platform/core/security/security-manager.git
7 years agoRemove default dependency in cleanup service 76/111576/2
Sunmin Lee [Mon, 23 Jan 2017 01:39:19 +0000 (10:39 +0900)]
Remove default dependency in cleanup service

Although security-manager-cleanup.service is installed
at sysinit.target.wants, it has a dependency on basic.target.
It would cause undesirable dependency between sysinit and basic target.

Change-Id: I44a4a151fd247cbe9b182f657c0dd21af3cf5ce4
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
7 years ago[Unit tests] Add test for src/common/include/smack-rules.h 64/107764/8
Dariusz Michaluk [Wed, 28 Dec 2016 12:23:20 +0000 (13:23 +0100)]
[Unit tests] Add test for src/common/include/smack-rules.h

Change-Id: I5f3816c7559465c8a59a06d47c7ded51ef69b1ed

7 years ago[Unit tests] Add test for src/common/include/smack-labels.h 63/107763/5
Dariusz Michaluk [Mon, 19 Dec 2016 13:19:10 +0000 (14:19 +0100)]
[Unit tests] Add test for src/common/include/smack-labels.h

Change-Id: I2cfdf300490509c77a6b65e11abf0b13aa4f951b

7 years agoFix in generateAppPkgNameFromLabel implementation 47/109547/2
Dariusz Michaluk [Tue, 10 Jan 2017 09:37:46 +0000 (10:37 +0100)]
Fix in generateAppPkgNameFromLabel implementation

appName is not overwritten in case of non-hybrid apps.

Change-Id: I3063c10281ec3afcccbcca097076cd0f87936f6b

7 years agoRelese version 1.2.15 52/110752/1
jooseong lee [Wed, 18 Jan 2017 01:03:56 +0000 (10:03 +0900)]
Relese version 1.2.15

- Split service cleanup in two parts to prevent std::terminate
- Use real path of skel dir

Change-Id: I95dcc4b4afc351f2de1e94e4b3b0d14f13812f72
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
7 years agoUse real path of skel dir. 15/110415/4
jin-gyu.kim [Mon, 16 Jan 2017 10:08:19 +0000 (19:08 +0900)]
Use real path of skel dir.

- Real path of skel dir can be diffrent based on target types.
- Convert skel dir in getSkelPkgDir to the real path.
- Add error handling in getSkelPkgDir

Change-Id: Ifdd94a07f69da091a8f07b7fd55223fd157284b6

7 years agoSplit service cleanup in two parts to prevent std::terminate 74/110474/3
Krzysztof Jackiewicz [Mon, 16 Jan 2017 15:37:44 +0000 (16:37 +0100)]
Split service cleanup in two parts to prevent std::terminate

If ServiceThread is being destroyed and it's about to process an event (the
service thread popped an event from m_eventQueue) it may lead to calling a
virtual function on a partially destroyed object.

Thread cleanup has been separated from ServiceThread destructor to avoid such
situations.

Change-Id: I31f08d18a72b597002063619bd2e84a5a1da0899

7 years agoRelese version 1.2.14 79/110279/1 accepted/tizen/3.0/common/20170118.130734 accepted/tizen/3.0/ivi/20170118.042542 accepted/tizen/3.0/mobile/20170118.042450 accepted/tizen/3.0/tv/20170118.042515 accepted/tizen/3.0/wearable/20170118.042529 accepted/tizen/common/20170116.181531 accepted/tizen/ivi/20170117.053526 accepted/tizen/mobile/20170117.053439 accepted/tizen/tv/20170117.053455 accepted/tizen/wearable/20170117.053508 submit/tizen/20170116.051423 submit/tizen_3.0/20170115.225845
Tomasz Swierczek [Fri, 13 Jan 2017 13:20:13 +0000 (14:20 +0100)]
Relese version 1.2.14

- Add missing exception handler for TizenPlatformConfig
- Add support for blacklist privileges using policy manager
- Wake up Cynara async thread from statusCallback
- Make sure transaction is rolled back in case of error

Change-Id: I63601e59b3ca7f2857f2ec2aa88161910e98b7d5

7 years agoAdd missing exception handler for TizenPlatformConfig 29/108629/6
Krzysztof Jackiewicz [Thu, 5 Jan 2017 08:36:33 +0000 (09:36 +0100)]
Add missing exception handler for TizenPlatformConfig

Change-Id: I97f58249c3d3b9df99aa14623252c597ae5f6e3a

7 years agoAdd support for blacklist privileges using policy manager 96/108496/13
Krzysztof Jackiewicz [Wed, 4 Jan 2017 14:34:21 +0000 (15:34 +0100)]
Add support for blacklist privileges using policy manager

Privilege privacy status (& default policy) now relies also on UID and application.
This patch introduces integration with privilege-checker API that allows to check
privilege status in context of these attributes.

Change-Id: I8bf25cf708ed21a7af9cc047f01fff3ff8410dcc

7 years agoWake up Cynara async thread from statusCallback 72/109772/2
Rafal Krypa [Wed, 11 Jan 2017 08:38:52 +0000 (09:38 +0100)]
Wake up Cynara async thread from statusCallback

Until now the thread handling communication with Cynara was woken up
when new check was prepared for sending because cynara_async_create_request
was expected to trigger statusCallback. When new data is prepared for
sending to Cynara service, statusCallback requests that the cynara descriptor
must be polled for writing and when it's ready, cynara_async_process will
send the data to socket.

But since Cynara release 0.12.0, cynara_async_check_cache may also trigger
a statusCallback. This is because of underlying monotir entries and their
periodic flush to Cynara service. This behavior of Cynara is not documented.

To make sure that security-manager will restart polling of Cynara socket
each time after statusCallback is triggered, the callBack itself will now
take care of waking up the thread responsible for communication with Cynara.

Change-Id: I8f9bf323166fccd97612dd85ec35c9befe5d00f9
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoMake sure transaction is rolled back in case of error 77/109777/3
Krzysztof Jackiewicz [Wed, 11 Jan 2017 13:34:34 +0000 (14:34 +0100)]
Make sure transaction is rolled back in case of error

Until now in case of error/exception during client request processing
(appInstall, appUninstall, pathsRegister) the database transaction was not
always rolled back.

All affected functions now use ScopedTransaction to guarantee the rollback.

Change-Id: I968739a05b845d3c74449dfdfe4078c68e8f3cf1

7 years agoRelease version 1.2.13 65/108565/1 accepted/tizen/3.0/common/20170109.083930 accepted/tizen/3.0/ivi/20170106.095007 accepted/tizen/3.0/mobile/20170106.094811 accepted/tizen/3.0/tv/20170106.094909 accepted/tizen/3.0/wearable/20170106.094937 accepted/tizen/common/20170110.085205 accepted/tizen/ivi/20170106.103639 accepted/tizen/mobile/20170106.103436 accepted/tizen/tv/20170106.103529 accepted/tizen/wearable/20170106.103604 submit/tizen/20170105.051706 submit/tizen_3.0/20170105.051635
jin-gyu.kim [Thu, 5 Jan 2017 05:44:32 +0000 (14:44 +0900)]
Release version 1.2.13

- Fix memory leak in CynaraAdminPolicy move operator
- Fix memory leak in CheckProperDrop::getThreads()
- Don't put empty lines in generated Smack policy
- Set Cynara client cache size manually
- Fix compilation scripts.
- Replace read/write with send/recv
- Fix memory leak from cynara_async_configuration_create
- Fix comments in privilege_db.h regarding exceptions thrown by functions
- Fix in logs in IsPackageHybrid function
- Disable logs from SqlConnection
- Change auto_ptr to unique_ptr.
- Replace readdir_r to readdir.
- Don't accept wrong package id on app uninstall
- Remove ServicerImpl from derived Service class
- Fix in GetAllPrivateSharing implementation
- Enforce ownership of a shared path by one app.
- Change skel directory to /opt/etc/skel

Change-Id: If3885fd8f0908489fdd04ac31295f0932ffbbd1b

7 years agoChange skel directory to /opt/etc/skel 61/108561/1
jin-gyu.kim [Thu, 5 Jan 2017 05:31:59 +0000 (14:31 +0900)]
Change skel directory to /opt/etc/skel

Change-Id: I25fa30e9fa8530d8e6214793e6c293a928036401

7 years agoEnforce ownership of a shared path by one app. 05/104405/5
Radoslaw Bartosiak [Tue, 13 Dec 2016 08:10:26 +0000 (09:10 +0100)]
Enforce ownership of a shared path by one app.

owner_app_name is moved from table app_private_sharing to shared_path table.
Existing privilege_db constraints are used to assure that
a) a shared path is owned by one owner_app
b) a shared path's label is not changed

Change-Id: I36263fc5dc971c0da820fda44dad3b281d31c63e
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoFix in GetAllPrivateSharing implementation 76/104076/3
Radoslaw Bartosiak [Mon, 12 Dec 2016 08:14:21 +0000 (09:14 +0100)]
Fix in GetAllPrivateSharing implementation

For every owner_app_name each path is now returned only once

Change-Id: Ie8362f7aad515a7000eedf772c0258f6fe7d3eb5
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoRemove ServicerImpl from derived Service class 89/104189/2
Zofia Abramowska [Mon, 12 Dec 2016 14:26:16 +0000 (15:26 +0100)]
Remove ServicerImpl from derived Service class

ServiceImpl singleton was improperly stored in both
derived and base class resulting in two instances.

Change-Id: Ia27c9a45946bffabd37b23a0626c555ed2e7f0f6

7 years agoDon't accept wrong package id on app uninstall 60/107360/2
Zofia Abramowska [Mon, 19 Dec 2016 16:44:09 +0000 (17:44 +0100)]
Don't accept wrong package id on app uninstall

Security-manager service shouldn't accept wrong package id
for application uninstall request.

Change-Id: Ia6836c6e668d39255069b0d0bf1a554457f25c6f

7 years agoReplace readdir_r to readdir. 61/105861/3
jin-gyu.kim [Tue, 20 Dec 2016 01:02:19 +0000 (10:02 +0900)]
Replace readdir_r to readdir.

- readdir_r causes warning in gnu11.

Change-Id: I237a5f9d56061807b94a1a261b95db58f19216e8

7 years agoChange auto_ptr to unique_ptr. 30/105330/2
jin-gyu.kim [Fri, 16 Dec 2016 08:18:57 +0000 (17:18 +0900)]
Change auto_ptr to unique_ptr.

- Using auto_ptr causes warning in gnu11.

Change-Id: I89c09f29478639d9de9ad29edde62971754eb25e

7 years agoDisable logs from SqlConnection 42/99642/2
Zofia Abramowska [Fri, 4 Nov 2016 10:03:27 +0000 (11:03 +0100)]
Disable logs from SqlConnection

Add DB_LOGS definition to switch db logs on/off.
Disable them by default.

Change-Id: I038242bd63cfad38cd7804b5ada0d47f35caaa54

7 years agoFix in logs in IsPackageHybrid function 19/102319/3
Radoslaw Bartosiak [Mon, 5 Dec 2016 10:04:46 +0000 (11:04 +0100)]
Fix in logs in IsPackageHybrid function

Log description was wrong (copy and paste from previous function)

Change-Id: Id9e5aaece27b4a42d0e59b8b628bb2736692b9fa
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoFix comments in privilege_db.h regarding exceptions thrown by functions 80/102380/3
Radoslaw Bartosiak [Mon, 5 Dec 2016 12:23:11 +0000 (13:23 +0100)]
Fix comments in privilege_db.h regarding exceptions thrown by functions

Change DB::SqlConnection::Exception::* to PrivilegeDb::Exception::*

Change-Id: I7e42d9b97f1a7e517757a8cd205c64f7b68ec9b6
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoFix memory leak from cynara_async_configuration_create 23/108023/2
Rafal Krypa [Mon, 2 Jan 2017 10:45:37 +0000 (11:45 +0100)]
Fix memory leak from cynara_async_configuration_create

The previous patch has introduced a memory leak by always passing NULL
pointer to cynara_async_configuration_destroy instead of proper pointer.

Change-Id: I252e3c36b02e493f6cac6b4718edddb282d0c9eb
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoReplace read/write with send/recv 27/105127/2
Bartlomiej Grzelewski [Thu, 15 Dec 2016 11:44:46 +0000 (12:44 +0100)]
Replace read/write with send/recv

New implementation does not require to mask SIGPILE singal in client.

Change-Id: I88338d10547f3ec521f12a83bfdb6d8391ef6bec

7 years agoFix compilation scripts. 72/85272/2
Bartlomiej Grzelewski [Wed, 24 Aug 2016 10:02:46 +0000 (12:02 +0200)]
Fix compilation scripts.

security-manager does not build when libraries are placed in
non standard directories.

Change-Id: I76f9900ac110c0f563b3948cd63a14d3b8e4ac45

7 years agoSet Cynara client cache size manually 67/107567/2
Zofia Abramowska [Tue, 27 Dec 2016 16:37:37 +0000 (17:37 +0100)]
Set Cynara client cache size manually

Cynara client cache shouldn't take too much memory.
Setting cache size manually ensures low memory consumption.

Change-Id: I31c195de4f97f82f7c2090056d800c54617accab

7 years agoDon't put empty lines in generated Smack policy 76/104776/4
Rafal Krypa [Wed, 14 Dec 2016 08:49:12 +0000 (09:49 +0100)]
Don't put empty lines in generated Smack policy

Empty lines in Smack policy are invalid. In most cases we get away with
them as kernel manages to filter them out and ignore.
There are however some nasty corner cases causing kernel to reject policy
with an empty line.

This change removes the cause for empty lines appearing in policy, updates
existing policy and modifies policy generation code to skip empty lines
by default, if they appear in policy templates again.

Change-Id: Id875523d2269ff8466898e9bef9b2a0b81387378
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoFix memory leak in CheckProperDrop::getThreads() 49/106149/1
Krzysztof Jackiewicz [Tue, 20 Dec 2016 12:36:43 +0000 (13:36 +0100)]
Fix memory leak in CheckProperDrop::getThreads()

Change-Id: If43c2d3bc49e55b432de91f31f8dd4eb9b1d7925

7 years agoFix memory leak in CynaraAdminPolicy move operator 16/105816/2
Krzysztof Jackiewicz [Mon, 19 Dec 2016 11:03:28 +0000 (12:03 +0100)]
Fix memory leak in CynaraAdminPolicy move operator

Free strings allocated in "this" object when another one is moved to it.
Provide default destructor to avoid unnecessary allocation/frees.

Change-Id: I9f3658102db33eca19fff07e0cb04d47c26ca195

7 years agoRelease version 1.2.12 36/104636/1 accepted/tizen_3.0.m2_mobile accepted/tizen_3.0.m2_tv accepted/tizen_3.0.m2_wearable tizen_3.0.m2 accepted/tizen/3.0.m2/mobile/20170104.141704 accepted/tizen/3.0.m2/tv/20170104.142129 accepted/tizen/3.0.m2/wearable/20170104.142410 accepted/tizen/3.0/common/20161214.074627 accepted/tizen/3.0/ivi/20161214.070836 accepted/tizen/3.0/mobile/20161214.070753 accepted/tizen/3.0/tv/20161214.070806 accepted/tizen/3.0/wearable/20161214.070816 accepted/tizen/common/20161214.160801 accepted/tizen/ivi/20161214.085710 accepted/tizen/mobile/20161214.085620 accepted/tizen/tv/20161214.085633 accepted/tizen/wearable/20161214.085653 submit/tizen/20161214.030042 submit/tizen/20161214.045057 submit/tizen_3.0.m2/20170104.093751 submit/tizen_3.0/20161214.025951 submit/tizen_3.0/20161214.045158
jooseong lee [Wed, 14 Dec 2016 02:26:04 +0000 (11:26 +0900)]
Release version 1.2.12

-Allow privileged caller to configure privacy manager for other users

Change-Id: I38acd5508439a0aceb9cc1e7752064518b89e9ea
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
7 years agoAllow privileged caller to configure privacy manager for other users 62/104562/1
Rafal Krypa [Tue, 13 Dec 2016 13:42:12 +0000 (14:42 +0100)]
Allow privileged caller to configure privacy manager for other users

When policy update is sent with security_manager_policy_update_send(),
the policy record type determines target Cynara bucket. For policies
targeted at privacy manager bucket, privileged caller might want to
set policies for other users.

This is now allowed if the caller has proper privilege.

Change-Id: Ibcf13a1d6a7e4b2b965f1d0ca7599e65ee8b616c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoRelease version 1.2.11 23/104423/1 accepted/tizen/ivi/20161214.015455 accepted/tizen/mobile/20161214.015403 accepted/tizen/tv/20161214.015437 accepted/tizen/wearable/20161214.015444 submit/tizen/20161213.083628 submit/tizen_3.0/20161213.083334
jin-gyu.kim [Tue, 13 Dec 2016 08:55:02 +0000 (17:55 +0900)]
Release version 1.2.11

Change-Id: Ib51bc77625b73f4cbb6b7b3edfd4a1285cf69c15

7 years agoMap email privilege to priv_email 99/104299/1
jin-gyu.kim [Tue, 13 Dec 2016 04:51:09 +0000 (13:51 +0900)]
Map email privilege to priv_email

Change-Id: Ia61fae319b4d196891af503b8488581babd53fb6

7 years agoRelease version 1.2.10 97/103597/1 accepted/tizen/3.0/common/20161209.161115 accepted/tizen/3.0/ivi/20161209.104227 accepted/tizen/3.0/mobile/20161209.104134 accepted/tizen/3.0/tv/20161209.104152 accepted/tizen/3.0/wearable/20161209.104212 accepted/tizen/common/20161209.061511 accepted/tizen/ivi/20161209.060936 accepted/tizen/mobile/20161209.060829 accepted/tizen/tv/20161209.060852 accepted/tizen/wearable/20161209.060911 submit/tizen/20161209.021531 submit/tizen_3.0/20161209.021552
jooseong lee [Fri, 9 Dec 2016 02:06:46 +0000 (11:06 +0900)]
Release version 1.2.10

- Add transmute rule between non-hybrid app and RW path

Change-Id: I623d615edff86a1029a8f393bd0fc8236450da1d
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
7 years agoAdd transmute rule between non-hybrid app and RW path 10/103210/2
Zofia Abramowska [Wed, 7 Dec 2016 10:23:36 +0000 (11:23 +0100)]
Add transmute rule between non-hybrid app and RW path

After app process label refactoring there were no more
rule for transmute between label of app process and
label of path RW for non-hybrid (because labels were
the same). This introduced problem with transmute
inheritance : main app directory had transmute,
but it wasn't inherited by subdirectories.

This commit brings back rule between app process label
and path RW label even when both labels are the same.
Also proper policy migration is created, so already
installed apps have this rule also generated.

Change-Id: I98a34a29b2c2490d1dcafd43a117b509a763d72e

7 years agoRelease version 1.2.9 07/103007/1 accepted/tizen/3.0/common/20161207.195247 accepted/tizen/3.0/ivi/20161207.070618 accepted/tizen/3.0/mobile/20161207.070523 accepted/tizen/3.0/tv/20161207.070541 accepted/tizen/3.0/wearable/20161207.070559 accepted/tizen/common/20161207.184305 accepted/tizen/ivi/20161208.011356 accepted/tizen/mobile/20161208.011256 accepted/tizen/tv/20161208.011311 accepted/tizen/wearable/20161208.011336 submit/tizen/20161207.045135 submit/tizen_3.0/20161207.044923
jooseong lee [Wed, 7 Dec 2016 04:30:41 +0000 (13:30 +0900)]
Release version 1.2.9

- Properly handle case of unknown "Ask user" policy

Change-Id: I2d58cd7d4d0fabef3649dc0ebed6f235305c183a
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
7 years agoProperly handle case of unknown "Ask user" policy 28/102628/1
Krzysztof Jackiewicz [Tue, 6 Dec 2016 08:14:49 +0000 (09:14 +0100)]
Properly handle case of unknown "Ask user" policy

If askuser plugin is not registered in cynara (as in case of headless image)
CynaraAdmin::convertToPolicyType() couldn't find the policy type and was
throwing an exception.

In such cases security-manager will catch the exception and skip the code
related to askuser.

Change-Id: Ie2182a0936e62594a91bcdf22c39997ef9a65f9f

7 years agoRelease version 1.2.8 83/102083/1 accepted/tizen/3.0/common/20161206.125248 accepted/tizen/3.0/ivi/20161205.234428 accepted/tizen/3.0/mobile/20161205.234232 accepted/tizen/3.0/tv/20161205.234335 accepted/tizen/3.0/wearable/20161205.234400 accepted/tizen/common/20161205.135856 accepted/tizen/ivi/20161205.232846 accepted/tizen/mobile/20161205.232752 accepted/tizen/tv/20161205.232806 accepted/tizen/wearable/20161205.232826 submit/tizen/20161205.023558 submit/tizen_3.0/20161205.022357 submit/tizen_3.0/20161205.022817
jooseong lee [Mon, 5 Dec 2016 02:16:39 +0000 (11:16 +0900)]
Release version 1.2.8

- Add new parameter of isPrivacy function - pkgName

Change-Id: Ic0ca86b1ef365334a96d007e9ec3942634522035
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
7 years agoAdd new parameter of isPrivacy function - pkgName 29/101929/1
Kidong Kim [Fri, 2 Dec 2016 10:46:46 +0000 (19:46 +0900)]
Add new parameter of isPrivacy function - pkgName

The preloaded application should have all privacy related privileges
except location privilege.
So privilege-checker will manage whitelist of preloaded package names
and package name should be stored in isPrivacy function.
This is work-around patch.

Change-Id: I3ded5561fe003bb4ca95dfa9ef87965ef39d1d04
Signed-off-by: Kidong Kim <kd0228.kim@samsung.com>
7 years agoRelease version 1.2.7 94/101594/1
Bartlomiej Grzelewski [Thu, 1 Dec 2016 13:53:47 +0000 (14:53 +0100)]
Release version 1.2.7

- Fix in GetGroups implementation
- Add security_manager_shm_open

Change-Id: I4dd790362bbd9f14a54bfae22ef10c3a91a6dff7

7 years ago[Unit tests] for PrivilegeDb class - related to privileges 21/100821/2
Radoslaw Bartosiak [Tue, 29 Nov 2016 09:24:45 +0000 (10:24 +0100)]
[Unit tests] for PrivilegeDb class - related to privileges

Add test for src/common/include/privilege_db.h:
- GetGroups
- GetGroupsRelatedPrivileges

Change-Id: I877c5ea155855b2ad128cd86bffd215d067eace1
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoFix in GetGroups implementation 15/99315/5
Radoslaw Bartosiak [Tue, 22 Nov 2016 09:47:00 +0000 (10:47 +0100)]
Fix in GetGroups implementation

SQL query is changed in order to return group only once.

Change-Id: Ibaec3ea6033544f35ebe67beec056580bcbea373
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years ago[Unit tests] for PrivilegeDb class - related to app add/remove 52/98252/6
Radoslaw Bartosiak [Wed, 9 Nov 2016 11:01:20 +0000 (12:01 +0100)]
[Unit tests] for PrivilegeDb class - related to app add/remove

Add test for src/common/include/privilege_db.h

Change-Id: I66007e0170a290f958bb8070caa3c5f42a0dc599
signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>

7 years agoUse recently introduced ClientRequest class in security_manager_shm_open 68/93668/2
Rafal Krypa [Tue, 25 Oct 2016 08:13:07 +0000 (10:13 +0200)]
Use recently introduced ClientRequest class in security_manager_shm_open

Use helper class for client communication with service instead of manual
Serialize/sendToServer/Deserialize.

Change-Id: Ia18a9caa03e0f1626487c1048ba5b629fd8109b7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoAdd security_manager_shm_open 20/74520/17
Bartlomiej Grzelewski [Mon, 13 Jun 2016 10:06:19 +0000 (12:06 +0200)]
Add security_manager_shm_open

This function will create file that may be used
by shm_open and mmap functions. If the file
exists noting is done.

Change-Id: Ifdfdf15df96fb67faa4340d113445527c77ba60f

7 years agoModify SmackLabels module 19/74519/11
Bartlomiej Grzelewski [Mon, 13 Jun 2016 10:05:46 +0000 (12:05 +0200)]
Modify SmackLabels module

Added:
 * getSmackLabelFromFd - extracts smack label from file descriptor
 * setSmackLabelForFd - sets smack label for file connected with fd
Modify:
 * pathSetSmack - use libsmack instead of lsetxattr

Change-Id: Ia5ceda42afc98dde0c8b7db2c0d0a0827efc4fa2

7 years agoCleanup: Usage of pragma once instead guard names in headers 96/89196/6
Radoslaw Bartosiak [Thu, 22 Sep 2016 11:49:24 +0000 (13:49 +0200)]
Cleanup: Usage of pragma once instead guard names in headers

Additionally: fixes in @files, remove of multiple newlines at EOF

Change-Id: I58d8b1e11fbc4709dc61229ea6e83098217c67dd
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoUse new libsmack function smack_new_label_from_process 72/92872/2
Rafal Krypa [Wed, 19 Oct 2016 07:47:28 +0000 (09:47 +0200)]
Use new libsmack function smack_new_label_from_process

Drop custom implementation of fetch Smack label from a running process.
Replace it with libsmack function smack_new_label_from_process, introcuded
in version 1.3.0 of the library.

Change-Id: If90845c565c47980f8b4b407b0b19906a957372e

7 years agoRemove unused local variables in service_impl.cpp 39/98739/1
Radoslaw Bartosiak [Fri, 18 Nov 2016 11:18:41 +0000 (12:18 +0100)]
Remove unused local variables in service_impl.cpp

Change-Id: I56fa74d7e338419375f1d1cb0f4fdb5f937eb792
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoFix GetUserType function 03/93503/2
Radoslaw Bartosiak [Mon, 24 Oct 2016 13:39:43 +0000 (15:39 +0200)]
Fix GetUserType function

Add lacking support for SM_USER_TYPE_SECURITY

Change-Id: I9f51d9d7bc4f3c59ae2fcf48eb17a9952787a024

8 years agoRelease version 1.2.6 72/97072/1 accepted/tizen/3.0/common/20161114.143355 accepted/tizen/3.0/ivi/20161111.064713 accepted/tizen/3.0/mobile/20161111.064620 accepted/tizen/3.0/tv/20161111.064637 accepted/tizen/3.0/wearable/20161111.064654 accepted/tizen/common/20161114.171203 accepted/tizen/ivi/20161114.005526 accepted/tizen/mobile/20161114.005356 accepted/tizen/tv/20161114.005426 accepted/tizen/wearable/20161114.005455 submit/tizen/20161111.063500 submit/tizen_3.0/20161111.064243 submit/tizen_3.0_common/20161114.081136
jooseong lee [Fri, 11 Nov 2016 06:03:50 +0000 (15:03 +0900)]
Release version 1.2.6

- Fix sigaction() on x86_64 arch
- Add 'l' permission to sharedRO Smack rule

Change-Id: I762b2c0d73c2fe7914ef5662a98d24a183c5c57e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoAdd 'l' permission to sharedRO Smack rule 52/96752/2
jooseong lee [Thu, 10 Nov 2016 05:16:08 +0000 (14:16 +0900)]
Add 'l' permission to sharedRO Smack rule

DB in shared/data cannot be accessed by other applications.
File lock permission is also needed.

Change-Id: I90f05fabfa2e4a62df8a3e1c40a48c341ecb86f2
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoFix sigaction() on x86_64 arch. 52/96352/4
Dariusz Michaluk [Tue, 8 Nov 2016 14:56:53 +0000 (15:56 +0100)]
Fix sigaction() on x86_64 arch.

If sa_restorer is not set, kernel will lead to segmentation fault.
In other arch, if sa_restorer is not set, kernel can do the correct work.

Change-Id: I8b2486282284c806aafc8410cbf699599f929753

8 years agoRelease version 1.2.5 05/96105/2 accepted/tizen/3.0/common/20161114.082117 accepted/tizen/3.0/ivi/20161110.020212 accepted/tizen/3.0/mobile/20161110.020116 accepted/tizen/3.0/tv/20161110.020133 accepted/tizen/3.0/wearable/20161110.020154 accepted/tizen/common/20161108.131804 accepted/tizen/ivi/20161109.002922 accepted/tizen/mobile/20161109.002859 accepted/tizen/tv/20161109.002907 accepted/tizen/wearable/20161109.002916 submit/tizen/20161108.043312 submit/tizen/20161108.094236 submit/tizen_3.0/20161108.041407 submit/tizen_3.0/20161108.094152 submit/tizen_3.0_common/20161110.084657
jooseong lee [Tue, 8 Nov 2016 01:24:36 +0000 (10:24 +0900)]
Release version 1.2.5

- Fix build break on 64 bits architectures.

Change-Id: I08c8d4a67164f125baa1b69ea275ae6d6ea34f92
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoFix build break on 64 bits architectures. 06/95306/4
Dariusz Michaluk [Wed, 2 Nov 2016 13:36:32 +0000 (14:36 +0100)]
Fix build break on 64 bits architectures.

- error: 'SYS_sigaction' was not declared in this scope
  Aarch64/x64 is missing the "SYS_sigaction" definition.
  Replace "SYS_sigaction" used in thread synchronization code with "SYS_rt_sigaction".

- error: invalid cast from type 'SecurityManager::IStream' to type 'long unsigned int'
  revert to previous implementation

Change-Id: I58041f66c988934d5577daf7a574bb7b9a2b394a

8 years agoRelease version 1.2.4 68/94768/1 submit/tizen/20161101.061208
jooseong lee [Tue, 1 Nov 2016 06:07:04 +0000 (15:07 +0900)]
Release version 1.2.4

- Enable security-manager support for starting without systemd

Change-Id: I73916efcb2fc54de991001eb387c601c40f4d5ed
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoEnable security-manager support for starting without systemd 67/94767/1
jooseong lee [Tue, 1 Nov 2016 05:07:01 +0000 (14:07 +0900)]
Enable security-manager support for starting without systemd

Create socket memually if a socket is not provided by systemd.

Change-Id: Iab565644988f7e6551922810b9043217fd2f4cc7
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoRelease version 1.2.3 75/93375/1
jooseong lee [Mon, 24 Oct 2016 04:28:56 +0000 (13:28 +0900)]
Release version 1.2.3

- Update policy set for 'security' user type
- Cleanup Fix ListUsers parameter description
- SM : Unify Smack rules of System access to application
- Use smack_check() helper function instead of manually calling libsmack
- Provide proper placeholder file for global apps-labels
- Don't hard-code /usr/share directory in FOTA script
- Add FOTA script for security-manager policy update
- Use SIGSETXID for security synchronization across threads
- [Unit tests] for FileLocker class
- Fix retrieving of current process credentials for off-line client
- Extend ClientOffline
- client: extract common code for communication with service
- Improve handling of uncaught exceptions in client library
- server: add missing linking against pthread
- Treat web only privilege as core privilege

Change-Id: Ibd5252fe49d236b8caff1ed1eb66c8996aee9acb
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoTreat web only privilege as core privilege 55/89955/5
Yunjin Lee [Wed, 28 Sep 2016 01:30:12 +0000 (10:30 +0900)]
Treat web only privilege as core privilege

refer to https://review.tizen.org/gerrit/#/c/88685/

Change-Id: I27c0a9c1b7390cec52af5a65ff679f9ea29ae16d
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
8 years agoserver: add missing linking against pthread 43/93243/2
Rafal Krypa [Fri, 21 Oct 2016 08:05:02 +0000 (10:05 +0200)]
server: add missing linking against pthread

Server code uses pthread_sigmask() function but we never had explicitly
linked it against pthread library.
Fixing this in CMake for the server component.

Change-Id: I0c8a43a0fe26a00aa7848b539044dcc62bb67eb8
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoImprove handling of uncaught exceptions in client library 39/93239/2
Rafal Krypa [Fri, 21 Oct 2016 07:45:54 +0000 (09:45 +0200)]
Improve handling of uncaught exceptions in client library

For easier debugging of unexpected client behaviour where an unexpected
exception is caught in try_cacth wrapper, make the following enhancements:
- Catch all SecurityManager::Exceptions instead of letting them to be
  caught by last resort "catch(...)". This will enable proper error messages.
- Print the information about unexpected exception to stderr of the caller.

Change-Id: I67edc718daa89023d5844e31f52b745257914e1f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoclient: extract common code for communication with service 80/68480/9
Rafal Krypa [Fri, 21 Oct 2016 08:14:57 +0000 (10:14 +0200)]
client: extract common code for communication with service

Instead of repeating the same code pattern in every client function,
extract it into ClientRequest class, that will handle communication with
service.

Change-Id: I5f3d23fea9b01c8378074b758c30971978dd0ac3
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoExtend ClientOffline 90/80890/2
Bartlomiej Grzelewski [Wed, 20 Jul 2016 11:35:33 +0000 (13:35 +0200)]
Extend ClientOffline

Two security-manager functions will be used by systemd. This functions
must not wake up security-manager service because it will cause
deadlock.

Change-Id: Id83256df9ee282285522db513304b2f4240e18fd

8 years agoFix retrieving of current process credentials for off-line client 76/93176/2
Rafal Krypa [Thu, 20 Oct 2016 16:32:04 +0000 (18:32 +0200)]
Fix retrieving of current process credentials for off-line client

Try to work even if fetching Smack label of current process fails in
off-line client mode. In most cases it won't be needed anyway.

It is needed for proper image building by mic. When mic is run on system
that doesn't support Smack natively (e.g. developer's workstation), fetching
process Smack label will fail. Somehow it managed to work despite that
problem until now, but libsmack 1.3.0 has better checks in function
smack_new_label_from_self, validating the label before sending it to the
caller.

Change-Id: I3a96851cab5e71bde749c68413b967571690e162

8 years ago[Unit tests] for FileLocker class 87/89687/6
Radoslaw Bartosiak [Mon, 19 Sep 2016 12:49:29 +0000 (14:49 +0200)]
[Unit tests] for FileLocker class

1) Add test directory for unit test using Boost.Test
2) Add tests for common/include/file-lock.h

Change-Id: Ic0151fa228045d53d6c202416e5f718f1f843b42
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
8 years agoUse SIGSETXID for security synchronization across threads 36/89936/3
Rafal Krypa [Tue, 27 Sep 2016 13:27:12 +0000 (15:27 +0200)]
Use SIGSETXID for security synchronization across threads

Hijack NPTL's special signal SIGSETXID for synchronization of Smack labels
and capabilities across threads. Glibc implementation of NPTL uses this
signal number for similar purpose, when synchronizing UIDs and groups.

Glibc functions for signal manipulation doesn't allow programs to utilize
SIGSETXID. Attempting to do that causes the function to return EINVAL.

The good side of this is that every thread should have this signal unmasked.
This solves the problem we had with threads not receiving our synchronization
signal because they have masked all signals previously.

The bad side is that security-manager cannot use glibc sigaction() to set
custom signal handler for SIGSETXID. A bare call to syscall() function must
be used instead.

Change-Id: Ib1b28bb27d981601d6a002a896fb5823e6367ecc
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoAdd FOTA script for security-manager policy update 17/91817/3
Rafal Krypa [Tue, 11 Oct 2016 11:59:37 +0000 (13:59 +0200)]
Add FOTA script for security-manager policy update

The policy migration script was called only in rpm %post section. But FOTA
is not based on RPM packages, so the script must be also included in FOTA
script dir.

Change-Id: I4d8b627734439cb427380aa0fac5886d487c1656
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoDon't hard-code /usr/share directory in FOTA script 16/91816/3
Rafal Krypa [Tue, 11 Oct 2016 11:56:56 +0000 (13:56 +0200)]
Don't hard-code /usr/share directory in FOTA script

Use TZ_SYS_RO_SHARE variabe from tizen-platform.conf instead of the hard-
coded directory.

Change-Id: I46539a5a050e74ee81eb3fe0eee2545b3a18ce50
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoProvide proper placeholder file for global apps-labels 03/91903/2
Rafal Krypa [Wed, 12 Oct 2016 06:39:28 +0000 (08:39 +0200)]
Provide proper placeholder file for global apps-labels

In commit 16e879b, security_manager_monitor implementation has changed,
passing application labels from service to client instead of application
names. Internal files for passing that information were renamed to reflect
that change (apps-names => apps-labels). But the empty placeholder created in
the spec file remained unchanged.

Change-Id: Iadca1c67c353b9fbc4c2a912f753a2de5d9cd906

8 years agoUse smack_check() helper function instead of manually calling libsmack 13/90513/2
Rafal Krypa [Fri, 30 Sep 2016 09:36:27 +0000 (11:36 +0200)]
Use smack_check() helper function instead of manually calling libsmack

The smack_check() helper provides functionality for checking whether Smack
is available on the platform. It properly wraps libsmack check function and
remembers the result in static variable.
Use it where applicable, replacing custom checks.

Change-Id: Ie8ee27c700831c4fea8a8d837271f2604ca0b588

8 years agoSM : Unify Smack rules of System access to application 79/91279/5
Mateusz Forc [Thu, 6 Oct 2016 12:47:27 +0000 (14:47 +0200)]
SM : Unify Smack rules of System access to application

Please test with : https://review.tizen.org/gerrit/#/c/91931/

Change-Id: If94b6d719d5404965c8bbcec9598d35cb30e4526

8 years agoCleanup Fix ListUsers parameter description 68/90368/3
Radoslaw Bartosiak [Thu, 29 Sep 2016 12:56:25 +0000 (14:56 +0200)]
Cleanup Fix ListUsers parameter description

ListUsers does not clear the output vector.

Change-Id: Ibc9c9693d05c068d82f60734ea690f811474fa41
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
8 years agoUpdate policy set for 'security' user type 97/91697/1
jooseong lee [Tue, 11 Oct 2016 01:54:58 +0000 (10:54 +0900)]
Update policy set for 'security' user type

Deprecated privileges
 - http://tizen.org/privilege/dpm.settings
 - http://tizen.org/privilege/vpnservice.admin

New privileges
 - http://tizen.org/privilege/fido.client
 http://tizen.org/privilege/internal/service

Change-Id: I07a9d3443a756a4055fe2bbb56b542a98d2937f4
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoRelease version 1.2.2 94/91494/2 accepted/tizen/3.0/ivi/20161028.134037 accepted/tizen/3.0/mobile/20161028.133144 accepted/tizen/3.0/tv/20161028.133459 accepted/tizen/3.0/wearable/20161028.133754 accepted/tizen/common/20161010.145657 accepted/tizen/ivi/20161010.082846 accepted/tizen/mobile/20161010.082754 accepted/tizen/tv/20161010.082808 accepted/tizen/wearable/20161010.082829 submit/tizen/20161010.012628 submit/tizen_3.0/20161028.062323 submit/tizen_3.0/20161028.082423 submit/tizen_3.0_common/20161104.104000
Seongwook Chung [Mon, 10 Oct 2016 00:51:27 +0000 (09:51 +0900)]
Release version 1.2.2

- Add packagemanager.info privilege for 'User::Shell' domain
- Limit number of sql queries during installation
- Explicitly instantiate LogSystemSingleton
- PrivilegeDb: Add getting packages installed for user
- ServiceImpl: Optimize generating package process labels
- Remove Cynara singleton
- PermissibleSet: Remove PrivilegeDb usage
- Remove PrivilegeDb singleton
- Remove CynaraAdmin singleton

Change-Id: Iad4cc0b5d5b454a61b323e025f20d55b0dbe7211
Signed-off-by: Seongwook Chung <seong.chung@samsung.com>
8 years agoRemove CynaraAdmin singleton 68/91468/1
Zbigniew Jasinski [Fri, 7 Oct 2016 16:36:53 +0000 (18:36 +0200)]
Remove CynaraAdmin singleton

Change-Id: Ib13d1a8306f2abd8bcf40765185a079840edaf11
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
8 years agoRemove PrivilegeDb singleton 66/91466/1
Zbigniew Jasinski [Fri, 7 Oct 2016 16:24:37 +0000 (18:24 +0200)]
Remove PrivilegeDb singleton

Change-Id: Iabec786bdcbb403af0b4d402b96509f90c17f9f3
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
8 years agoPermissibleSet: Remove PrivilegeDb usage 65/91465/2
Zofia Abramowska [Fri, 7 Oct 2016 15:41:53 +0000 (17:41 +0200)]
PermissibleSet: Remove PrivilegeDb usage

Change-Id: I34a33ef2f80c9c02e9bdc41e9535632b9ab76f99

8 years agoRemove Cynara singleton 21/91421/3
Zofia Abramowska [Fri, 7 Oct 2016 09:53:26 +0000 (11:53 +0200)]
Remove Cynara singleton

Change-Id: Ia7aee968e142639373d1b9bc146b8162673504ba

8 years agoServiceImpl: Optimize generating package process labels 54/91454/3
Zofia Abramowska [Fri, 7 Oct 2016 14:53:38 +0000 (16:53 +0200)]
ServiceImpl: Optimize generating package process labels

Change-Id: If4edb2621d73e178e9009e0d5c25829bbab87157

8 years agoPrivilegeDb: Add getting packages installed for user 53/91453/3
Zofia Abramowska [Fri, 7 Oct 2016 14:50:13 +0000 (16:50 +0200)]
PrivilegeDb: Add getting packages installed for user

Change-Id: I6be6d8b438918408df20d12b34204e10a0ca750e

8 years agoExplicitly instantiate LogSystemSingleton 53/90353/4
Krzysztof Jackiewicz [Thu, 29 Sep 2016 12:25:16 +0000 (14:25 +0200)]
Explicitly instantiate LogSystemSingleton

To guarantee that a template class is instantiated only once it has to be
instantiated explicitly. This should solve the problem with "doubletons". Also,
it makes logs from libsecurity-manager-commons library visible.

Change-Id: I45bc6d6330a7ff27bacf9dfdfcd6a24f1e1225bf

8 years agoLimit number of sql queries during installation 29/90529/4
Krzysztof Jackiewicz [Fri, 30 Sep 2016 09:56:53 +0000 (11:56 +0200)]
Limit number of sql queries during installation

Change-Id: Iaad44912ae806544822d26f66add6ce8f0908d0b

8 years agoAdd packagemanger.info privilege for 'User::Shell' domain 88/91388/1
jooseong lee [Fri, 7 Oct 2016 08:02:57 +0000 (17:02 +0900)]
Add packagemanger.info privilege for 'User::Shell' domain

Shell process requires packagemanger.info privilege to debug
native applications.

Change-Id: I93e643b50694fb21778063f5fa512908929ee864
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoRelease version 1.2.1 77/90177/2 accepted/tizen/3.0/ivi/20161011.062352 accepted/tizen/3.0/mobile/20161015.034201 accepted/tizen/3.0/tv/20161016.005802 accepted/tizen/3.0/wearable/20161015.084102 accepted/tizen/common/20160930.174706 accepted/tizen/ivi/20160930.232533 accepted/tizen/mobile/20160930.232455 accepted/tizen/tv/20160930.232502 accepted/tizen/wearable/20160930.232521 submit/tizen/20160930.022920 submit/tizen_3.0_ivi/20161010.000006 submit/tizen_3.0_mobile/20161015.000006 submit/tizen_3.0_tv/20161015.000005 submit/tizen_3.0_wearable/20161015.000005
Rafal Krypa [Wed, 28 Sep 2016 16:54:33 +0000 (18:54 +0200)]
Release version 1.2.1

- Change the way of app process label generation
- Update default policy for new domain('User::Shell')

Change-Id: Idad431f3857a936b0ee8c0d2be2f5f0d89205d50
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoMigrate security policy after app labeling schema changed 76/90176/2
Rafal Krypa [Thu, 29 Sep 2016 13:27:04 +0000 (15:27 +0200)]
Migrate security policy after app labeling schema changed

Adapt existing security policy to patch 5b9adf81 (Change the way of app
process label generation).
Migrate existing policy to support package upgrade:
- modify existing Cynara policy
- modify existing Smack rules for applications

Change-Id: I3d75afe4da2f58040657c01c44a7d57e986332d2

8 years agoFix policy versioning mechanism 71/90371/2
Rafal Krypa [Thu, 29 Sep 2016 13:26:48 +0000 (15:26 +0200)]
Fix policy versioning mechanism

The policy versioning must properly handle two scenarios:
- initial install of security-manager-policy package - mostly happening during
  image build
- upgrade of security-manager-policy package - mostly happening during
  development

To keep information about policy version, we have the file in
%{TZ_SYS_VAR}/security-manager/policy-version. Update script will check the
current value of policy version and apply appropriate update.
But during image build, the entire policy will be provided in desired version
at once, so the package must provide final version value to the configuration
file.

Previous mechanism had a flaw that preveted update scripts from running in both
scenarios. Configuration files marked as %config(noreplace) in RPM spec file
aren't overwritten with a new version during package upgrade, but there is an
exception for that rule. If the configuration file wasn't modified on disk, the
new file from upgraded package will overwrite the old one. And the policy update
script is run from %post section, when all files from the new package are
already unpacked.

To solve the above problem, a modified version upgrade is provided:
- security-manager-policy will provide an empty policy-version file as
  %config(noreplace). The contents of this file in the package will not change
- policy update script will check the version file:
  * if it's not empty, the script will apply relevant migration updates and
    write higher version to the file (supporting package upgrade scenario)
  * if it's empty, the script will write there latest available version number,
    without actually applying the updates (supporting image build scenario)

Additionally, to fix the previous versioning schema, if the policy-version file
exists and is not-empty (package upgrade) and equal to 1, special actions will
be taken to handle security-manager-policy upgrade from version 1:
- the policy-version file will be modified by %pre script to put "0" value in it
Thanks to this step, an upgrade from policy version 1 will be performed as
expected. This is needed as workaround move from non-working upgrade mechanism
to a working one.

Change-Id: I4bcdcd2d6db63e25711b6bd25b03531f13e5d1da

8 years agoMerge remote-tracking branch 'sandbox/zabramowska/hybrid' into tizen 75/90175/3
Rafal Krypa [Thu, 29 Sep 2016 14:33:11 +0000 (16:33 +0200)]
Merge remote-tracking branch 'sandbox/zabramowska/hybrid' into tizen

Change-Id: I02ff2db20b2ff327724fc574ad16f86cceb84efa

8 years agoFix what I broken while amending 5b9adf81b4 76/90376/1 sandbox/zabramowska/hybrid
Rafal Krypa [Thu, 29 Sep 2016 14:30:59 +0000 (16:30 +0200)]
Fix what I broken while amending 5b9adf81b4

Correct my optimizaion of SmackRules::generateAppPkgNameFromLabel().
Now it should properly locate "::App::" substring in the analyzed label.

Change-Id: I9289d1ab5bf0336bd6f42fa38ee31cfcfaba5cf5

8 years agoUpdate default policy for new domain('User::Shell') 27/89627/4
jooseong lee [Mon, 26 Sep 2016 07:14:14 +0000 (16:14 +0900)]
Update default policy for new domain('User::Shell')

New domain is for shell process, which need packagemanger.admin
privilege to install applications. And root shell will get all privileges.

* Add new domain : https://review.tizen.org/gerrit/#/c/89586/
* Update onlycap list : https://review.tizen.org/gerrit/#/c/89619/

Change-Id: I9e079edad90615c1a3af16b35c10aaaa65993b80
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
8 years agoSmackRules: Don't add rule when subject==object 18/88318/5
Zofia Abramowska [Thu, 15 Sep 2016 13:01:59 +0000 (15:01 +0200)]
SmackRules: Don't add rule when subject==object

Change-Id: I1c57783927a9ed3cf79bfda1dd929e375caff94e

8 years agoChange the way of app process label generation 17/88317/5
Zofia Abramowska [Thu, 8 Sep 2016 16:29:45 +0000 (18:29 +0200)]
Change the way of app process label generation

Application process label depends on isHybrid flag, if flag
value is:
* 0 - all applications in package has the same process label:
      "User::Pkg::pkg_id"
* 1 - each application in package has different process label:
      "User::Pkg::pkg_id::App::app_Id"

Due to this change, app identifying API changes its behaviour:
for hybrid applications both app_id and pkg_id are returned,
for non-hybrid applications only pkg_id is returned.

From now on identyfing particular application is not always
possible.

Change-Id: Ice62b03be632524ec452569b6c8419f357db1b7f

8 years agoPass application labels instead of names in security_manager_monitor 11/89911/3
Rafal Krypa [Tue, 27 Sep 2016 11:16:59 +0000 (13:16 +0200)]
Pass application labels instead of names in security_manager_monitor

In an upcoming change, generation of application process label will
require additional information, application name will not be sufficient.
To keep security_manager_monitor functional and effective, it is better
to generate application label on the service side and take the labels
without further processing on the client side.

Appropriate policy migration is also provided to migrate old apps-names
files to new apps-labels.

Change-Id: Ica3b2a0dc4f3295e4ead71285684c656e34f2006
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
8 years agoAdd policy migration infrastructure 10/89910/1
Rafal Krypa [Mon, 19 Sep 2016 08:24:38 +0000 (10:24 +0200)]
Add policy migration infrastructure

Add support for migrating policy configuration. We already have policy version
information (current version is 1). When a change happens, appropriate script
should be provided for migration and bumping the version.

Change-Id: Iee5bdcc368a879053cd20e8feb37b67931218ad3

8 years agoUse C++ file interface in permissible-set 86/70186/5
Rafal Krypa [Wed, 18 May 2016 09:32:31 +0000 (11:32 +0200)]
Use C++ file interface in permissible-set

Read and write files with enabled app labels using C++ interface instead of
pure glibc.

Change-Id: I81dce9bc6f3ef6ec2ac910deb22c31f7edbfdc5a

8 years agoPass pkgName and isHybrid flag to label generation 16/88316/4
Zofia Abramowska [Thu, 8 Sep 2016 10:05:11 +0000 (12:05 +0200)]
Pass pkgName and isHybrid flag to label generation

Change-Id: I1663fe48998014e4b8a0dd53220cfed64cc154e9

8 years agoPass labels instead of appNames in SmackRules 15/88315/4
Zofia Abramowska [Wed, 7 Sep 2016 16:14:30 +0000 (18:14 +0200)]
Pass labels instead of appNames in SmackRules

Change-Id: Ib89939a4c785517e9e7654f6f62b98fc83cac2a1

8 years agoFetch process label from service 14/88314/4
Zofia Abramowska [Tue, 6 Sep 2016 15:01:17 +0000 (17:01 +0200)]
Fetch process label from service

Change-Id: I961de3bc1aff1a98f9062c881ca75f858319551f

8 years agoFetch is_hybrid flag from db 13/88313/4
Zofia Abramowska [Wed, 7 Sep 2016 11:18:40 +0000 (13:18 +0200)]
Fetch is_hybrid flag from db

Change-Id: Ie77b94b551bedb4eff569379f0c0726578147d7f

8 years agoAdd is hybrid flag to application install request 04/88304/5
Zofia Abramowska [Fri, 2 Sep 2016 16:35:53 +0000 (18:35 +0200)]
Add is hybrid flag to application install request

"IsHybrid" is introduced to distinguish between different
types of packages. Hybrid package assumes, that applications
inside it can have different privileges, so they should be
labeled separately. Any other package will have all applications
labeled the same and label will be generated from package name.
This commit does not yet interpret this flag, apart from db,
From now on db will accept only applications from the same package,
which have the same setting of isHybrid flag.

Change-Id: Ic94d2147fa9684279d8b8a41ad6ee99b555cd766