Change-Id: I1280be4bd12f07d3b9752ada06e65362374eca83

10 years agoFix errors reported by prevent.
Bartlomiej Grzelewski [Thu, 28 Nov 2013 10:15:55 +0000 (11:15 +0100)]
Fix errors reported by prevent.

[Issue#]    N/A
[Bug/Cuase] Error code was not checked.
[Solution]  N/A

[Verification] Build, run tests.

Change-Id: I33c2f0b31416a0720d5dcccb7408b7c6efc569fc

10 years agoSeparate password_set and password_reset APIs on socket level.
Marcin Niesluchowski [Wed, 27 Nov 2013 15:41:52 +0000 (16:41 +0100)]
Separate password_set and password_reset APIs on socket level.

[Issue#]        SSDWSSP-691
[Bug/Feature]   N/A
[Cause]         Applications should have access only to those functions they
                need.
[Solution]      Moving password_reset to new socket with different label.
[Verification]  Build and install. Run security-server password tests.

Change-Id: I318e649314fd7410ccfa065124b7d6175cf6687e

10 years agoRemoved echo service leftovers
Krzysztof Jackiewicz [Wed, 27 Nov 2013 10:46:12 +0000 (11:46 +0100)]
Removed echo service leftovers

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Echo service has been removed but some leftovers are still present in
code
[Cause] N/A
[Solution] Removed

[Verification] Succesfull compilation

Change-Id: I26728971dd610f103dfcaaf7dcc47f9028ffc42d

10 years agoCorrect socket paths in protocols.cpp
Lukasz Kostyra [Tue, 26 Nov 2013 16:36:51 +0000 (17:36 +0100)]
Correct socket paths in protocols.cpp

[Issue#]        SSDWSSP-686
[Bug]           Constants which contained paths to password sockets had incorrect paths.
[Cause]         N/A
[Solution]      Correct socket paths.
[Verification]  Build, install, run tests. All should pass.

Change-Id: I410d50a8ac42517a74bfdeba1e6990bd7ce169d2

10 years agoChange exec-label from "none" to "security-server"
Bartlomiej Grzelewski [Tue, 26 Nov 2013 15:46:38 +0000 (16:46 +0100)]
Change exec-label from "none" to "security-server"

[Issue#]    N/A
[Bug]       N/A
[Cause]     N/A
[Solution]  N/A

[Verification] Build, run tests.

Change-Id: I50868c0d0a6a0eb56ab4ab9e16c59656a8a4d8b6

10 years agoUpdate systemd configuration.
Bartlomiej Grzelewski [Mon, 25 Nov 2013 17:15:44 +0000 (18:15 +0100)]
Update systemd configuration.

seucurity-server.socket is no logner used. All confituration connected
with this socket has been removed.

[Issue#]      N/A
[Bug/Problem] Unused socket was created by systemd.
[Solution]    Remove configuration.

[Verification] Build, run tests.

Change-Id: I4c7d588d6189cca129f7d4ac4b45b290dc1fbb8d

10 years agoElimination of floor (_) labeled executables and relative command paths
Radoslaw Bartosiak [Mon, 25 Nov 2013 19:29:41 +0000 (20:29 +0100)]
Elimination of floor (_) labeled executables and relative command paths

[Issue#]       SSDWSSP-684
[Bug/Feature]  A security vulnerability to attacks fixed.
[Cause]        1) Using an floor labaled exec, a malicious process can pollute the floor labelled resources.
               2) If a relative path is used a different, malicious command might be executed (PATH change)
[Solution]     The floor labaled executables and relative command paths were eliminated.
[Verification] 1) Build, install and run tests.
               2) Verify that no executables from the package has the floor label.
               3) Verify that there are no relative command paths in scripts installed by the package.

Change-Id: Ic5b948d38406c47bc424077779303636bcdc8969

10 years agoRemove API function security_server_get_object_name.
Bartlomiej Grzelewski [Mon, 25 Nov 2013 16:53:17 +0000 (17:53 +0100)]
Remove API function security_server_get_object_name.

This function provides same functionality as getgrgid and was not used
on the platform.

[Issue#]      N/A
[Bug/Problem] N/A
[Cause]       N/A
[Solution]    N/A

[Verification] Build platform.

Change-Id: Id7cc0acf83c7e9a7f2329eb475dc3f1fa8982899

10 years agoChange timeout in clinet from 1 secont to 2 seconds.
Bartlomiej Grzelewski [Tue, 19 Nov 2013 17:10:25 +0000 (18:10 +0100)]
Change timeout in clinet from 1 secont to 2 seconds.

[Issue#]      N/A
[Feature/Bug] N/A
[Problem]     N/A
[Cause]       N/A
[Solution]    N/A

[Verification] Build, run tests.

Change-Id: I6f82c20889d1a19a0f43ebf1bcf29c90151dc2f7

10 years agoRemove unused header file.
Bartlomiej Grzelewski [Mon, 25 Nov 2013 10:24:17 +0000 (11:24 +0100)]
Remove unused header file.

[Issue#]      N/A
[Bug/Problem] N/A
[Cause]       N/A
[Solution]    N/A

[Verification] N/A

Change-Id: I2e759f6ecdc7c49d5efc8e9a8d12712242f7a4ec

10 years agoMove init of SmackAuditLog to security-server.
Bartlomiej Grzelewski [Mon, 25 Nov 2013 10:24:46 +0000 (11:24 +0100)]
Move init of SmackAuditLog to security-server.

In old implementation SmackAuditLog was always added to provider list
and it cause problem inside security-server-client library because
process that loaded this library was not allowed to access smack log
files.

[Issue#]      N/A
[Problem/Bug] Lots of SMACK deny logs in audit files.
[Cause]       Unecessary initialization of SmackAuditLog inside client-library.
[Solution]    Remove SmackAuditLog from client.

[Verification] Build, run tests.

Change-Id: I08b5bcfe0a539d73f8c38b0fe234476b5c679631

10 years agoFlush files with security server passwords data
Jan Cybulski [Fri, 22 Nov 2013 17:14:24 +0000 (18:14 +0100)]
Flush files with security server passwords data

[Issue#]       SSDWSSP-683
[Bug/Feature]  Information about putting password attempts was not flushed.
[Solution]     Flush that information to file. Test shown, that only using
               fsynch gives proper result.
[Veryfication] Build, install, run tests.

Change-Id: I96ee50186253d3efd1c74f3e2821dbc4f845a056

10 years agoRemove all legacy code from security-server
Bartlomiej Grzelewski [Tue, 5 Nov 2013 12:36:20 +0000 (13:36 +0100)]
Remove all legacy code from security-server

[Issue#]   SSDWSSP-424
[Bug]      N/A
[Problem]  Old code was not immune for interupts and have many
           synchronization issues.
[Solution] N/A

[Verification] Build, run tests.

Conflicts:

src/communication/security-server-comm.c
src/include/security-server-comm.h
src/server/main/security-server-util.cpp

Change-Id: Ifc091f4dd8994b53c76f90898e5d39ec2c12547a

10 years agoAPI function try/catch decoration
Krzysztof Jackiewicz [Tue, 5 Nov 2013 14:12:52 +0000 (15:12 +0100)]
API function try/catch decoration

[Issue#] SSDWSSP-636
[Feature/Bug] N/A
[Problem] Lot of duplicated try/catch code in every API function
[Cause] N/A
[Solution] Use lambda expressions and a decorator function.

[Verification] Successfull compilation and passing security-server-tests-*

Conflicts:

src/server2/client/client-password.cpp
src/server2/client/client-socket-privilege.cpp
src/server2/client/client-common.cpp
src/server2/client/client-common.h

Change-Id: I0097d8e02e28b8f50d88f74bed900e5761e8b4a6

10 years agoRewrite security-server password service to security-server 2
Lukasz Kostyra [Tue, 24 Sep 2013 12:23:54 +0000 (14:23 +0200)]
Rewrite security-server password service to security-server 2

[Issue#]        SSDWSSP-366
[Feature]       New password service to security-server 2 API
[Cause]         N/A
[Solution]      N/A
[Verification]  Build, install, run security-server-tests-password --output=text. With commit that
                adapts tests to this framework ( http://slp-info.sec.samsung.net/gerrit/#/c/339854 )
                all tests should pass.

Conflicts:

packaging/security-server.spec
src/CMakeLists.txt
src/server2/client/client-common.h
src/server2/common/protocols.cpp
src/server2/common/protocols.h
src/server2/main/server2-main.cpp
src/server2/service/cookie.h
systemd/CMakeLists.txt
systemd/security-server.service
src/server/security-server-password.c

Change-Id: Id1534e2cac06b499580d0ba94ff117275f7c00e8

10 years agoService connection info refactoring
Krzysztof Jackiewicz [Thu, 21 Nov 2013 10:06:47 +0000 (11:06 +0100)]
Service connection info refactoring

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Services use similar connection info maps.
[Cause] N/A
[Solution] Commonly used types moved to common header. Service specific types
renamed and moved to class internals.

[Verification] Successfull compilation

Change-Id: I5296bbc7b23b2ed4183a11213398ca8cd85d3691

10 years agoNew Security Server security_server_open_for function.
Zbigniew Jasinski [Wed, 9 Oct 2013 09:56:51 +0000 (11:56 +0200)]
New Security Server security_server_open_for function.

This function allows to create, if doesn't exist, or open existing file by
Security Server on behalf of calling process in secured directory.

[Issue#]        SSDWSSP-398
[Bug/Feature]   New SS API function.
[Cause]         DataControl issues.
[Solution]      Proposal for DataControl issues.
[Verification]  Build and run new tests:
                security-server-tests-server --output=text --regexp='open_for'

Change-Id: I9eaa69d37c20a2eb8aa3f8ba9e3aa6ef6291bae7

10 years agoSecurity-server new API for privilege checking
Marcin Lis [Fri, 18 Oct 2013 16:13:43 +0000 (18:13 +0200)]
Security-server new API for privilege checking

[Issue#]       SSDWSSP-527
[Feature]      Introduce two new SS API functions.
[Cause]        New API will improve the performance while checking
               app privileges.
[Solution]     Two new functions in client API enable to check whether a given
               app or caller app has enabled permission specified by name.
               Modified service: app-permissions.
               Two new sockets added to systemd and affected service.
[Verification] Build, install & run tests.
               Verify together with new libprivilege database.

Change-Id: If8d4efd30bbf22f82cd1442256ccbe7efb68a8aa

10 years agoRemove unused service.
Bartlomiej Grzelewski [Thu, 14 Nov 2013 16:25:40 +0000 (17:25 +0100)]
Remove unused service.

[Issue#]    N/A
[Bug]       N/A
[Cause]     Code that was using exec serivice was removed.
[Problem]   Service exec path was not used.
[Solution]  Deprecated code has been removed.

[Verification] Build, run tests.

Change-Id: I33e5ba64486d4b631a8a92a8a1af65e1e2ca096b

10 years agoStore smack deny logs into files
Marek Smolinski [Thu, 31 Oct 2013 09:05:51 +0000 (10:05 +0100)]
Store smack deny logs into files

SS logs smack deny access into file in /var/log/audit/
Files are create sequential, if max file number in config is reach
it deleted oldest file and creates new one.

Configuration file security-server-audit.conf at
/etc/security/ containing number of files log and max size in bytes peer
file.

    [Issue#]        SSDWSSP-614
    [Bug/Feature]   SS creates log files on runtime and sequential
                    loging smack access
    [Cause]         N/A
    [Solution]      Add AuditSmackLog Class to manage log files
    [Verification]  Compile, run tests

Change-Id: I5d3e9c436bda6d545748da525cb3507488c47380

10 years agoSecurity-server documentation and manifest update
Pawel Polawski [Fri, 25 Oct 2013 09:33:52 +0000 (11:33 +0200)]
Security-server documentation and manifest update

[Issue#]        SSDWSSP-505
[Bug/Feature]   SS manifest update
[Cause]         SS manifest out of date
[Solution]      Manifest and header updated
[Verification]  Compile, run tests

Change-Id: Ic1358611a6d13d820407a672cc200b1074d8f536

10 years agoFixing some security-server cookie service functions to work on smack disabled.
Marcin Niesluchowski [Mon, 28 Oct 2013 07:08:49 +0000 (08:08 +0100)]
Fixing some security-server cookie service functions to work on smack disabled.

[Issue#]        SSDWSSP-603
[Bug/Feature]   Nosmack security-server client tests fail due to incorrect
                security-server implementation for smack disabled.
[Cause]         Security-server cookie service generates incorrect label for
                nosmack and privilegeByCookieRequest does not check for smack.
[Solution]      Changing label to empty string and adding smack_check().
[Verification]  Running nosmack security-server client tests. Test
                tc05_check_privilege_by_cookie_nosmack and
                tc_security_server_get_smacklabel_cookie_nosmack should pass.

Change-Id: Ibf1ea7976d9442c56f718f8e4ca11939391cc8cd

10 years agoRemove false alarm from prevent.
Bartlomiej Grzelewski [Mon, 28 Oct 2013 13:21:15 +0000 (14:21 +0100)]
Remove false alarm from prevent.

[Issue#]   N/A
[Bug]      N/A
[Cause]    Prevent reported that readlink may return value 4096 and
           instruction path[retval] = 0 will cause segmentation fault.
[Problem]  Prevent.

[Verification] Build, run tests.

Change-Id: I5eebb22f00bb43f30024b0da297a6ec2465d6454

10 years agoAdd suppor for sendmsg to security-server.
Bartlomiej Grzelewski [Mon, 21 Oct 2013 11:20:43 +0000 (13:20 +0200)]
Add suppor for sendmsg to security-server.

[Issue#]   SSDWSSP-598
[Problem]  OpenFor service must use sendmsg for communication.
[Cause]    OpenFor service must pass descriptor to client.
[Solution] Add support for sendmsg.

[Verification] Build, run tests.

Change-Id: I1650c6d98692985bf16b32134950b5c750c56a70

10 years agoRemove deprecated SS_SMACK logs.
Bartlomiej Grzelewski [Thu, 24 Oct 2013 12:51:34 +0000 (14:51 +0200)]
Remove deprecated SS_SMACK logs.

Each api privided by security-server uses separate socket. Each socket
is secured with diffrent smack label (for example socket:
security-server-api-data-share.sock is secured with label
security-server::api-data-share). In this way all deny logs connected
with smack were moved from dlog to dmesg. Also secure mechanism
connected with SMACK was removed from security-server code. Now,
secuirty-server is using SMACK check provided by linux kernel.

[Issue#]   N/A
[Bug]      N/A
[Cause]    N/A
[Problem]  N/A
[Solution] N/A

[Verification] Build, run tests.

Change-Id: Id9b6f05731e281a6187d3c5696a44f04a754041e

10 years agoSecurity-server was not restarded after update.
Bartlomiej Grzelewski [Thu, 17 Oct 2013 15:14:53 +0000 (17:14 +0200)]
Security-server was not restarded after update.

[Issue#]    N/A
[Bug]       New sockets were not activated after update.
[Cause]     N/A
[Problem]   Lots of tests fails after security server update.

[Verification] Build, run tests.

Change-Id: I225bac131d0f2fa24d23051528189672346793f2

10 years agoAdopt for gcc 4.8. Remove multiple static_cast from code.
Bartlomiej Grzelewski [Wed, 2 Oct 2013 13:57:23 +0000 (15:57 +0200)]
Adopt for gcc 4.8. Remove multiple static_cast from code.

[Issue#]   N/A
[Bug]      N/A
[Cause]    N/A
[Solution] N/A

[Verification] Build, run tests.

Change-Id: Ia8f73f4bf4c92a825325885f8c42a8ddfe391998

10 years agoFix synchronization problem during application closing
Piotr Bartosiewicz [Thu, 10 Oct 2013 12:11:45 +0000 (14:11 +0200)]
Fix synchronization problem during application closing

[Issue#]        N/A
[Bug]           Application may not close imediately in rare cases.
[Cause]         Synchronization issue.
[Solution]      Fixed synchronization issue.
[Verification]  Build secutiry server, run tests.

Change-Id: I70bf075c38c312731ec5fb360644068e056ae000

10 years agoRename methods read and readOne in each service
Piotr Bartosiewicz [Thu, 10 Oct 2013 08:16:32 +0000 (10:16 +0200)]
Rename methods read and readOne in each service

[Issue#]        SSDWSSP-577
[Feature]       Method read and readOne should be renames to process and
                processOne.
[Cause]         There is nothing to read in this methods.
[Solution]      Method was renames.
[Verification]  Build security server and run tests on target.

Change-Id: I1c67834e73f021402b1bfb45323ba5d5370a9f2f

10 years agoRemoved unused virtual method Event(ErrorEvent) from GenericSocketService and all...
Adam Malinowski [Fri, 20 Sep 2013 06:37:10 +0000 (08:37 +0200)]
Removed unused virtual method Event(ErrorEvent) from GenericSocketService and all it's implementations.
[Issue#] SSDWSSP-480 /3
[Feature] Method Event(ErrorEvent) should be removed.
[Cause] It is not used so it is not needed.
[Solution] Method was removed.
[Verification] Build security-server and run security server tests on target.

Change-Id: If933780083e2bc8c0e644427c1e8ad768e2b4c1a

10 years agoRenamed class SocketBuffer to MessageBuffer and all its usages.
Adam Malinowski [Thu, 19 Sep 2013 12:42:26 +0000 (14:42 +0200)]
Renamed class SocketBuffer to MessageBuffer and all its usages.
[Issue#] SSDWSSP-480 /1
[Feature] SocketBuffer class needed to be renamed to MessageBuffer.
[Cause] SocketBuffer is not right name for this class.
[Solution] Class was renamed.
[Verification] Build security-server and run security server tests on target.

Change-Id: I8fce6aef14308389e1148599e89b3e11939a36fd