platform/core/security/libprivilege-control.git
11 years agoFixing bug in setting execute label for executable files
Zofia Abramowska [Tue, 5 Feb 2013 10:35:16 +0000 (11:35 +0100)]
Fixing bug in setting execute label for executable files

[Issue#] SSDWSSP-70
[Bug] Execute labels was set for all files (not only executable)
[Cause] Bad flags and logic for given API
[Solution] Changed stat flags and now execute label is set for
everything with execute permissions and then removed from directories
[Verification] Successful build

Change-Id: Ic812c4872190d0faa2d1175edb98389d79b83b61

11 years agosmack_default_rules: remove white spaces at the end of lines
Rafal Krypa [Mon, 4 Feb 2013 11:35:28 +0000 (12:35 +0100)]
smack_default_rules: remove white spaces at the end of lines

This cosmetic change is intended to align the file between RSA and private
repositories, making the diff minimal.
No functional changes introduced.

Change-Id: I78c911068bfe8254fa1040898ddfbe717a6f911c

11 years ago[Release] libprivilege-control_0.0.22.TIZEN
Tomasz Swierczek [Tue, 5 Feb 2013 08:26:44 +0000 (09:26 +0100)]
[Release] libprivilege-control_0.0.22.TIZEN

* Added new API for setting access/execute labels and transmute on OSP apps directories
* Fixed dlog usage
* Reverted "make symbolic link of udev rules file" (commit c3a7c9d1188f08fdc950858c589173bb5bb0c817)

Change-Id: I4dd69f4b637207ed635d0c13332d7f0d5540b681

11 years agoCorrect debug in dir_set_smack_r().
Rafal Krypa [Mon, 4 Feb 2013 18:40:28 +0000 (19:40 +0100)]
Correct debug in dir_set_smack_r().

[Issue#]       N/A
[Bug]          Debug log about setting Smack label on file is printed even for files don't matching the mask.
[Cause]        Debug log misplaced.
[Solution]     Move the log inside if block, checking whether file should be labeled.
[Verification] Build.

Change-Id: I1d83ca6986be8e4a47818e69738a66deda1b9b74

11 years agoFix segfault in DLOG in dir_set_smack_r function.
Janusz Kozerski [Mon, 4 Feb 2013 15:36:29 +0000 (16:36 +0100)]
Fix segfault in DLOG in dir_set_smack_r function.

[Issue#]       N/A
[Bug]          Segfult in dir_set_smack_r function.
[Cause]        Wrong DLOG agrument - printing enum like a string.
[Solution]     Fix print format.
[Verification] Build libprivilege with WRT_SMACK_ENABLE and run libprivilege-control tests.

Change-Id: I7be2f912537a4585afdcf9cc088eea340dfb0c74

11 years agoChanges for label settings on directories API
Zofia Abramowska [Mon, 4 Feb 2013 15:13:57 +0000 (16:13 +0100)]
Changes for label settings on directories API

[Issue#] SSDWSSP-70
[Feature] New API for setting label on application directory and
application shared directory
[Cause] N/A
[Solution] N/A
[Verification] Successful build

Change-Id: I9b0d739ee2a4fa636a226f1ef81cd29d06cd6502

11 years agoRevert "make symbolic link of udev rules file"
Rafal Krypa [Fri, 1 Feb 2013 17:52:45 +0000 (18:52 +0100)]
Revert "make symbolic link of udev rules file"

This reverts commit c3a7c9d1188f08fdc950858c589173bb5bb0c817.

The reverted commit was a workaround for pre-v182 udev. Since udev has
been upgraded already, the workaround is no longer needed.

Change-Id: Ife6a922f0daa1ec851221151c9b1c814d63a25d0

11 years ago[Release] libprivilege-control_0.0.21.TIZEN
Rafal Krypa [Fri, 1 Feb 2013 16:24:50 +0000 (17:24 +0100)]
[Release] libprivilege-control_0.0.21.TIZEN

* add new label and change label - system::core -> sys-assert::core
* Adding new API for setting label and transmute on directory

Change-Id: Ic20d398f2f0b57654d5f0245d1c38e256e98d921

11 years agoAdding new API for setting label and transmute on directory
Zofia Abramowska [Fri, 1 Feb 2013 11:15:59 +0000 (12:15 +0100)]
Adding new API for setting label and transmute on directory

[Issue#] SSDWSSP-67
[Feature] New API for setting label and transmute on directory
[Cause] N/A
[Solution] N/A
[Verification] Successful build

Change-Id: I81e7b0cbbbc5ec857c7dc4be450691dc8d7994b5

11 years agoadd new label and change label - system::core -> sys-assert::core
Kidong Kim [Fri, 1 Feb 2013 00:38:19 +0000 (09:38 +0900)]
add new label and change label - system::core -> sys-assert::core

11 years ago[Release] libprivilege-control_0.0.20.TIZEN
Rafal Krypa [Wed, 30 Jan 2013 16:16:41 +0000 (17:16 +0100)]
[Release] libprivilege-control_0.0.20.TIZEN

* Prevent related bugfixes.
* add new default smack rule.
* add new group for crash-logger.
* add new smack label - system::crash.
* Bug fix in adding permissions.
* Implement logging in libprivilege-control.
* Fix parsing of Smack config files.
* Remove some unnecessary code from wrt_set_src_dir() and wrt_set_data_dir().

Change-Id: I70cd2ba8ab5ac876be726aac4902939efc250a61

11 years agoRemove some unnecessary code from wrt_set_src_dir() and wrt_set_data_dir().
Rafal Krypa [Tue, 29 Jan 2013 17:19:06 +0000 (18:19 +0100)]
Remove some unnecessary code from wrt_set_src_dir() and wrt_set_data_dir().

[Issue#]       N/A
[Bug]          Widget label constructed, where it is not used.
[Cause]        Only file labels are needed in those functions.
[Solution]     Remove appropriate code blocks.
{Verification] Build.

Change-Id: I3e9c6908c90efc8832f9c93177f371e1e9f5afd2

11 years agoFix parsing of Smack config files.
Rafal Krypa [Fri, 25 Jan 2013 16:13:51 +0000 (17:13 +0100)]
Fix parsing of Smack config files.

[Issue#]       N/A
[Bug]          Giving Smack permissions to apps based on permissions list not working.
[Cause]        Invalid return code from fscanf() expected.
[Solution]     Fix parsing in perm_to_smack() internal function.
[Verification] Run libprivilege-control tests from security-tests.

Change-Id: I9efd05b256e31e2c39bc479db01b744e3169c3f7

11 years agoImplement logging in libprivilege-control
Janusz Kozerski [Tue, 22 Jan 2013 15:29:43 +0000 (16:29 +0100)]
Implement logging in libprivilege-control

[Issue#]       LINUXSWAP-440
[Bug]          N/A
[Cause]        Missing logs in libprivilege-control.
[Solution]     Add logs.

[Verification] Build, install, reboot target. Verify running of native applications and widgets. Run dlogutil and check if logs are present.

Change-Id: I9e13d5f465ee306d6b350f300bd6cb0ebefe1ad8

11 years agoadd new smack label - system::crash
Kidong Kim [Wed, 30 Jan 2013 01:51:54 +0000 (10:51 +0900)]
add new smack label - system::crash

11 years agoBug fix in adding permissions.
Jan Olszak [Thu, 17 Jan 2013 14:10:26 +0000 (15:10 +0100)]
Bug fix in adding permissions.

[Issue] Bad function arguments.
[Bug] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build.

Change-Id: I2dc34ba858340316da5abd000431f9ac0d001d9c

11 years agoadd new group for crash-logger
Kidong Kim [Fri, 25 Jan 2013 05:19:36 +0000 (14:19 +0900)]
add new group for crash-logger

11 years agoadd new default smack rule
Kidong Kim [Thu, 24 Jan 2013 10:24:34 +0000 (19:24 +0900)]
add new default smack rule

11 years agoPrevent related bugfixes.
Mariusz Domanski [Tue, 15 Jan 2013 14:40:06 +0000 (15:40 +0100)]
Prevent related bugfixes.

[Issue] N/A
[Bug] Bugs found by Coverity.
[Cause] N/A
[Solution] Fix for copy-paste error.
[Verification] Build libprivilege-control, installl package
               on target and successfuly reboot target.

11 years ago[Release] libprivilege-control_0.0.19
Rafal Krypa [Thu, 10 Jan 2013 16:47:34 +0000 (17:47 +0100)]
[Release] libprivilege-control_0.0.19

* Removed "Epoch" from spec file.
* Remove stale permission files.
* Introduce WRT_ prefix in smack for current SMACK configuration files.
* Drop legacy USE_PRIVILEGE_CONTROL ifdef.
* Change syntax of SMACK config files.
* New API for native/OSP installer.
* Add SMACK config for OSP apps.

Change-Id: Ia481bcd10158a6491e439cf3bde32987c367bc6c

11 years agoAdd SMACK config for OSP apps.
Rafal Krypa [Tue, 8 Jan 2013 19:32:03 +0000 (20:32 +0100)]
Add SMACK config for OSP apps.

[Issue#]       LINUXSWAP-426
[Feature]      Add SMACK file prepared by Kidong Kim.
[Cause]        New API for OSP app installer.
[Solution]     Include the file, adapted to the final rule files format.
[Verification] N/A

Change-Id: Idb096c6841e1b92d210bdae8a98b16035d0b0953

11 years agoNew API for native/OSP installer.
Rafal Krypa [Tue, 8 Jan 2013 19:27:59 +0000 (20:27 +0100)]
New API for native/OSP installer.

[Issue#]       LINUXSWAP-426
[Feature]      New API for simplified SMACK management for native apps.
[Cause]        New API has been requested and designed.
[Solution]     Implement new functions: app_add_permissions, app_revoke_permissions, app_label_dir
[Verification] Only build verification, until the API is used.

Change-Id: I37110e030a71e958dda80650b376036c5dcc7051

11 years agoChange syntax of SMACK config files.
Rafal Krypa [Tue, 8 Jan 2013 17:15:00 +0000 (18:15 +0100)]
Change syntax of SMACK config files.

[Issue#]       LINUXSWAP-426
[Feature]      New syntax: "~APP~ OBJECT PERM" or "SUBJECT ~APP~ PERM"
[Cause]        The syntax has been discussed.
[Solution]     Use three-field syntax to make files understandable easier.
[Verification] Build, install, reboot target.

Change-Id: I5c3c7a331373495a0944680beb72f72fa6062091

11 years agoDrop legacy USE_PRIVILEGE_CONTROL ifdef.
Rafal Krypa [Tue, 8 Jan 2013 16:35:24 +0000 (17:35 +0100)]
Drop legacy USE_PRIVILEGE_CONTROL ifdef.

[Issue#]       N/A
[Feature]      Drop unused ifdef and related stub code.
[Cause]        The ifdef used to enable turning off the library functionality, but it's no longer feasible.
[Solution]     Drop the ifdef and dummy API function counterparts.
[Verification] Build, install, reboot target.

Change-Id: I7f73b8fe236785b868f14724de17e27d77d3f67d

11 years agoIntroduce WRT_ prefix in smack for current SMACK configuration files.
Rafal Krypa [Tue, 8 Jan 2013 16:30:08 +0000 (17:30 +0100)]
Introduce WRT_ prefix in smack for current SMACK configuration files.

[Issue#]       LINUXSWAP-426
[Feature]      Prepare for non-WRT smack permission configs.
[Cause]        Implementing new API for OSP apps.
[Solution]     Prefix existing SMACK config files with WRT_.
[Verification] Build, install, reboot target.

Change-Id: I2dcec947ec42ac340f8fbc383a7713ef8017b4c0

11 years agoRemove stale permission files.
Rafal Krypa [Tue, 8 Jan 2013 16:04:47 +0000 (17:04 +0100)]
Remove stale permission files.

[Issue#]       N/A
[Feature]      Remove group-based permission configs.
[Cause]        Stale permission files left after code that used them was removed.
[Solution]     Remove the files from source and CMake.
[Verification] Build, install, reboot target.

Change-Id: I013872c07773a2befe7f32cc3322efba17468349

11 years agoRemoved "Epoch" from spec file.
Tomasz Swierczek [Thu, 10 Jan 2013 15:09:40 +0000 (16:09 +0100)]
Removed "Epoch" from spec file.

Change-Id: Ifd3d4daf2d9b7cfe20d35eb83c5435323a4e74ff

11 years ago[Release] libprivilege-control_1:0.0.18
Rafal Krypa [Tue, 8 Jan 2013 10:25:44 +0000 (11:25 +0100)]
[Release] libprivilege-control_1:0.0.18

* Modify label for browser db files
* Separate ifdefs for Smack support for WRT.
* Re-enable Smack setting for native apps.
* Fix app type checking in set_app_privilege().
* smack_default_labeling: use variables for various /opt/* paths.

Change-Id: I7346a6691d72de430f5a70e4fb326797bc1baaf7

11 years agoFix app type checking in set_app_privilege().
Rafal Krypa [Tue, 18 Dec 2012 18:05:25 +0000 (19:05 +0100)]
Fix app type checking in set_app_privilege().

[Issue#] LINUXSWAP-417
[Bug] Passing type=NULL to set_app_privilege() caused segfault.
[Cause] Inappropriate handling of NULL value in this argument.
[Solution] Static function verify_app_type() now returns the app type.
[Verification] Build install, reboot target. Verify running of native applications and widgets.

Change-Id: I12c165048e8b049eb76b41afe3f214e0f92c0c55

11 years agoRe-enable Smack setting for native apps.
Rafal Krypa [Thu, 13 Dec 2012 13:45:22 +0000 (14:45 +0100)]
Re-enable Smack setting for native apps.

[Issue#] LINUXSWAP-409
[Feature] Re-enable Smack support.
[Cause] Aul needs support for SMACK64EXEC.
[Solution] Re-enable existing Smack support.
[Verification] Build install, reboot target. Verify running of native applications and widgets.

Change-Id: Ia17974eeea57c642b42a9f6d2241730eeca0f271

11 years agoSeparate ifdefs for Smack support for WRT.
Rafal Krypa [Thu, 13 Dec 2012 13:40:25 +0000 (14:40 +0100)]
Separate ifdefs for Smack support for WRT.

[Issue#] LINUXSWAP-409
[Feature] Make it possible to enable Smack for native applications only.
[Cause] Want to use non-wrt Smack features, wrt stuff still not ready.
[Solution] Add WRT_SMACK_ENABLED ifdef, use it for wrt-specific code.
[Verification] Build with different setting of SMACK_ENABLED and WRT_SMACK_ENABLED.

Change-Id: I6c0ab6fa9693908d00825cd714891bc0625bc845

11 years agosmack_default_labeling: use variables for various /opt/* paths.
Rafal Krypa [Tue, 8 Jan 2013 09:27:45 +0000 (10:27 +0100)]
smack_default_labeling: use variables for various /opt/* paths.

[Issue#]       N/A
[Feature]      Make merging between RSA and SLP easier.
[Cause]        RSA and SLP use different directories.
[Solution]     Use variables in the shell script.
[Verification] Build, install, reboot target.

Change-Id: Id6e73d0342edeb710ae31950c419c08704035396

11 years agoModify label for browser db files
Halton Huo [Wed, 5 Dec 2012 06:55:32 +0000 (14:55 +0800)]
Modify label for browser db files

11 years agofix udev and add new db
Kidong Kim [Thu, 13 Dec 2012 02:26:57 +0000 (11:26 +0900)]
fix udev and add new db

Change-Id: I4013ee838de20828ddb29dbfc12047411e4cc5a5

11 years agoudev: change heuristics for guessing camera device nodes
Rafal Krypa [Fri, 7 Dec 2012 13:13:47 +0000 (14:13 +0100)]
udev: change heuristics for guessing camera device nodes

[Bug] Camera device nodes are not detectepd properly. V4L query in udev increases boot time.
[Cause] V4L capabilities doesn't allow distinguishing camera devices.
[Solution] Use hardcoded device nodes based on kernel version number. Detect kernel version in udev rules.
[Verification] Build, install, reboot target. Verify permissions of /dev/video* nodes.

Change-Id: Ib2728bd2aba5d2008fe0efbfee6f1bd2c0d154d7

11 years agocmake: change the way the udev files are installed.
Rafal Krypa [Fri, 7 Dec 2012 14:53:20 +0000 (15:53 +0100)]
cmake: change the way the udev files are installed.

[Feature] Restructure udev files in the source and their installation.
[Solution] Move udev/rules/ to udev/rules.d, install whole udev/ directory in CMake.
[Verification] Build, install, reboot target. Verify permissions in /dev/.

Change-Id: Ibf6490b490df6319a89179cf3bfa2868f330b169

11 years agoFix problems reported on Coverity
Pawel Polawski [Wed, 7 Nov 2012 16:46:02 +0000 (17:46 +0100)]
Fix problems reported on Coverity

[Issue#]        http://cam.sprc.samsung.pl/browse/LINUXSWAP-325
[Bug]           Fix prevent defects.
[Cause]         Bugs in sorce reported by Coverity may cause software
                errors or malfunctions.
[Solution]      Bugs has been fixed.
[Verification]  Rebuild project.

Change-Id: Ibc0d085408f5ef189c09df48e23696b2ec5f1388

11 years agoAdd build type required for code coverage analysis.
Zbigniew Kostrzewa [Wed, 21 Nov 2012 11:37:17 +0000 (12:37 +0100)]
Add build type required for code coverage analysis.

[Issue#]        N/A
[Bug]           N/A
[Cause]         N/A
[Solution]      N/A
[Verification]  Build project without build type provided explicitly
and with build type set to CCOV. In both cases, project should build
successfully. In second case, with CCOV build type, additional .gcno
files should be created in the projects build root. Please, verify if
they exist.

Hint: pass `--define='build_type CCOV'` to osc build command to set
build type to CCOV.

Change-Id: I320457323e17079df11ce1d300d6e3cc81e8e58a

11 years agosystemd: Add systemd unit to set default smack labels
Karol Lewandowski [Tue, 11 Dec 2012 10:54:36 +0000 (11:54 +0100)]
systemd: Add systemd unit to set default smack labels

Signed-off-by: Jacek Migacz <j.migacz@samsung.com>
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
Change-Id: Ia572357d4501b5d0f5cc003a5c0ec268a2bad89e

11 years agofix db name
Kidong Kim [Fri, 7 Dec 2012 06:04:18 +0000 (15:04 +0900)]
fix db name

11 years agorelease 0.0.14
Kidong Kim [Wed, 5 Dec 2012 10:03:09 +0000 (19:03 +0900)]
release 0.0.14

Change-Id: I8fe716f246be318ceeffd4514517f75f8e31a812

11 years agoMerge "Merge branch 'for-rsa-systemd'"
KunHoon Baik [Wed, 5 Dec 2012 01:22:42 +0000 (10:22 +0900)]
Merge "Merge branch 'for-rsa-systemd'"

11 years agomodified label from libslp-calendar to calendar-service
Jeesun Kim [Mon, 26 Nov 2012 01:01:48 +0000 (10:01 +0900)]
modified label from libslp-calendar to calendar-service

11 years agoMerge branch 'for-rsa-systemd'
Jacek Migacz [Fri, 23 Nov 2012 14:07:05 +0000 (15:07 +0100)]
Merge branch 'for-rsa-systemd'

Change-Id: If6c41fdf35e1b11e862ed40309e9216762594717

11 years agomodified calendar-service name in smack
Jeesun Kim [Tue, 20 Nov 2012 15:05:21 +0000 (00:05 +0900)]
modified calendar-service name in smack

11 years agoMerge branch 'master' into systemd
Karol Lewandowski [Wed, 14 Nov 2012 16:52:19 +0000 (17:52 +0100)]
Merge branch 'master' into systemd

Conflicts:
packaging/libprivilege-control.spec

Change-Id: Iab7c2ae185a943d8abbcc7fff6983e1053e8e903

11 years agoMove passwd and group back from /opt/etc to /etc/
Yin Kangkai [Mon, 12 Nov 2012 14:59:50 +0000 (22:59 +0800)]
Move passwd and group back from /opt/etc to /etc/

Credentials (passwd and group) files in /opt (another partiton)
instead of root introduces a depending cycle in systemd env:

1. systemd _depends_ on udev being able to notify it to mount
   /dev/mmcblk0p6 on /opt;

2. udev depends on "group" to set correctly permissions to /dev/
   nodes based on its rules.

3. credentials (passwd and group) files are in /opt, only availabe
   when mounted;

Some other information and discussion:
1. https://tizendev.org/pipermail/system/2012-November/000100.html
2. https://tizendev.org/gerrit/#/c/10005/

So we move it back to /etc (the root partition).

Another thing needs to mention is we need to make sure
{passwd,group} files available in "%install" section instead of
doing that in "%post", since otherwise rpms installed after this
package will fail for rpm keyword "%attr". e.g.:
"%attr(4750,root,dbus)" in dbus package.

Signed-off-by: Yin Kangkai <kangkai.yin@intel.com>
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
Signed-off-by: Patrick McCarty <patrick.mccarty@linux.intel.com>
Change-Id: I29fd2d20f6099307603de74a22a8a27f508aba48

12 years agomake symbolic link of udev rules file
Kidong Kim [Wed, 7 Nov 2012 05:32:52 +0000 (14:32 +0900)]
make symbolic link of udev rules file

12 years agoremove admin group
Kidong Kim [Thu, 1 Nov 2012 07:17:12 +0000 (16:17 +0900)]
remove admin group

12 years agoRelease changes from private Samsung repository.
Tomasz Swierczek [Mon, 29 Oct 2012 10:58:48 +0000 (11:58 +0100)]
Release changes from private Samsung repository.

* upgrade from 0.0.6 to 0.0.12 version
* re-release to official RSA OBS project

Change-Id: I2b4a6b17375409e613caf37a56e97911dad87807

12 years agoudev rules: Allow ordinary users use DRM
Karol Lewandowski [Sun, 28 Oct 2012 12:39:25 +0000 (13:39 +0100)]
udev rules: Allow ordinary users use DRM

This is required for accelerated (opengl-based) desktop to work under
systemd, where GUI applications run as non-privileged user 'app'.

Change-Id: I5122025d7fe4455fe946f3a78a1a35ca3ca5087b

12 years agoRelease changes from private Samsung repository.
Tomasz Swierczek [Wed, 24 Oct 2012 14:16:43 +0000 (16:16 +0200)]
Release changes from private Samsung repository.

* Upgrade from 0.0.6 to 0.0.12 version

Change-Id: Ie567dfaa124c43ac7b9b0f9fd3a914b81d9c1652

12 years agoAdd dbus user and group for proper priviledge separation in dbus' "--system" service
Karol Lewandowski [Sun, 29 Jul 2012 02:43:07 +0000 (11:43 +0900)]
Add dbus user and group for proper priviledge separation in dbus' "--system" service

Change-Id: Ifabfe4b320e0dac9f560e84f1dfb099c509af452

12 years agoudev: set haptic devices to world readable and writable. 2.0alpha master 2.0_alpha accepted/tizen/20130520.102926 submit/master/20120920.151107 submit/tizen/20130517.015730
Rafal Krypa [Wed, 5 Sep 2012 16:12:19 +0000 (18:12 +0200)]
udev: set haptic devices to world readable and writable.

Access to devices with permissions 0666 should be controlled by Smack in the future.

Change-Id: Iab25f8212779a35bdcd63bf59898f00e0dd659ae

12 years agoModify udev rules as per Mr. Kidong Kim request.
Rafal Krypa [Fri, 24 Aug 2012 14:30:50 +0000 (16:30 +0200)]
Modify udev rules as per Mr. Kidong Kim request.

Change-Id: I24a12b4dc0997b488181714edd8b18c22e7bed04

12 years agomodified code
Kidong Kim [Wed, 22 Aug 2012 04:24:08 +0000 (13:24 +0900)]
modified code

12 years agosource code open
Kidong Kim [Wed, 22 Aug 2012 02:53:44 +0000 (11:53 +0900)]
source code open

12 years agoupload tizen1.0 source
Kim Kibum [Sun, 29 Apr 2012 08:01:23 +0000 (17:01 +0900)]
upload tizen1.0 source

12 years agoInitial empty repository
eunmee moon [Fri, 27 Apr 2012 12:35:54 +0000 (21:35 +0900)]
Initial empty repository