platform/core/security/security-manager.git
6 years agoFix build break with 1.65.1 boost version 54/189554/1
Lukasz Wojciechowski [Tue, 18 Sep 2018 11:50:48 +0000 (13:50 +0200)]
Fix build break with 1.65.1 boost version

This is a quick syntax fix. In other places of security-manager tests
a colon is used after BOOST_GLOBAL_FIXTURE macro usage, see:
tests/security-manager-tests.cpp:53:BOOST_GLOBAL_FIXTURE(TestConfig);
tests/security-manager-tests.cpp:54:BOOST_GLOBAL_FIXTURE(LogSetup);

The macro should be replaced anyway as it is deprecated according
to the boost documentation:
https://www.boost.org/doc/libs/1_65_1/libs/test/doc/html/boost_test/utf_reference/test_org_reference/test_org_boost_global_fixture.html

Change-Id: Ib0ee486ae617b83b6f2e66a1b9b0d158b7cbfbec
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
6 years agoRelease 1.4.6 27/189327/1 accepted/tizen/unified/20180918.062826 submit/tizen/20180917.052721
Yunjin Lee [Mon, 17 Sep 2018 05:05:22 +0000 (14:05 +0900)]
Release 1.4.6

* Add core privilege: updatecontrol.admin and permission.check

Change-Id: Ic5cdbb475338ca26a37e3cc9b60bd6944563dba7
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
6 years agoAdd core privilege: updatecontrol.admin and permission.check 17/189317/1
Yunjin Lee [Mon, 17 Sep 2018 04:46:03 +0000 (13:46 +0900)]
Add core privilege: updatecontrol.admin and permission.check

- updatecontrol.admin allows app to control system software update
procedure

- permission.check allows app to get other apps' permission statuses

Change-Id: I122c9734f9e5bc8b17387724cc05146193f3fd8c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
6 years agoRelease 1.4.5 26/189126/1 accepted/tizen/unified/20180914.073215 submit/tizen/20180913.140552
Dariusz Michaluk [Thu, 13 Sep 2018 13:19:48 +0000 (15:19 +0200)]
Release 1.4.5

* Move standard users group management from GUM to security-manager
* Lazily initialize variables that need tz-platform-config
* Attempt database fallback recovery on some schema errors
* Change naming of recovery-management file & functions
* Optimize application uninstallation
* Simplify array size calculation
* Prefer std::vector::emplace_back to push_back in db code

Change-Id: I51d8c32ae4ff0ad40408440526c02c7575350d0f

6 years agoMove standard users group management from GUM to security-manager 49/186449/4
Karol Lewandowski [Wed, 12 Sep 2018 14:33:53 +0000 (16:33 +0200)]
Move standard users group management from GUM to security-manager

Till now users created with "gum" tools were added
to predefined set of supplementary groups - audio,
display, video.  This gave the users needed permissions
to access to various device nodes.

Unfortunately, this model does not work with multiple
"passwd/group" databases - /etc/{passwd,group} on read-only
storage, /opt/etc/{passwd,group} on read-writable storage.
This is because to assign user 'kitty' to the some system
group - defined in /etc/group, this file would need to be
modified, i.e.

  video:x:44:media,system,multimedia_fw,owner,kitty

As noted - this can not be done because /opt/group is
supposed to be on read-only storage.

To address this issue security manager is used.  It does
already provide NSS module which can assign logged in users
to predefined groups.  The groups membership is based on
privileges assigned to given user type.

This commit:
 - introduces three new privileges
 - introduces mapping from new privileges to Unix groups
 - assigns the new privileges to 'admin', 'normal', 'security',
   'system' & 'guest' users
 - adds the new privileges to global & local manifests

Change-Id: I465acc69cfa92bd4162f5aa603696bdfa7ace64e

6 years agoLazily initialize variables that need tz-platform-config 36/187936/5
Krzysztof Jackiewicz [Wed, 29 Aug 2018 13:12:11 +0000 (15:12 +0200)]
Lazily initialize variables that need tz-platform-config

Recent change in tz-platform-config made it use libc API for accessing
passwd/groups databases. As a result, each call to tz-platform-config will make
NSS load security-manager's NSS plugin with all dependent libraries initializing
their global variables.

The common library which is linked with nss plugin initializes two global
variables that use tz-platform-config which will lead to recursive call
prohibited by NSS.

This commit makes these variables lazily initialized to avoid the call to
tz-platform-config in security-manager's nss plugin initialization.

Change-Id: Ie290051f3d3d11c1b5f980d2cba683350a639042

6 years agoAttempt database fallback recovery on some schema errors 47/188047/3
Konrad Lipinski [Thu, 30 Aug 2018 14:04:38 +0000 (16:04 +0200)]
Attempt database fallback recovery on some schema errors

Done per HQ request for extra robustness in the face of unforeseen
database corruption.

Schema error detection amounts to preparing sqlite query templates. It
takes place at the end of database connection bringup (once the database
is verified to be up to date and passes integrity checks) by means of
calling sqlite3_prepare_v2 for every statement template ever to be used
at runtime. Sqlite statement compilation may fail due to lack of schema
compatibility.  If such a failure occurs, fallback recovery is attempted
unless already tried.

Change-Id: I6ef8a262f8db11552f3e92ed3a601227558c3899

6 years agoChange naming of recovery-management file & functions 73/187773/4
Tomasz Swierczek [Tue, 28 Aug 2018 08:35:19 +0000 (10:35 +0200)]
Change naming of recovery-management file & functions

The flag file is a sign for other system components to
feed DB with user-installed-apps, so they'd probably want to
know that DB 'was recovered' to initial state, rather than
know that 'DB used to be broken' (if the DB was broken,
and recovery to initial state is not successful, system
will not boot properly anyway).

Change-Id: Icc3b71b56c8299ba37a3acf3b8f20667af352e15

6 years agoOptimize application uninstallation 89/187489/3
Konrad Lipinski [Thu, 23 Aug 2018 14:03:58 +0000 (16:03 +0200)]
Optimize application uninstallation

Many operations were needlessly performed. Mitigated some of those
deficiencies by constraining lifetimes of some automatic variables and
hoisting redundant operations out of the loop.

Change-Id: I19e37f1cb73ec57ecf525b7bc125d0e2e90cc573

6 years agoSimplify array size calculation 55/186255/3
Krzysztof Jackiewicz [Wed, 8 Aug 2018 09:27:10 +0000 (11:27 +0200)]
Simplify array size calculation

Change-Id: I8d5af79702a1b4b2e61813b99a246fbbac559320

6 years agoPrefer std::vector::emplace_back to push_back in db code 93/187493/3
Konrad Lipinski [Thu, 23 Aug 2018 15:08:06 +0000 (17:08 +0200)]
Prefer std::vector::emplace_back to push_back in db code

Rationale: promote efficient idioms.

Change-Id: Idc7f48c9b8a4e32a3a21de0fc234b705d51e69ec

6 years agoRelease 1.4.4 82/187582/2 accepted/tizen/unified/20180827.071635 submit/tizen/20180824.134752
Tomasz Swierczek [Fri, 24 Aug 2018 09:47:51 +0000 (11:47 +0200)]
Release 1.4.4

* Initialize database and restart service in policy-reload
* Give internet privilege to kernel thread(@)
* Add error logs when translating group names to gids
* Drop unused destroyAt()
* Fix: Remove all SharedRO rules after pkg uninstallation.
* Fix: launch security-manager-cleanup after /opt/usr is mounted.
* Remove fileExists() duplicates
* Add Apache 2.0 license header
* Change way of displaying performance test results
* Rework security-manager-migration script as a policy update script
* Remove unused source code

Change-Id: I8a25e757ad5f0c7d4f4596f6b1743049ac8252fb

6 years agoInitialize database and restart service in policy-reload 72/187472/10
Konrad Lipinski [Thu, 23 Aug 2018 11:57:03 +0000 (13:57 +0200)]
Initialize database and restart service in policy-reload

Added the security-manager-cmd --init-db option that replicates manager
startup database bringup semantics.

Amended security-manager-policy-reload.in to:
* stop the service before inserting into the database to avoid
  concurrent modification
* call security-manager-cmd --init-db to make sure the database exists
  and is coherent prior to modifying it
* perform the database transaction
* start the service so that it reads the modified database

Rationale: prior to the patch, the manager would work on stale data as
the service was already running during policy-reload invocation.

While at it, homogenized systemctl {start,stop} invocations.

Said invocations are now of the form:
systemctl {start,stop} security-manager.service security-manager.socket

Rationale:
* strive for code uniformity
* leverage systemd's automatic dependency resolution
* speed up a bit

Change-Id: I21b254345abaa617b6a389dfd060fb4a4799a148

6 years agoGive internet privilege to kernel thread(@) 07/185107/2
jin-gyu.kim [Wed, 11 Jul 2018 05:32:11 +0000 (14:32 +0900)]
Give internet privilege to kernel thread(@)

In some cases, sending DNS packet is blocked by Nether.
This is due to packet has "@" label, which seems to be originated from kernel.
All packets marked as "@" need to be passed, so give the default cynara rule.

Change-Id: I4a2ba553738c8be783401ca3e71bf69b942f5496

6 years agoAdd error logs when translating group names to gids 54/187454/2
Tomasz Swierczek [Thu, 23 Aug 2018 08:59:13 +0000 (10:59 +0200)]
Add error logs when translating group names to gids

Daemon or client failure is probably the best way to fail-early
in case of bad system config; however, system logs should have clear information
on what has failed in such case.

Change-Id: Ia119bac5795b5a38e4004b7d66c8a64f3a45ac69

6 years agoDrop unused destroyAt() 59/187159/2
Konrad Lipinski [Mon, 20 Aug 2018 09:31:29 +0000 (11:31 +0200)]
Drop unused destroyAt()

Change-Id: Ib04ce2151ab1625dab729ea098f7ccba00b3561e

6 years agoFix: Remove all SharedRO rules after pkg uninstallation. 36/184636/9
Dariusz Michaluk [Tue, 17 Jul 2018 16:34:16 +0000 (18:34 +0200)]
Fix: Remove all SharedRO rules after pkg uninstallation.

Change-Id: Icf7d14507170bc98f61a7aaa3f5f37437b769bb9

6 years agoFix: launch security-manager-cleanup after /opt/usr is mounted. 40/183240/11
Dariusz Michaluk [Tue, 3 Jul 2018 14:06:10 +0000 (16:06 +0200)]
Fix: launch security-manager-cleanup after /opt/usr is mounted.

Change-Id: I1f6f4b2a9b9712ee5ed1a1a539a3059249a90b04

6 years agoRemove fileExists() duplicates 56/186956/1
Dariusz Michaluk [Thu, 16 Aug 2018 09:49:30 +0000 (11:49 +0200)]
Remove fileExists() duplicates

Change-Id: I1ec14dd6d1a60bc481dbe04ec21e70be70c8715e

6 years agoAdd Apache 2.0 license header 94/186894/1
Pawel Kowalski [Thu, 16 Aug 2018 09:41:20 +0000 (11:41 +0200)]
Add Apache 2.0 license header

Change-Id: I43fefb11a6998097c778d76e6d08cab211206d20

6 years agoChange way of displaying performance test results 90/170390/7
Zofia Grzelewska [Mon, 19 Feb 2018 17:51:47 +0000 (18:51 +0100)]
Change way of displaying performance test results

Performance tests didn't show enough info about test parameters.
Ratios differ greatly between test cases, it is nice to have
more infomation, as to why it might be this way.
Added displaying of initial db size and for how many apps
app defined privileges were installed.
Also changed tests names to better describe test case.

Change-Id: Icd1816ec56fd70d15d717231c0b70dc25964741e

6 years agoRework security-manager-migration script as a policy update script 04/158404/5
Rafal Krypa [Mon, 30 Oct 2017 14:39:36 +0000 (15:39 +0100)]
Rework security-manager-migration script as a policy update script

This original framework was first policy migration script that appeared
in security-manager. It should be adopted by the policy update framework,
that was introduced later, but it was overlooked.
In order to merge these update infrastructures, migration directory is
removed and the original migration script is renamed and adapted as a
version 1 policy update, which was previously a no-op.

Change-Id: I96c84103d9eda0746bd8d919bc6dd42c3a50a232
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoRemove unused source code 38/186138/2
Dariusz Michaluk [Tue, 7 Aug 2018 11:27:58 +0000 (13:27 +0200)]
Remove unused source code

Change-Id: I40230e07b459d73907986ba916e1e15628e5d9cb

6 years agoRelease 1.4.3 accepted/tizen/unified/20180810.062838 submit/tizen/20180808.100258
Tomasz Swierczek [Tue, 7 Aug 2018 06:43:56 +0000 (08:43 +0200)]
Release 1.4.3

* Add removal of DB broken flag before atempt to setup DB
* Add database snapshotting and recovery
* Pull db migration into manager binary at startup
* Sanitize privilege_db query storage
* Fix memleak in PrivilegeDb()
* Add /opt/usr/media to privilege-mount.list again
* Retrieve package manager privilege from User::Shell client
* Make spec compliant with gbs --incremental
* Add TZ_SYS_MEDIASHARED to privilege-mount.list
* Change log message in realPath
* Make server keep its original log tag
* Fix hybrid pkg uninstallation

Change-Id: I9b410a6c9ceed3d63a13265aad7d33e858e37c8c

6 years agoAdd removal of DB broken flag before atempt to setup DB
Tomasz Swierczek [Tue, 7 Aug 2018 05:26:55 +0000 (07:26 +0200)]
Add removal of DB broken flag before atempt to setup DB

This way, we ensure that on next booting there will be no information
on previous problems (the flag exists to tell other system components
that user-installed applications require re-registration in security-manager).

Change-Id: I5c7a9962adeb66125664f9a6c293355136456ded

6 years agoAdd database snapshotting and recovery
Konrad Lipinski [Fri, 20 Jul 2018 13:29:00 +0000 (15:29 +0200)]
Add database snapshotting and recovery

A snapshot of a working database can be established by running
  security-manager-cmd --backup
This effectively copies "$TZ_SYS_DB/.security-manager.db" over
"$TZ_SYS_RO_SHARE/security-manager/.security-manager.db" (journal is not
being copied).

NOTE: backup does not check for concurrent access of the db file so the
user has to make sure no concurrent modification takes place in the
interim.

The manager performs an integrity check of the database at every startup
(see below). If the check fails, it truncates the database journal and
overwrites the database file with the latest snapshot, then reattempts
connection, migration and redoes the integrity check on the resulting
database.

As a first shot, integrity check uses the most aggressive possible form
achievable by sqlite pragmas by
* checking if the file exists (to prevent sqlite autovivifying it)
* checking 'pragma intergrity_check'
* checking 'pragma foreign_key_check'

TODO: for product acceptance, actual latency introduced by the integrity
check should be measured. If too high, the check can be made faster by
* dropping foreign_key_check
* replacing integrity_check with quick_check

To help make the decision, lax measurement were taken using
  time sqlite3 >/dev/null /opt/dbspace/.security-manager.db 'pragma..'
time[ms] foreign_key_check integrity_check quick_check
TM1                     17              20          18
emulator                 5               2           2

Change-Id: I01a4ed0879b10bdcadde78ab086776420850e13c

6 years agoPull db migration into manager binary at startup
Konrad Lipinski [Mon, 16 Jul 2018 09:28:14 +0000 (11:28 +0200)]
Pull db migration into manager binary at startup

Done at VD's request to make concurrent db access less likely. Update
scripts and the schema are no longer present at runtime. Migration is
performed in privilege_db.h instead, based on src/gen/db.h generated at
build time from db/{db.sql,updates/*}.

Change-Id: I35e09390b45b4b82a892f92f356eba6f55287268

6 years agoSanitize privilege_db query storage
Konrad Lipinski [Thu, 12 Jul 2018 15:28:29 +0000 (17:28 +0200)]
Sanitize privilege_db query storage

* replace PrivilegeDb::Queries map with a static array
* replace PrivilegeDb::m_commands vector with a fixed size array
* make module require C++ 14

Rationale:
* safety
* efficiency
* memory footprint

Change-Id: If69ab4525c293ae836c1d35af19b8cebf7bbff57

6 years agoFix memleak in PrivilegeDb() 16/184216/10
Konrad Lipinski [Fri, 13 Jul 2018 11:21:59 +0000 (13:21 +0200)]
Fix memleak in PrivilegeDb()

PrivilegeDb::mSqlConnection would leak if an exception was thrown during
PrivilegeDb().

Solved by:
* making PrivilegeDb::mSqlConnection a member
* making SqlConnection() noexcept
* making SqlConnection::Connect() public

Devirtualized and simplified some parts while at it.

Change-Id: I48947fd63b6ea4a72fcd86491417f83a303ec238

6 years agoRemove dependency on libslp-db-util 31/168731/4
Rafal Krypa [Mon, 22 Jan 2018 11:54:14 +0000 (12:54 +0100)]
Remove dependency on libslp-db-util

DPL class SqlConnection had some small dependency on db-util, but this
code path was never used in security-manager.
Remove dependency to reduce memory requirements.

Change-Id: I5551f71a7f665886aa6717bb3b39f0ce8e30ffb5
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoCleanup: remove unused and duplicated macros 95/89195/3
Radoslaw Bartosiak [Thu, 22 Sep 2016 10:23:48 +0000 (12:23 +0200)]
Cleanup: remove unused and duplicated macros

Change-Id: I2ded9109ae8b68c8879f649f0abf86eb4c0062d8
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
6 years agoAdd /opt/usr/media to privilege-mount.list again 33/185633/4
jin-gyu.kim [Wed, 1 Aug 2018 07:57:05 +0000 (16:57 +0900)]
Add /opt/usr/media to privilege-mount.list again

"/opt/usr/media" was removed in commit 23b4001.
It was wrong, because app's mount namespace is set as SLAVE after unshare().
In case of SLAVE, "/opt/usr/media" is not changed by dummy mount to TZ_USER_CONTENT.
Therefore, it should be added in the list again.

Change-Id: I504c3c8dcdac8e9b31a61dfc03c66abf09a386bc

6 years agoRetrieve package manager privilege from User::Shell client 93/180293/2
jin-gyu.kim [Thu, 24 May 2018 08:23:07 +0000 (17:23 +0900)]
Retrieve package manager privilege from User::Shell client

When user uses dbus-send in the shell process, these privileges can be allowed.
Therefore, privilege checks for these were meaningless.
pkgcmd tools will have "System" execute label,
so we can remove these privileges from User:Shell client.

Change-Id: I56bb4c3d2ef270fada6ce8725eccb4390e2b718f

6 years agoMake spec compliant with gbs --incremental 51/183551/1
Konrad Lipinski [Fri, 6 Jul 2018 10:39:14 +0000 (12:39 +0200)]
Make spec compliant with gbs --incremental

According to [1], %prep section of the spec file should contain a single
%setup macro, nothing else. According to [2], manifest files are best
copied to %{buildroot}%{_datadir} in the %install section.

Moved manifest copy operations from %prep to %install accordingly.

As a byproduct, got a warning about an installed but unpackaged file:
  security-manager-tests.manifest
Corrected the '%files -n security-manager-tests' accordingly by spelling
out the file name verbatim.

References
[1] https://source.tizen.org/documentation/reference/git-build-system/usage/gbs-build
[2] https://wiki.tizen.org/Security/Application_installation_and_Manifest

Change-Id: I29beaccfc83ae65698833696497c0f8791651ffc

6 years agoAdd TZ_SYS_MEDIASHARED to privilege-mount.list 93/167693/3
jin-gyu.kim [Fri, 19 Jan 2018 07:51:10 +0000 (16:51 +0900)]
Add TZ_SYS_MEDIASHARED to privilege-mount.list

TZ_SYS_MEDIASHARED is also controlled under mediastorage priv.
Therefore, adding TZ_SYS_MEDIASHARED for default list.
By the way, "/opt/usr/media" is not needed here.
It is bount-mounted from "TZ_USER_CONTENT", can cover "/opt/usr/media" also.

Change-Id: I4a9a4688632243998a9d4ab9ace73e6743d67cde

6 years agoChange log message in realPath 18/182618/5
akoszewski [Tue, 26 Jun 2018 12:43:14 +0000 (14:43 +0200)]
Change log message in realPath

Change log message in realPath function from error to warning

Change-Id: I33adac5cc32b3ac36bb521d6825c59a14926575d

6 years agoMake server keep its original log tag 83/170283/4
Krzysztof Jackiewicz [Fri, 16 Feb 2018 15:55:03 +0000 (16:55 +0100)]
Make server keep its original log tag

Server uses Group2Gid to map group names to gids. Group2Gid calls getgrent
which uses nss which loads (but doesn't call) nss_securitymanager plugin which
loads security-manager-client which sets the log tag to SECURITY_MANAGER_CLIENT
upon loading.

Don't set log tag in client library if it has been set before.

Change-Id: I6d5469903f88c3f561c3a0737bcba0b61446b093

6 years agoFix hybrid pkg uninstallation 28/182128/1
Tomasz Swierczek [Wed, 20 Jun 2018 12:31:59 +0000 (14:31 +0200)]
Fix hybrid pkg uninstallation

Removal of last app in pkg removed also pkg information from DB.
This meant that subsequent Cynara policy removal could not calculate
proper Smack label of the app, hence not removing policy & keeping
artifacts in Cynara DB.

Change-Id: Ib647b16f5e0d46e4f31bbaa7b823f04071e827d7

6 years agoRelease 1.4.2 05/182105/1 accepted/tizen/unified/20180621.141343 submit/tizen/20180620.121515
Tomasz Swierczek [Wed, 20 Jun 2018 09:10:47 +0000 (11:10 +0200)]
Release 1.4.2

* Adjust build to boost 1.65.1
* Add detection of bad sizes/lengths of deserialized containers
* Add protection against leaking memory during deserialization

Change-Id: I2d33c46a555e181628f0ba115ee353fa0843685c

6 years agoAdjust build to boost 1.65.1 31/181931/3
Tomasz Swierczek [Tue, 19 Jun 2018 05:02:21 +0000 (07:02 +0200)]
Adjust build to boost 1.65.1

Change-Id: I51af6f76f114b8b997f1e1d1bdc5c452ac236533

6 years agoAdd detection of bad sizes/lengths of deserialized containers 08/181508/2
Tomasz Swierczek [Thu, 14 Jun 2018 09:41:16 +0000 (11:41 +0200)]
Add detection of bad sizes/lengths of deserialized containers

Change-Id: I1b2dcf494f8ee48a39009710bb02a7222c67ee00

6 years agoAdd protection against leaking memory during deserialization 07/181507/2
Tomasz Swierczek [Thu, 14 Jun 2018 08:41:26 +0000 (10:41 +0200)]
Add protection against leaking memory during deserialization

Change-Id: Ie4e2b4fed97e73368554d779f3cb83c2678dcdfc

6 years agoRelease 1.4.1 94/179294/1 accepted/tizen/unified/20180518.060531 submit/tizen/20180517.074158
jin-gyu.kim [Thu, 17 May 2018 04:18:17 +0000 (13:18 +0900)]
Release 1.4.1

* Refactoring/removing unnecessary branches
* Add %build in spec file
* Fix mount namespace setup in case of multiple apps in one pkg

Change-Id: I4a1e7f7d88360c3d523421e697f7c15c560bcc42

6 years agoFix mount namespace setup in case of multiple apps in one pkg 96/179096/2
Dariusz Michaluk [Tue, 15 May 2018 16:00:01 +0000 (18:00 +0200)]
Fix mount namespace setup in case of multiple apps in one pkg

Change-Id: I1da757ba4ab40b47e9935ab1981df272ab8a4e5e

6 years agoAdd %build in spec file 56/177356/1
Tomasz Swierczek [Fri, 27 Apr 2018 08:54:08 +0000 (10:54 +0200)]
Add %build in spec file

Its needed to prepare debug packages in mobile environment.

Change-Id: Ic3f3fec05aa2e8f37c52f91d8398db115d8ca63c

6 years agoRefactoring/removing unnecessary branches 64/177264/2
Tomasz Swierczek [Thu, 26 Apr 2018 12:29:40 +0000 (14:29 +0200)]
Refactoring/removing unnecessary branches

Removal of unnecessary checking of old package hybrid status
& removal of not needed conditional branch in cynara.cpp

Change-Id: Ibceca51adcb94279ab9c3fce3a6521879cfeacd4

6 years agoRelease 1.4.0 67/177067/1 accepted/tizen/unified/20180426.062540 submit/tizen/20180425.085250
Tomasz Swierczek [Wed, 25 Apr 2018 04:37:52 +0000 (06:37 +0200)]
Release 1.4.0

* New API: app_update (allows ie. is_hybrid flag change during app upgrade)

This release changes numbering to differentiate older branches of code.

This branch will continue to use 1.4.X numbering while older versions
will contininue to use 1.3.X numbering (for bugfixes/maintenance).

Change-Id: I27231012b22de42f875f99e3b2ec9174cf97e2e9

6 years agoAllow is_hybrid flag change during app upgrade 47/174147/11
Pawel Kowalski [Wed, 28 Mar 2018 12:01:35 +0000 (14:01 +0200)]
Allow is_hybrid flag change during app upgrade

The patch includes:
- Update of database to v13
- Split appInstall and appUninstall functions into separate
  smaller functions dedicated to updates of subsequent modules:
  Cynara, Privlege DB and Smack (refactoring)
- Add the appUpdate function and the API function
  security_manager_app_update for updates that allow to change the
  hybridity of the package
- Add modifications to allow the change of the app Smack label
  (now in functions calculatePolicicies and updateAppPolicies it is
  possible to give both old and new Smack labels)

Change-Id: I6e22e2750ae7982750acc9212dc14808d8ff6ecd

6 years agoRelease 1.3.3 60/175160/1 accepted/tizen/unified/20180411.065549 submit/tizen/20180410.055541
Yunjin Lee [Thu, 5 Apr 2018 04:25:27 +0000 (13:25 +0900)]
Release 1.3.3

* Add core privilege voicecontrol.manager, softap and softap.admin

Change-Id: I62d6a8afea6245954cec2ccadc6705f7276e5aba
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
6 years agoAdd core privilege voicecontrol.manager, softap and softap.admin 13/174813/2
Yunjin Lee [Wed, 4 Apr 2018 08:47:47 +0000 (17:47 +0900)]
Add core privilege voicecontrol.manager, softap and softap.admin

Change-Id: I01779a1b0c06d19c243cc54ebfb66595cf1961a9
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
6 years agoRelease 1.3.2 10/174810/1 accepted/tizen/unified/20180409.100011 submit/tizen/20180402.232840 submit/tizen/20180408.231339
Tomasz Swierczek [Wed, 4 Apr 2018 08:24:51 +0000 (10:24 +0200)]
Release 1.3.2

* Fix build error regarding to Cmake upgrade

Change-Id: I9fae9e6a3407ab92cd7621b9f97260bc2468d7f9

6 years agoFix build error regarding to Cmake upgrade 39/174739/2
Taejin Woo [Fri, 16 Mar 2018 06:00:45 +0000 (15:00 +0900)]
Fix build error regarding to Cmake upgrade

Change-Id: I77f6f7822be072a7d3c44a8a5f7caf82674fdf29

6 years agoRelease 1.3.1 94/171294/2 accepted/tizen/unified/20180302.155607 submit/tizen/20180301.132352
Tomasz Swierczek [Wed, 28 Feb 2018 08:59:52 +0000 (09:59 +0100)]
Release 1.3.1

* Allow application to fetch its own manifest
* Add get_app_manifest_policy API
* Database Performance Test
* license-manager-agent: fix memory leak

Change-Id: Ie7112eebd88f9fd2c9a5908a81084f4ca0aab737

6 years agoAllow application to fetch its own manifest 13/171313/1
Zofia Grzelewska [Wed, 28 Feb 2018 16:10:19 +0000 (17:10 +0100)]
Allow application to fetch its own manifest

security_manager_get_manifest_policy didn't allow application
to fetch its own manifest in case of global application run in
unprivileged user context. This is required for PPM API to work
properly.

Change-Id: Ib5c72f2b3fdea170b1eb51e4d0ed4d7c31f293b9

6 years agoAdd full get_app_manifest_policy API implementation 95/169995/7
Tomasz Swierczek [Mon, 12 Feb 2018 15:41:36 +0000 (16:41 +0100)]
Add full get_app_manifest_policy API implementation

Connected serviceImpl methods to IPC to provide fully functional
get_app_manifest_policy API

Change-Id: I7d94d15771330ca2352d3885698361ba8bc557a1

6 years agoAdd serviceImpl of getAppManifestPolicy function 94/169994/4
Tomasz Swierczek [Mon, 12 Feb 2018 15:13:23 +0000 (16:13 +0100)]
Add serviceImpl of getAppManifestPolicy function

Method to be used as implementation of security_manager_get_app_manifest_policy function

Change-Id: I897187234222d0fb17a70a20983492a91072bca7

6 years agoAPI prototypes for checking app manifest policy 88/169988/4
Tomasz Swierczek [Mon, 12 Feb 2018 11:29:04 +0000 (12:29 +0100)]
API prototypes for checking app manifest policy

API needed for askuser/privacy privilege manager modules
to recognize if privilege was declared by manifest or not

Change-Id: Ica847792db05177d8afa17dde919590b6dde0636

6 years agoDatabase Performance Test 43/143843/27
Ernest Borowski [Fri, 11 Aug 2017 11:10:24 +0000 (13:10 +0200)]
Database Performance Test

Tests are measuring performance loss when Apps count increase
Tests are measuring: Adding app, Removing app, Adding Privileges for app

Change-Id: Ia091c67a9e36f499ada7194d6d751ffe511a981c
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
6 years agolicense-manager-agent: fix memory leak 01/168601/1
Rafal Krypa [Mon, 29 Jan 2018 13:17:54 +0000 (14:17 +0100)]
license-manager-agent: fix memory leak

Data allocated by cynara_agent_get_request() must be freed with the
free() function.

Change-Id: Ifedeebfd82d06217c833145e298c36c4b3f2cc34

6 years agoRelease 1.3.0 54/167454/3 accepted/tizen/unified/20180119.133741 submit/tizen/20180117.202200
Rafal Krypa [Wed, 17 Jan 2018 18:38:14 +0000 (19:38 +0100)]
Release 1.3.0

* Fix MountNS::isPathBound()
* Fix NSMountLogic in case when user has no running applications
* Identify apps by Smack label instead of appName in NSMountLogic
* During application start, privileged directory enforced by bind mount may be missing
* client: do not add application process to hardcoded groups
* Add core privilege: devicecertificate
* Monitor mount/umount events on the system and update app mount namespaces
* Refactoring: make NSMountLogic class responsible for Channel and MntMonitor
* Add security_manager_cleanup_app() API
* Change license-manager package name
* Add explicit dependency on libnss-security-manager
* Fix API for freeing policy entries
* Refactor security_manager_create_namespace_internal()
* Refactor security_manager_prepare_app()
* Optimize tracking of application mount namespace

Change-Id: I2df2ed1298655a46aa23ebb9d9dbd3a4690886b7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoOptimize tracking of application mount namespace 50/167450/4
Rafal Krypa [Fri, 12 Jan 2018 12:53:33 +0000 (13:53 +0100)]
Optimize tracking of application mount namespace

Instead of bind-mounting mount namespace descriptor of application during
security_manager_prepare_app, make a symlink to it. It will make it much
faster and avoid triggering internal mount watcher that tries to update
bind mounts. It is assumed that children processes of the main application
process will never live longer than the main app process itself. This is
supposedly guaranteed by the app framework.

Change-Id: I9fcbdd670278c3884ea4a703e934065608c2fed0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoRestore mediastorage/externalstorage privilege to group mapping 10/167410/5
Dariusz Michaluk [Wed, 17 Jan 2018 11:05:07 +0000 (12:05 +0100)]
Restore mediastorage/externalstorage privilege to group mapping

Change-Id: I04206d26566f37f0b78e6e19c56c1dbb51caacfe

6 years agoRefactor security_manager_prepare_app() 69/166969/5
Dariusz Michaluk [Fri, 12 Jan 2018 11:09:32 +0000 (12:09 +0100)]
Refactor security_manager_prepare_app()

This change reduces the number of IPCs and SQL queries needed to smack label generation.
The goal is to reduce the application start time.

Change-Id: I2871a51b663b300836459b834d968f2d15cd47e0

6 years agoRefactor security_manager_create_namespace_internal() 57/166757/4
Dariusz Michaluk [Thu, 11 Jan 2018 15:39:44 +0000 (16:39 +0100)]
Refactor security_manager_create_namespace_internal()

This change reduces the number of IPCs and SQL queries needed to setup mount namespace.
The goal is to reduce the application start time.

Change-Id: Ib6ee820f097f07add9228346cd9a191abb16a97c

6 years agoMajor Fix : Fix API for freeing policy entries 43/162643/4
Zofia Grzelewska [Mon, 4 Dec 2017 12:51:08 +0000 (13:51 +0100)]
Major Fix : Fix API for freeing policy entries

security_manager_policy_entries_free was supposed
to free table of pointers to policy_entry, but was
implemented improperly. Because function had wrong
signature (taking pointer to structure instead of
pointer of table) and without change, it causes double
free and not using proper function results in memory leak,
this function has to be changed, thus breaking the ABI.

Change-Id: I6d285c04eb1a77f5492c10d6709d0f47ebdd36f1

6 years agoAdd explicit dependency on libnss-security-manager 84/162484/3
Rafal Krypa [Wed, 17 Jan 2018 17:35:42 +0000 (18:35 +0100)]
Add explicit dependency on libnss-security-manager

Make sure that the nss plugin gets installed to properly support
privileges enforced by gids to non-application processes.

Change-Id: I7f95503c71a2fbf18df24df7e07d8d12a4d17a3f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoChange license-manager package name. 59/167359/1
jin-gyu.kim [Wed, 17 Jan 2018 07:11:36 +0000 (16:11 +0900)]
Change license-manager package name.

There could be naming conflicts with another package.
Therefore, change as security-license-manager.
Also, add explicit dependency with this name to install properly.

Change-Id: Iee0853b3191cd19361fc5b0c9b95509b0addad01

6 years agoAdd security_manager_cleanup_app() API 35/164335/5
Dariusz Michaluk [Mon, 18 Dec 2017 15:41:00 +0000 (16:41 +0100)]
Add security_manager_cleanup_app() API

This function is intended for launchers for cleaning security context for an
application process. It should be called after application termination.

Change-Id: I93de1d4aad4f9ea7d2e70dff95e173677be80426

6 years agoRefactoring: make NSMountLogic class responsible for Channel and MntMonitor 12/164112/5
Rafal Krypa [Fri, 15 Dec 2017 08:25:25 +0000 (09:25 +0100)]
Refactoring: make NSMountLogic class responsible for Channel and MntMonitor

NSMountLogic class will now be solely responsible for making updates to
mount namespaces of running applications. It's single instance will be
persistent in ServiceImpl class. NSMountLogic now owns Channel for
communicating with the Worker process and sends requests for mount updates.
It also listens to mount events from MntMonitor and sends appropriate
requests to worker.

All required synchronization should be done in NSMountLogic.
NSMountLogic::check() method needs to be thread-safe because it may be
called concurrently from ServiceImpl and from MntMonitor thread.

Change-Id: I8cb4be25e5f9c8da4360d7ddff34993836f9f169
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoMonitor mount/umount events on the system and update app mount namespaces 12/164012/6
Rafal Krypa [Thu, 14 Dec 2017 14:20:18 +0000 (15:20 +0100)]
Monitor mount/umount events on the system and update app mount namespaces

It is possible that file system path that has access guarded by a privilege
is not available when application starts, but becomes available later.
The reason for this is because a parent directory containing such path
may be a mount point that is not yet mounted at the time when application
starts.

If the application doesn't hold privilege to the directory in question,
it should have a dummy, empty directory mounted over that path. But this
cannot be done properly when application starts and the privileged directory
is not yet available.

Later, while application is running, the parent mount point may be mounted.
This mount will be propagated to mount namespaces of all running applications.
Then the applications that do not hold the required privilege will be able
to access privileged directory in that mount points, because dummy bind
mount wasn't done.

This patch implements a watcher keeping track of mount/unmount events in
the system. When such event is detected, mount namespaces of all running
applications will be reevaluated. If a privileged directory shows up in
mount namespace of an already running application and the application doesn't
hold required privilege, the directory will be hidden from the app.

Change-Id: Idb7044d764a620b64666bfa5e6b1724b504866f0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoAdd core privilege: devicecertificate 22/165622/1
Yunjin Lee [Wed, 3 Jan 2018 01:49:45 +0000 (10:49 +0900)]
Add core privilege: devicecertificate

- Refers to: https://review.tizen.org/gerrit/#/c/165621/

Change-Id: I74518afab72d31acabde8b80f9c31f6cfdbff095
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
6 years agoclient: do not add application process to hardcoded groups 88/164488/4
Rafal Krypa [Tue, 19 Dec 2017 09:00:15 +0000 (10:00 +0100)]
client: do not add application process to hardcoded groups

Initial implementation of privilege enforcement with mount namespaces
included client code that added all application processes to hardcoded
set of groups: priv_externalstorage and priv_mediastorage.
This is wrong. Enforcement of privileges by either groups or mount
namespaces is to be configured in respectively privilege-group.list and
privilege-mount.list. Application process should be added to a group
if and only if it holds a privilege that is configured to be enforced
with a group. Similarly proper mounts and umounts will be done in application
mount namespace based on privilege status.
There is no need to hardcode groups. If a privilege is enforced with mount
namespace, it should not require additional group assignment. If it used
to be enforced with a group, but it has been switched to enforcement with
mount, filesystem permissions need to be adjusted, not security-manager code.

Privileges mediastorage and external storage are now enforced with bind
mounts. They are being removed from privilege-group mapping - combining
these two mechanisms is undesired.

Change-Id: I41204daa24329e8e9648b3ecb4e53d87c763b35b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoDuring application start, privileged directory enforced by bind mount may be missing 15/164015/4
Rafal Krypa [Thu, 14 Dec 2017 15:54:39 +0000 (16:54 +0100)]
During application start, privileged directory enforced by bind mount may be missing

When trying to prepare mount namespace for application process, check whether a
directory that requires privilege and should be bind mounted is missing. In such
case ignore it and continue preparation.

Change-Id: I08d5295440bb018d93295cb2817c643211b88c5f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoIdentify apps by Smack label instead of appName in NSMountLogic 22/164022/3
Rafal Krypa [Thu, 14 Dec 2017 16:21:27 +0000 (17:21 +0100)]
Identify apps by Smack label instead of appName in NSMountLogic

NSMountLogic and Worker code used to take appName as application identifier
and then needed to translate it to Smack label. It was very awkward, because
such conversion needs access to PrivilegeDB in order to check hybrid status.

Now Smack label is being passed to that code right away, eliminating the
need for fetching Smack label.

Change-Id: I62c137ad08a5d7d271aa8d6adcb25e8bb56bdfe1
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoFix NSMountLogic in case when user has no running applications 11/164011/2
Rafal Krypa [Thu, 14 Dec 2017 15:35:11 +0000 (16:35 +0100)]
Fix NSMountLogic in case when user has no running applications

In some cases directory /run/user/UID/ may exist, but /run/user/UID/apps/
might not. Such case was incorrectly handled in NSMountLogic::readFiles(),
it caused an exception to be thrown.

Fixed implementation first checks whether directory exists before trying
to read it.

Change-Id: Ibae0415eac066672d50cf184d82aa3f53c7efdf0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoFix MountNS::isPathBound() 04/164704/1
Rafal Krypa [Wed, 20 Dec 2017 08:10:19 +0000 (09:10 +0100)]
Fix MountNS::isPathBound()

Previous implementation of the method checking whether given source path
is bind-mounted on a given destination path was unreliable.
By careless pattern matching in /proc/self/mountinfo it could easily
return false positive (determine that bind mount exists when it doesn't)
or false negative (say that bind mount doesn't exist when it does).

New implementation relies on calling lstat() on both paths and comparing
results. If both paths have the same ID of containing device and the same
inode number, they are considered to be bind mounted.

Change-Id: I63386dd44f2c1d114705b93a76993a9bc812a90d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoRelease 1.2.30 17/163017/1 accepted/tizen/unified/20171207.124721 submit/tizen/20171207.025457
jin-gyu.kim [Thu, 7 Dec 2017 02:09:09 +0000 (11:09 +0900)]
Release 1.2.30

* Fix bugs found in the code by static analysis
* Fix the bug for clearing SharedRO Smack rules
* Fix the potential memory leak.
* security-manager-cmd: add new option "manage-privilege" for policy manipulation
* Add hybrid flag setting to security-manager-cmd
* Add ConfigFile class for run-time reading and parsing of config files
* Allow privilege enforcement with bind mounts to be configured
* Don't enable mount namespace code when the config file is missing or empty

Change-Id: I848d24b8cbbaa3e557722d9a0665f9c3a984c7fb

6 years agoDon't enable mount namespace code when the config file is missing or empty 28/162328/3
Rafal Krypa [Thu, 30 Nov 2017 08:38:45 +0000 (09:38 +0100)]
Don't enable mount namespace code when the config file is missing or empty

Function isMountNamespaceEnabled will read the privilege-mount.list config
file and return false when reading of that file fails or when it doesn't
contain any proper configuration entries.

Change-Id: I20fabefde1523e204c02e5ab8eb8bbdd532a8b4f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoAllow privilege enforcement with bind mounts to be configured 01/162001/2
Rafal Krypa [Tue, 28 Nov 2017 12:01:38 +0000 (13:01 +0100)]
Allow privilege enforcement with bind mounts to be configured

Add configuration file describing which privileges are to be enforced
with bind mounts and how. New config privilege-mount.list now assigns
privileges to their mount points and specifies source directory to bind
mount.

Change-Id: I7e2fb7a483803d0a8877d142b8e1df7a37ae18e3
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoAdd ConfigFile class for run-time reading and parsing of config files 00/162000/2
Rafal Krypa [Tue, 28 Nov 2017 07:49:46 +0000 (08:49 +0100)]
Add ConfigFile class for run-time reading and parsing of config files

New code reads config file and splits it into lines to vector, with one
element per file line. Each line is represented as vector itself, with
one element per white space separated token.
Lines that are empty or start with '#' are ignored.

New code is now used for parsing Smack policy templates and privilege to
group mapping.

Change-Id: I009cf2a33f0233a170666cfe27fd7604fb7f4340
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
6 years agoAdd hybrid flag setting to security-manager-cmd 07/150407/3
akoszewski [Mon, 11 Sep 2017 13:15:49 +0000 (15:15 +0200)]
Add hybrid flag setting to security-manager-cmd

Change-Id: Ifca5479d87ec44de856b0bda6625960e010e31ba

6 years agosecurity-manager-cmd: add new option "manage-privilege" for policy manipulation 23/140023/30
Dariusz Michaluk [Mon, 24 Jul 2017 11:07:21 +0000 (13:07 +0200)]
security-manager-cmd: add new option "manage-privilege" for policy manipulation

Allow/deny privilege for application and user.

Change-Id: I371549ed2aa06ba7b2deef8543c0eff712ed8bd0

6 years agoFix the potential memory leak. 03/108103/5
jin-gyu.kim [Tue, 3 Jan 2017 04:42:08 +0000 (13:42 +0900)]
Fix the potential memory leak.

- Dynamic memory referenced by 'array' can be lost in error case.

Change-Id: Iea68a69be02dcddc74c560792502464a9a1e19bb

6 years agoFix the bug for clearing SharedRO Smack rules 74/128974/3
jin-gyu.kim [Fri, 12 May 2017 07:33:04 +0000 (16:33 +0900)]
Fix the bug for clearing SharedRO Smack rules

- Some SharedRO Smack rules were not cleared in uninstallation.
- Include the missing SharedRO rules in uninstalltion.

Change-Id: Ic63468a78002aca4d2c0b6c1bdc925faa5050580

6 years agoFix bugs found in the code by static analysis 20/160920/1
Bartlomiej Grzelewski [Mon, 20 Nov 2017 16:35:53 +0000 (17:35 +0100)]
Fix bugs found in the code by static analysis

Change-Id: I662d10db09931d6d3154dd263f6e6aaaa2fbf0b4

6 years agoRelease 1.2.29 52/160652/1 accepted/tizen/unified/20171120.065108 submit/tizen/20171117.090517
Tomasz Swierczek [Fri, 17 Nov 2017 09:03:52 +0000 (10:03 +0100)]
Release 1.2.29

* Adding privilege group priv_tee_client.
* Include empty rules.merged file in the package

Change-Id: I9c58f5c82f0d9e95e5805f3ee95500cd94e7c9c3

6 years agoAdding privilege group priv_tee_client. 54/159554/2
r.tyminski [Thu, 9 Nov 2017 15:16:47 +0000 (16:16 +0100)]
Adding privilege group priv_tee_client.

Adding priv_tee_client group for http://tizen.org/privilege/tee.client

Change-Id: I40dbdce238fe2be4640e0e18339178303ddcbe78

7 years agoInclude empty rules.merged file in the package 44/159544/1
Rafal Krypa [Wed, 8 Nov 2017 15:11:35 +0000 (16:11 +0100)]
Include empty rules.merged file in the package

This is to fix startup of security-manager-rules-loader.service systemd
unit in case when no applications are registered in security-manager.

This is a rare scenario, that wasn't considered until now, because there
were always some preloaded applications on snapshot images. But IoT images
are actually built with no preloaded applications, triggering the bug.

Empty file with aggregated Smack rules is provided to handle such case.
In case of package upgrade, existing file will not be overwritten thanks
to %config(noreplace) directive.

Change-Id: I1743672547abcdd42f520b34eba45c67402b37b1
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoRelease 1.2.28 19/158819/1 accepted/tizen/unified/20171106.073107 submit/tizen/20171103.080247 submit/tizen/20171114.102837
jin-gyu.kim [Fri, 3 Nov 2017 08:00:18 +0000 (17:00 +0900)]
Release 1.2.28

* Add support for external storage directories
* When preparation of database connection fails, indicate this with a file fleg
* Fix security-manager package installation/update
* Remove duplicated -fPIC flag
* Fix database script
* Add test to check TizenVersion update in database.

Change-Id: I7f0f1f9c8d70f6439a13c90b860c4497fb2bd48b

7 years agoAdd support for external storage directories 59/155559/18
Zofia Abramowska [Fri, 13 Oct 2017 10:46:07 +0000 (12:46 +0200)]
Add support for external storage directories

Applications can be also installed on external storages.
Security-manager has to accept such paths during application
installation. This commit adds such support for local and
global apps.

Change-Id: Idc6fa2930aa6fdcae9191844597da31ae13ecc20

7 years agoWhen preparation of database connection fails, indicate this with a file fleg 85/155585/2
Rafal Krypa [Fri, 13 Oct 2017 16:46:50 +0000 (18:46 +0200)]
When preparation of database connection fails, indicate this with a file fleg

A special file flag will be created by security-manager if it fails to
open its database or fails to initialize prepared statements.
This would indicate that database is either missing or broken. In such case
an empty file will be created at TZ_SYS_DB/.security-manager.db-broken

Change-Id: I6461b71134d6ce706d4295851a45840b3cf0be39
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoFix security-manager package installation/update 63/148363/7
Dariusz Michaluk [Thu, 7 Sep 2017 14:18:18 +0000 (16:18 +0200)]
Fix security-manager package installation/update

Change-Id: I117f2694ab042a05d6d5f05e3c79ee4fcc0aca9f

7 years agoRemove duplicated -fPIC flag 08/144708/7
Dariusz Michaluk [Thu, 17 Aug 2017 12:28:18 +0000 (14:28 +0200)]
Remove duplicated -fPIC flag

Change-Id: I1ef9791b0a283e497b33b2508926673a390dff89

7 years agoFix database script 80/157380/2
Bartlomiej Grzelewski [Tue, 24 Oct 2017 09:02:00 +0000 (11:02 +0200)]
Fix database script

Fix update of Tizen Version during application installation.

Change-Id: I17db2e6948aefcf625c9db3d2595a5667a74c054

7 years agoAdd test to check TizenVersion update in database. 68/146268/3
Bartlomiej Grzelewski [Fri, 25 Aug 2017 12:26:38 +0000 (14:26 +0200)]
Add test to check TizenVersion update in database.

Change-Id: I8271b61cd1a40eb87edce474df83d9157f9e7031

7 years agoRelease 1.2.27 61/156461/1 accepted/tizen/4.0/unified/20171019.082002 submit/tizen_4.0/20171018.111837
jin-gyu.kim [Wed, 18 Oct 2017 11:12:11 +0000 (20:12 +0900)]
Release 1.2.27

* Prepare app_inst_req for handling multiple app_ids at once
* Add new API for installing pkg_id with multiple app_ids at once
* Add new functions to filesystem operations wrapper
* Add mount namespace operations wrapper
* Add IPC channel implementation
* Prepare app to launch in mount namespace
* Modify app launched in mount namespace
* Gotta catch 'em all (TizenPlatformConfig::Exception)
* Fix: Check if file exist before umount is made

Change-Id: I896cbafa175b134634a762dd55d0182ba0e570b7

7 years agoFix: Check if file exist before umount is made 03/156403/1
Dariusz Michaluk [Wed, 18 Oct 2017 08:13:31 +0000 (10:13 +0200)]
Fix: Check if file exist before umount is made

Change-Id: I03aaa60dd23021fd19d716ccf995a0ff737f108c

7 years agoGotta catch 'em all (TizenPlatformConfig::Exception) 71/110671/12
Krzysztof Jackiewicz [Fri, 29 Sep 2017 10:56:03 +0000 (12:56 +0200)]
Gotta catch 'em all (TizenPlatformConfig::Exception)

There are still several places in code where TizenPlatformConfig::Exception is
thrown and unhandled. Missing catches added. Code refactored to avoid throwing
exceptions during global data initialization.

Change-Id: I6ae7bda10152c33fff9fcaa6c98b23222a1aeb81

7 years agoModify app launched in mount namespace 81/139781/30
Dariusz Michaluk [Mon, 2 Oct 2017 13:14:48 +0000 (15:14 +0200)]
Modify app launched in mount namespace

This commit adds worker that will be able to manage with mount namespace.
If mount namespace is not supported, security-manager will run without worker,
otherwise worker will be communicated with security-manager through IPC channel.

If app privilege status changes, worker will allow/deny access to filesystem directory
associated with this privilege.

Change-Id: I056cd752c228335c7b67a607bddc0934c7a79ddd

7 years agoPrepare app to launch in mount namespace 85/139385/24
Dariusz Michaluk [Mon, 2 Oct 2017 12:26:19 +0000 (14:26 +0200)]
Prepare app to launch in mount namespace

This commit changes security_manager_prepare_app() behaviour.
The new functionality requires CAP_SYS_ADMIN capability added to the calling process.

Changes include:
 - runtime detection of namespace support (check access to "/proc/self/ns/mnt"
   which exists in kernel 3.8+ only),
 - if mount namespace is not supported, app launch in the old way,
   privileges are handled by groups,
 - if mount namespace support is detected, app launch in mount namespace,
   some privileges are handled in the new way,
 - these privileges are:
    a) http://tizen.org/privilege/externalstorage
       (mapped to /opt/media filesystem directory)
    b) http://tizen.org/privilege/mediastorage
       (mapped to /opt/usr/media filesystem directory)
 - if app privilege status is set to deny, the above directory
   is bind mounted to dummy directory (no access to filesystem)

Change-Id: Ic41ea9eb48c369934bcafe406aa1b4207f67523d