platform/core/security/security-manager.git
7 years agoFix bugs reported by C++Test and SVACE 07/139607/4
Bartlomiej Grzelewski [Wed, 19 Jul 2017 12:16:09 +0000 (14:16 +0200)]
Fix bugs reported by C++Test and SVACE

Change-Id: Id8c2ee63159b6df768a9e818bcb929c4a70d57b0

7 years agoFix database upgrading from v10 to v11 24/142124/3
Dariusz Michaluk [Wed, 2 Aug 2017 15:10:12 +0000 (17:10 +0200)]
Fix database upgrading from v10 to v11

Change-Id: I54778accfcc2479dd899285c66ba4c3a95329b10

7 years agoFix buffer overflow in exception.h 22/139322/2
Bartlomiej Grzelewski [Mon, 17 Jul 2017 17:04:36 +0000 (19:04 +0200)]
Fix buffer overflow in exception.h

Change-Id: Idaf6e6c8afa4936370e97c5870dfb5b7b5149e24

7 years agoReplace getgrent with getgrnam_r in security_manager_groups_get 71/141771/7
Krzysztof Jackiewicz [Wed, 2 Aug 2017 07:25:28 +0000 (09:25 +0200)]
Replace getgrent with getgrnam_r in security_manager_groups_get

Group2Gid constructor used getgrent which is not thread-safe. The class is used
in security-manager's server which is single threaded and in a nss plugin. The
nss plugin is called in the same context as initgroups() and as such can be
called from concurrent threads simultaneously although it makes no sense. Also
initgroups() manual does not mention anything about thread-safety.

It's impossible to get groups mapping thread-safely using getgrent_r if we are
not controlling all of the threads (which is the case in SM's client library).
Instead the getgrnam_r() was used.

Change-Id: I753f88ee0f85bb28c0907ae590e522a075873ffb

7 years agoFix race condition in reading credentials 31/140331/2
Bartlomiej Grzelewski [Mon, 24 Jul 2017 12:00:29 +0000 (14:00 +0200)]
Fix race condition in reading credentials

Race condition scenario:
1. Client connects to service and gets descriptor D.
2. Client sends request R.
3. Client closes connection.
4. Second client connects to service and gets descriptor D
5. Service thread starts to process request R and calls
   getCredentialsFromSocket. Function returns credentials of
   second client.

Change-Id: Id42d58b90147157df9772dd856d4769b8698434b

7 years agoRelease 1.2.22 71/139671/1 accepted/tizen/4.0/unified/20170816.011622 accepted/tizen/4.0/unified/20170816.014833 accepted/tizen/unified/20170720.164945 submit/tizen/20170720.052357 submit/tizen/20170720.054830 submit/tizen_4.0/20170811.094300 submit/tizen_4.0/20170814.115522 submit/tizen_4.0_unified/20170814.115522
jin-gyu.kim [Thu, 20 Jul 2017 05:22:57 +0000 (14:22 +0900)]
Release 1.2.22

* Fix segfault in nss plugin

Change-Id: I49a37725b3297a4bbd62b944f071bcba9a681c90

7 years agoFix segfault in nss plugin 58/139558/3
Krzysztof Jackiewicz [Wed, 19 Jul 2017 09:34:17 +0000 (11:34 +0200)]
Fix segfault in nss plugin

- Initialize groups pointer to NULL
- Delay wrapping with unique_ptr until we are sure that function returning
  groups succeeded
- Treat empty group list as a correct result

Change-Id: I9cf7493d819f3c1afdc2a378bc52f24d0f3f53b9

7 years agoRelease 1.2.21 55/138055/1 accepted/tizen/unified/20170713.153304 submit/tizen/20170711.023607 submit/tizen/20170712.102507
jin-gyu.kim [Tue, 11 Jul 2017 02:30:22 +0000 (11:30 +0900)]
Release 1.2.21

* Allow application to fetch its own policy
* Optimize group processing performance
* Add core privilege: blocknumber.read, blocknumber.write

Change-Id: I2320777e489a094eb23e87a1747e5a0b6f0200a6

7 years agoAllow application to fetch its own policy 91/135791/6
Zofia Abramowska [Mon, 26 Jun 2017 11:42:35 +0000 (13:42 +0200)]
Allow application to fetch its own policy

Application requires checking its privacy privilege
status to decide wether invoking askuser popup is
required. This change allows apps to fetch its own
policy (for the same app_id and user) without any
additional privilege.

Change-Id: Ie351f002107e58ad90b71f44ec25026469e38cb5

7 years agoOptimize group processing performance 35/126135/11
Rafal Krypa [Fri, 7 Jul 2017 16:16:16 +0000 (18:16 +0200)]
Optimize group processing performance

- Map group names to gids during server startup.
- Return gids instead of group names to client.
- Modify API used by NSS plugin to return gids and update the plugin.
- Cache privilege->gid mapping and privilege related gids on server side.

Change-Id: I30480565495e9591d893279f2df622fa21b6e1b9

7 years agoAdd core privilege: blocknumber.read, blocknumber.write 40/137340/1
Yunjin Lee [Wed, 5 Jul 2017 08:45:31 +0000 (17:45 +0900)]
Add core privilege: blocknumber.read, blocknumber.write

Change-Id: Ibf991198a1a3a401a0b3e003a485e3ae9ee5dbdd
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
7 years agoRelease 1.2.20 03/136603/1 accepted/tizen/unified/20170703.064244 submit/tizen/20170630.100553 submit/tizen/20170703.021739
Piotr Sawicki [Fri, 30 Jun 2017 10:02:34 +0000 (12:02 +0200)]
Release 1.2.20

* Remove dependency to Nether
* Add missing else keyword
* Fix memory allocation loop
* Apply -fPIE and -pie flag to license-manager
* Verify if certificate CN entry is equal to pkgId.
* Refactor error handling on app_defined_privilege/client_license table
* Change license-manager-agent uid/gid to security_fw
* Accept null as appId during license extraction
* New schema of database
* Apply coding rules
* Implement certificate verification inside agent
* Improve implementation of appdefined privilege API
* Remove outdated 'CREATE INDEX + performance tests required' TODO
* security-manager-cmd: add new option manager-apps for app install/uninstall
* Support security_manager_app_uninstall calling in off-line mode

Change-Id: I7894668ea52634b226b5c0d699661a2be33f9707

7 years agoRemove dependency to Nether 91/136291/1
jin-gyu.kim [Thu, 29 Jun 2017 04:47:44 +0000 (13:47 +0900)]
Remove dependency to Nether

Security-manager has the dependency to Nether to install it.
Nether can be installed independently. [TRE-1330]
Therefore, remove the dependency.

Change-Id: Ibb3b2f18aad6be934737238f9412189e59d23f01

7 years agoAdd missing else keyword 01/133501/4
Bartlomiej Grzelewski [Mon, 12 Jun 2017 10:34:53 +0000 (12:34 +0200)]
Add missing else keyword

Change-Id: I092cf2c807d6a1445de4d33b308717d8f8ee87e0

7 years agoFix memory allocation loop 00/133500/4
Bartlomiej Grzelewski [Mon, 12 Jun 2017 10:14:19 +0000 (12:14 +0200)]
Fix memory allocation loop

Old implementation always exit loop after buffer resize without
any try to input data once again.

Change-Id: I6307748a6744e3d7677be140943220d4f1974aa7

7 years agoApply -fPIE and -pie flag to license-manager 96/134996/2
Dariusz Michaluk [Tue, 20 Jun 2017 10:50:30 +0000 (12:50 +0200)]
Apply -fPIE and -pie flag to license-manager

Change-Id: I7bf99eab5c89f2859ec62667842aa3a65482b8c2

7 years agoVerify if certificate CN entry is equal to pkgId. 57/134457/2
Dariusz Michaluk [Fri, 16 Jun 2017 11:54:39 +0000 (13:54 +0200)]
Verify if certificate CN entry is equal to pkgId.

Change-Id: I2f5465f4fd57e72956ae0c75146402d3c3d2ebe6

7 years agoRefactor error handling on app_defined_privilege/client_license table 27/133527/3
Dariusz Michaluk [Mon, 12 Jun 2017 14:54:46 +0000 (16:54 +0200)]
Refactor error handling on app_defined_privilege/client_license table

Change-Id: I7fc95510376b0f5e6136fad4b5914ec14f5e884e

7 years agoChange license-manager-agent uid/gid to security_fw 13/133513/3
Dariusz Michaluk [Mon, 12 Jun 2017 12:36:04 +0000 (14:36 +0200)]
Change license-manager-agent uid/gid to security_fw

Change-Id: Ic833a5406f88baf37717732346a79b7559ca6d22

7 years agoAccept null as appId during license extraction 78/132178/9
Bartlomiej Grzelewski [Thu, 1 Jun 2017 10:12:09 +0000 (12:12 +0200)]
Accept null as appId during license extraction

In non-hybrid application appId is not placed
inside smack label. Non-hybrid application could
not be idenitified. We can only retrieve its pkgId.

Change-Id: I52d35fab45dbf494dfc8a2de84c38d63d29b781d

7 years agoNew schema of database 28/131528/10
Bartlomiej Grzelewski [Mon, 29 May 2017 15:43:36 +0000 (17:43 +0200)]
New schema of database

non-hybrid application are identified with pkgId only.
New schema will allow to identify privilege license by
using pkgId instead appId.

Changes are applied to:
 * app_defined_privilege_view
 * client_license_view

Change-Id: Iae343b7fabb32a5a49957c362935eacc915390eb

7 years agoApply coding rules 87/132487/2
Bartlomiej Grzelewski [Mon, 5 Jun 2017 15:46:52 +0000 (17:46 +0200)]
Apply coding rules

Change-Id: Id8d0070851bd03ac94a86c8148bfe0dd35e87a58

7 years agoImplement certificate verification inside agent 06/129706/7
Bartlomiej Grzelewski [Wed, 17 May 2017 16:23:17 +0000 (18:23 +0200)]
Implement certificate verification inside agent

* Read certificate in PEM and DER format

Change-Id: Iccfa3778a8e8c3d07a258622c4985fea67a6095a

7 years agoImprove implementation of appdefined privilege API 66/130266/4
Bartlomiej Grzelewski [Fri, 19 May 2017 13:22:32 +0000 (15:22 +0200)]
Improve implementation of appdefined privilege API

* Remove deprecated attribute from security-manager API. Depracated
  attribute may cause build break in project compiled with -Werror flag.
* Add validation of license parameter in
      security_manager_app_inst_req_add_client_privilege
      security_manager_app_inst_req_add_app_defined_privilege
* Change function description in API

Change-Id: I03abb03a8d47a61d25cfe0ef91c14c0ddb9581dd

7 years agoRemove outdated 'CREATE INDEX + performance tests required' TODO 14/130214/3
Dariusz Michaluk [Fri, 19 May 2017 11:53:19 +0000 (13:53 +0200)]
Remove outdated 'CREATE INDEX + performance tests required' TODO

Although indexes are intended to enhance a database's performance,
they should not be used on small tables.
The tests have shown that there is no speed up on tables with 3k rows.

Change-Id: Id6ac9e6b47ef8978dacbcd1c2b71e8e6b9be02e2

7 years agosecurity-manager-cmd: add new option "manager-apps" for app install/uninstall 16/130916/1
Rafal Krypa [Wed, 24 May 2017 09:01:33 +0000 (11:01 +0200)]
security-manager-cmd: add new option "manager-apps" for app install/uninstall

Cmd previously supported only app installation (--install), but not removal.
The new option --manage-apps, in line with already existing --manage-users
will support both app installation and removal.
Old --install is kept for now for backward compatibility.

Change-Id: I20e589e8ff40b1d49a6409ee71bd9351e6140b69

7 years agoSupport security_manager_app_uninstall calling in off-line mode 15/130915/1
Rafal Krypa [Wed, 24 May 2017 09:58:28 +0000 (11:58 +0200)]
Support security_manager_app_uninstall calling in off-line mode

Change-Id: If3d2b9ee4d7e9dbfc0a5555743b542161a52d4ba

7 years agoRelease 1.2.19 68/130168/1 accepted/tizen/unified/20170519.200655 submit/tizen/20170519.102945 tizen_4.0.m1_release
jin-gyu.kim [Fri, 19 May 2017 09:15:11 +0000 (18:15 +0900)]
Release 1.2.19

Merge remote-tracking branch 'origin/appdefined' into tizen
Add core privilege: tee.client
Add core privilege: zigbee, zigbee.admin

Change-Id: I67e6c89fe707ff2fa39d6f2525d88ea7d7c8e68e

7 years agoAdd core privilege: zigbee, zigbee.admin 34/130134/1
Yunjin Lee [Fri, 19 May 2017 08:01:06 +0000 (17:01 +0900)]
Add core privilege: zigbee, zigbee.admin

Change-Id: I4dd5f172a5ca021a17949aa564877eb7c50883b0
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
7 years agoAdd core privilege: tee.client 66/130066/1
Yunjin Lee [Fri, 19 May 2017 04:22:34 +0000 (13:22 +0900)]
Add core privilege: tee.client

Change-Id: Ib06e59ba9bc0c15d510820c18a171eb73b6a9972
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
7 years agoMerge remote-tracking branch 'origin/appdefined' into tizen 55/129655/1
Bartlomiej Grzelewski [Wed, 17 May 2017 09:46:32 +0000 (11:46 +0200)]
Merge remote-tracking branch 'origin/appdefined' into tizen

Change-Id: Ie9e886dd62ef73830cab714aa9fe32f35d2e018a

7 years agoPrevent from collision with system privileges 42/129242/2 appdefined
Dariusz Michaluk [Mon, 15 May 2017 12:50:18 +0000 (14:50 +0200)]
Prevent from collision with system privileges

Change-Id: If307f2b4609d5af45126cdd1aac2e577d8ad5cac

7 years agoPrevent from saving empty license 66/129066/2
Bartlomiej Grzelewski [Fri, 12 May 2017 17:18:37 +0000 (19:18 +0200)]
Prevent from saving empty license

Change-Id: Ib89bf970c56d5f337a680334c432a1ec660e77bf

7 years agoExtend privilegeDb api 62/129062/2
Bartlomiej Grzelewski [Fri, 12 May 2017 15:46:34 +0000 (17:46 +0200)]
Extend privilegeDb api

The function will not directly inform caller if row was found in
database. In previous implmentation functions may return empty
string if row was not found in database. It could be translated as row
contained empty string or no row was found.

Change-Id: Id44a5337e2ceb53b35be914962e442e4b5aeec0f

7 years agoMerge remote-tracking branch 'origin/tizen' into appdefined 65/129065/1
Bartlomiej Grzelewski [Fri, 12 May 2017 16:58:00 +0000 (18:58 +0200)]
Merge remote-tracking branch 'origin/tizen' into appdefined

Change-Id: I1d8894b37ebb11aecb9a040548bfcc754f25587d

7 years agoBlock the possibility of privilege redefinition 24/128624/3
Dariusz Michaluk [Wed, 10 May 2017 14:12:44 +0000 (16:12 +0200)]
Block the possibility of privilege redefinition

Change-Id: I897915c799ab03ad93d8f9f191ecbd96da885f60

7 years agoTests for client license in db 44/128544/3
Dariusz Michaluk [Wed, 10 May 2017 09:42:46 +0000 (11:42 +0200)]
Tests for client license in db

Change-Id: I8b19fa8d40fc7e34820ee6b758e46a546a964ebc

7 years agoAdd serialization of tuple 57/128857/2
Bartlomiej Grzelewski [Thu, 11 May 2017 17:50:09 +0000 (19:50 +0200)]
Add serialization of tuple

Change-Id: I9f6f2855a6073b8493d531e381f880d70ab6c3cb

7 years agoPrepare database to store license 35/127535/6
Bartlomiej Grzelewski [Wed, 26 Apr 2017 13:38:55 +0000 (15:38 +0200)]
Prepare database to store license

Security-manager does not use license directly. Licenses
will be used by license-manager. Security manager just store
information about it's location and information about
dependencies between licenses and app defined privileges.

In current api both provider and client may store license.
License stored by provider should be treated more as a key
that will be used to verify signature stored as client license.

Change-Id: If54724aa7daf49be727aab67ac614047f035a05a

7 years agoPrepare API to support licensed privileges 54/128854/1
Bartlomiej Grzelewski [Thu, 11 May 2017 14:26:03 +0000 (16:26 +0200)]
Prepare API to support licensed privileges

Change-Id: I870ff76dc9fc8e5a2e53070a9deeab9ecba416f4

7 years agoRelease 1.2.18 63/127463/1 accepted/tizen/unified/20170508.153200 submit/tizen/20170508.021828
Tomasz Swierczek [Thu, 27 Apr 2017 10:02:32 +0000 (12:02 +0200)]
Release 1.2.18

* Adjust UT case T520_add_application_two_tizen_versions_to_same_package
* Adjust tests to boost 1.62
* Fix issues detected by SVACE
* Revert of changes related to privacy popups
* Do not show toast fail launch popup for white list app.
* Handle HW key input case from askuser popup.
* Adapt requirement names for askuser-notification to new naming
* Migrate existing application policy to use new ask-user policies
* Implement security_manager_prepare_app_privacy
* Add new API for handling privacy privileges during application launch
* Replace usage of Ask User plugin with Privacy Deny Plugin
* Change labelPaths logic for FOTA

Change-Id: I1ebe131cd04d9d5327e4c39a76d2bf4f5fe3f219

7 years agoAdjust UT case T520_add_application_two_tizen_versions_to_same_package 31/121731/3
Radoslaw Bartosiak [Tue, 28 Mar 2017 14:12:16 +0000 (16:12 +0200)]
Adjust UT case T520_add_application_two_tizen_versions_to_same_package

Adapt to a new change in security-manager that allows platform version
for an app to be changed during app upgrade, which was
introduced in commit: 942b8ffe8ddc07e4037abac2f69f3460ade8585d.

Change-Id: Ice783a7f5fa5e32df8fdcc3fcbabbab7717fc777
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoAdjust tests to boost 1.62 94/126994/5
Zofia Abramowska [Mon, 24 Apr 2017 10:35:09 +0000 (12:35 +0200)]
Adjust tests to boost 1.62

* Fix missing file
* Fix missing virtual methods
* Fix missing semicolons after macros
* Support boost version before 1.59
* Fix custom types printing
* Still support boost before 1.59 version

Change-Id: I872dff727aef3f4253e4995e36654ad93d1b979d

7 years agoFix issues detected by SVACE 74/123574/9
Piotr Sawicki [Thu, 6 Apr 2017 06:38:18 +0000 (08:38 +0200)]
Fix issues detected by SVACE

- Catch boost exceptions thrown by boost's program options parser.
- Fix a potential memory leak in CynaraAdmin::fetchCynaraPolicyDescriptions().
- Add and handle an additional exception type - UnlockFailed.

Change-Id: I22616e9a24ebe83a20ce5c4237f7fa9fc060c30c

7 years agoMerge remote-tracking branch 'origin/tizen' into appdefined 65/126665/3
Bartlomiej Grzelewski [Mon, 24 Apr 2017 13:39:13 +0000 (15:39 +0200)]
Merge remote-tracking branch 'origin/tizen' into appdefined

Change-Id: I5b808b2fc5d0dfa3c8eb45af2cd38ce8deeb0bad

7 years agoRevert of changes related to privacy popups 95/125895/1
Radoslaw Bartosiak [Wed, 19 Apr 2017 07:54:02 +0000 (09:54 +0200)]
Revert of changes related to privacy popups

1. Revert "Replace usage of Ask User plugin with Privacy Deny Plugin"
This reverts commit da9a01bddc86d7ff022e03865846ddf1a104859e.
2. Revert "Add new API for handling privacy privileges during application launch"
This reverts commit a260bb3bd0450c460c897790f7e02d41a143f7d5.
3. Revert "Implement security_manager_prepare_app_privacy"
This reverts commit 1bf8c3adf21b50a6c24f7c0246884cf389941c93.
4. Revert "Migrate existing application policy to use new ask-user policies"
This reverts commit d48e161b135a0efa523846376c0e58a3cd83903e.
5. Revert "Adapt requirement names for askuser-notification to new naming"
This reverts commit 8960cd5a6d83be490d3ff0a29ca385fe937cae25.
6. Revert "Handle HW key input case from askuser popup."
This reverts commit 1c21b22455b2bce914e88b248a62da6f6903f250.
7 .Revert "Do not show toast fail launch popup for white list app."
This reverts commit e87aca1aa591c561a0dadd5038c5811e50aecde6.

Change-Id: I66149a6e4d5cdbabe4ec673b5c936cd1ed717e1f
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoDo not show toast fail launch popup for white list app. 27/123127/2 privacy-popup-issue submit/tizen/20170405.143506
jin-gyu.kim [Tue, 4 Apr 2017 13:53:52 +0000 (22:53 +0900)]
Do not show toast fail launch popup for white list app.

- Toast fail launch popup is only allowed to non-white list app.

Change-Id: I606da84f4b65cebb6afd1f896d0b548ceaa62b47

7 years agoHandle HW key input case from askuser popup. 96/123096/4
jin-gyu.kim [Tue, 4 Apr 2017 11:03:25 +0000 (20:03 +0900)]
Handle HW key input case from askuser popup.

In case of HW key input, app should not be launched always.
Also, updating policy as DENY only for non-white list app.

Change-Id: I2956bc3b982a2ec68d9514e766366621530cfa27

7 years agoAdapt requirement names for askuser-notification to new naming 62/122862/1
Rafal Krypa [Mon, 3 Apr 2017 20:03:54 +0000 (22:03 +0200)]
Adapt requirement names for askuser-notification to new naming

- privacy-denied-plugins => askuser-plugins
- askuser-notification-ipc => askuser-notification

Change-Id: Ic735c1aaed9d21889032513dac5cb1585997cb5e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoMigrate existing application policy to use new ask-user policies 85/122485/3
Rafal Krypa [Fri, 31 Mar 2017 15:40:38 +0000 (17:40 +0200)]
Migrate existing application policy to use new ask-user policies

Migrate privacy manager policy:
- ask user => ASK_USER_LEGACY
- deny => PRIVACY_DENY

Change-Id: Icfeea3324c8d823d8a0065198b9a8c9329528be8
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoImplement security_manager_prepare_app_privacy 15/120915/7
Rafal Krypa [Fri, 31 Mar 2017 11:38:34 +0000 (13:38 +0200)]
Implement security_manager_prepare_app_privacy

Change-Id: I9467a359672f5a1e3147a92ae2eb282a1e643b26
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoAdd new API for handling privacy privileges during application launch 77/120677/7
Rafal Krypa [Thu, 23 Mar 2017 16:33:12 +0000 (17:33 +0100)]
Add new API for handling privacy privileges during application launch

New public function security_manager_prepare_app_privacy() to be called
by launcher. It will check application policy, generate pop-up if necessary,\
wait for user answer, modify policy accordingly and trigger toast message
if application launch has been prohibited.
The caller (launcher) should abort application launching if this function
returns an error.

Change-Id: Ia4b901cc409ccd8d695da8b53a0223bdb54c0cde
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoReplace usage of Ask User plugin with Privacy Deny Plugin 79/120879/6
Rafal Krypa [Fri, 31 Mar 2017 15:23:31 +0000 (17:23 +0200)]
Replace usage of Ask User plugin with Privacy Deny Plugin

Some legacy application does not support run-time popups correctly.
We need to replace run-time popups (ask about) with toast popup.
Toast popups are supported by Privacy Denied plugin.

Change-Id: I7ae8eebc0c23863d2618ed66238da0e5f395e944

7 years agoChange labelPaths logic for FOTA 94/118094/2
Radoslaw Bartosiak [Wed, 8 Mar 2017 17:24:59 +0000 (18:24 +0100)]
Change labelPaths logic for FOTA

pkgBasePath is labeled only if there is at least one path argument for labelPaths
that points to pkgBasePath.

Change-Id: I81763a8a38aa89700e87daf708a5e85c37b6dd20
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoRelease version 1.2.17 73/122073/1 accepted/tizen_common accepted/tizen_ivi accepted/tizen_mobile accepted/tizen_tv accepted/tizen_wearable accepted/tizen/common/20170331.152637 accepted/tizen/ivi/20170330.224836 accepted/tizen/mobile/20170330.224659 accepted/tizen/tv/20170330.224751 accepted/tizen/unified/20170330.224852 accepted/tizen/wearable/20170330.224816 submit/tizen/20170330.102312
jin-gyu.kim [Thu, 30 Mar 2017 05:50:12 +0000 (14:50 +0900)]
Release version 1.2.17

- Use %license macro to copy license file.
- Add "VALGRIND" build type
- Remove the redundant SharedRO SMACK rules.
- Unify method names in CynaraAdmin to pascal case
- Clean up cynara classes members names
- Free requests after processing them in cmd line tool
- Add missing ')' in cmd line tool usage description
- Allow version compatibility change during application upgrade
- Remove dependency between SM and DBUS
- Make it possible to use out-of-the-source build dir
- [Unit tests] for PrivilegeDb class - related to private path sharing
- Remove setting of CMAKE_C_FLAGS in the main CMakeLists.txt
- Fix inconsistent types error
- Log appId in case of errors in security_manager_prepare_app
- Remove setting of -DTIZEN_DEBUG_ENABLE compilation flag
- Remove unnecessary transaction rollback
- Remove empty lines from rules.merged file.
- Don't ignore errors in supplementary group setup during app launch preparation
- Fix thread synchronization in Cynara class

Change-Id: I47de688cd71fbee6ceb4bf7620a08c89c01c7a1c

7 years agoUse %license macro to copy license file. 97/121797/1
jin-gyu.kim [Wed, 29 Mar 2017 05:08:46 +0000 (14:08 +0900)]
Use %license macro to copy license file.

Change-Id: I64ef2355af0f3a2469931681150419df35bea884

7 years agoAdd "VALGRIND" build type 93/107893/4
Rafal Krypa [Fri, 30 Dec 2016 13:49:03 +0000 (14:49 +0100)]
Add "VALGRIND" build type

Separate build type specialized for debugging memory leaks.
Example usage with GBS for Tizen:
  $ gbs build --define "build_type VALGRIND"

Change-Id: I7e150609021508541427ff009fa28b97a6004daf

7 years agoRemove the redundant SharedRO SMACK rules. 34/111034/4
jin-gyu.kim [Thu, 19 Jan 2017 08:00:11 +0000 (17:00 +0900)]
Remove the redundant SharedRO SMACK rules.

- There was some redundant SharedRO SMACK rules.
- This change will give SharedRO rules only when pkg has shared folders.

Change-Id: Ic738c6bd49972de6a48d5ff18baa8360a92f22c0

7 years agoUnify method names in CynaraAdmin to pascal case 81/110281/3
Zofia Abramowska [Fri, 13 Jan 2017 13:47:39 +0000 (14:47 +0100)]
Unify method names in CynaraAdmin to pascal case

Change-Id: I42dbad2e0e0f54140036e2c5e8e53b9acd425d4b

7 years agoClean up cynara classes members names 80/110280/4
Zofia Abramowska [Fri, 13 Jan 2017 13:36:31 +0000 (14:36 +0100)]
Clean up cynara classes members names

Start member names with "m_" prefix and static member names with "s_".

Change-Id: I39c0e08981e797a188edd841c2c32c89f694d20c

7 years agoFix getPrivilegeProvider() implementation 95/119895/3
Dariusz Michaluk [Mon, 20 Mar 2017 11:36:04 +0000 (12:36 +0100)]
Fix getPrivilegeProvider() implementation

Check whether privilege is provided by a global application,
if it is not supplied by local application.

Change-Id: I630ae599df5f412447662ec505ddc2b8e817106b

7 years agoAdd logs to license-manager-agent 73/119573/1
Bartlomiej Grzelewski [Fri, 17 Mar 2017 08:39:58 +0000 (09:39 +0100)]
Add logs to license-manager-agent

Change-Id: I7f5709f98d3ba448e0ec39f9f5b4cfc419eef187

7 years agoSimple implementation of License Manager Agent 51/117851/3
Bartlomiej Grzelewski [Thu, 2 Mar 2017 13:35:42 +0000 (14:35 +0100)]
Simple implementation of License Manager Agent

This commit adds License Manager Agent daemon that will be responsible
for client/provider signature verification.

Change-Id: Ie78671311d679d800be0337ebe34f4afa6dfc799

7 years agoFree requests after processing them in cmd line tool 74/116974/4
Krzysztof Jackiewicz [Thu, 2 Mar 2017 07:24:07 +0000 (08:24 +0100)]
Free requests after processing them in cmd line tool

App installation and user management requests were not freed after their
processing is finished in security-manager-cmd. Pointers wrapped in
std::unique_ptr.

Change-Id: I689833dea78ccedb5aaac9267d3c0a06895f0568

7 years agoAdd API for getting privilege provider 93/118893/4
Dariusz Michaluk [Mon, 13 Mar 2017 14:12:18 +0000 (15:12 +0100)]
Add API for getting privilege provider

Change-Id: Ide1db72fc1338947dc6d8ce6c835dd5e42aad340

7 years agoAdd missing ')' in cmd line tool usage description 73/117073/2
Krzysztof Jackiewicz [Thu, 2 Mar 2017 13:28:28 +0000 (14:28 +0100)]
Add missing ')' in cmd line tool usage description

Change-Id: Iadbe5225f3eefd2048e0c5b17cdb1d643fd9181c

7 years agoFix buckets: aggregation of global and local instance privileges of an app 92/118092/3
Dariusz Michaluk [Wed, 1 Mar 2017 15:02:16 +0000 (16:02 +0100)]
Fix buckets: aggregation of global and local instance privileges of an app

Current Cynara bucket design has an issue of aggregation of privileges
of global and local instances of an applications,
meaning when app is installed both globally and locally it will gain a sum of it's privileges.

MANIFESTS bucket could be split into two:
MANIFESTS_GLOBAL - holding only rules for global applications (label * privilege ALLOW)
                   and redirections to second additional bucket
                   when applications is installed locally (label uid * bucket MANIFESTS_LOCAL)
MANIFESTS_LOCAL - have only local rules for local applications (label uid privilege ALLOW)
Both of them will have DENY by default.

Change-Id: Iba3da506fca570ca3e2147998d9012aa9e485b44

7 years agoAllow version compatibility change during application upgrade 97/118697/1
Rafal Krypa [Mon, 13 Mar 2017 15:28:28 +0000 (16:28 +0100)]
Allow version compatibility change during application upgrade

Security-manager should permit app installation request for cases where
the same app is already installed, but platform version for the app has
changed.

Change-Id: Ia8ffdc20c084b7ade18e3deeed6d17b081149a70
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoRemove dependency between SM and DBUS 35/116235/2
Bartlomiej Grzelewski [Thu, 23 Feb 2017 10:47:50 +0000 (11:47 +0100)]
Remove dependency between SM and DBUS

Dependency between SM and DBUS was required to avoid deadlock.
Problem was already solved in DBUS initilization code commit:
https://review.tizen.org/gerrit/#/c/115757/

Change-Id: I34d98d1a75eb004bce0da0d664a64de61b9ab66a

7 years agoFix database scheme 25/116325/1
Bartlomiej Grzelewski [Thu, 23 Feb 2017 16:51:22 +0000 (17:51 +0100)]
Fix database scheme

Old scheme was generating cartesian product from
app_defined_privilege and uid table. It should generate
one row for application installed by one user.

Change-Id: Ic01c82eac655a43aa6454d9e519c91d3699bfcfd

7 years agoApp defined privileges in bucket/db 06/115606/5
Dariusz Michaluk [Tue, 21 Feb 2017 17:03:37 +0000 (18:03 +0100)]
App defined privileges in bucket/db

Add/update/remove app defined privileges during app installation/deinstallation.

Change-Id: I1e6544e03346d792548c80164d32ef1655ea7452

7 years agoFix typo: privilige -> privilege 35/116035/1
Dariusz Michaluk [Tue, 21 Feb 2017 13:13:28 +0000 (14:13 +0100)]
Fix typo: privilige -> privilege

Change-Id: Ia1ec3f6921ea4371130057dbfaf94471eeb51d72

7 years agoTests for app defined privileges in db 06/114706/7
Dariusz Michaluk [Mon, 13 Feb 2017 12:27:20 +0000 (13:27 +0100)]
Tests for app defined privileges in db

Change-Id: I6b08cac6488f564a51443597b8ddd7c48e3124a2

7 years agoAdd support for app defined privileges in db 05/114705/7
Dariusz Michaluk [Thu, 9 Feb 2017 11:07:29 +0000 (12:07 +0100)]
Add support for app defined privileges in db

Change-Id: I4ecf0940fa3716bdfe104e45491d3dc4eac21049

7 years agosecurity_manager_app_inst_req_add_app_defined_privilege() API change 29/115329/4
Dariusz Michaluk [Fri, 17 Feb 2017 09:56:09 +0000 (10:56 +0100)]
security_manager_app_inst_req_add_app_defined_privilege() API change

Change-Id: I97e6a385da4116f4e1655077516fb5e9b3eb1638

7 years agoAdd license manager plugin for cynara 41/114041/2
Bartlomiej Grzelewski [Wed, 1 Feb 2017 09:59:19 +0000 (10:59 +0100)]
Add license manager plugin for cynara

Change-Id: I9938d38828ca125049b82b18ac33266eb410cf28

7 years agoMake it possible to use out-of-the-source build dir 99/111499/3
Lukasz Pawelczyk [Fri, 20 Jan 2017 17:28:40 +0000 (02:28 +0900)]
Make it possible to use out-of-the-source build dir

Autogenerated files should be installed from the CMAKE_BINARY_DIR
instead of the CMAKE_SOURCE_DIR. This makes it possible to use the
build directory that's outside the source one.

Change-Id: I516b47f75dabed03bbf8253ea8cacad6c1b5001f

7 years agoAdd appDefinedPrivileges to app install request 37/113737/1
Radoslaw Bartosiak [Tue, 31 Jan 2017 14:53:50 +0000 (15:53 +0100)]
Add appDefinedPrivileges to app install request

Change-Id: I5db74f68b485482266392deef2f64c29d27b8ae2
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoAdd APPDEFINED Cynara bucket 35/113735/1
Radoslaw Bartosiak [Fri, 27 Jan 2017 09:15:27 +0000 (10:15 +0100)]
Add APPDEFINED Cynara bucket

In order to support app-defined privileges and licence-manager
new bucket for storing these privileges is introduced.

Change-Id: I5e8cf96869489cd4f255efba31e37337e7925c74
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years ago[Unit tests] for PrivilegeDb class - related to private path sharing 38/105838/11
Radoslaw Bartosiak [Mon, 19 Dec 2016 16:32:48 +0000 (17:32 +0100)]
[Unit tests] for PrivilegeDb class - related to private path sharing

     1) Split tests from test_privilege_db.cpp into smaller files.
     2) Add functions for test parameters creation (reduce the number
        of local parameters in the tests.
     3) Add test for src/common/include/privilege_db.h functions:
     GetPathSharingCount, GetOwnerTargetSharingCount,
     GetTargetPathSharingCount, ApplyPrivateSharing, DropPrivateSharing,
     GetAllPrivateSharing, GetPrivateSharingForOwner,
     GetPrivateSharingForTarget, SquashSharing, ClearPrivateSharing.

Change-Id: I930d34589ddb27420e2700d6dac4bdd244b83cfb
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoRemove setting of CMAKE_C_FLAGS in the main CMakeLists.txt 29/108029/3
Rafal Krypa [Mon, 2 Jan 2017 09:37:42 +0000 (10:37 +0100)]
Remove setting of CMAKE_C_FLAGS in the main CMakeLists.txt

This is a C++-only project that never included any C code.
Setting CFLAGS in CMake is a pure clutter.

Change-Id: I580decb504f670476342d45d35fb31a43e30a508
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoFix inconsistent types error 82/111982/1
Radoslaw Bartosiak [Wed, 25 Jan 2017 07:39:26 +0000 (08:39 +0100)]
Fix inconsistent types error

'lib_retcode' and 'int' both deduced for lambda return type caused buildbreak

Change-Id: Ic325edc33714853ca7c23e50e865c20c2c2e6fe4
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
7 years agoLog appId in case of errors in security_manager_prepare_app 68/108068/3
Rafal Krypa [Mon, 2 Jan 2017 15:12:35 +0000 (16:12 +0100)]
Log appId in case of errors in security_manager_prepare_app

When security_manager_prepare_app fails, the launcher that called this
function is supposed to treat it as serious error and stop further
application launching. Security-manager logs error description, but it
didn't include appId in the logs.

Change-Id: Iefdd398ba32c9f16bde2c011abea31949da41b6b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoRemove setting of -DTIZEN_DEBUG_ENABLE compilation flag 28/108028/3
Rafal Krypa [Mon, 2 Jan 2017 11:05:28 +0000 (12:05 +0100)]
Remove setting of -DTIZEN_DEBUG_ENABLE compilation flag

This is a legacy flag inherited from security-server code base.
Nothing in the code uses it.

Change-Id: I86208743ea25b92f4a0612f7f94ea12ed7419ca4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoRemove unnecessary transaction rollback 28/110628/3
Krzysztof Jackiewicz [Tue, 17 Jan 2017 08:16:13 +0000 (09:16 +0100)]
Remove unnecessary transaction rollback

Scoped transaction guarantees that changes will be rolled back in case of
exception. No need for another rollback.

Change-Id: If199dde2fb1c1cc19b4af710b6ebba2023e33eaa

7 years agoRemove empty lines from rules.merged file. 69/108269/2
Bartlomiej Grzelewski [Tue, 3 Jan 2017 17:36:54 +0000 (18:36 +0100)]
Remove empty lines from rules.merged file.

In some narrow case:
 * file have size of page_size+1
 * file ends with combination "\n\n"
kernel returns error during rules loading.

Change-Id: I6f24b76224c7b013c93003e8d0d6738b665c6949

7 years agoDon't ignore errors in supplementary group setup during app launch preparation 36/93436/3
Rafal Krypa [Mon, 24 Oct 2016 09:07:53 +0000 (11:07 +0200)]
Don't ignore errors in supplementary group setup during app launch preparation

API function security_manager_prepare_app calls several steps for setting
up application context. One of the steps, setting supplementary groups
based on application privileges, was allowed to fail. In such case
the function logged warning but proceeded ignoring the error.

This was introduced as a work-around for easier security-manager integration
on the platform. Back then, we had a platform that didn't register applications
in security-manager and tried to launch them. To allow such case temporarily,
security-manager tried to launch app even if it wasn't present in database.

This is no longer the case. All applications should be properly registered
in security-manager database prior to launching. And if they aren't, launching
will fail on another step that was added later.
Security-manager should not longer ignore errors and skip steps in
security_manager_prepare_app.

Change-Id: I07b49a40db93830b46137502f7743b6b95ad7fd5
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoFix thread synchronization in Cynara class 55/109955/3
Rafal Krypa [Wed, 11 Jan 2017 13:13:36 +0000 (14:13 +0100)]
Fix thread synchronization in Cynara class

Pass changes to cynaraFd and fd events to be polled via atomic variables
and over atomic_thread_fence to properly propagate changes to these
values between checking threads and communication thread.

Change-Id: I9b41a0f8e40365bc30cdd47ed04be8727521476e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
7 years agoRelease version 1.2.16 77/111577/2 accepted/tizen/common/20170123.182157 accepted/tizen/ivi/20170123.114031 accepted/tizen/mobile/20170123.113939 accepted/tizen/tv/20170123.113955 accepted/tizen/unified/20170309.033943 accepted/tizen/wearable/20170123.114014 submit/tizen/20170123.035947 submit/tizen_unified/20170308.100409
jooseong lee [Mon, 23 Jan 2017 01:57:12 +0000 (10:57 +0900)]
Release version 1.2.16

- Fix in generateAppPkgNameFromLabel implementation
- [Unit tests] Add test for src/common/include/smack-labels.h
- [Unit tests] Add test for src/common/include/smack-rules.h
- Remove default dependency in cleanup service

Change-Id: I7c907b3181bf0764899481530216a20e306fe2f5
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
7 years agoRemove default dependency in cleanup service 76/111576/2
Sunmin Lee [Mon, 23 Jan 2017 01:39:19 +0000 (10:39 +0900)]
Remove default dependency in cleanup service

Although security-manager-cleanup.service is installed
at sysinit.target.wants, it has a dependency on basic.target.
It would cause undesirable dependency between sysinit and basic target.

Change-Id: I44a4a151fd247cbe9b182f657c0dd21af3cf5ce4
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
7 years ago[Unit tests] Add test for src/common/include/smack-rules.h 64/107764/8
Dariusz Michaluk [Wed, 28 Dec 2016 12:23:20 +0000 (13:23 +0100)]
[Unit tests] Add test for src/common/include/smack-rules.h

Change-Id: I5f3816c7559465c8a59a06d47c7ded51ef69b1ed

7 years ago[Unit tests] Add test for src/common/include/smack-labels.h 63/107763/5
Dariusz Michaluk [Mon, 19 Dec 2016 13:19:10 +0000 (14:19 +0100)]
[Unit tests] Add test for src/common/include/smack-labels.h

Change-Id: I2cfdf300490509c77a6b65e11abf0b13aa4f951b

7 years agoFix in generateAppPkgNameFromLabel implementation 47/109547/2
Dariusz Michaluk [Tue, 10 Jan 2017 09:37:46 +0000 (10:37 +0100)]
Fix in generateAppPkgNameFromLabel implementation

appName is not overwritten in case of non-hybrid apps.

Change-Id: I3063c10281ec3afcccbcca097076cd0f87936f6b

7 years agoRelese version 1.2.15 52/110752/1
jooseong lee [Wed, 18 Jan 2017 01:03:56 +0000 (10:03 +0900)]
Relese version 1.2.15

- Split service cleanup in two parts to prevent std::terminate
- Use real path of skel dir

Change-Id: I95dcc4b4afc351f2de1e94e4b3b0d14f13812f72
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
7 years agoUse real path of skel dir. 15/110415/4
jin-gyu.kim [Mon, 16 Jan 2017 10:08:19 +0000 (19:08 +0900)]
Use real path of skel dir.

- Real path of skel dir can be diffrent based on target types.
- Convert skel dir in getSkelPkgDir to the real path.
- Add error handling in getSkelPkgDir

Change-Id: Ifdd94a07f69da091a8f07b7fd55223fd157284b6

7 years agoSplit service cleanup in two parts to prevent std::terminate 74/110474/3
Krzysztof Jackiewicz [Mon, 16 Jan 2017 15:37:44 +0000 (16:37 +0100)]
Split service cleanup in two parts to prevent std::terminate

If ServiceThread is being destroyed and it's about to process an event (the
service thread popped an event from m_eventQueue) it may lead to calling a
virtual function on a partially destroyed object.

Thread cleanup has been separated from ServiceThread destructor to avoid such
situations.

Change-Id: I31f08d18a72b597002063619bd2e84a5a1da0899

7 years agoRelese version 1.2.14 79/110279/1 accepted/tizen/3.0/common/20170118.130734 accepted/tizen/3.0/ivi/20170118.042542 accepted/tizen/3.0/mobile/20170118.042450 accepted/tizen/3.0/tv/20170118.042515 accepted/tizen/3.0/wearable/20170118.042529 accepted/tizen/common/20170116.181531 accepted/tizen/ivi/20170117.053526 accepted/tizen/mobile/20170117.053439 accepted/tizen/tv/20170117.053455 accepted/tizen/wearable/20170117.053508 submit/tizen/20170116.051423 submit/tizen_3.0/20170115.225845
Tomasz Swierczek [Fri, 13 Jan 2017 13:20:13 +0000 (14:20 +0100)]
Relese version 1.2.14

- Add missing exception handler for TizenPlatformConfig
- Add support for blacklist privileges using policy manager
- Wake up Cynara async thread from statusCallback
- Make sure transaction is rolled back in case of error

Change-Id: I63601e59b3ca7f2857f2ec2aa88161910e98b7d5

7 years agoAdd missing exception handler for TizenPlatformConfig 29/108629/6
Krzysztof Jackiewicz [Thu, 5 Jan 2017 08:36:33 +0000 (09:36 +0100)]
Add missing exception handler for TizenPlatformConfig

Change-Id: I97f58249c3d3b9df99aa14623252c597ae5f6e3a

7 years agoAdd support for blacklist privileges using policy manager 96/108496/13
Krzysztof Jackiewicz [Wed, 4 Jan 2017 14:34:21 +0000 (15:34 +0100)]
Add support for blacklist privileges using policy manager

Privilege privacy status (& default policy) now relies also on UID and application.
This patch introduces integration with privilege-checker API that allows to check
privilege status in context of these attributes.

Change-Id: I8bf25cf708ed21a7af9cc047f01fff3ff8410dcc

7 years agoWake up Cynara async thread from statusCallback 72/109772/2
Rafal Krypa [Wed, 11 Jan 2017 08:38:52 +0000 (09:38 +0100)]
Wake up Cynara async thread from statusCallback

Until now the thread handling communication with Cynara was woken up
when new check was prepared for sending because cynara_async_create_request
was expected to trigger statusCallback. When new data is prepared for
sending to Cynara service, statusCallback requests that the cynara descriptor
must be polled for writing and when it's ready, cynara_async_process will
send the data to socket.

But since Cynara release 0.12.0, cynara_async_check_cache may also trigger
a statusCallback. This is because of underlying monotir entries and their
periodic flush to Cynara service. This behavior of Cynara is not documented.

To make sure that security-manager will restart polling of Cynara socket
each time after statusCallback is triggered, the callBack itself will now
take care of waking up the thread responsible for communication with Cynara.

Change-Id: I8f9bf323166fccd97612dd85ec35c9befe5d00f9
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>