Jan Olszak [Wed, 25 Sep 2013 16:38:46 +0000 (18:38 +0200)]
Deleting paths on revoking permissions.
[Issue#] SSDWSSP-183
[Bug/Feature] Some paths left in the database, but not present.
[Cause] N/A
[Solution] Deleteing app's paths on permission revoke
[Verification] Build, install, run tests.
Change-Id: I8afe30e8e8fb150c49b0d156e7b276359570b8c3
Jan Olszak [Mon, 23 Sep 2013 17:51:28 +0000 (19:51 +0200)]
Deleted volatile rules on boot and corrected permission format.
[Issue#] SSDWSSP-183
[Bug/Feature] Volatile rules were not deleted.
[Cause] N/A
[Solution] Deleteing volatile rules from the database.
[Verification] Build, install, run tests.
Change-Id: Ic5352c1d8f94a78e379b91325dbdbdd25f8428bf
Jan Olszak [Fri, 20 Sep 2013 09:40:10 +0000 (11:40 +0200)]
Modified boot script, added deleting volatile rules.
[Issue#] SSDWSSP-183
[Bug/Feature] Volatile rules were not deleted.
[Cause] N/A
[Solution] Deleteing volatile rules from the database.
[Verification] Build, install, run tests.
Change-Id: Ia7b2667177f5d95b838d8c891d02ecddfaa4a554
Jan Olszak [Tue, 17 Sep 2013 13:59:28 +0000 (15:59 +0200)]
Made marking labels as modified beautiful.
[Issue#] SSDWSSP-183
[Bug/Feature] Marking labels as modified.
[Cause] N/A
[Solution] Moved marking to SQL code and used USING on joins.
[Verification] Build, install, run tests.
Change-Id: I26dc6c6e5fcbccdf7c2a473b111224bba2cfa391
Jan Olszak [Tue, 17 Sep 2013 11:23:44 +0000 (13:23 +0200)]
Changed new API names.
[Issue#] SSDWSSP-183
[Bug/Feature] Renamed new API names.
[Cause] N/A
[Solution] Better api names: perm_begin, perm_end.
[Verification] Build
Change-Id: I3ccadb18292314a5a6f9d636d359a36014135633
Jan Olszak [Fri, 13 Sep 2013 14:43:50 +0000 (16:43 +0200)]
Loading api-features from a file.
[Issue#] SSDWSSP-183
[Bug/Feature] Loading permission from a file.
[Cause] N/A
[Solution] Added option to api_feature_loader.
[Verification] Build, install, use api_feature_loader --file=file_path
run sqlite3 /opt/dbspace/.rules-db.db3 'select * from permission_view;'
and confirm permission is loaded
Change-Id: I662ee3ee116b66f4730251be37ff85206c4276e8
Jan Olszak [Tue, 17 Sep 2013 08:33:20 +0000 (10:33 +0200)]
Revert "rollback because of rule database"
Conflicts:
packaging/libprivilege-control.changes
packaging/libprivilege-control.spec
rule_loader/smack-early-rules.service
rule_loader/smack-late-rules.service
Change-Id: I80d42cdb1ed442db40646b4d5eb8ec0bac1ec0a0
Kidong Kim [Thu, 10 Oct 2013 12:01:47 +0000 (21:01 +0900)]
add systemd options
Change-Id: I7f76391d9b2fe09eda237af057a2b6e1d40e76eb
Jan Cybulski [Tue, 1 Oct 2013 11:31:10 +0000 (13:31 +0200)]
Add README file
[Issue#] SSDWSSP-528
[Bug/Feature] Added README file.
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: I6742741f7947b8e6cd442ace81c71fe85ee8c62b
Marcin Lis [Fri, 20 Sep 2013 11:32:13 +0000 (13:32 +0200)]
Compilation flags 'verbose' mode
[Issue#] SSDWSSP-496
[Bug/Feature] N/A
[Cause] Potential bug - CMAKE_VERBOSE_MAKEFILE is not turned ON in
packaging spec file, so the default value is used.
[Solution] Turn ON the flag explicitly.
[Verification] Build, verify that compile flags passed to gcc are visible
using different build types (in gbs: --define "build_type ...").
Change-Id: Ib9fc0fa3872688d25462082c4915bb50c80c4143
Krzysztof Jackiewicz [Wed, 4 Sep 2013 15:44:47 +0000 (17:44 +0200)]
Unused function smack_get_access_new removed
[Issue#] N/A
[Feature/Bug] N/A
[Problem] smack_get_access_new is unused
[Cause] N/A
[Solution] Removed
[Verification] Successfull compilation
Change-Id: I3a87d3b55f70ee55b68973b2af71aa5524865bf9
Krzysztof Jackiewicz [Wed, 4 Sep 2013 15:51:03 +0000 (17:51 +0200)]
Libprivilege API cleanup
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Fixed array instead of pointer was used as an API function argument
[Cause] N/A
[Solution] Function modified. Unnecessary include removed
[Verification] Successfull compilation of libprivilege-control and security-tests
Change-Id: I333611c51e9f17152e1353d38516024212ce91e1
Lukasz Kostyra [Tue, 27 Aug 2013 13:56:48 +0000 (15:56 +0200)]
Add missing information about APP_PATH_ANY_LABEL in header
[Issue#] SSDWSSP-481
[Bug] Information about perm_app_setup_path in privilege-control.h didn't cover
APP_PATH_ANY_LABEL app_path_type.
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: I40d4292b880bc007dfa5ce3d78430b3e64940a9f
Bartlomiej Grzelewski [Thu, 1 Aug 2013 10:53:19 +0000 (12:53 +0200)]
Takes compilation profile from command line.
This command will start compilation with debug(-O0 -g -ggdb)
gbs lb -A armv7l --define "build_type DEBUG"
Default command will use RELEASE profile(-02 -g):
gbs lb -A armv7l
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Problem] N/A
[Solution] N/A
[Verification] Run tests.
Change-Id: I4bc6f0b0ee2c98919f47c7550c609d9bf5b396de
Janusz Kozerski [Wed, 21 Aug 2013 12:18:37 +0000 (14:18 +0200)]
Add for all anti viruses RWX access to all public-RO and group-RW shared folder
[Issue#] SSDWSSP-463
[Feature/Bug] Add for all anti viruses RWX access to all public-RO, group-RW, and setting-RW shared folders
[Problem] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests - all should pass. Install at least one application for every shared folder
(public RO, group RW, setting RW), next call an API function perm_app_setup_path for installation
of anti virus application, and check if anti virus have the RWX access to all shared folders.
Then install another three application (one for every type of shared folers), and check if anti virus
have an access to these new installed shared folders.
Change-Id: I41f9417e36edc2f4efe9a5a5c57c2b50c07e14f7
Marcin Lis [Fri, 16 Aug 2013 08:30:48 +0000 (10:30 +0200)]
Simple corrections in api-feature handling. +Fix
[Issue#] SSDWSSP-405
[Bug] Impossible to add Api-Feature with template label "~APP~"
and enable permissions granted by newly created feature
[Cause] Mistakes in app label parsing and adding permissions from Api-Feature
[Solution] Two simple corrections
Also template label macros are moved to common header
Also fix for ~APP~ label allowance has been added
[Verification] Build and run all tests
* sync with the following security-tests commit:
http://slp-info.sec.samsung.net/gerrit/#/c/267785/
Change-Id: Iebe39035ecb6a423cb19541f130bd25218f7ca1a
Krzysztof Jackiewicz [Wed, 21 Aug 2013 09:28:00 +0000 (11:28 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: I74187a8f548ee1ce8105837d2bf21c3b4dac126f
Krzysztof Jackiewicz [Wed, 21 Aug 2013 08:53:56 +0000 (10:53 +0200)]
Release version 0.0.42.TIZEN
* missing tag
Change-Id: I2dcfdb135d1c74e2b2be07b6a9e055818d91e47b
Rafal Krypa [Mon, 19 Aug 2013 12:42:53 +0000 (14:42 +0200)]
Release version 0.0.42.TIZEN
* Changed dlog logging buffer.
* Adapt code for new libsmack API
* Rewrite internal function app_uninstall_remove_early_rules()
* Create format strings for scanf statically.
* Add support for new access mode for setting locks ("l")
* Fix unwanted differences between SLP and RSA repositories.
* Add better debug logs to libprivilege-control
* Fill in missing changelog information for previous releases.
Change-Id: Ia7105acee863a342bd296405be4044f7954dfa0b
Rafal Krypa [Mon, 19 Aug 2013 12:06:43 +0000 (14:06 +0200)]
Fix unwanted differences between SLP and RSA repositories.
[Issue#] N/A
[Bug] Undesired differences in source code between SLP and RSA.
[Cause] Developers not careful while submitting changes to both repos.
[Solution] Enumerate and fix the differences.
[Verification] No functional changes has been made.
Change-Id: Ifec35b4ee5bdc2f3613de25cb49b0ebe876681bf
Lukasz Kostyra [Thu, 18 Jul 2013 07:33:14 +0000 (09:33 +0200)]
Add better debug logs to libprivilege-control
[Issue#] SSDWSSP-406
[Feature] Adds debug logs which log additional useful informations in libprivilege-control. Create additional defines for SECURE_SLOG*
logs to allow disabling specific types of SECURE logs.
[Cause] Many functions in libprivilege-control didn't log useful information - input parameters, files used or switch branches taken.
[Solution] Add macros which log such information. Additional defines wrapping SECURE_SLOG* log macros are now defined as SECURE_C_LOG*.
[Verification] Run libprivilege-control-test from security-tests package and check using dlogutil whether functions log their input
parameters, files used and switch branches taken. Make sure to enable definition DLOG_DEBUG_ENABLED in CMakeLists.txt
before building the package.
Change-Id: Ifec47d04b7a5aef806caab85fe3709e36aae8afe
Rafal Krypa [Fri, 26 Jul 2013 10:39:16 +0000 (12:39 +0200)]
Add support for new access mode for setting locks ("l")
[Issue#] SSDWSSP-372
[Feature] Properly work on system with new access mode enabled.
[Cause] Additional Smack access implemented in kernel.
[Solution] Extend appropriate arrays.
[Verification] Build, install, run tests.
Change-Id: I745ade7ae15aa231882e9d7cacfa35ed4fc2f29e
Rafal Krypa [Fri, 26 Jul 2013 10:36:08 +0000 (12:36 +0200)]
Create format strings for scanf statically.
[Issue#] SSDWSSP-372
[Feature] Remove unneeded memory allocations for scanf format strings.
[Cause] When reading Smack rules, fields length must be checked.
[Solution] Create format strings with legnth specifiers at build time.
[Verification] Build, install, run tests.
Change-Id: Ib0b20e3d46fe0d4af957f13a37627d14831283d2
Rafal Krypa [Wed, 24 Jul 2013 12:02:34 +0000 (14:02 +0200)]
Rewrite internal function app_uninstall_remove_early_rules()
[Issue#] SSDWSSP-372
[Bug] Old code prone to errors, with implementation problems.
[Cause] Fragile file parsing. Using temporary file. Unneeded semaphore, with wrong permissions.
[Solution] Write more robust function, copying the file in place.
[Verification] Run libprivilege-control-tests.
Change-Id: I12f89f1c1c0c4bc43ffbb69db84cfb88b98c821b
Jan Cybulski [Mon, 29 Jul 2013 11:06:32 +0000 (13:06 +0200)]
Adapt code for new libsmack API
[Issue#] SSDWSSP-433
[Feature] Change libsmack for compatibility with a newly changed smack API.
[Cause] Now libsmack functions: smack_new_label_from_self() and smack_new_label_from_socket(), in case of success, are returning value greater than 0.
[Solution] Change expected result.
[Verification] Run tests.
Change-Id: Idca56a593179f02d84df808bdc6c5ca01685e62d
Jan Olszak [Thu, 4 Jul 2013 12:22:02 +0000 (14:22 +0200)]
Changed dlog logging buffer.
[Issue#] dlog logged in a wrong buffer.
[Bug/Feature] Recent prevent bugs need fix.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run "dlogutil -c", run tests, run "dlogutil -b main PRIVILEGE_CONTROL" (no loggs), "dlogutil -b system PRIVILEGE_CONTROL" (loggs..)
Change-Id: Ief75512faddec867ad82c2e710b78b9f2be18659
Krzysztof Jackiewicz [Mon, 12 Aug 2013 08:39:31 +0000 (10:39 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: I5659d92a2f8b5ea3dff28b4405fb0bd0ac7e1176
Krzysztof Jackiewicz [Mon, 12 Aug 2013 08:38:13 +0000 (10:38 +0200)]
[Release] libprivilege-control_0.0.41.TIZEN
* Re-release (previous release did not succeed)
Change-Id: I6333a5fe1be06dcddf0fb88b73e2e7f50c074452
Krzysztof Jackiewicz [Thu, 8 Aug 2013 12:31:49 +0000 (14:31 +0200)]
[Release] libprivilege-control_0.0.40.TIZEN
* Smack app rule loading during boot
* API function naming changed
* Generic solution for adding shared dir rules
* Parameter checking
* Language errors fixed
* Deprecated code removed
* EFL app type added
Change-Id: I006ea9d637c51f6e01f71364543b5922ed6bb7f4
Jan Cybulski [Tue, 30 Jul 2013 07:18:00 +0000 (09:18 +0200)]
Add support for EFL apps
[Issue#] SSDWSSP-436
[Feature] Support for EFL apps.
[Cause] N/A
[Solution] Add new type of application in app_type_t.
[Verification] Build, run test,
Change-Id: I2823e60d498532dd5970a0c483ae09158e1ed612
Bartlomiej Grzelewski [Fri, 19 Jul 2013 14:34:24 +0000 (16:34 +0200)]
Remove deprected code.
Function app_give_access was implemented inside security-server.
[Issue#] N/A
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Successful build libprivilege-control and
security-server.
Change-Id: Idf64d087cb81561ff5d278d4b1fe6aaf723d8906
Zofia Abramowska [Wed, 24 Jul 2013 14:27:41 +0000 (16:27 +0200)]
Fixing language errors
[Issue#] SSDWSSP-431
[Bug/Feature] N/A
[Cause] Some grammar & spelling errors in comments and logs
[Solution] Fixed language
[Verification] Build.
Change-Id: I5137a3a6d5c30441c190b332ec9b9507cc52a5b0
Lukasz Kostyra [Tue, 16 Jul 2013 13:22:35 +0000 (15:22 +0200)]
Fix libprivilege-control not checking input parameters
[Issue#] SSDWSSP-376
[Bug] libprivilege-control crashed when called with wrong input parameters (like NULL, or empty string)
[Cause] Most of libprivilege-control APIs didn't check for correct input parameters
[Solution] libprivilege-control APIs which didn't check for correct input parameters were patched with such check
[Verification] Run libprivilege-control-test (from security-tests package), or input incorrect parameter to any API function
Change-Id: Iae4c49ddb6420b776491db8584368f7370c02ed2
Janusz Kozerski [Tue, 9 Jul 2013 11:42:09 +0000 (13:42 +0200)]
Add generic solution for adding rules to shared dirs (RO & RW)
[Issue#] SSDWSSP-391
[Feature/Bug] N/A
[Problem] N/A
[Cause] Hardcoded rules in source code.
[Solution] Add generic solution to generate rules for shared directories.
[Verification] Run libprivilege-control tests. All should pass. Check if rules from files PATH_RULES_GROUP_RW.smack and PATH_RULES_PUBLIC_RO.smack are added.
Change-Id: I8598bcd3265f47b10bc99c810fba581ab81adee4
Pawel Polawski [Mon, 15 Jul 2013 15:00:23 +0000 (17:00 +0200)]
Revert "Work around for rule loading to allow email-service and contacts-servce access to shared directory of everybody."
This reverts commit
b75c40940304b319c2ffa2a34365faa92f0c41b1.
Change-Id: I31771df2ce5ec4d9bf174deccc57dd9762e6e4d1
Jan Cybulski [Mon, 1 Jul 2013 09:27:49 +0000 (11:27 +0200)]
Change API function naming sheme
[Issue#] SSDWSSP-309
[Bug/Feature] Unification of API functions names
[Cause] N/A
[Solution] Adding prefix perm_ for API in libprivilege control.
Deprecating old APIs. Making wrappers for deprecated
functions with calls to the functions with new names.
[Verification] Build. Run libprivilege tests. All should pass.
Change-Id: I38f625cac25b7e06946a7514e5bda0cf42d8da77
Bumjin Im [Tue, 16 Jul 2013 07:41:37 +0000 (16:41 +0900)]
Adding Smack rule for obexd to allow to RX to all app's shared directory
Change-Id: I2ac460b6e59577291f5188708b6b2c5f99500c8b
Pawel Polawski [Fri, 12 Jul 2013 15:06:20 +0000 (17:06 +0200)]
Loading all smack-app rules during boot
[Issue#] SSDWSSP-407
[Bug/Feature] All smack-app rules should be loaded during boot
[Cause] Rules must be loaded without libprivilege database
[Solution] Rules are loaded from path
[Verification] All rules from smack-app dir should
be loaded after reboot automatic
Change-Id: I7229a3209630b26392c57cd4a21471ec354ddc5b
Krzysztof Jackiewicz [Mon, 15 Jul 2013 14:39:13 +0000 (16:39 +0200)]
Merge remote-tracking branch 'rsa/tizen_2.2' into rsa/master
Change-Id: I91f3d9a5a8ce99ec8a37f7180146e8de90d9733b
Bumjin Im [Sat, 13 Jul 2013 11:12:47 +0000 (20:12 +0900)]
Adding W rules to allow email-service move draft email to draft box
Change-Id: Icfa0c2b17c8ce248eb6bc3c9126922cb8eb1112d
Krzysztof Jackiewicz [Fri, 12 Jul 2013 20:04:38 +0000 (22:04 +0200)]
[Release] libprivilege-control_0.0.39.TIZEN
* Smack file concurrent write fixed
Change-Id: I6caf7671904a50f374c66c8e888b50d51c269860
Krzysztof Jackiewicz [Fri, 12 Jul 2013 19:23:19 +0000 (21:23 +0200)]
File locking added
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Two processes may write to smack file at the same time
[Cause] No proper file locking
[Solution] File locking added. Self rules for av and appsetting skipped
[Verification] Tests should pass. Run test_install.sh. Reported number of rules should not change.
Change-Id: I6dc20de7ae518889156a90d3d9c79714b37c2096
Bumjin Im [Fri, 12 Jul 2013 08:41:11 +0000 (17:41 +0900)]
Work around for rule loading to allow email-service and contacts-servce access to shared directory of everybody.
Change-Id: I272a8b29058a736131046e0b3be2a6103e0f62e0
Krzysztof Jackiewicz [Tue, 9 Jul 2013 16:49:50 +0000 (18:49 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: I0db5006222b90dbd52420f6e10985f9918fbd11c
Krzysztof Jackiewicz [Tue, 9 Jul 2013 16:49:02 +0000 (18:49 +0200)]
[Release] libprivilege-control_0.0.38.TIZEN
* Fixed segfault in set_app_privilege
* Prevent bugfixes
Change-Id: I96e4d1556eb684dc3827ef44c1a6decfe9d1a1c8
Zbigniew Jasinski [Tue, 9 Jul 2013 10:01:28 +0000 (12:01 +0200)]
Fixing segfault in libprivilege-control
[Issue#] SSDWSSP-371
[Bug/Feature] segfault in libprivilege-control
[Cause] In set_app_privilege() one should be able to get smack context
from path even if there's no SMACK on the device.
[Solution] Added function params checking.
[Verification] Running libprivilege-control-test.
Change-Id: Id9db1f59aa2c95eab8781747ef6a00bbc6400cc2
Marcin Niesluchowski [Tue, 2 Jul 2013 11:55:11 +0000 (13:55 +0200)]
Fixing prevent defects in libprivilege-control:
* 63125; Minor; Unchecked return value; In function app_uninstall_remove_early_rules
in src/privilege-control.c (defect changed to false positive)
* 63145; Critical; Dereference after null check; In function main
in rule_loader/rule_loader.c
* 63146; Critical; Dereference after null check; In function
app_uninstall_remove_early_rules in src/privilege-control.c
[Issue#] N/A
[Bug/Feature] There are 3 prevent issues to solve.
[Cause] N/A
[Solution] N/A
[Verification] Running libprivilege tests. All should pass.
Change-Id: I5298a40ebef24286fec1149b48cac33e32753c00
Krzysztof Jackiewicz [Tue, 9 Jul 2013 08:47:35 +0000 (10:47 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: I70b290feb641bd95f68a8ee93908c2b7ed90ac46
Krzysztof Jackiewicz [Tue, 9 Jul 2013 08:46:56 +0000 (10:46 +0200)]
[Release] libprivilege-control_0.0.37.TIZEN
* Add contact-service and email-service rule to read shared dirs.
Change-Id: Ifcb064a53eda772a20df5fba52fda86ea62c3a9d
Tomasz Swierczek [Tue, 9 Jul 2013 08:43:25 +0000 (08:43 +0000)]
Merge "Add contact-service and email-service rule to read shared dirs."
Krzysztof Jackiewicz [Tue, 9 Jul 2013 08:13:51 +0000 (10:13 +0200)]
Merge remote-tracking branch 'rsa/tizen_2.2' into rsa/master
Change-Id: Idce316ac3ccae3457d3b50b7403d5a685bf75fec
Janusz Kozerski [Tue, 9 Jul 2013 08:13:32 +0000 (10:13 +0200)]
Add contact-service and email-service rule to read shared dirs.
[Issue#] N/A
[Bug/Feature] Add contact-service and email-service rule to read shared dirs.
[Cause] N/A
[Solution] N/A
[Verification] Build, run tests, check if "contats-service ~SHARED_DIR~ rx" and
"email-service ~SHARED_DIR~ rx" rules are pressent in system.
Change-Id: I0a54ac67a15e9dd5e6509eecd5bdffbc008379ce
Krzysztof Jackiewicz [Mon, 8 Jul 2013 14:33:33 +0000 (16:33 +0200)]
[Release] libprivilege-control_0.0.36.TIZEN
* Boot-time rule loading optimization
Change-Id: Iee85854ff3f6fa68ec244e24b73e398749eb0763
Zofia Abramowska [Fri, 21 Jun 2013 09:38:32 +0000 (11:38 +0200)]
Adding script for early rules loading
[Issue#] SSDWSSP-216
[Feature] Adding script and binary for early rules loading (for
applications needed by livebox)
[Cause] Some applications need to be properly loaded with
livebox
[Solution] Added script and binary which loades rules from early
rules directory
[Verification] this commit depends on
http://slp-info.sec.samsung.net/gerrit/#/c/224189/
when it will be merged livebox should start properly on target
Change-Id: I6ae711d10d90a9f8537b7c514db9cbbaa7bb49db
Janusz Kozerski [Wed, 12 Jun 2013 10:40:52 +0000 (12:40 +0200)]
Early rule loading - livebox issue.
[Issue#] SSDWSSP-298
[Bug/Feature] Livebox issue fix.
[Cause] Missing rules while showing homescreen.
[Solution] Add early-rules loading.
[Verification] Compile. Install at least 2 widgets,
then check if /opt/etc/smack-app-early/accesses.d/WRT file contains
a "livebox.web-provider ~APP~ rwx" rule for every app.
Then uninstall one app and check if rule for this app is gone.
Others rules should remain untouched.
Change-Id: Ie94713620038ebbdcab4e2d41fc01550a6a78fdb
Pawel Polawski [Mon, 3 Jun 2013 12:22:23 +0000 (14:22 +0200)]
Implementation of background rule loading
[Issue#] SSDWSSP-298
[Bug/Feature] Loading SMACK rules in background during device start
[Cause] Loading rules during boot take to much time
[Solution] Rukles loaded for all apps after boot
[Verification] Compile. After homescreen shows up rules should load
automaticly
Change-Id: Ie84aad8e35761a22d1197e994d3eb89ec31587d4
Kidong Kim [Fri, 5 Jul 2013 08:51:47 +0000 (17:51 +0900)]
execute pkg_smack at first boot(temporary)
Tomasz Swierczek [Fri, 5 Jul 2013 08:07:58 +0000 (10:07 +0200)]
[Release] libprivilege-control_0.0.35.TIZEN
* Fix for setting dac
Change-Id: I9bf1bf4bb01cf284b7af163ca7e04375d3ccd5fd
Zbigniew Jasinski [Fri, 5 Jul 2013 07:54:18 +0000 (09:54 +0200)]
Fixing segfault in get_app_gids when app_id = NULL
Change-Id: I1b9e182366da921f1a6bfee50a87e694ca3c1f7f
Krzysztof Jackiewicz [Wed, 3 Jul 2013 17:24:23 +0000 (19:24 +0200)]
[Release] libprivilege-control_0.0.34.TIZEN
* SMACK configuration files moved to smack-privilege-config repo
Change-Id: I946b6fbb09d301abb889bb6b2576e581e5954097
Zbigniew Jasinski [Wed, 3 Jul 2013 15:16:54 +0000 (17:16 +0200)]
[Issue#] SSDWSSP-302
[Bug/Feature] Keeping *.smack files in separate repository.
[Cause] SMACK rule changes cause rebuilding many packages due to
libprivilege-control dependencies.
[Solution] Exclude SMACK rules files from libprivilege-control package.
[Verification] Running tests.
Change-Id: I8513740df4afe3ceac4152fd032f8fad3eb1966a
Kidong Kim [Mon, 1 Jul 2013 10:30:57 +0000 (19:30 +0900)]
add new smack rules for OSP se/secureelement privilege
Kidong Kim [Mon, 1 Jul 2013 09:26:06 +0000 (18:26 +0900)]
add smack rules for sdcard
Kidong Kim [Sat, 29 Jun 2013 04:35:58 +0000 (13:35 +0900)]
add new smack rules for user-space access control
Tomasz Swierczek [Thu, 27 Jun 2013 10:16:22 +0000 (12:16 +0200)]
[Release] libprivilege-control_0.0.33.TIZEN
* Fix bugs reported by prevent tool
* Reduced number of logs
Change-Id: If8fa471a8c9ef2240feb032744ad8e89828f5138
Kidong Kim [Thu, 27 Jun 2013 07:01:21 +0000 (16:01 +0900)]
add smack rules for OSP/WEB app to access clipboard
Kidong Kim [Thu, 27 Jun 2013 02:23:45 +0000 (11:23 +0900)]
add smack rules to synchronize with private
Kidong Kim [Tue, 25 Jun 2013 23:40:04 +0000 (08:40 +0900)]
add smack rules
Marcin Niesluchowski [Mon, 24 Jun 2013 12:27:57 +0000 (14:27 +0200)]
Fixing prevent bugs on libprivilege-control:
* 58766; Critical; Resource Leak; In function register_app_for_public_dirs
in src/privilege-control.c
* 58764; Critical; Resource Leak; In function app_register_av_internal
in src/privilege-control.c
* 53409; Critical; Resource Leak; In function register_app_for_av
in src/privilege-control.c
* 51719; Critical; Resource Leak; In function get_app_gids
in src/access-db.c
* 51572; Critical; Explicit null dereferenced; In function get_all_ids_internal
in src/access-db.c
* 55418; Minor; Unchecked return value from library; In function mark_rules_as_loaded
in src/privilege-control.c
[Issue#] SSDWSSP-335
[Bug/Feature] Recent prevent bugs need fix.
[Cause] N/A
[Solution] N/A
[Verification] Running tests.
Change-Id: I381da2083d8a0fac1be930bfdbf3fca688710fc1
Kidong Kim [Sun, 23 Jun 2013 23:28:47 +0000 (08:28 +0900)]
add new smack rule for WRT
Marcin Niesluchowski [Tue, 18 Jun 2013 13:50:38 +0000 (15:50 +0200)]
Reducing error logs number.
[Issue#] SSDWSSP-331
[Bug/Feature] Too many error logs.
[Cause] N/A
[Solution] N/A
[Verification] Running tests.
Change-Id: I7a5516b0cd68d9217db2da9ba185d6cc9536b9dc
Bartlomiej Grzelewski [Thu, 20 Jun 2013 09:16:19 +0000 (11:16 +0200)]
[Release] libprivilege-control_0.0.32.TIZEN
* Fix bugs reported by prevent tool.
* Sensitive information will be loged with SECURE_LOGE instead of C_LOGD.
Change-Id: If57c46e699868c644018a9488c8a85f4ddd217ca
Kidong Kim [Thu, 20 Jun 2013 07:49:42 +0000 (16:49 +0900)]
add smack default rules
Marcin Niesluchowski [Thu, 13 Jun 2013 15:11:14 +0000 (17:11 +0200)]
Fixing prevent critical defects in libprivilege-control and some log messages.
Critical "Explicit null dereferenced" in function add_api_feture() in src/privilege-control.c fixed.
Critical "Explicit null dereferenced" in function get_all_ids_internal() in src/access-db.c
seems to be false warning.
[Issue#] SSDWSSP-306
[Bug/Feature] Fix prevent defects
[Cause] Prevent server signalizes defects
[Solution] N/A
[Verification] Running tests and checking prevent output.
Change-Id: Ia0e407428629ddaa7da3df4a672e00cc0cd6bcf6
Zbigniew Jasinski [Mon, 17 Jun 2013 13:59:56 +0000 (15:59 +0200)]
Log messages refactoring
Also fixed segfault in message logging
[Issue#] SSDWSSP-323
[Bug/Feature] Log messages refactoring
[Cause] Legal issues with prohibited words in logs (ie. password)
[Solution] Use SECURE_LOG* macro
[Verification] Compile with LOG_DEBUG_ENABLED and run. No tests should fail
Change-Id: I760846428d8708cce5a1beeb88fd2bfdcbaa1a57
Kidong Kim [Wed, 19 Jun 2013 04:28:03 +0000 (13:28 +0900)]
add smack rules for WRT app
Bartlomiej Grzelewski [Tue, 18 Jun 2013 14:33:04 +0000 (14:33 +0000)]
Merge "Added SECURE_LOG* macro"
Zbigniew Jasinski [Tue, 18 Jun 2013 08:52:16 +0000 (10:52 +0200)]
Added SECURE_LOG* macro
[Issue#] SSDWSSP-323
[Bug/Feature] Log messages refactoring
[Cause] SECURE_LOG* macro added for log messages refactoring
[Solution] Added SECURE_LOG* macro
[Verification] Compile with LOG_DEBUG_ENABLED and run. No tests should fail
Change-Id: Id2926d7a880f83c890f597aead7adc73b9e0dc72
Kidong Kim [Tue, 18 Jun 2013 08:23:53 +0000 (17:23 +0900)]
add smack rules for WRT app
Kidong Kim [Mon, 17 Jun 2013 14:23:30 +0000 (23:23 +0900)]
add smack rule of OSP apps for e17
Krzysztof Jackiewicz [Mon, 17 Jun 2013 13:13:39 +0000 (15:13 +0200)]
[Release] libprivilege-control_0.0.31.TIZEN
* Another release because previous one was not triggered
Change-Id: Ibc371f520e73c9a49e0f8a35906ae222bb54d59c
Krzysztof Jackiewicz [Mon, 17 Jun 2013 12:44:16 +0000 (14:44 +0200)]
[Release] libprivilege-control_0.0.30.TIZEN
* Remaining smack_accesses_add replaced with smack_accesses_add_modify
Change-Id: I57e3bcc96adc4928d23a990b893e074a1a5d35cc
Tomasz Swierczek [Fri, 31 May 2013 16:03:16 +0000 (18:03 +0200)]
Added missing part of fix for rule overwriting issue
[Issue#] N/A
[Bug] Some rules in apps rule file were overwriting rules
[Cause] smack_accesses_add used instead of smack_accesses_add_modify. Not all required changes from
86da6484f2e4cad76565b8ddac0d126e3b5327fb have been applied on rsa.
[Solution] changed function
[Verification] Install FtApp and see if rules for aospd* label are rx or rwx (should be latter)
Change-Id: Ic863b013b069e9a97d3b04e79c84f5c1a54f1f2a
Kidong Kim [Mon, 17 Jun 2013 06:42:44 +0000 (15:42 +0900)]
add new rules for OSP app
Kidong Kim [Mon, 17 Jun 2013 02:55:25 +0000 (11:55 +0900)]
add smack rules
Kidong Kim [Thu, 13 Jun 2013 02:26:32 +0000 (11:26 +0900)]
fix rules and labeling on db
Kidong Kim [Wed, 12 Jun 2013 06:43:52 +0000 (15:43 +0900)]
add smack rules for app-package::db
Krzysztof Jackiewicz [Mon, 10 Jun 2013 15:05:57 +0000 (17:05 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: Ia2e52cf82801cc5bae0575bf53991d0340a5054f
Krzysztof Jackiewicz [Mon, 10 Jun 2013 15:01:25 +0000 (17:01 +0200)]
[Release] libprivilege-control_0.0.29.TIZEN
* Fixed creation of rule sets with missing ----- (change-rule interface)
* New app_type_t values (partner and platform)
* Add error logs in app_give_access.
* Add implementation for appsetting privilege
* Change parameter names app_id to pkg_id in API functions
* Comment to app_revoke_permissions() changed.
* Fast boot optimization
* Add value APP_PATH_ANY_LABEL to enum app_path_type_t.
* Fixing Rule Loading fail for livebox apps on next reboot
Change-Id: Iff3099b508c2927f6c8c4eddcf55fa730a08d0c1
Bumjin Im [Sat, 8 Jun 2013 08:49:19 +0000 (17:49 +0900)]
Fixing Rule Loading fail for livebox apps on next reboot
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Solution] Fixing Rule Loading fail for livebox apps on next reboot
Change-Id: Ia99c5d3bbb0c207a226fe7c70c1bc7652f431746
Kidong Kim [Mon, 10 Jun 2013 11:49:19 +0000 (20:49 +0900)]
synchronize OSP/WRT rules with private repository
Kidong Kim [Mon, 10 Jun 2013 02:26:46 +0000 (11:26 +0900)]
synchronize OSP/WRT rules with private repository
Bartlomiej Grzelewski [Wed, 29 May 2013 15:16:33 +0000 (17:16 +0200)]
Add value APP_PATH_ANY_LABEL to enum app_path_type_t.
[Issue#] SSDWSSP-307
[Bug] N/A
[Cause] Some directories must be set up by installer manually.
[Solution] N/A
[Verification] Run libprivilege-control tests.
Change-Id: Iff482d43b6f5e08603a0c74820b713f8e8def5c9
Janusz Kozerski [Mon, 27 May 2013 08:22:56 +0000 (10:22 +0200)]
Fast boot optimization
[Issue#] SSDWSSP-295
[Feature] Rules for each app are now loaded while first run of the application.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, reboot target. Run libprivilege-control tests.
Change-Id: I11b2c1738a4cfb7770fc680dbc02c88435e995f7
Marcin Niesluchowski [Wed, 22 May 2013 13:37:38 +0000 (15:37 +0200)]
Comment to app_revoke_permissions() changed.
[Issue#] SSDWSSP-260
[Bug/Feature] Comment to app_revoke_permissions() was not consistent with actual function requirements.
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: I639247fa2af81d4adb1a153d193e94f48b1edc83
Jan Cybulski [Fri, 24 May 2013 08:57:39 +0000 (10:57 +0200)]
Change parameter names app_id to pkg_id in API functions
[Issue#] SSDWSSP-290
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, run libprivilege tests.
Change-Id: I27a44c9c7a1491b0ff2c3827d76bf1eea4b2e2f2
Jan Cybulski [Thu, 23 May 2013 10:12:28 +0000 (12:12 +0200)]
Add implementation for appsetting privilege
[Issue#] SSDWSSP-241
[Bug/Feature] Implement an unique feature for an appsetting privilege.
The privilege should give RWX access to all registered
setting folders and RX access to all applications.
[Cause] N/A
[Solution] Change in app_add_permissions_internal.
[Verification] Run libprivilege tests.
Test privilege_control16_appsettings_privilege should pass
Change-Id: Icdb2b6dc44395ec7a723064bc2db56ef634e609d
Bartlomiej Grzelewski [Thu, 9 May 2013 14:43:05 +0000 (16:43 +0200)]
Add error logs in app_give_access.
[Issue#] SSDWSSP-226
[Bug] N/A
[Cause] N/A
[Solution] N/A
[Verification] Successful compilation. Run test.
Change-Id: I7bb100c39a6fb139414a88e72a73c60282f4168f
Marcin Niesluchowski [Mon, 20 May 2013 09:56:27 +0000 (11:56 +0200)]
privilege-control.c and privilege-control.h extended by new app_type_t values. New WRT_partner.smack, WRT_platform.smack, OSP_partner.smack and OSP_platform.smack created from WRT.smack and OSP.smack.
[Issue#] SSDWSSP-270
[Bug/Feature] Change app_enable_permissions() input app type - extend to new app types.
[Cause] N/A
[Solution] N/A
[Verification] Creating and running tests for new app types.
Change-Id: I4c5525d2dfc9c626b07a8dae33f073db7460ce9c
Tomasz Swierczek [Fri, 31 May 2013 16:03:16 +0000 (18:03 +0200)]
Fixed creation of rule sets with missing ----- (change-rule interface)
[Issue#] N/A
[Bug] Some rules in apps rule file were overwriting rules
[Cause] smack_accesses_add used instead of smack_accesses_add_modify
[Solution] changed function
[Verification] Install FtApp and see if rules for aospd* label are rx or rwx (should be latter)
Change-Id: I66e2cae21865bd4be1b885df8d958a5fa0409d52
Conflicts:
src/privilege-control.c