platform/core/security/security-manager.git
10 years agoRefactoring: put code operating on Smack labels in a separate file 46/23846/6
Rafał Krypa [Fri, 11 Jul 2014 19:28:21 +0000 (21:28 +0200)]
Refactoring: put code operating on Smack labels in a separate file

Create smack-labels.cpp, containing code for label assignment and file
labeling. Avoid clutter in installer.cpp.

Change-Id: I97f5251e1bfcd53e242cd0117d48539a378fefde
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoRemove code from smack-common.cpp 47/23847/5
Rafal Krypa [Thu, 3 Jul 2014 17:10:48 +0000 (19:10 +0200)]
Remove code from smack-common.cpp

This code was a legacy from security-server. Contained functions
get_smack_label_from_process() and smack_pid_have_access() won't be used
by security-manager.

Change-Id: I9ddddf4d4d0e4347c7b0b86de96bdcfc0d715b91
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoLogging: Change the default log provider to systemd journal. 25/24125/2
Marcin Lis [Tue, 8 Jul 2014 14:17:45 +0000 (16:17 +0200)]
Logging: Change the default log provider to systemd journal.

This change replaces the default logging mechanism in the whole security
manager. The dlog provider is not used anymore and it is also excluded from
being build along with the project. Its sources should stay untouched by now.

To verify, first please install this together with the latest security-tests
package. When installed, run tests:
  # security-manager-tests --output=text

And after that please check for the presence of traces in journal:
  # journalctl --unit=security-manager.service

Please also check for the presence of security-manager-client traces:
  # journalctl /usr/bin/security-manager-tests

Change-Id: I4af35d29a6a61d3a5a0bc4c3508bb872206a2f23
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agoLogging: Add systemd journal log provider 24/24124/2
Marcin Lis [Tue, 8 Jul 2014 10:48:22 +0000 (12:48 +0200)]
Logging: Add systemd journal log provider

The logging style inherited from the security-server needs to be adjusted to
Tizen 3.0 logging fashion. The dlog utility is no longer available, the systemd
journal is in use now.

Change-Id: I16c3f7348b60194c31a8bdcc0897f5ee9ec5aea0
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agoLogging: Remove macros and methods for Secure* logs. 83/24283/1
Marcin Lis [Wed, 9 Jul 2014 15:42:23 +0000 (17:42 +0200)]
Logging: Remove macros and methods for Secure* logs.

Secure logs, inherited from security-server are no longer needed.
Replace calls to Secure* logs with their non-secure equivalents.

This is an initial commit in logging adaptation series. It should be
verified by successful build.

Change-Id: I908851f8927c46474489a6bf5053f480d65ac22d
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agoUse PrivilegeDb in installer code 95/23695/4
Rafal Krypa [Tue, 1 Jul 2014 13:55:52 +0000 (15:55 +0200)]
Use PrivilegeDb in installer code

Recently added and tuned PrivilegeDb is finally ready to provide information
for application installation and uninstallation.

Change-Id: Ia6560b4ce7488670f999a57c415c9a402e6b3f2e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoPrivilegeDb: don't require pkgId argument for application removal 88/23688/1
Rafal Krypa [Tue, 1 Jul 2014 13:00:17 +0000 (15:00 +0200)]
PrivilegeDb: don't require pkgId argument for application removal

Drop second argument (pkgId) from RemoveApplication() method.
Add new public method GetAppPkgId() for getting application's pkgId and
use it inside RemoveApplication().
This is needed because uninstallation request will contain only appId.

Change-Id: Ic7f618a9c223a501e61a167fb7870e22e1926e20
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoPrivilegeDb: drop TPrivilegesList typedef 79/23679/3
Rafal Krypa [Tue, 1 Jul 2014 09:54:29 +0000 (11:54 +0200)]
PrivilegeDb: drop TPrivilegesList typedef

The typedef cluttered the code without adding any significant value.

Change-Id: I7dacf9c7b46e68087a248acd907e208e6aa76c52
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoRework PrivilegeDb interface for setting application privileges 78/23678/3
Rafal Krypa [Tue, 1 Jul 2014 09:39:20 +0000 (11:39 +0200)]
Rework PrivilegeDb interface for setting application privileges

While integrating installer code with PrivilegeDb, the existing method for
setting privileges was found to be inadequate. It also would need further
complication to actually do what it was supposed to do.
New UpdateAppPrivileges() method now only updates privileges for application.
To calculate which privileges were added and which removed for the package,
installer will use GetPkgPrivileges() twice: before and after calling
UpdateAppPrivileges(). All three method calls must be done inside transaction.

Change-Id: Ib7e1b8a6b1482c6dcd8b7146c48187797e237bd5
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoUnify internal naming convention: permission => privilege 77/23677/2
Rafal Krypa [Mon, 30 Jun 2014 14:52:15 +0000 (16:52 +0200)]
Unify internal naming convention: permission => privilege

Part 2: rename SQL file.

Change-Id: I76bb618197cb3c744550156fc5a6d58e9266c4ed
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoUnify internal naming convention: permission => privilege 76/23676/2
Rafal Krypa [Mon, 30 Jun 2014 14:51:23 +0000 (16:51 +0200)]
Unify internal naming convention: permission => privilege

Words "permission" and "privilege" were used interchangeably throughout the
code. It was decided that security-manager will manage "application
privileges", as they are called in several Tizen documents.
Places calling them "permissions" were edited for unification.

Change-Id: I7db701ceb55237457258d63b2b7347aae50852ce
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoIn PrivilegeDb use function instead of macro for common exception handling 75/23675/2
Rafal Krypa [Mon, 30 Jun 2014 11:34:43 +0000 (13:34 +0200)]
In PrivilegeDb use function instead of macro for common exception handling

Reuse concept appearing in client-common.h to write repeated exception
handling code only once. It is based on C++11 lamba function feature, which
is superior to legacy macro in terms of type safety and debuggability.

Change-Id: If8f11246b97e7f10aa173d35018f5384527b16ee
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoChange return type from bool to void for some methods of PrivilegeDb 74/23674/2
Rafal Krypa [Mon, 30 Jun 2014 11:24:04 +0000 (13:24 +0200)]
Change return type from bool to void for some methods of PrivilegeDb

Methods GetPkgPermissions, AddApplication, RemoveApplication and
UpdatePermissions had return type set to void. But they didn't return
anything useful. The actual return value was always true or exception
throw.
Changing the types to void will also make usage of these methods simpler.

Change-Id: Id588c314c6aa1af0ea3c17ed02d0f6bf20411193
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoAdjust code formatting in privilege_db.cpp 73/23673/2
Rafal Krypa [Fri, 27 Jun 2014 16:53:46 +0000 (18:53 +0200)]
Adjust code formatting in privilege_db.cpp

Align formatting of function definitions with the rest of the code.

Change-Id: I10fe2b0f69f3bed1bc459af0c56e57a557c20f32
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agospec: add missing calls do ldconfig on %post and %postun 72/23672/2
Rafal Krypa [Tue, 1 Jul 2014 12:52:07 +0000 (14:52 +0200)]
spec: add missing calls do ldconfig on %post and %postun

The main package also contains a library, so it should call ldconfig.
Problem reported by rpmlint.

Change-Id: Id9fdd874f725e1793f155d2766b8a25fee2df4db
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoFix buld break on x86_64, regression in 3e62e851 82/23682/3
Rafal Krypa [Tue, 1 Jul 2014 10:38:44 +0000 (12:38 +0200)]
Fix buld break on x86_64, regression in 3e62e851

Unify systemd installation directories between spec and CMake, avoiding
problems on x86_64 (/usr/lib64 vs. /usr/lib).

Change-Id: I5db9cf50978f20d318f7d11349d5437b184b394f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoGenerate database during build, include it in the package 02/23502/3
Rafal Krypa [Thu, 26 Jun 2014 17:37:47 +0000 (19:37 +0200)]
Generate database during build, include it in the package

Initialized, empty sqlite database will be included into security-manager
package to enable integration with the code.

Change-Id: I3e5389d15a9e3a370941ef70f425da765bfc2690
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoDon't hardcode path to /etc/smack 01/23501/2
Rafal Krypa [Thu, 26 Jun 2014 16:31:54 +0000 (18:31 +0200)]
Don't hardcode path to /etc/smack

Use libtizen-platform-config for getting path of Smack configuration.

Change-Id: I214594931705cd3dafa27a64e7800e82b96c0ced
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoUse variables instead of hardcoded paths to /usr/bin and /usr/lib 00/23500/2
Rafal Krypa [Thu, 26 Jun 2014 15:15:02 +0000 (17:15 +0200)]
Use variables instead of hardcoded paths to /usr/bin and /usr/lib

Change-Id: If329d3346ccb1da5c2c697c5a90d81c77a977077
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoPrivilege database access implementation 85/23385/4
Krzysztof Sasiak [Fri, 6 Jun 2014 14:11:08 +0000 (16:11 +0200)]
Privilege database access implementation

Adding convenience methods for accessing privilege
database and performing queries on it.

Change-Id: I34d8986ec1315ce46f7f5bc462d746df81e7e432
Signed-off-by: Krzysztof Sasiak <k.sasiak@samsung.com>
10 years agoSQL Schema of privileges database 99/23299/2
Krzysztof Sasiak [Fri, 6 Jun 2014 13:57:58 +0000 (15:57 +0200)]
SQL Schema of privileges database

Schema definition for the priviliges database that will be used
in security manager.

Change-Id: I1fd2516e8d70e00fc32a0ea4f8449a3a85020cf7
Signed-off-by: Krzysztof Sasiak <k.sasiak@samsung.com>
10 years agoRemove fstream_accessors.h from DPL 84/23384/1
Rafal Krypa [Tue, 24 Jun 2014 15:49:05 +0000 (17:49 +0200)]
Remove fstream_accessors.h from DPL

- It is not used in security-manager
- In fact it was never a part of DPL, but an addition by security-server

Change-Id: Ia9803ea90cfe8f1a20ab072717c6d9895fb1d89a

10 years agoMove smack_check from common to server 34/23334/3
Rafal Krypa [Tue, 24 Jun 2014 11:21:37 +0000 (13:21 +0200)]
Move smack_check from common to server

This function is used only in server. By moving it from common it is now
possible to not link libsecurity-manager-common with libsmack.

Change-Id: If2b8eb8dc252ff21416ab4e075a5471f5647b98a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoBuild security-manager-common with SqlConnection 66/23166/6
Rafal Krypa [Tue, 24 Jun 2014 11:19:54 +0000 (13:19 +0200)]
Build security-manager-common with SqlConnection

Also adding build dependencies on sqlite3, db-util and boost.

Change-Id: I65d55bfd30a600aab19bee489ef20b94b69b45a6
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoRefactoring of directory structure and CMake files 33/23333/3
Rafal Krypa [Mon, 23 Jun 2014 15:52:33 +0000 (17:52 +0200)]
Refactoring of directory structure and CMake files

Directory structure inherited from security-server is confusing and doesn't
separate components that form the project.
New structure consists of the following directories:
* src/include - public security-manager interface
* src/dpl - sources and includes borrowed from wrt-commons dpl
* src/common - sources of libsecurity-manager-common library
* src/client - sources of libsecurity-manager-client library
* src/server - sources of security-manager binary
* pc - template of pkg-config file

Additionally common, client and server include files have been moved into
"include" subdirectory in each source dir.
CMake files are now more hierarchical, with separete file per component.
Previously not checked dependency on libcap is now checked in server CMake.
Library versioning is aligned with package versioning of security-manager.
Version of libsecurity-manager-common is better parametrized.

Change-Id: I8db728e53f912db2b15109f5502def7fc105f77f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoMake generateAppLabel() a static funcion of SmackRules class 32/23332/3
Rafal Krypa [Mon, 23 Jun 2014 15:32:41 +0000 (17:32 +0200)]
Make generateAppLabel() a static funcion of SmackRules class

Eliminate security-manager-common.cpp containing a single function, which
now logically belongs to SmackRules class.

Change-Id: I5e7c063a5980d97b67c7f9640812d9890e24b2c7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoUse std::stringstream for parsing Smack rules 31/23331/3
Rafal Krypa [Mon, 23 Jun 2014 14:25:23 +0000 (16:25 +0200)]
Use std::stringstream for parsing Smack rules

This leads to simpler and more robust implementation of SmackRules class.

Change-Id: I806da78fd6b95b9edcbb21b71c13e9bcb10b10df
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoDPL: changing namespace of imported classes to SecurityManager 65/23165/5
Rafal Krypa [Wed, 18 Jun 2014 14:08:22 +0000 (16:08 +0200)]
DPL: changing namespace of imported classes to SecurityManager

DPL code uses DPL namespace, moving it to SecurityManager.

Change-Id: I89f1c6c8b965085546064856045145c9c6d0ac3a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoDPL: work around for build warnings with -Werror 64/23164/4
Rafal Krypa [Wed, 18 Jun 2014 14:05:25 +0000 (16:05 +0200)]
DPL: work around for build warnings with -Werror

DPL::SqlConnection::ExecCommand() is marked as deprecated to warn it's users.
It's not deprecated, but could cause SQL Injection. This method is also
used internally for transactions.
Such combination causes build warnings. But this repository is built with
-Werror flags and it breaks the build.

Since this method is not needed outside SqlConnection, move it to private
methods and remove the warning.

Change-Id: I088f4736ecca318613b897ef05b12af4cdc1f664
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoDPL: work around for dependency on DPL::Thread 63/23163/4
Rafal Krypa [Mon, 2 Jun 2014 17:10:59 +0000 (19:10 +0200)]
DPL: work around for dependency on DPL::Thread

Patch based on work by similar work by Zofia Abramowska.
Include needed parts from DPL::Thread into code of
NaiveSynchronizationObject.
Only NanoSleep() and MiliSleep() methods are needed and the original
DPL::Thread() triggers a large chain of dependencies, including EFL.

Change-Id: Icf8257ca8eeaa5cdbc4d80ceb98d88aceeec7821
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoDPL: import DPL::SqlConnection and dependencies 62/23162/4
Rafal Krypa [Mon, 2 Jun 2014 17:00:44 +0000 (19:00 +0200)]
DPL: import DPL::SqlConnection and dependencies

Import SQLite wrapper class from wrt-commons 0.2.210.
Several dependencies from DPL common imported as needed. Dependency DPL::Thread
has been omitted on purpose, because it caused too many other dependencies.
It will be substituded in a separate patch.

These classes will be used by security-manager. When security-manager gets its
own repository, SqlConnection will be removed from security-server.

Change-Id: I090f73d6912f4ef6b85b313e7b12d20a7fd758a1
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoDPL: udate dpl/core/include/dpl/assert.h from latest wrt-commons 61/23161/4
Rafal Krypa [Mon, 2 Jun 2014 16:52:43 +0000 (18:52 +0200)]
DPL: udate dpl/core/include/dpl/assert.h from latest wrt-commons

Needed to get AssertMsg macro, used in other DPL modules.

Change-Id: Iaca6c09a52e2f6644580d667a6817cfaa777d0a4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoSet myself as contact person for security-manager 73/23273/3
Rafal Krypa [Fri, 20 Jun 2014 15:58:50 +0000 (17:58 +0200)]
Set myself as contact person for security-manager

Update contact e-mail in source files with appropriate address.

Change-Id: I51ef49d47d870403720a51857dc5d1384afc4e39
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoRemove API for setting allowed users for an app 74/23274/3
Rafal Krypa [Fri, 20 Jun 2014 15:53:48 +0000 (17:53 +0200)]
Remove API for setting allowed users for an app

Removed function security_manager_app_inst_req_add_allowed_user.
It became obsolete when application framework switched to multi-user
support by installing apps for each user separately.

Change-Id: I2c1d3533982d23b45f3226e5eb07619d60b0530f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoListen on socket passed by systemd 60/23160/6
Rafal Krypa [Wed, 18 Jun 2014 14:25:46 +0000 (16:25 +0200)]
Listen on socket passed by systemd

This was previously disabled in security-manager code, because it was
coupled with security-server, which already did that.
Uncommenting the listening code now.

Change-Id: I9e7c5a3a5bde2e29fc74b9918af0a36992533a80
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoRemove SmackAudit() from logging facility 58/23158/6
Rafal Krypa [Wed, 18 Jun 2014 13:09:46 +0000 (15:09 +0200)]
Remove SmackAudit() from logging facility

This functionality was needed in security-server to log user space Smack
checks consistently with logs generated by kernel.
Security-manager will never perform such checks.

Change-Id: Ifcc67228b85dedba33330710d1e763dbdfadd996
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoBump version number to 0.1.0 71/23171/1 accepted/tizen/common/20140724.165024 submit/tizen/20140618.161300
Rafal Krypa [Wed, 18 Jun 2014 15:07:16 +0000 (17:07 +0200)]
Bump version number to 0.1.0

Make sure that new security-manager packages will have higher version than
previously built packages, before split from security-server repository.

Change-Id: Id7ad7fbbe19ebce514209ad8e8e6cadae77386f7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoFix memory leak and add EINTR error handling. 53/23153/2
Marcin Lis [Wed, 11 Jun 2014 08:39:54 +0000 (10:39 +0200)]
Fix memory leak and add EINTR error handling.

One memory leak was missed in the Installer service.
Introduce retries on EINTR error while trying to open a file.
Also add close() error handling.

This is a cherry pick from security-server repository.

Change-Id: I43b48e12d6e609b24ffda02c7aed199f3b9f02bb
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agoUpdate readme file 26/23126/2
Jan Cybulski [Wed, 18 Jun 2014 06:56:53 +0000 (08:56 +0200)]
Update readme file

Change-Id: Ia0d04bdc6b56d7b70737e29e53d8e40f5984805e
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoComments and defines changed to comply with new project name 14/23014/4
Jan Cybulski [Fri, 13 Jun 2014 11:18:45 +0000 (13:18 +0200)]
Comments and defines changed to comply with new project name

Change-Id: Ie931b2a4d7f2c5d7fa688fbbd0b8f062cfb9a818
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoChange namespace name to SecurityManager 48/23048/3
Jan Cybulski [Fri, 13 Jun 2014 09:22:08 +0000 (11:22 +0200)]
Change namespace name to SecurityManager

Change-Id: I43070c39da09a67895ec5eda17bf316ff352a6e7
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoMove needed declarations from serurity-server.h to security-manager.h 13/23013/4
Jan Cybulski [Mon, 16 Jun 2014 12:42:54 +0000 (14:42 +0200)]
Move needed declarations from serurity-server.h to security-manager.h

Delete file security-server.h, that is not needed any more.

Change-Id: I2c90610106e58ec55f216c654e09595cf98be3c9
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoChange package name to security-manager. 12/23012/3
Jan Cybulski [Fri, 13 Jun 2014 07:22:32 +0000 (09:22 +0200)]
Change package name to security-manager.

Change filenames according to new package name.
Change server binary file name to security-manager
Update CMake files accordingly

Change-Id: Ic7dbcf5a401055c38a637b8edf4ebdb5b6be8d49
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoRemove unnecessary security-server files 11/23011/3
Jan Cybulski [Mon, 16 Jun 2014 12:38:01 +0000 (14:38 +0200)]
Remove unnecessary security-server files

This commit starts a fork from security-server repository,
that initially security-manager was part of.
All parts of security-server that was not needed by security-manager
are removed. That means removing security-server-client
and removing all services exept security-manager's ones.

Change-Id: Id9a33033398811b4b5fc36738ff4ca411260315b
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoAdd smackfs check to Installer service.
Marcin Lis [Mon, 9 Jun 2014 15:55:09 +0000 (17:55 +0200)]
Add smackfs check to Installer service.

The app installation was failing under the non-smack environment.
One additional check for the existence of the smack is now added to
prevent the Installer from applying smack rules to the kernel, when
there is no smack security enabled.

The same kind of check is also added to uninstall-app functionality.

Change-Id: I9ed29e7d60e34639173317ac83c1f5314100d6e4
Signed-off-by: Marcin Lis <m.lis@samsung.com>
10 years agosecurity manager: function for labeling dirs
Jan Cybulski [Fri, 23 May 2014 05:39:36 +0000 (07:39 +0200)]
security manager: function for labeling dirs

Security manager used libprivilege-control's perm_app_setup_path.
This commit removes this dependency by reimplementing the code
that labels directories as internal function of installer service
in security-manager.

Change-Id: I57738ef310afddda235fe2bb45d95ee54d2ed587
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoInstallation/uninstallation of package-specific smack rules
Jacek Bukarewicz [Tue, 27 May 2014 12:46:06 +0000 (14:46 +0200)]
Installation/uninstallation of package-specific smack rules

On installation rules are generated from predefined template, applied
to the kernel and saved to disk so they are loaded on system boot.
On uninstallation package-specific rules are revoked from kernel and
removed from disk.

Change-Id: Ib3ce4ecf909c4fe3c6bc1f5a77e24737b7acf918

10 years agosecurity manager: add generateAppLabel
Jan Cybulski [Fri, 23 May 2014 05:41:34 +0000 (07:41 +0200)]
security manager: add generateAppLabel

The similar function was declared as part of libprivilege-control
Now as security manager is going to drop dependency
on privilege-control, there is a need of implementing
this function as part of security-manager.

Change-Id: Ieb06e278fb7938a0a34e7592b5be7efa33af9b2d
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>
10 years agoFix security manager socket path.
Adam Malinowski [Wed, 21 May 2014 08:10:40 +0000 (10:10 +0200)]
Fix security manager socket path.

Path of socket for installer has been changed incorrectly
during mooving sockets from /tmp to /run

Verification:
-> flash target with new image
-> install security-server
-> install security-tests
-> security-tests.sh security-manager --output=text
   (test should pass)

Change-Id: I501206d09c5830892f856acb1807cd18c176e141
Signed-off-by: Adam Malinowski <a.malinowsk2@partner.samsung.com>
10 years agoMerge changes I3f480808,Ie3102c86 into tizen
Zbigniew Jasinski [Fri, 16 May 2014 11:15:50 +0000 (04:15 -0700)]
Merge changes I3f480808,Ie3102c86 into tizen

* changes:
  Change socket paths from /tmp... to /run...
  Fixed name mismatch in systemd socket

10 years agoChange socket paths from /tmp... to /run...
Lukasz Wojciechowski [Thu, 15 May 2014 14:30:35 +0000 (16:30 +0200)]
Change socket paths from /tmp... to /run...

[Cause]        Sockets should not be created in /tmp folder
[Solution]     Change systemd socket description
               and protocol defines

[Verification] Build and install Security Server.
               Check if sockets created by systemd are placed in:
               /run/security-server and /run/security-manager

Change-Id: I3f480808d2d3f1bd78b8713d795602da7ccc7dfb
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
10 years agoFixed name mismatch in systemd socket
Pawel Polawski [Wed, 14 May 2014 11:27:19 +0000 (13:27 +0200)]
Fixed name mismatch in systemd socket

Change-Id: Ie3102c8665601a3fe3ddd5d5562bbcaa0e496f63
Signed-off-by: Pawel Polawski <p.polawski@samsung.com>
10 years agoAdjust security_server_app_has_privilege to Tizen 3.0 model.
Lukasz Wojciechowski [Thu, 8 May 2014 19:41:49 +0000 (21:41 +0200)]
Adjust security_server_app_has_privilege to Tizen 3.0 model.

[Cause]    security_server_app_has_privilege function
           uses perm_app_has_permission.
           https://review.tizen.org/gerrit/#/c/20519/
           redefined application identifier to smack label.
[Solution] change from app_id to app_label

[Verification] compile and install security-server

Change-Id: If7f3d1b72b26117b2680ce34dd6bd980a4859949
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
10 years agoBring back part of app-permissions service
Lukasz Wojciechowski [Thu, 8 May 2014 19:23:43 +0000 (21:23 +0200)]
Bring back part of app-permissions service

[Cause]    security_server_app_has_permission function
           is needed for temporary cynara (bootstrap) version
[Solution] roll back part of commit
           ed1815535d0383bc343bb92062fe934b44f4e53d

[Verification] compile and install security-server

Change-Id: I3a51ee09a554a5561d559f0a30dc25f9b74e2d76
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
10 years agoUpgrade version number in spec.
Marcin Niesluchowski [Tue, 13 May 2014 09:04:31 +0000 (11:04 +0200)]
Upgrade version number in spec.

Old version number causes dependency errors for new security-manager
package.

Verification:
-> Build and install libsecurity-manager-client-* rpms.

Change-Id: I68e3d23f954ab1535351a76856ce5a0a14f49453

10 years agoImplement installer service
Michal Witanowski [Tue, 4 Mar 2014 08:40:00 +0000 (09:40 +0100)]
Implement installer service

[Bug/Feature]  Create new Security Server's service interfacing
               with libprivilege-control API.
[Cause]        N/A
[Solution]     Create PrivilegeControlSevice and implement protocol
               supporting libprivilege-control's API used by
               installers.
[Verification] Build and install Security Server.

Change-Id: I95a0e9a7cb69952e8f3b71665fcd7d9867939759
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>
10 years agoAdded security-manager API
Pawel Polawski [Fri, 2 May 2014 15:15:49 +0000 (17:15 +0200)]
Added security-manager API

Added new header containing set of new API functions and generation
new rpm packages with security-manager-library

Change-Id: I2c01f5f911bbc32ead7082d427762d72bf55b35c
Signed-off-by: Pawel Polawski <p.polawski@samsung.com>
10 years agoRemove dead code
Zofia Abramowska [Tue, 15 Apr 2014 13:36:49 +0000 (15:36 +0200)]
Remove dead code

Remove unnecessary check on memcpy return and thus unused
memory exception type.

Change-Id: I95c47cb36cc178b4219bbfa337aa21991cfc0b67

10 years agoSignalling attempt to access a non-existent service
Radoslaw Bartosiak [Wed, 2 Apr 2014 16:28:20 +0000 (18:28 +0200)]
Signalling attempt to access a non-existent service

[Bug]       Connect function does not notify on nonexisting service
[Cause]     N/A
[Solution]  New return code SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE is used
[Problem]   N/A

[Verification] build, run security-server tests

Change-Id: I1fcf9bf7ba46d02cb43585e3de6095829685d9e9
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
10 years agoFix build break introduced by previous commit.
Bartlomiej Grzelewski [Wed, 9 Apr 2014 13:16:14 +0000 (15:16 +0200)]
Fix build break introduced by previous commit.

[Bug]      Last commit left unused parameters in api without marked them
           as unused.
[Cause]    N/A
[Solution] Add all unused parameteres with __attribute__((unused))

[Verificaiton] N/A

Change-Id: I1c035ae968367be778c8ba725e9000d07df078c2

10 years agoComment out Security-server API checking privileges of process
jooseong.lee [Wed, 9 Apr 2014 08:01:35 +0000 (17:01 +0900)]
Comment out Security-server API checking privileges of process

Below Security-server APIs can be return 'access deny" by 3-domain smack policy.
And it makes bootting and running issue.
So we should comment out them temporarily untill implement of Cynara.
- security_server_check_privilege_by_sockfd
- security_server_check_privilege_by_pid
- security_server_check_privilege_by_cookie

visit below site:
https://wiki.tizen.org/wiki/Security:Cynara

Change-Id: Idcf379a1cd6ee38c80d21b952cdf52b067813603
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
10 years agoMerge "Fix build configuration for build_type=DEBUG [PROFILING]" into tizen
Bartlomiej Grzelewski [Mon, 31 Mar 2014 13:45:47 +0000 (06:45 -0700)]
Merge "Fix build configuration for build_type=DEBUG [PROFILING]" into tizen

10 years agoRemove unnecessary include dependency of privilege-control.h
Radoslaw Bartosiak [Wed, 26 Mar 2014 15:57:58 +0000 (16:57 +0100)]
Remove unnecessary include dependency of privilege-control.h

[Issue#]    N/A
[Bug]       N/A
[Cause]     N/A
[Solution]  Remove the include from security-server.h
[Problem]   N/A

[Verification] build

Change-Id: I25f568c142b9f0959eccc1c71f32fc9e2f1da7c2
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
10 years agoFix build configuration for build_type=DEBUG [PROFILING]
Radoslaw Bartosiak [Wed, 26 Mar 2014 16:59:50 +0000 (17:59 +0100)]
Fix build configuration for build_type=DEBUG [PROFILING]

[Issue#]    N/A
[Bug]       GBS build with  --define "build_type DEBUG" failed
[Cause]     N/A
[Solution]  Disable the FORTIFY_SOURCE compiler option
[Problem]   N/A

[Verification] build

Change-Id: I1a0c557a2986792514f3fec48d861bdeb97c1aba
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
10 years agofix build in x86_64
Stephane Desneux [Wed, 12 Mar 2014 09:32:23 +0000 (10:32 +0100)]
fix build in x86_64

Change-Id: I294e913ab5f2d481e9c7187ec5885b92a7eb8424
Signed-off-by: Stephane Desneux <stephane.desneux@open.eurogiciel.org>
10 years agoRemove services open-for and app-permissions.
Bartlomiej Grzelewski [Wed, 5 Mar 2014 16:03:36 +0000 (17:03 +0100)]
Remove services open-for and app-permissions.

[Issue#]   N/A
[Bug]      N/A
[Cause]    This services were not used on tizen.org
[Solution] N/A

[Verification] N/A

Change-Id: Iae627af04af789fd3219ce85c3e5131f112dbb08

10 years agoAdd missing descriptions in security-server.h
Bartlomiej Grzelewski [Tue, 4 Mar 2014 16:14:37 +0000 (17:14 +0100)]
Add missing descriptions in security-server.h

[Issue#]   N/A
[Bug]      N/A
[Cause]    N/A
[Solution] N/A
[Problem]  N/A

[Verification] N/A

Change-Id: Iecdf65af3cbdf17a5128cd2e94738d9f00127493

10 years agoFix error code return by shared memory service.
Bartlomiej Grzelewski [Tue, 4 Mar 2014 16:05:06 +0000 (17:05 +0100)]
Fix error code return by shared memory service.

[Issue#]   N/A
[Bug]      Security-server returns SECURITY_SERVER_API_BAD_REQUEST
           instead of SECURITY_SERVER_API_ERROR_GETTING_SOCKET_LABEL_FAILED
[Cause]    N/A
[Solution] Fix in code.

[Verification] Build, run security-server tests.

Change-Id: I39db4da7cf8ccb81f6dceb958bc090b618f0d52e

10 years agoRemove fsync in audit-smack-log
Marek Smolinski [Fri, 14 Feb 2014 07:11:11 +0000 (08:11 +0100)]
Remove fsync in audit-smack-log

Synchronization kernel buffer by a fsync call is unnecessary

[Issue#]   N/A
[Bug]      N/A
[Cause]    N/A
[Verfication] Build

Change-Id: Ife04d92f108adc4a29facebd710d0ced1521702c

10 years agoCorrect security_server_reset_pwd description in header.
Lukasz Kostyra [Thu, 13 Feb 2014 12:35:11 +0000 (13:35 +0100)]
Correct security_server_reset_pwd description in header.

[Issue#]        PSDAC-106
[Bug]           security_server_reset_pwd performed no checks connected with new password. Header
                didn't include this information in security_server_reset_pwd description.
[Cause]         N/A
[Solution]      Correct information included in security-server.h header.
[Verification]  N/A

Change-Id: I38e8b565121a8b5f3d087fbe0425042a59f73ae0

10 years agoAdded checking for binary path in case of reused cookie
Pawel Polawski [Mon, 10 Feb 2014 10:12:07 +0000 (11:12 +0100)]
Added checking for binary path in case of reused cookie

[Issue#]        N/A
[Bug/Feature]   Protection aganist reuse cookie
[Cause]         Possible use cookie of other process
[Solution]      Added process path checking
[Verification]  Compile, run tests

Change-Id: I0b34eab693026c5e63f269dfc912890a5e5c5dd8

10 years agoDocumentation comments correction.
Lukasz Wojciechowski [Fri, 7 Feb 2014 14:28:17 +0000 (15:28 +0100)]
Documentation comments correction.

[Issue#]    N/A
[Bug]       N/A
[Cause]     N/A
[Problem]   N/A
[Solution]  N/A

[Verifcation] Build, generate documentation.

Change-Id: I8b6c19b6b2fd2b854cc29d2072101dee5a65b5a8

10 years agoData-share service test wrong value returned from smack_new_label_from_socket.
Zbigniew Jasinski [Mon, 17 Feb 2014 12:42:11 +0000 (13:42 +0100)]
Data-share service test wrong value returned from smack_new_label_from_socket.

[Issue#]    PSDAC-46
[Bug]       Failing tests:
            * tc01a_security_server_app_give_access
            * tc07_check_API_data_share_allow
[Cause]     Wrong check of return value.
[Solution]  Check proper return value from smack_new_label_from_socket

[Verifcation] Build, run tests.

10 years agoPrepare release for tizen.org
Bartlomiej Grzelewski [Thu, 23 Jan 2014 17:03:27 +0000 (18:03 +0100)]
Prepare release for tizen.org

Changes:
 * Reset manifest.
 * Security policy for security-server sockets has been removed.
 * Minor fixes required by g++ 4.8.
 * Removed unused code.
 * Version update.
 * Fix conflicts in manifest file.

[Issue#]   SSDWSSP-816
[Bug]      N/A
[Cause]    N/A
[Solution] N/A

[Verification] N/A

Change-Id: I39e55c0355f561465b8f3ae777e6bcd46097ec86

10 years agoFix implementation and rename FstreamHelper to FstreamAccessros.
Bartlomiej Grzelewski [Wed, 12 Feb 2014 14:19:50 +0000 (15:19 +0100)]
Fix implementation and rename FstreamHelper to FstreamAccessros.

[Issue#]    N/A
[Bug]       FstreamHelper always inherited from fstream::__filebuf but it gets
            as param ofstream and should inherits from
            ofstream::__filebuf.
[Cause]     Name FstreamHelper was miningless.
[Solution]  N/A

[Verfication] Build, run tests.

Change-Id: I2a884860032d84f7cac05084dab4d3e3a2a5bbe9

10 years agoAdd FstreamHelper class to get FD from fstream objects
Marek Smolinski [Tue, 4 Feb 2014 14:07:32 +0000 (15:07 +0100)]
Add FstreamHelper class to get FD from fstream objects

Rewrite the way of fsync calls, and add fsync in SmackAuditLog

    [Issue#]   N/A
    [Bug]      N/A
    [Cause]    N/A

[Verfication] Build, test fsync(DPL::FstreamHelper::getFd) on local pc.

Change-Id: I835df13a3b6b988afda7bade35fb5020d46efacd

10 years agoRemove errors reported by Prevent.
Bartlomiej Grzelewski [Thu, 23 Jan 2014 09:47:57 +0000 (10:47 +0100)]
Remove errors reported by Prevent.

[Issue#]   N/A
[Bug]      Lack of break in switch.
[Cause]    N/A

[Verfication] Build, run tests.

Change-Id: I2c05d0256c2ed0c323d220796d55f176e342f5b7

10 years agoRemoved temporary systemd socket
Pawel Polawski [Tue, 17 Dec 2013 12:43:25 +0000 (13:43 +0100)]
Removed temporary systemd socket

[Issue#]        N/A
[Bug/Feature]   After enabled smack protection for security-server
                API temporary unprotected socket is no longer needed
[Cause]         Deprecated temporary socket used
[Solution]      Socket removed
[Verification]  Compiule, run tests

Change-Id: Ifef2aefc0b017b208f2d64a93f68d7ee95be6050

10 years agoClean up password service.
Bartlomiej Grzelewski [Fri, 6 Dec 2013 15:46:52 +0000 (16:46 +0100)]
Clean up password service.

* Remove PASSWORD_INFINITE_EXPIRATION_TIME from protocol* files.
* Add anonymous namespace in password-file.cpp
* Change PASSWORD_INFINITE_EXPIRATION_TIME value from -1 to max time_t.
* Remove cast between int/unsigned int/time_t in the code.

[Issue#]    N/A
[Bug]       N/A
[Cause]     N/A
[Problem]   N/A
[Solution]  N/A

[Verifcation] Build, run tests.

Change-Id: If41b690a7f4ac882281fc17bcdb79d20bfa9cb8d

10 years agoFix compilation under gcc 4.8
Piotr Bartosiewicz [Fri, 17 Jan 2014 12:27:17 +0000 (13:27 +0100)]
Fix compilation under gcc 4.8

[Issue#]        N/A
[Bug/Feature]   Security-server does not build under GCC 4.8
[Cause]         * monotonic_clock was renamed in gcc 4.7 to steady_clock
                * lack of header files
                * invalid use of lambda capture
[Solution]      N/A
[Verification]  Build, run tests

Change-Id: I0c9235131e082eb7d053f13be4ead9b1ff044f4a

10 years agoExtensions to security_server_open_for function.
Zbigniew Jasinski [Tue, 26 Nov 2013 14:05:38 +0000 (15:05 +0100)]
Extensions to security_server_open_for function.

Base function extended by new argument 'reader_label':

* int security_server_sharedfile_open(const char *filename, const char *reader_label, int *fd);

Introduced two new functions:

* int security_server_sharedfile_reopen(const char *filename, int *fd);
* int security_server_sharedfile_delete(const char *filename);

[Issue#]        SSDWSSP-398
[Bug/Feature]   New SS API functions.
[Cause]         *open_for* needed more security.
[Solution]      Added new functions.
[Verification]  Build and run new tests:
                security-server-tests-server --output=text --regexp='open_for'

Change-Id: I00dcf1c24c4a2186942b2dff4511e6667a6c5188

10 years agoReplaced std::unique_lock with std::lock_quard.
Marek Smolinski [Thu, 2 Jan 2014 07:38:11 +0000 (08:38 +0100)]
Replaced std::unique_lock with std::lock_quard.

[Issue#]        N/A
[Bug]           N/A
[Cause]         lock_quard is simpler and security-server does not used
                additional benefits from unique_lock.
[Solution]      N/A

[Verification]  Build, run ss tests

Change-Id: I91c626760c13b58e7909752252c86892815fadd7

10 years agoAdd missing header files.
Bartlomiej Grzelewski [Wed, 15 Jan 2014 14:50:43 +0000 (15:50 +0100)]
Add missing header files.

[Issue#]    N/A
[Problem]   Build break.
[Cause]     Lack of header file unistd.h (function unlink was
            undefined) in open-for-manager.cpp and password-file.cpp
            (function close was undefined).
[Solution]  Fix header list.

[Verification] Build.

Change-Id: If5b4d4f76677431162fded7f833fcaf915f65db9

10 years agoAdd security-server.target unit.
Bartlomiej Grzelewski [Mon, 16 Dec 2013 14:15:24 +0000 (15:15 +0100)]
Add security-server.target unit.

Service key-storage requires security-server but it should not use
security-server.socket in Requires field because it's part of private
implementation. This commit creates synchronization point
security-server.target that should be used by other services to add
requirement to security-server.

[Issue#]     N/A
[Bug/Cause]  N/A
[Problem]    key-storage is not able to start because new
             security-server does not create security-server.socket.
[Solution]   create synchronization point for key-storage

[Verification] Build, install, reboot device.

Change-Id: Id54e9187edf671eec047787bdeb27a8c2acca29e

10 years agoPassword file versioning, support for old versions
Piotr Bartosiewicz [Wed, 11 Dec 2013 14:26:10 +0000 (15:26 +0100)]
Password file versioning, support for old versions

[Issue#]        SSDWSSP-711
[Bug/Feature]   Security server crashes after update to version with a
                new password file format.
[Cause]         There was no backward compatibility support.
[Solution]      Introduce a new password file format with versioning and
                algorithm identifier associated with every password
                entry. Additionally security server can read all old
                password file formats, but can only save in the newest.
                Also incorrect file mask was fixed.
[Verification]  Build, install, run tests. Check migration from old
                password file formats to the new one (folder:
                /opt/data/security-server, old file name: password.pwd,
                new file name: password).

Change-Id: If25952ddc467172fc8032fb98a31e9413762882e

10 years agoSecure all critical sockets with smack label.
Bartlomiej Grzelewski [Thu, 12 Dec 2013 17:06:49 +0000 (18:06 +0100)]
Secure all critical sockets with smack label.

[Issue#]     721
[Bug]        Sockets were not secured.
[Cause]      We need to wait for platform developers to adopt.
[Solution]   All critical sockets were secured.

[Verification] Build, run tests.

Change-Id: Ide775b00427b4848718e16e0b60aec2c4368fc7d

10 years agoFix incorrect security server service description.
Lukasz Kostyra [Wed, 11 Dec 2013 06:20:29 +0000 (07:20 +0100)]
Fix incorrect security server service description.

[Issue#]        N/A
[Bug]           Service description had a spelling error - "Scoket" instead of "Socket".
[Cause]         N/A
[Solution]      Correct service description.
[Verification]  Build, install, reboot target. Call "journalctl | grep security". You should
                see informations with all sockets being started.

Change-Id: I3abb0d82f0d553dd00e594c26d9945665ff26930

10 years agoRemove retry timeout check
Lukasz Wojciechowski [Mon, 9 Dec 2013 15:36:16 +0000 (16:36 +0100)]
Remove retry timeout check

[Issue#]       SSDWSSP-709
[Feature/Bug]  Retry timeout check is not required
[Problem]      Rapid password check sequences should be possible.
[Cause]        Retry timeout check cause may cause unnecessary failure.
[Solution]     Remove retry timeout check.
[Verification] Succesfull build and run of tests:
               security-tests.sh ss-password --output=text
               --regexp=no_retry_timeout

Change-Id: I802e5e067792182fcf7a5833f608bfb63e84b468

10 years agoFix isPwdValid. Correct logs. Change history related function names.
Lukasz Kostyra [Thu, 5 Dec 2013 07:34:55 +0000 (08:34 +0100)]
Fix isPwdValid. Correct logs. Change history related function names.

[Issue#]        N/A
[Bug]           Wrong value returned by isPwdValid. Some logs showed up incorrectly as error.
                History related functions had misleading names.
[Cause]         Incorrect casting in isPwdValid.
[Solution]      Add condition correcting returned time by isPwdValid. Correct log types. Change
                historySize related functions to maxHistorySize.
[Verification]  Build, run tests. Test tc43 should pass, others should work as earlier. Commit with
                tc43 - http://slp-info.sec.samsung.net/gerrit/#/c/357776/

Change-Id: Ic9ce0423f2ec233f3c1d8703dba8ab92e998632d

10 years agoFix improper description in header
Zofia Abramowska [Thu, 28 Nov 2013 14:12:29 +0000 (15:12 +0100)]
Fix improper description in header

[Issue#] N/A
[Feature/Bug] N/A
[Cause] Header contained wrong information about rules needed for
using security_server_check_privilege_by_sockfd
[Solution] Fixed description in header.
[Verification] Build.

Change-Id: I4ce035086268eff6f0d9d46834fe297206788923

10 years agoAdd flag checking if password is set. Correct history behaviour
Lukasz Kostyra [Tue, 3 Dec 2013 14:49:11 +0000 (15:49 +0100)]
Add flag checking if password is set. Correct history behaviour

[Issue#]        N/A
[Bug]           N/A
[Cause]         N/A
[Solution]      N/A
[Verification]  Build, install, run tests. Should pass as they passed earlier.

Change-Id: I1ab45c23564e0592c8f5912c03a96dc4cb146ead

10 years agoIncrease attempt count before checking max attempts.
Lukasz Kostyra [Tue, 3 Dec 2013 12:53:58 +0000 (13:53 +0100)]
Increase attempt count before checking max attempts.

[Issue#]        N/A
[Bug]           N/A
[Cause]         N/A
[Solution]      N/A
[Verification]  Build, install, run tests. Tests which checked for correctly returned attempt count
                should return error due to incorrect attempt count. Others should pass.

Change-Id: I120e7339e3af591374ddad5207ab8c0c8894b973

10 years agoAdd new constants to password service. Change infinite expiration time.
Lukasz Kostyra [Mon, 2 Dec 2013 14:16:11 +0000 (15:16 +0100)]
Add new constants to password service. Change infinite expiration time.

[Issue#]        SSDWSSP-700
[Feature/Bug]   Add PASSWORD_INFINITE_EXPIRATION_TIME and PASSWORD_INFINITE_ATTEMPT_COUNT constant
                to password service. Change infinite expiration time.
[Cause]         Infinite expiration time and infinite attempt count were inputed directly to
                variables in multiple places. Other infinite expiration time
[Solution]      Constants were added for simplier switching between different infinite expiration
                times and infinite attempt  counts.
[Verification]  Build, install, run tests. All should pass, except tests that treated infinite
                expiration time as 0 value.

Change-Id: I49877154e97f57ac444dbc37924bb571f4fa3abe

10 years agoChange debug flag from TIZEN_ENGINEER_MODE to TIZEN_DEBUG_ENABLE
Zbigniew Jasinski [Fri, 29 Nov 2013 10:13:14 +0000 (11:13 +0100)]
Change debug flag from TIZEN_ENGINEER_MODE to TIZEN_DEBUG_ENABLE

Also changes in spec file reflecting flag change.

[Issue#]      SSDWSSP-697
[Feature/Bug] N/A
[Problem]     Many issues in user binaries.
[Cause]       N/A
[Solution]    Add debug not only for engineering packages.

[Verification] Build with debug flag, run tests.

Change-Id: I0de009b02813785fd540e555b8c6dd5de7d0cec5

10 years agoRemove deprecated code related to sockets.
Bartlomiej Grzelewski [Wed, 27 Nov 2013 11:39:43 +0000 (12:39 +0100)]
Remove deprecated code related to sockets.

Socket "exec-path" was deprecated and was not used.
Service "echo" was removed and definition in protocol.h is not required.

[Issue#]       N/A
[Bug/Solution] N/A
[Problem]      Security-server have got 1 additional socket open.
[Solution]     Remove deprecated code and systemd configuration.

[Verification] Build, run tests.

Change-Id: If1ce352b2ecfa5e9d14e5367d4e3b1b2f8f85d07

10 years agoChange label of security-server binary.
Bartlomiej Grzelewski [Tue, 26 Nov 2013 16:17:21 +0000 (17:17 +0100)]
Change label of security-server binary.

[Issue#]   N/A
[Bug]      N/A
[Cause]    N/A
[Solution] N/A

[Verification] Build, run tests.

Change-Id: I1280be4bd12f07d3b9752ada06e65362374eca83

10 years agoFix errors reported by prevent.
Bartlomiej Grzelewski [Thu, 28 Nov 2013 10:15:55 +0000 (11:15 +0100)]
Fix errors reported by prevent.

[Issue#]    N/A
[Bug/Cuase] Error code was not checked.
[Solution]  N/A

[Verification] Build, run tests.

Change-Id: I33c2f0b31416a0720d5dcccb7408b7c6efc569fc

10 years agoSeparate password_set and password_reset APIs on socket level.
Marcin Niesluchowski [Wed, 27 Nov 2013 15:41:52 +0000 (16:41 +0100)]
Separate password_set and password_reset APIs on socket level.

[Issue#]        SSDWSSP-691
[Bug/Feature]   N/A
[Cause]         Applications should have access only to those functions they
                need.
[Solution]      Moving password_reset to new socket with different label.
[Verification]  Build and install. Run security-server password tests.

Change-Id: I318e649314fd7410ccfa065124b7d6175cf6687e

10 years agoRemoved echo service leftovers
Krzysztof Jackiewicz [Wed, 27 Nov 2013 10:46:12 +0000 (11:46 +0100)]
Removed echo service leftovers

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Echo service has been removed but some leftovers are still present in
code
[Cause] N/A
[Solution] Removed

[Verification] Succesfull compilation

Change-Id: I26728971dd610f103dfcaaf7dcc47f9028ffc42d

10 years agoCorrect socket paths in protocols.cpp
Lukasz Kostyra [Tue, 26 Nov 2013 16:36:51 +0000 (17:36 +0100)]
Correct socket paths in protocols.cpp

[Issue#]        SSDWSSP-686
[Bug]           Constants which contained paths to password sockets had incorrect paths.
[Cause]         N/A
[Solution]      Correct socket paths.
[Verification]  Build, install, run tests. All should pass.

Change-Id: I410d50a8ac42517a74bfdeba1e6990bd7ce169d2