platform/core/security/libprivilege-control.git
11 years agoComment to app_revoke_permissions() changed.
Marcin Niesluchowski [Wed, 22 May 2013 13:37:38 +0000 (15:37 +0200)]
Comment to app_revoke_permissions() changed.

[Issue#]        SSDWSSP-260
[Bug/Feature]   Comment to app_revoke_permissions() was not consistent with actual function requirements.
[Cause]         N/A
[Solution]      N/A
[Verification]  N/A

Change-Id: I639247fa2af81d4adb1a153d193e94f48b1edc83

11 years agoChange parameter names app_id to pkg_id in API functions
Jan Cybulski [Fri, 24 May 2013 08:57:39 +0000 (10:57 +0200)]
Change parameter names app_id to pkg_id in API functions

        [Issue#]        SSDWSSP-290
        [Bug/Feature]   N/A
        [Cause]         N/A
        [Solution]      N/A
        [Verification]  Build, run libprivilege tests.

Change-Id: I27a44c9c7a1491b0ff2c3827d76bf1eea4b2e2f2

11 years agoAdd implementation for appsetting privilege
Jan Cybulski [Thu, 23 May 2013 10:12:28 +0000 (12:12 +0200)]
Add implementation for appsetting privilege

    [Issue#]        SSDWSSP-241
    [Bug/Feature]   Implement an unique feature for an appsetting privilege.
                    The privilege should give RWX access to all registered
                    setting folders and RX access to all applications.
    [Cause]         N/A
    [Solution]      Change in app_add_permissions_internal.
    [Verification]  Run libprivilege tests.
                    Test privilege_control16_appsettings_privilege should pass

Change-Id: Icdb2b6dc44395ec7a723064bc2db56ef634e609d

11 years agoAdd error logs in app_give_access.
Bartlomiej Grzelewski [Thu, 9 May 2013 14:43:05 +0000 (16:43 +0200)]
Add error logs in app_give_access.

[Issue#]   SSDWSSP-226
[Bug]      N/A
[Cause]    N/A
[Solution] N/A

[Verification] Successful compilation. Run test.

Change-Id: I7bb100c39a6fb139414a88e72a73c60282f4168f

11 years agoprivilege-control.c and privilege-control.h extended by new app_type_t values. New...
Marcin Niesluchowski [Mon, 20 May 2013 09:56:27 +0000 (11:56 +0200)]
privilege-control.c and privilege-control.h extended by new app_type_t values. New WRT_partner.smack, WRT_platform.smack, OSP_partner.smack and OSP_platform.smack created from WRT.smack and OSP.smack.

[Issue#]        SSDWSSP-270
[Bug/Feature]   Change app_enable_permissions() input app type - extend to new app types.
[Cause]         N/A
[Solution]      N/A
[Verification]  Creating and running tests for new app types.

Change-Id: I4c5525d2dfc9c626b07a8dae33f073db7460ce9c

11 years agoFixed creation of rule sets with missing ----- (change-rule interface)
Tomasz Swierczek [Fri, 31 May 2013 16:03:16 +0000 (18:03 +0200)]
Fixed creation of rule sets with missing ----- (change-rule interface)

[Issue#]       N/A
[Bug]          Some rules in apps rule file were overwriting rules
[Cause]        smack_accesses_add used instead of smack_accesses_add_modify
[Solution]     changed function
[Verification] Install FtApp and see if rules for aospd* label are rx or rwx (should be latter)

Change-Id: I66e2cae21865bd4be1b885df8d958a5fa0409d52

Conflicts:

src/privilege-control.c

11 years agoChanging way of mapping feature to file name
Zofia Abramowska [Wed, 29 May 2013 15:50:23 +0000 (17:50 +0200)]
Changing way of mapping feature to file name

[Issue#] SSDWSSP-292
[Feature] Supporting wider variety of feature names
[Cause] Previously there was no difference in mapping features
named like http://<something>/feature.name, no matter what
<something> was. This isn't proper anymore.
[Solution] Mapping whole feature name to file name
[Verification] Build. Run tests. Test for adding api features will fail.

Change-Id: I4c459e845215c7dcab522a415a560e86936b057a

11 years agoNew API for labeling directories and files.
Rafal Krypa [Thu, 23 May 2013 09:54:34 +0000 (11:54 +0200)]
New API for labeling directories and files.

[Issue#]       SSDWSSP-240
[Feature]      New API for labeling directories and files
[Cause]        Redesigned with new requested feature implementation
[Solution]     Provide new function app_setup_path(), deprecate app_label_dir(), app_label_shared_dir() and app_add_shared_dir_readers()
[Verification] Build, install, reboot target. Run libprivilege-control tests.

Change-Id: I9e8ad0c279fc8edfe2ef3764382d6726f5615dcc

11 years agoCode refactoring, new internal function for adding single rule for an application.
Rafal Krypa [Wed, 22 May 2013 13:13:57 +0000 (15:13 +0200)]
Code refactoring, new internal function for adding single rule for an application.

[Issue#]       N/A
[Feature]      New static function app_add_rule()
[Cause]        The same functionality implemented in several places.
[Solution]     Refactoring for better code reuse.
[Verification] Build, install, reboot target. Run libprivilege-control tests.

Change-Id: Id76ae8a435e38092c219ed40b65b11b0f4690b42

11 years agoImplement special handling for http://tizen.org/privilege/antivirus
Janusz Kozerski [Mon, 13 May 2013 15:27:53 +0000 (17:27 +0200)]
Implement special handling for tizen.org/privilege/antivirus

[Issue#]        SSDWSSP-239
[Bug/Feature]   Implement special handling for http://tizen.org/privilege/antivirus
[Cause]         app_register_av() is deprecated.
[Solution]      N/A
[Verification]  Build, install. Install apps.installer.rpm from task (in CAM), and try to install McAfee anti virus (in CAM).

Change-Id: Icd2ba4f8385dedc53fe1e380bef1463e228bcc2e

11 years agoMerge remote-tracking branch 'rsa/tizen_2.1' into rsa_master
Krzysztof Jackiewicz [Wed, 29 May 2013 15:20:21 +0000 (17:20 +0200)]
Merge remote-tracking branch 'rsa/tizen_2.1' into rsa_master

11 years agoAdd API functions smack_pid_have_access and get_smack_label_from_process.
Janusz Kozerski [Mon, 6 May 2013 12:34:13 +0000 (14:34 +0200)]
Add API functions smack_pid_have_access and get_smack_label_from_process.

[Issue#]   SSDWSSP-220
[Feature]  Add new function: smack_pid_have_access. This function calls smack_have_access, and if there's no access granted then check if process have CAP_MAC_OVERRIDE.
[Problem]  N/A
[Cause]    N/A
[Solution] N/A

[Verification] Build, install.

Change-Id: If319fd7b176d9a7e1ecb38458f6178e5e7f9865c

11 years ago[Release] libprivilege-control_0.0.27.TIZEN
Krzysztof Jackiewicz [Wed, 29 May 2013 14:12:06 +0000 (16:12 +0200)]
[Release] libprivilege-control_0.0.27.TIZEN

* Executable link labeling. API deprecation.

Change-Id: Ie9669c42b31aa066fc9955c80c282bcb41f9d04d

11 years agoRevert "Fixing app_revoke_internal() used by app_revoke_permissions()"
Marcin Niesluchowski [Wed, 22 May 2013 12:12:47 +0000 (21:12 +0900)]
Revert "Fixing app_revoke_internal() used by app_revoke_permissions()"

This reverts commit 8b61c02bade31201966fdeb822569b2b5c2da5b3

11 years agoadd new smack rule
Kidong Kim [Tue, 28 May 2013 07:42:29 +0000 (16:42 +0900)]
add new smack rule

11 years agoWRT binary link handling updated.
Krzysztof Jackiewicz [Tue, 7 May 2013 06:37:36 +0000 (08:37 +0200)]
WRT binary link handling updated.

[Issue#] N/A
[Feature/Bug] N/A
[Problem] WRT application label should be retrieved from link to executable
xattrs. Currently widget_id is the label.
[Cause] N/A
[Solution] Smack label is retrieved from link to executable. app_label_dir
has been modified to label links to executable files with proper exec label.

[Verification] Run libprivilege-control-test. Reboot, install a widget and
launch it. http://slp-info.sec.samsung.net/gerrit/#/c/204855/

Change-Id: Iae87854283989f0d3ff0b76c9092c10654f47c7c

11 years agoFixing app_revoke_internal() used by app_revoke_permissions()
Marcin Niesluchowski [Tue, 14 May 2013 15:36:18 +0000 (17:36 +0200)]
Fixing app_revoke_internal() used by app_revoke_permissions()

[Issue#]        SSDWSSP-260
[Bug/Feature]   Libprivilege-control tests fail
[Cause]         N/A
[Solution]      N/A
[Verification]  Running tests

Change-Id: I72f654279998f4622ce2a9564580242b29ec9d80

11 years agoMarking app_give_access & app_revoke_access as deprecated
Zofia Abramowska [Mon, 13 May 2013 14:10:19 +0000 (16:10 +0200)]
Marking app_give_access & app_revoke_access as deprecated

[Issue#] SSDWSSP-229
[Bug/Feature] N/A
[Cause] Reimplementing process_app_give_access in security-server
[Solution] N/A
[Verification] Successful build

Change-Id: Id81146bc2892353ec2f55976a4d77077d2744e43

11 years agoadd rule for wrt_launchpad_daemon
Kidong Kim [Tue, 21 May 2013 08:48:34 +0000 (17:48 +0900)]
add rule for wrt_launchpad_daemon

11 years agoAdjusting Rules for boolmark tizen_2.1 accepted/tizen/20130520.101224 submit/tizen/20130517.045137 submit/tizen_2.1/20130516.045506
Bumjin Im [Wed, 15 May 2013 10:30:10 +0000 (19:30 +0900)]
Adjusting Rules for boolmark

11 years agoadd smack rules for sdcard
Kidong Kim [Wed, 15 May 2013 07:26:57 +0000 (16:26 +0900)]
add smack rules for sdcard

11 years agoadd smack rules for osp/web app submit/tizen_2.1/20130515.030959
Kidong Kim [Tue, 14 May 2013 08:58:30 +0000 (17:58 +0900)]
add smack rules for osp/web app

11 years agoMerge "Update .smack files 2" into tizen_2.1
Bumjin Im [Tue, 14 May 2013 06:03:52 +0000 (15:03 +0900)]
Merge "Update .smack files 2" into tizen_2.1

11 years agoUpdate .smack files 2
jinha.hwang [Tue, 14 May 2013 05:54:44 +0000 (14:54 +0900)]
Update .smack files 2

11 years agoadd new rules for system::share
Kidong Kim [Tue, 14 May 2013 05:08:26 +0000 (14:08 +0900)]
add new rules for system::share

11 years ago[Release] libprivilege-control_0.0.26.TIZEN
Krzysztof Jackiewicz [Mon, 13 May 2013 17:06:30 +0000 (19:06 +0200)]
[Release] libprivilege-control_0.0.26.TIZEN

* Added rules for OSP/WRT apps for app_give_access API usage in security-server

Change-Id: Ia529d15219f89d53f27c504b9715207acf1f8ab0

11 years agoAdded rules for OSP/WRT apps for app_give_access API usage in security-server
Tomasz Swierczek [Mon, 13 May 2013 16:25:07 +0000 (18:25 +0200)]
Added rules for OSP/WRT apps for app_give_access API usage in security-server

[Issue#]        TDIS-5744
[Bug/Feature]   Missing SMACK rules for runtime check for access to API.
[Cause]         N/A
[Solution]      Added rules - temporarily to OSP.smack and WRT.smack
[Verification]  use app_enable_permissions() - rule file should contain rule for security-server::api-data-share

Change-Id: Iefc140b1a93e5eec5507e466ea2db11641cff222

11 years agoAdded rules for OSP/WRT apps for app_give_access API usage in security-server
Tomasz Swierczek [Mon, 13 May 2013 16:25:07 +0000 (18:25 +0200)]
Added rules for OSP/WRT apps for app_give_access API usage in security-server

[Issue#]        TDIS-5744
[Bug/Feature]   Missing SMACK rules for runtime check for access to API.
[Cause]         N/A
[Solution]      Added rules - temporarily to OSP.smack and WRT.smack
[Verification]  use app_enable_permissions() - rule file should contain rule for security-server::api-data-share

Change-Id: I63fbe3dadbc147aef663c9bd0b6a5cdfd390702e

11 years agoadd new label and rules - system::share submit/tizen_2.1/20130514.053038
Kidong Kim [Mon, 13 May 2013 14:25:55 +0000 (23:25 +0900)]
add new label and rules - system::share

11 years agoAdding x rules for osp-*-services
Bumjin Im [Mon, 13 May 2013 06:55:05 +0000 (15:55 +0900)]
Adding x rules for osp-*-services

11 years agoAdjusting overwrapped Rule
Bumjin Im [Mon, 13 May 2013 00:57:31 +0000 (09:57 +0900)]
Adjusting overwrapped Rule

11 years agoRemoving Label for so files
Bumjin Im [Sun, 12 May 2013 07:39:57 +0000 (16:39 +0900)]
Removing Label for so files

11 years agoModifying Smack rules for Apps
Bumjin Im [Sun, 12 May 2013 05:18:30 +0000 (14:18 +0900)]
Modifying Smack rules for Apps

11 years agoModifying Smack rules for Apps
Bumjin Im [Sun, 12 May 2013 04:22:29 +0000 (13:22 +0900)]
Modifying Smack rules for Apps

11 years agoModifying Smack rules for Apps
Bumjin Im [Sun, 12 May 2013 03:58:22 +0000 (12:58 +0900)]
Modifying Smack rules for Apps

11 years agoModifying Smack rules for Apps
Bumjin Im [Sun, 12 May 2013 03:52:58 +0000 (12:52 +0900)]
Modifying Smack rules for Apps

11 years agoUpdate .smack files
jinha.hwang [Sat, 11 May 2013 14:24:20 +0000 (23:24 +0900)]
Update .smack files

11 years agoadd default rules
Kidong Kim [Sat, 11 May 2013 10:59:46 +0000 (19:59 +0900)]
add default rules

11 years agomerge back from tizen_2.1_smack
Kidong Kim [Fri, 10 May 2013 08:48:16 +0000 (17:48 +0900)]
merge back from tizen_2.1_smack

11 years agoRevert "Bug in app_install() fixed"
Tomasz Swierczek [Wed, 8 May 2013 07:35:50 +0000 (09:35 +0200)]
Revert "Bug in app_install() fixed"

This reverts commit 618655f8840efd978b073ce9239a16e1d061d14b.

11 years agoMerge "Merge remote-tracking branch 'tizendev/tizen_2.1_smack' into tizendev"
Krzysztof Jackiewicz [Tue, 7 May 2013 09:28:18 +0000 (18:28 +0900)]
Merge "Merge remote-tracking branch 'tizendev/tizen_2.1_smack' into tizendev"

11 years agoClean up libprivilege-control code
Krzysztof Jackiewicz [Mon, 6 May 2013 08:13:50 +0000 (10:13 +0200)]
Clean up libprivilege-control code

[Issue#] SSDWSSP-207
[Feature/Bug] N/A
[Problem] Cleanup the code
[Cause] N/A
[Solution] Unnecessary code removed. Comments updated

[Verification] Successfull compilation

Change-Id: I0bfe450301aee4b6f4f1b94336fef75d5c38dd60

11 years agoBug in app_install() fixed
Marcin Niesluchowski [Thu, 2 May 2013 12:18:32 +0000 (14:18 +0200)]
Bug in app_install() fixed

[Issue#]        SSDWSSP-223
[Bug/Feature]   Fix bugs that make libprivilege-control test fail
[Cause]         N/A
[Solution]      N/A
[Verification]  N/A

Change-Id: I88712168c64c8d35e7700124ff9da4ffefa32493

11 years agoMerge remote-tracking branch 'tizendev/tizen_2.1_smack' into tizendev
Rafal Krypa [Mon, 6 May 2013 10:47:58 +0000 (12:47 +0200)]
Merge remote-tracking branch 'tizendev/tizen_2.1_smack' into tizendev

11 years agoadd new labels for vconf
Kidong Kim [Sat, 4 May 2013 04:37:07 +0000 (13:37 +0900)]
add new labels for vconf

11 years agoEmpty commit to trigger OBS build.
Rafal Krypa [Fri, 3 May 2013 13:22:09 +0000 (15:22 +0200)]
Empty commit to trigger OBS build.

Change-Id: I642fcd66b10fef0f4a0152ae4e383deb6832f50a

11 years agopermissions: unify smack config files with private repository
Rafal Krypa [Fri, 3 May 2013 11:51:27 +0000 (13:51 +0200)]
permissions: unify smack config files with private repository

Files are now identical in both repositories, with respect to
com.samsung => org.tizen changes.

[Issue#]       N/A
[Feature]      Unify Smack configuration
[Cause]        Transition of Smack configuration from private to RSA repo
[Solution]     N/A
[Verification] N/A

Change-Id: I0be7d73a14746b4e52843b337ed7a4680c7b60cd

11 years agoMerge remote-tracking branch 'tizendev/master' into tizen_2.1_smack
Rafal Krypa [Fri, 3 May 2013 11:54:59 +0000 (13:54 +0200)]
Merge remote-tracking branch 'tizendev/master' into tizen_2.1_smack

11 years agoMerge missing code pieces from private repository.
Rafal Krypa [Fri, 3 May 2013 11:32:40 +0000 (13:32 +0200)]
Merge missing code pieces from private repository.

[Issue#]       N/A
[Bug]          Patches applied in different version in RSA and private repository
[Cause]        Developers not careful enough about applying patches in both places
[Solution]     Move missing bits of code
[Verification] N/A

Change-Id: I69234dc73666e146458eb44783c870676a9c523c

11 years agoAllow multiple call of app_give_access.
Bartlomiej Grzelewski [Tue, 30 Apr 2013 14:16:47 +0000 (16:16 +0200)]
Allow multiple call of app_give_access.

If some permissions were set twice or more by app_give_access
libprivilege should save state from "first call".

[Issue#]   N/A
[Feature]  N/A
[Cause]    N/A
[Solution] N/A

[Verification] N/A

Change-Id: I62392864550cab1f355b3921399ccaa47a1eeffe

11 years agoMerge remote-tracking branch 'tizendev/tizen_2.1' into tizendev
Rafal Krypa [Fri, 3 May 2013 10:35:12 +0000 (12:35 +0200)]
Merge remote-tracking branch 'tizendev/tizen_2.1' into tizendev

Conflicts:
packaging/libprivilege-control-conf.manifest
permissions/OSP.smack
src/privilege-control.c

Change-Id: I9ead94857033456cfddc4face120e0cfde07682f

11 years agoadd new smack labels for vconf and support IPv6
Kidong Kim [Thu, 2 May 2013 08:59:26 +0000 (17:59 +0900)]
add new smack labels for vconf and support IPv6

11 years agoAdd DAC config files for DB access control.
Rafal Krypa [Mon, 22 Apr 2013 15:20:18 +0000 (17:20 +0200)]
Add DAC config files for DB access control.

[Issue#]       SSDWSSP-175
[Feature]      Add application to additional groups based on allowe permissions.
[Cause]        SQlite databases require SMACK write permissions to be readable (locking).
[Solution]     This patch adds config files for already existing code.
[Verification] N/A

Change-Id: I759871b20c764813676085edc114f9aae531f47f

11 years agoKlocwork bugfixes
Krzysztof Jackiewicz [Fri, 26 Apr 2013 13:57:58 +0000 (15:57 +0200)]
Klocwork bugfixes

[Issue#] SSDWSSP-213
[Feature/Bug] N/A
[Problem] Issues reported by Klocwork
[Cause] N/A
[Solution] Issues fixed

[Verification] Build and run libprivilege tests

Change-Id: I3328b94d351edf263f316a1c7ae3019604195d22

11 years agoAdd AV custom rule set support
Janusz Kozerski [Mon, 29 Apr 2013 12:49:04 +0000 (14:49 +0200)]
Add AV custom rule set support

[Issue#]       SSDWSSP-205
[Bug]          N/A
[Cause]        N/A
[Solution]     Add predefined rules for antivirus (antiviurs some_app rwx, some_app antivirus rx).
[Verification] Build, install, reboot target, run tests - the 10th test (app_register_av) should fail now.

Change-Id: I1019173b8c31cf6e984c3b12be00bd61dfe84e7e

11 years agoFix for complimentary groups setting.
Rafal Krypa [Wed, 24 Apr 2013 13:53:47 +0000 (15:53 +0200)]
Fix for complimentary groups setting.

[Issue#]       N/A
[Bug]          Adding applications to additional groups depends on SMACK.
[Cause]        In AUL context app_id is unknown and it was guessed from current SMACK label.
[Solution]     Read SMACK label from file xattrs, which are available even without SMACK support in kernel.
[Verification] Build, install on non-SMACK system, reboot target, run some apps.

Change-Id: Ie69ea5d60b48a0358bb0a266281a146a05aa9eb1

11 years agoRemove SMACK_ENABLED ifdefs.
Rafal Krypa [Wed, 24 Apr 2013 13:42:02 +0000 (15:42 +0200)]
Remove SMACK_ENABLED ifdefs.

[Issue#]       N/A
[Feature]      Remove possibility to compile this lib with no SMACK support.
[Cause]        The code is highly SMACK specific, and there is a run time check for SMACK anyway.
[Solution]     Remove ifdefs and alternative code.
[Verification] Build.

Change-Id: I3fb546829d9a8701bcbadce77dd9aefb77292ce0

Conflicts:

src/privilege-control.c

11 years agoSetting WebAPP label to pkgId again. This reverts commit 9bbaf8f2f2be6b59b2b6fc0c1624...
Tomasz Swierczek [Wed, 24 Apr 2013 12:22:10 +0000 (14:22 +0200)]
Setting WebAPP label to pkgId again. This reverts commit 9bbaf8f2f2be6b59b2b6fc0c1624fc9cf58878a0.

[Issue#]       SSDWSSP-94
[Feature]      Changed WebApp SMACK label set in AUL
[Cause]        N/A
[Solution]     Hybrid apps need this
[Verification] Build, install, reboot target. Run any widget. It should run properly.

Change-Id: I3efe0731d72941337df579589f922ff382e835bb

11 years agoSimplify cleanup code by using GCC extension for variable scoping.
Rafal Krypa [Mon, 22 Apr 2013 15:03:19 +0000 (17:03 +0200)]
Simplify cleanup code by using GCC extension for variable scoping.

[Issue#]       N/A
[Feature]      Simplify cleanup code in functions.
[Cause]        N/A
[Solution]     Use GCC's cleanup attribute for automatic resource reclaim.
[Verification] Build, install, reboot target. Run tests from security-tests.

Change-Id: Id874ff958f2065b61c04875c362ec3331d603865

Conflicts:

src/privilege-control.c

11 years agoapp_shared_dir_add_readers() accepts NULL in 'app_list' not ""
Jan Cybulski [Thu, 18 Apr 2013 13:43:35 +0000 (15:43 +0200)]
app_shared_dir_add_readers() accepts NULL in 'app_list' not ""

    [Issue#] SSDWSSP-196
    [Feature/Bug] app_shared_dir_add_readers() does not accept NULL in a list of arguments
    [Problem] N/A
    [Cause] Unification to other API functions
    [Solution] check if there if a NULL in a list of readers. Threat it as an end of a list.
    [Verification] libprivilege-control-test --output=text

Change-Id: I13079b349b9cdfb1ca6a01924e4e0f563f1b7e0f

11 years agoCreate separate source file for internal, common code.
Rafal Krypa [Thu, 18 Apr 2013 15:08:06 +0000 (17:08 +0200)]
Create separate source file for internal, common code.

[Issue#]       N/A
[Feature]      Refactorization.
[Cause]        Code starts to be duplicated.
[Solution]     Common internal source file.
[Verification] Build, install, run tests.

Change-Id: I233eede546d6a7bb9c0ab9cefd1e349be10364b1

Conflicts:

src/privilege-control.c

11 years agoadd new smack rules for tizenprv00.privacy-popup 2.1b_release accepted/tizen_2.1/20130425.033002 submit/tizen_2.1/20130424.232930
Kidong Kim [Mon, 22 Apr 2013 10:04:32 +0000 (19:04 +0900)]
add new smack rules for tizenprv00.privacy-popup

11 years agoDon't delete SMACK rules file for app in function app_reset_permissions()
Rafal Krypa [Thu, 18 Apr 2013 15:35:15 +0000 (17:35 +0200)]
Don't delete SMACK rules file for app in function app_reset_permissions()

[Issue#]       N/A
[Bug]          app_reset_permission() should only read the file, but it removes it afterwards.
[Cause]        Internal usage of app_revoke_permissions(), which should remove the file.
[Solution]     Create internal version of app_revoke_permissions(), that takes additional argument.
[Verification] Build, install, reboot target. Run tests, launch a widget twice.

Change-Id: I2c62dc1dbf99738a3752b3959412d68c032c60e1

11 years agoTemporary workaround for complimentary groups not working on non-SMACK system.
Rafal Krypa [Thu, 18 Apr 2013 14:18:05 +0000 (16:18 +0200)]
Temporary workaround for complimentary groups not working on non-SMACK system.

[Issue#]       N/A
[Bug]          set_app_privilege() fails when SMACK is not available.
[Cause]        Complimentary groups setting depend on getting app_id from process' SMACK label.
[Solution]     Temporarily turn this off for non-SMACK systems.
[Verification] Build, install on non-SMACK system, reboot target, run some apps.

Change-Id: I9733c1d28ab810de6b40c56a2a79747978ab2911

11 years agoRe-enable Smack setting for native apps.
Rafal Krypa [Thu, 11 Apr 2013 16:16:33 +0000 (18:16 +0200)]
Re-enable Smack setting for native apps.

[Issue#] SSDWSSP-184
[Feature] Re-enable Smack support.
[Cause] Runtime Smack support ready for integration.
[Solution] Re-enable existing Smack support.
[Verification] Build, install, reboot target. Verify running of native applications and widgets.

Change-Id: I314e7252e17ecf97d74133868787e3dc27be2dce

11 years agoFull set of SMACK rules support for OSP and WRT
Rafal Krypa [Thu, 11 Apr 2013 16:25:44 +0000 (18:25 +0200)]
Full set of SMACK rules support for OSP and WRT

[Issue#]       SSDWSSP-184
[Feature]      Temporarily provide full set of rules in base permission.
[Cause]        During integration applications must continue to work.
[Solution]     Provide full set of Smack rules even without API features enabled.
[Verification] N/A

Change-Id: I9dad1bd15fd6d4c428db5ea373590b127d48f274

11 years agoAdded support for gids in add_new_feature API
Krzysztof Jackiewicz [Wed, 17 Apr 2013 16:16:30 +0000 (18:16 +0200)]
Added support for gids in add_new_feature API

[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] add_new_feature API needed
[Solution] Support for guids implemented

[Verification] libprivilege-control-test --output=text --regexp=add_api_feature
should pass

Change-Id: Ib2ee5c2f5f429031c4595bc26d0dabb89942b145

11 years agoAdd check if app_label and shared_label are different in app_label_shared_dir
Jan Cybulski [Tue, 2 Apr 2013 10:58:10 +0000 (12:58 +0200)]
Add check if app_label and shared_label are different in app_label_shared_dir

    [Issue#]    SSDWSSP-154
    [Feature]   API function app_label_shared_dir checks if app_label and shared_label are different
    [Cause]   New API feature
    [Verification] Build and tests

Change-Id: I7a923a196a0d93590c96a506caaa6afc0ee07eac

11 years agoAdd implementation of API function add_shared_dir_readers.
Jan Cybulski [Tue, 2 Apr 2013 10:55:22 +0000 (12:55 +0200)]
Add implementation of API function add_shared_dir_readers.

[Issue#] SSDWSSP-154
[Feature] API function add_shared_dir_readers adds rx rules to an subject with shared_label for a list of applications with labels listed as a second parameter
[Cause] New API feature
[Solution] adds SMACK rx rules for listed application identifiers to shared_label.
[Verification]

Change-Id: I7eda467fe4738f9cff4f00b24156ac21c444294f

11 years agoImplement adding apps to additional groups based on enabled permissions.
Rafal Krypa [Wed, 17 Apr 2013 15:54:30 +0000 (17:54 +0200)]
Implement adding apps to additional groups based on enabled permissions.

[Issue#]       SSDWSSP-175
[Feature]      Mixing DAC and SMACK for proper database access control.
[Cause]        SQlite databases require SMACK write permissions to be readable (locking).
[Solution]     Use both DAC and SMACK to control access to databases.
[Verification] Build, install, reboot target, run tests.

Change-Id: Ic5c7da4484d857513f0015582c6ea15dfe8d0d18

11 years agoTruncate Smack file for app in app_revoke_permissions().
Rafal Krypa [Wed, 17 Apr 2013 12:04:42 +0000 (14:04 +0200)]
Truncate Smack file for app in app_revoke_permissions().

[Issue#]       N/A
[Feature]      The function removed rules from kernel, but not from disk.
[Cause]        It used to remove the file, but removal is now done in app_uninstall().
[Solution]     Add explicit truncate.
[Verification] Run tests from security-tests package.

Change-Id: I17e0cf25c95f59762a3b8fcc53a1cdf1d113d3e0

11 years agoChange implementation of have_smack()
Rafal Krypa [Fri, 12 Apr 2013 16:31:04 +0000 (18:31 +0200)]
Change implementation of have_smack()

[Issue#]       N/A
[Feature]      More reliable checking whether Smack is available in runtime.
[Cause]        Code reuse.
[Solution]     Use function provided in libsmack to check usability of smackfs.
[Verification] Run tests from security-tests.

Change-Id: Ib237a0a6ddbcdd966daac35bc8c416338c501af2

11 years agoUnify code indentation.
Rafal Krypa [Mon, 15 Apr 2013 12:38:49 +0000 (14:38 +0200)]
Unify code indentation.

[Issue#]       N/A
[Bug/Feature]  N/A
[Cause]        Previously commited code not compatible with standard used in this project.
[Solution]     Replace space indents with tabs.
[Verification] Build.

Change-Id: I9d1d557e1fa34358413438d9d8660b7a23c414f3

11 years agoFix logging ifdefs in slp-su.c.
Rafal Krypa [Mon, 8 Apr 2013 13:48:07 +0000 (15:48 +0200)]
Fix logging ifdefs in slp-su.c.

[Issue#]       N/A
[Feature]      slp-su has logging disabled.
[Cause]        Typo.
[Solution]     Correct the typo.
[Verification] Build.

Change-Id: Ifacdc02732b39c269bdb2b880b3a472ea6c742ba

11 years agoImlement app_disable_permissions() API function stub.
Rafal Krypa [Mon, 8 Apr 2013 13:46:17 +0000 (15:46 +0200)]
Imlement app_disable_permissions() API function stub.

[Issue#]       SSDWSSP-167
[Feature]      Provide API for disabling API features for applications.
[Cause]        User can decide which API feature are allowed per application.
[Solution]     Complimentary function to already existing app_enable_permissions().
[Verification] Build.

Change-Id: I1bf079280835de1a6f14bb1d201f369018ca8457

11 years agoAdd API for install antivirus (app_register_av API function). Add abstract layer...
Janusz Kozerski [Mon, 8 Apr 2013 09:31:22 +0000 (11:31 +0200)]
Add API for install antivirus (app_register_av API function). Add abstract layer to libprivilege database.

[Issue#]       SSDWSSP-176
[Feature]      New function: int app_register_av(const char* app_av_id)
[Cause]        Needed to grant an anti virus access to all others app installed in system.
[Solution]     N/A
[Verification] Build, install, reboot, run libprivilege-control tests.

Change-Id: Iaf95c89fc6a7f40240f0ba3c86bce106424935a9

11 years agoAdded add_api_feature API
Krzysztof Jackiewicz [Wed, 10 Apr 2013 10:12:59 +0000 (12:12 +0200)]
Added add_api_feature API

[Issue#] N/A
[Feature] New API for adding custom features requested
[Problem] N/A
[Cause] N/A
[Solution] API implemented

[Verification] Run libprivilege-control-test --output=text
--regexp=add_api_feature

Change-Id: I75b60bed5b0af9d3c300e90f976c4fd8e5ba5f5a

11 years agoReduce complexity from O(n) to O(log(n)) druing state search.
Bartlomiej Grzelewski [Thu, 11 Apr 2013 17:00:52 +0000 (19:00 +0200)]
Reduce complexity from O(n) to O(log(n)) druing state search.

[Issue#]   N/A
[Bug]      N/A
[Cause]    N/A
[Solution] N/A

[Verification] Build. Run libprivilege-tests.

Change-Id: I14edfeb874559aa375df6e7ede4451dab13339c5

11 years agoImplemet data control solution for OSP apps.
Bartlomiej Grzelewski [Tue, 9 Apr 2013 13:05:11 +0000 (15:05 +0200)]
Implemet data control solution for OSP apps.

[Issue#]   SSDWSSP-177
[Bug]      N/A
[Cause]    Native apps use shared memory. To Shared memory application
           needs cross rules.
[Solution] Now libprivilege may add access to shared memory created by
           provider.
[Verification] Build.

Change-Id: I92fa7826e0efe21cea346ae38968af4c582a9b68

11 years agoRevert "Temporary fix for web app launching."
Rafal Krypa [Thu, 28 Mar 2013 13:28:34 +0000 (14:28 +0100)]
Revert "Temporary fix for web app launching."

This reverts commit e11d51f7b0cf73750e2c8af872d451a221c05cfa.

Change-Id: Id841633f0e797d47ed5911243e753dd8f59ab444

11 years agoCheck validity of Smack labels in API function arguments.
Rafal Krypa [Thu, 28 Mar 2013 13:23:18 +0000 (14:23 +0100)]
Check validity of Smack labels in API function arguments.

[Issue#]       N/A
[Feature]      Catch errors with invalid Smack labels.
[Cause]        API users are passing invalid strings as Smack labels.
[Solution]     Implement internal checking of Smack labels.
[Verification] Build

Change-Id: I60d5e03fe687f5c85da2571b90c01cc94cf6d210

11 years agoAdd debug logging into app_install() and app_uninstall()
Rafal Krypa [Thu, 28 Mar 2013 11:11:00 +0000 (12:11 +0100)]
Add debug logging into app_install() and app_uninstall()

[Issue#]       N/A
[Feature]      Need to track calls into new API functions.
[Cause]        Debug logs "Enter function" missing for these two.
[Solution]     Add logging on functions entry.
[Verification] Build

Change-Id: I0a7e36451c2242df0e857ac5f051c662501de9c4

11 years agoFix logging in app_add_permissions_internal()
Rafal Krypa [Wed, 27 Mar 2013 18:26:11 +0000 (19:26 +0100)]
Fix logging in app_add_permissions_internal()

[Issue#]       N/A
[Feature]      Get some log before execution of code the log is about.
[Cause]        N/A
[Solution]     N/A
[Verification] N/A

Change-Id: If38b11f0c35b8b5345a14a3e454b46dc5cfc4b3c

11 years agoFix ifdef for debug logging.
Rafal Krypa [Wed, 27 Mar 2013 18:04:29 +0000 (19:04 +0100)]
Fix ifdef for debug logging.

[Issue#]       N/A
[Bug]          Even if enabled in cmake, debug logs doesn't work.
[Cause]        Typo in ifdef in code.
[Solution]     Correct the typo.
[Verification] Build with debug logs enabled and check if they are printed.

Change-Id: Id2d199c338502fcf658691eafebc7772ef28f2a4

11 years agoFix error handling in perm_to_smack() internal function.
Rafal Krypa [Wed, 27 Mar 2013 17:58:56 +0000 (18:58 +0100)]
Fix error handling in perm_to_smack() internal function.

[Issue#]       N/A
[Bug]          perm_to_smack() always failed.
[Cause]        Invalid handling of error codes.
[Solution]     Return success value when everything went fine.
[Verification] N/A

Change-Id: Ib55b3e68d20a5322c37ced49be152184589b8421

11 years agoFix app_install function.
Rafal Krypa [Wed, 27 Mar 2013 17:39:32 +0000 (18:39 +0100)]
Fix app_install function.

[Issue#]       N/A
[Bug]          Desn't create the file, but returns ok. error code.
[Cause]        Missing flag to open, mising goto.
[Solution]     Fix the code.
[Verification] N/A

Change-Id: Ibe2064ca055921c5dc060605a90e785531726f60

11 years agoadd smack rules for oma-ds-agent::cfg
Kidong Kim [Tue, 16 Apr 2013 05:04:11 +0000 (14:04 +0900)]
add smack rules for oma-ds-agent::cfg

11 years agoadding missing rules
Bumjin Im [Sun, 14 Apr 2013 07:08:13 +0000 (16:08 +0900)]
adding missing rules

11 years agoadd smack rules for wifi and osp
Kidong Kim [Fri, 12 Apr 2013 01:11:57 +0000 (10:11 +0900)]
add smack rules for wifi and osp

11 years agoMerge "Fix for 64 bit compatibility." into tizen_2.1
Junfeng Dong [Thu, 11 Apr 2013 05:48:46 +0000 (14:48 +0900)]
Merge "Fix for 64 bit compatibility." into tizen_2.1

11 years agoadd smack rules for privacy-manager
Kidong Kim [Tue, 9 Apr 2013 08:56:54 +0000 (17:56 +0900)]
add smack rules for privacy-manager

11 years agoadd new rules and remove vconf labels
Kidong Kim [Mon, 8 Apr 2013 11:46:53 +0000 (20:46 +0900)]
add new rules and remove vconf labels

11 years agoadd new smack labels
Kidong Kim [Mon, 8 Apr 2013 09:07:35 +0000 (18:07 +0900)]
add new smack labels

11 years agoFix for 64 bit compatibility.
Junfeng Dong [Mon, 25 Mar 2013 13:01:33 +0000 (21:01 +0800)]
Fix for 64 bit compatibility.

- Fix hardcoding path.
- Use %cmake to set default paths.
- Fix type casting between pointer and int.

Change-Id: I2d1d42843ffd71281b17bf9f88e1ddea52bc8623

11 years agoadd smack rules regarding secure-storage
Kidong Kim [Fri, 5 Apr 2013 02:38:47 +0000 (11:38 +0900)]
add smack rules regarding secure-storage

11 years agoadd smack rules regarding data-provider-master
Kidong Kim [Thu, 4 Apr 2013 08:28:46 +0000 (17:28 +0900)]
add smack rules regarding data-provider-master

11 years agoadd missing smack rules
Kidong Kim [Wed, 3 Apr 2013 05:16:53 +0000 (14:16 +0900)]
add missing smack rules

11 years agoadd new rules for bt-service
Kidong Kim [Mon, 1 Apr 2013 04:54:47 +0000 (13:54 +0900)]
add new rules for bt-service

11 years agoFix for 64 bit compatibility.
Junfeng Dong [Mon, 25 Mar 2013 13:01:33 +0000 (21:01 +0800)]
Fix for 64 bit compatibility.

- Fix hardcoding path.
- Use %cmake to set default paths.
- Fix type casting between pointer and int.

Change-Id: I2d1d42843ffd71281b17bf9f88e1ddea52bc8623

11 years agoMerge "Bugfix: Ensure that SMACK labelling finishes before we start launching middlew...
Lukasz Stelmach [Fri, 29 Mar 2013 16:40:45 +0000 (01:40 +0900)]
Merge "Bugfix: Ensure that SMACK labelling finishes before we start launching middleware services"