Krzysztof Jackiewicz [Mon, 19 Dec 2016 11:03:28 +0000 (12:03 +0100)]
Fix memory leak in CynaraAdminPolicy move operator
Free strings allocated in "this" object when another one is moved to it.
Provide default destructor to avoid unnecessary allocation/frees.
Change-Id: I9f3658102db33eca19fff07e0cb04d47c26ca195
jooseong lee [Wed, 14 Dec 2016 02:26:04 +0000 (11:26 +0900)]
Release version 1.2.12
-Allow privileged caller to configure privacy manager for other users
Change-Id: I38acd5508439a0aceb9cc1e7752064518b89e9ea
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Rafal Krypa [Tue, 13 Dec 2016 13:42:12 +0000 (14:42 +0100)]
Allow privileged caller to configure privacy manager for other users
When policy update is sent with security_manager_policy_update_send(),
the policy record type determines target Cynara bucket. For policies
targeted at privacy manager bucket, privileged caller might want to
set policies for other users.
This is now allowed if the caller has proper privilege.
Change-Id: Ibcf13a1d6a7e4b2b965f1d0ca7599e65ee8b616c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
jin-gyu.kim [Tue, 13 Dec 2016 08:55:02 +0000 (17:55 +0900)]
Release version 1.2.11
Change-Id: Ib51bc77625b73f4cbb6b7b3edfd4a1285cf69c15
jin-gyu.kim [Tue, 13 Dec 2016 04:51:09 +0000 (13:51 +0900)]
Map email privilege to priv_email
Change-Id: Ia61fae319b4d196891af503b8488581babd53fb6
jooseong lee [Fri, 9 Dec 2016 02:06:46 +0000 (11:06 +0900)]
Release version 1.2.10
- Add transmute rule between non-hybrid app and RW path
Change-Id: I623d615edff86a1029a8f393bd0fc8236450da1d
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Zofia Abramowska [Wed, 7 Dec 2016 10:23:36 +0000 (11:23 +0100)]
Add transmute rule between non-hybrid app and RW path
After app process label refactoring there were no more
rule for transmute between label of app process and
label of path RW for non-hybrid (because labels were
the same). This introduced problem with transmute
inheritance : main app directory had transmute,
but it wasn't inherited by subdirectories.
This commit brings back rule between app process label
and path RW label even when both labels are the same.
Also proper policy migration is created, so already
installed apps have this rule also generated.
Change-Id: I98a34a29b2c2490d1dcafd43a117b509a763d72e
jooseong lee [Wed, 7 Dec 2016 04:30:41 +0000 (13:30 +0900)]
Release version 1.2.9
- Properly handle case of unknown "Ask user" policy
Change-Id: I2d58cd7d4d0fabef3649dc0ebed6f235305c183a
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Krzysztof Jackiewicz [Tue, 6 Dec 2016 08:14:49 +0000 (09:14 +0100)]
Properly handle case of unknown "Ask user" policy
If askuser plugin is not registered in cynara (as in case of headless image)
CynaraAdmin::convertToPolicyType() couldn't find the policy type and was
throwing an exception.
In such cases security-manager will catch the exception and skip the code
related to askuser.
Change-Id: Ie2182a0936e62594a91bcdf22c39997ef9a65f9f
jooseong lee [Mon, 5 Dec 2016 02:16:39 +0000 (11:16 +0900)]
Release version 1.2.8
- Add new parameter of isPrivacy function - pkgName
Change-Id: Ic0ca86b1ef365334a96d007e9ec3942634522035
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Kidong Kim [Fri, 2 Dec 2016 10:46:46 +0000 (19:46 +0900)]
Add new parameter of isPrivacy function - pkgName
The preloaded application should have all privacy related privileges
except location privilege.
So privilege-checker will manage whitelist of preloaded package names
and package name should be stored in isPrivacy function.
This is work-around patch.
Change-Id: I3ded5561fe003bb4ca95dfa9ef87965ef39d1d04
Signed-off-by: Kidong Kim <kd0228.kim@samsung.com>
Bartlomiej Grzelewski [Thu, 1 Dec 2016 13:53:47 +0000 (14:53 +0100)]
Release version 1.2.7
- Fix in GetGroups implementation
- Add security_manager_shm_open
Change-Id: I4dd790362bbd9f14a54bfae22ef10c3a91a6dff7
Radoslaw Bartosiak [Tue, 29 Nov 2016 09:24:45 +0000 (10:24 +0100)]
[Unit tests] for PrivilegeDb class - related to privileges
Add test for src/common/include/privilege_db.h:
- GetGroups
- GetGroupsRelatedPrivileges
Change-Id: I877c5ea155855b2ad128cd86bffd215d067eace1
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Tue, 22 Nov 2016 09:47:00 +0000 (10:47 +0100)]
Fix in GetGroups implementation
SQL query is changed in order to return group only once.
Change-Id: Ibaec3ea6033544f35ebe67beec056580bcbea373
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Wed, 9 Nov 2016 11:01:20 +0000 (12:01 +0100)]
[Unit tests] for PrivilegeDb class - related to app add/remove
Add test for src/common/include/privilege_db.h
Change-Id: I66007e0170a290f958bb8070caa3c5f42a0dc599
signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Tue, 25 Oct 2016 08:13:07 +0000 (10:13 +0200)]
Use recently introduced ClientRequest class in security_manager_shm_open
Use helper class for client communication with service instead of manual
Serialize/sendToServer/Deserialize.
Change-Id: Ia18a9caa03e0f1626487c1048ba5b629fd8109b7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Bartlomiej Grzelewski [Mon, 13 Jun 2016 10:06:19 +0000 (12:06 +0200)]
Add security_manager_shm_open
This function will create file that may be used
by shm_open and mmap functions. If the file
exists noting is done.
Change-Id: Ifdfdf15df96fb67faa4340d113445527c77ba60f
Bartlomiej Grzelewski [Mon, 13 Jun 2016 10:05:46 +0000 (12:05 +0200)]
Modify SmackLabels module
Added:
* getSmackLabelFromFd - extracts smack label from file descriptor
* setSmackLabelForFd - sets smack label for file connected with fd
Modify:
* pathSetSmack - use libsmack instead of lsetxattr
Change-Id: Ia5ceda42afc98dde0c8b7db2c0d0a0827efc4fa2
Radoslaw Bartosiak [Thu, 22 Sep 2016 11:49:24 +0000 (13:49 +0200)]
Cleanup: Usage of pragma once instead guard names in headers
Additionally: fixes in @files, remove of multiple newlines at EOF
Change-Id: I58d8b1e11fbc4709dc61229ea6e83098217c67dd
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Wed, 19 Oct 2016 07:47:28 +0000 (09:47 +0200)]
Use new libsmack function smack_new_label_from_process
Drop custom implementation of fetch Smack label from a running process.
Replace it with libsmack function smack_new_label_from_process, introcuded
in version 1.3.0 of the library.
Change-Id: If90845c565c47980f8b4b407b0b19906a957372e
Radoslaw Bartosiak [Fri, 18 Nov 2016 11:18:41 +0000 (12:18 +0100)]
Remove unused local variables in service_impl.cpp
Change-Id: I56fa74d7e338419375f1d1cb0f4fdb5f937eb792
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Mon, 24 Oct 2016 13:39:43 +0000 (15:39 +0200)]
Fix GetUserType function
Add lacking support for SM_USER_TYPE_SECURITY
Change-Id: I9f51d9d7bc4f3c59ae2fcf48eb17a9952787a024
jooseong lee [Fri, 11 Nov 2016 06:03:50 +0000 (15:03 +0900)]
Release version 1.2.6
- Fix sigaction() on x86_64 arch
- Add 'l' permission to sharedRO Smack rule
Change-Id: I762b2c0d73c2fe7914ef5662a98d24a183c5c57e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Thu, 10 Nov 2016 05:16:08 +0000 (14:16 +0900)]
Add 'l' permission to sharedRO Smack rule
DB in shared/data cannot be accessed by other applications.
File lock permission is also needed.
Change-Id: I90f05fabfa2e4a62df8a3e1c40a48c341ecb86f2
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Dariusz Michaluk [Tue, 8 Nov 2016 14:56:53 +0000 (15:56 +0100)]
Fix sigaction() on x86_64 arch.
If sa_restorer is not set, kernel will lead to segmentation fault.
In other arch, if sa_restorer is not set, kernel can do the correct work.
Change-Id: I8b2486282284c806aafc8410cbf699599f929753
jooseong lee [Tue, 8 Nov 2016 01:24:36 +0000 (10:24 +0900)]
Release version 1.2.5
- Fix build break on 64 bits architectures.
Change-Id: I08c8d4a67164f125baa1b69ea275ae6d6ea34f92
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Dariusz Michaluk [Wed, 2 Nov 2016 13:36:32 +0000 (14:36 +0100)]
Fix build break on 64 bits architectures.
- error: 'SYS_sigaction' was not declared in this scope
Aarch64/x64 is missing the "SYS_sigaction" definition.
Replace "SYS_sigaction" used in thread synchronization code with "SYS_rt_sigaction".
- error: invalid cast from type 'SecurityManager::IStream' to type 'long unsigned int'
revert to previous implementation
Change-Id: I58041f66c988934d5577daf7a574bb7b9a2b394a
jooseong lee [Tue, 1 Nov 2016 06:07:04 +0000 (15:07 +0900)]
Release version 1.2.4
- Enable security-manager support for starting without systemd
Change-Id: I73916efcb2fc54de991001eb387c601c40f4d5ed
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Tue, 1 Nov 2016 05:07:01 +0000 (14:07 +0900)]
Enable security-manager support for starting without systemd
Create socket memually if a socket is not provided by systemd.
Change-Id: Iab565644988f7e6551922810b9043217fd2f4cc7
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Mon, 24 Oct 2016 04:28:56 +0000 (13:28 +0900)]
Release version 1.2.3
- Update policy set for 'security' user type
- Cleanup Fix ListUsers parameter description
- SM : Unify Smack rules of System access to application
- Use smack_check() helper function instead of manually calling libsmack
- Provide proper placeholder file for global apps-labels
- Don't hard-code /usr/share directory in FOTA script
- Add FOTA script for security-manager policy update
- Use SIGSETXID for security synchronization across threads
- [Unit tests] for FileLocker class
- Fix retrieving of current process credentials for off-line client
- Extend ClientOffline
- client: extract common code for communication with service
- Improve handling of uncaught exceptions in client library
- server: add missing linking against pthread
- Treat web only privilege as core privilege
Change-Id: Ibd5252fe49d236b8caff1ed1eb66c8996aee9acb
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Yunjin Lee [Wed, 28 Sep 2016 01:30:12 +0000 (10:30 +0900)]
Treat web only privilege as core privilege
refer to https://review.tizen.org/gerrit/#/c/88685/
Change-Id: I27c0a9c1b7390cec52af5a65ff679f9ea29ae16d
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Rafal Krypa [Fri, 21 Oct 2016 08:05:02 +0000 (10:05 +0200)]
server: add missing linking against pthread
Server code uses pthread_sigmask() function but we never had explicitly
linked it against pthread library.
Fixing this in CMake for the server component.
Change-Id: I0c8a43a0fe26a00aa7848b539044dcc62bb67eb8
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 21 Oct 2016 07:45:54 +0000 (09:45 +0200)]
Improve handling of uncaught exceptions in client library
For easier debugging of unexpected client behaviour where an unexpected
exception is caught in try_cacth wrapper, make the following enhancements:
- Catch all SecurityManager::Exceptions instead of letting them to be
caught by last resort "catch(...)". This will enable proper error messages.
- Print the information about unexpected exception to stderr of the caller.
Change-Id: I67edc718daa89023d5844e31f52b745257914e1f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 21 Oct 2016 08:14:57 +0000 (10:14 +0200)]
client: extract common code for communication with service
Instead of repeating the same code pattern in every client function,
extract it into ClientRequest class, that will handle communication with
service.
Change-Id: I5f3d23fea9b01c8378074b758c30971978dd0ac3
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Bartlomiej Grzelewski [Wed, 20 Jul 2016 11:35:33 +0000 (13:35 +0200)]
Extend ClientOffline
Two security-manager functions will be used by systemd. This functions
must not wake up security-manager service because it will cause
deadlock.
Change-Id: Id83256df9ee282285522db513304b2f4240e18fd
Rafal Krypa [Thu, 20 Oct 2016 16:32:04 +0000 (18:32 +0200)]
Fix retrieving of current process credentials for off-line client
Try to work even if fetching Smack label of current process fails in
off-line client mode. In most cases it won't be needed anyway.
It is needed for proper image building by mic. When mic is run on system
that doesn't support Smack natively (e.g. developer's workstation), fetching
process Smack label will fail. Somehow it managed to work despite that
problem until now, but libsmack 1.3.0 has better checks in function
smack_new_label_from_self, validating the label before sending it to the
caller.
Change-Id: I3a96851cab5e71bde749c68413b967571690e162
Radoslaw Bartosiak [Mon, 19 Sep 2016 12:49:29 +0000 (14:49 +0200)]
[Unit tests] for FileLocker class
1) Add test directory for unit test using Boost.Test
2) Add tests for common/include/file-lock.h
Change-Id: Ic0151fa228045d53d6c202416e5f718f1f843b42
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Tue, 27 Sep 2016 13:27:12 +0000 (15:27 +0200)]
Use SIGSETXID for security synchronization across threads
Hijack NPTL's special signal SIGSETXID for synchronization of Smack labels
and capabilities across threads. Glibc implementation of NPTL uses this
signal number for similar purpose, when synchronizing UIDs and groups.
Glibc functions for signal manipulation doesn't allow programs to utilize
SIGSETXID. Attempting to do that causes the function to return EINVAL.
The good side of this is that every thread should have this signal unmasked.
This solves the problem we had with threads not receiving our synchronization
signal because they have masked all signals previously.
The bad side is that security-manager cannot use glibc sigaction() to set
custom signal handler for SIGSETXID. A bare call to syscall() function must
be used instead.
Change-Id: Ib1b28bb27d981601d6a002a896fb5823e6367ecc
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 11 Oct 2016 11:59:37 +0000 (13:59 +0200)]
Add FOTA script for security-manager policy update
The policy migration script was called only in rpm %post section. But FOTA
is not based on RPM packages, so the script must be also included in FOTA
script dir.
Change-Id: I4d8b627734439cb427380aa0fac5886d487c1656
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 11 Oct 2016 11:56:56 +0000 (13:56 +0200)]
Don't hard-code /usr/share directory in FOTA script
Use TZ_SYS_RO_SHARE variabe from tizen-platform.conf instead of the hard-
coded directory.
Change-Id: I46539a5a050e74ee81eb3fe0eee2545b3a18ce50
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 12 Oct 2016 06:39:28 +0000 (08:39 +0200)]
Provide proper placeholder file for global apps-labels
In commit 16e879b, security_manager_monitor implementation has changed,
passing application labels from service to client instead of application
names. Internal files for passing that information were renamed to reflect
that change (apps-names => apps-labels). But the empty placeholder created in
the spec file remained unchanged.
Change-Id: Iadca1c67c353b9fbc4c2a912f753a2de5d9cd906
Rafal Krypa [Fri, 30 Sep 2016 09:36:27 +0000 (11:36 +0200)]
Use smack_check() helper function instead of manually calling libsmack
The smack_check() helper provides functionality for checking whether Smack
is available on the platform. It properly wraps libsmack check function and
remembers the result in static variable.
Use it where applicable, replacing custom checks.
Change-Id: Ie8ee27c700831c4fea8a8d837271f2604ca0b588
Mateusz Forc [Thu, 6 Oct 2016 12:47:27 +0000 (14:47 +0200)]
SM : Unify Smack rules of System access to application
Please test with : https://review.tizen.org/gerrit/#/c/91931/
Change-Id: If94b6d719d5404965c8bbcec9598d35cb30e4526
Radoslaw Bartosiak [Thu, 29 Sep 2016 12:56:25 +0000 (14:56 +0200)]
Cleanup Fix ListUsers parameter description
ListUsers does not clear the output vector.
Change-Id: Ibc9c9693d05c068d82f60734ea690f811474fa41
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
jooseong lee [Tue, 11 Oct 2016 01:54:58 +0000 (10:54 +0900)]
Update policy set for 'security' user type
Deprecated privileges
- http://tizen.org/privilege/dpm.settings
- http://tizen.org/privilege/vpnservice.admin
New privileges
- http://tizen.org/privilege/fido.client
http://tizen.org/privilege/internal/service
Change-Id: I07a9d3443a756a4055fe2bbb56b542a98d2937f4
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Seongwook Chung [Mon, 10 Oct 2016 00:51:27 +0000 (09:51 +0900)]
Release version 1.2.2
- Add packagemanager.info privilege for 'User::Shell' domain
- Limit number of sql queries during installation
- Explicitly instantiate LogSystemSingleton
- PrivilegeDb: Add getting packages installed for user
- ServiceImpl: Optimize generating package process labels
- Remove Cynara singleton
- PermissibleSet: Remove PrivilegeDb usage
- Remove PrivilegeDb singleton
- Remove CynaraAdmin singleton
Change-Id: Iad4cc0b5d5b454a61b323e025f20d55b0dbe7211
Signed-off-by: Seongwook Chung <seong.chung@samsung.com>
Zbigniew Jasinski [Fri, 7 Oct 2016 16:36:53 +0000 (18:36 +0200)]
Remove CynaraAdmin singleton
Change-Id: Ib13d1a8306f2abd8bcf40765185a079840edaf11
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Zbigniew Jasinski [Fri, 7 Oct 2016 16:24:37 +0000 (18:24 +0200)]
Remove PrivilegeDb singleton
Change-Id: Iabec786bdcbb403af0b4d402b96509f90c17f9f3
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Zofia Abramowska [Fri, 7 Oct 2016 15:41:53 +0000 (17:41 +0200)]
PermissibleSet: Remove PrivilegeDb usage
Change-Id: I34a33ef2f80c9c02e9bdc41e9535632b9ab76f99
Zofia Abramowska [Fri, 7 Oct 2016 09:53:26 +0000 (11:53 +0200)]
Remove Cynara singleton
Change-Id: Ia7aee968e142639373d1b9bc146b8162673504ba
Zofia Abramowska [Fri, 7 Oct 2016 14:53:38 +0000 (16:53 +0200)]
ServiceImpl: Optimize generating package process labels
Change-Id: If4edb2621d73e178e9009e0d5c25829bbab87157
Zofia Abramowska [Fri, 7 Oct 2016 14:50:13 +0000 (16:50 +0200)]
PrivilegeDb: Add getting packages installed for user
Change-Id: I6be6d8b438918408df20d12b34204e10a0ca750e
Krzysztof Jackiewicz [Thu, 29 Sep 2016 12:25:16 +0000 (14:25 +0200)]
Explicitly instantiate LogSystemSingleton
To guarantee that a template class is instantiated only once it has to be
instantiated explicitly. This should solve the problem with "doubletons". Also,
it makes logs from libsecurity-manager-commons library visible.
Change-Id: I45bc6d6330a7ff27bacf9dfdfcd6a24f1e1225bf
Krzysztof Jackiewicz [Fri, 30 Sep 2016 09:56:53 +0000 (11:56 +0200)]
Limit number of sql queries during installation
Change-Id: Iaad44912ae806544822d26f66add6ce8f0908d0b
jooseong lee [Fri, 7 Oct 2016 08:02:57 +0000 (17:02 +0900)]
Add packagemanger.info privilege for 'User::Shell' domain
Shell process requires packagemanger.info privilege to debug
native applications.
Change-Id: I93e643b50694fb21778063f5fa512908929ee864
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Rafal Krypa [Wed, 28 Sep 2016 16:54:33 +0000 (18:54 +0200)]
Release version 1.2.1
- Change the way of app process label generation
- Update default policy for new domain('User::Shell')
Change-Id: Idad431f3857a936b0ee8c0d2be2f5f0d89205d50
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 29 Sep 2016 13:27:04 +0000 (15:27 +0200)]
Migrate security policy after app labeling schema changed
Adapt existing security policy to patch
5b9adf81 (Change the way of app
process label generation).
Migrate existing policy to support package upgrade:
- modify existing Cynara policy
- modify existing Smack rules for applications
Change-Id: I3d75afe4da2f58040657c01c44a7d57e986332d2
Rafal Krypa [Thu, 29 Sep 2016 13:26:48 +0000 (15:26 +0200)]
Fix policy versioning mechanism
The policy versioning must properly handle two scenarios:
- initial install of security-manager-policy package - mostly happening during
image build
- upgrade of security-manager-policy package - mostly happening during
development
To keep information about policy version, we have the file in
%{TZ_SYS_VAR}/security-manager/policy-version. Update script will check the
current value of policy version and apply appropriate update.
But during image build, the entire policy will be provided in desired version
at once, so the package must provide final version value to the configuration
file.
Previous mechanism had a flaw that preveted update scripts from running in both
scenarios. Configuration files marked as %config(noreplace) in RPM spec file
aren't overwritten with a new version during package upgrade, but there is an
exception for that rule. If the configuration file wasn't modified on disk, the
new file from upgraded package will overwrite the old one. And the policy update
script is run from %post section, when all files from the new package are
already unpacked.
To solve the above problem, a modified version upgrade is provided:
- security-manager-policy will provide an empty policy-version file as
%config(noreplace). The contents of this file in the package will not change
- policy update script will check the version file:
* if it's not empty, the script will apply relevant migration updates and
write higher version to the file (supporting package upgrade scenario)
* if it's empty, the script will write there latest available version number,
without actually applying the updates (supporting image build scenario)
Additionally, to fix the previous versioning schema, if the policy-version file
exists and is not-empty (package upgrade) and equal to 1, special actions will
be taken to handle security-manager-policy upgrade from version 1:
- the policy-version file will be modified by %pre script to put "0" value in it
Thanks to this step, an upgrade from policy version 1 will be performed as
expected. This is needed as workaround move from non-working upgrade mechanism
to a working one.
Change-Id: I4bcdcd2d6db63e25711b6bd25b03531f13e5d1da
Rafal Krypa [Thu, 29 Sep 2016 14:33:11 +0000 (16:33 +0200)]
Merge remote-tracking branch 'sandbox/zabramowska/hybrid' into tizen
Change-Id: I02ff2db20b2ff327724fc574ad16f86cceb84efa
Rafal Krypa [Thu, 29 Sep 2016 14:30:59 +0000 (16:30 +0200)]
Fix what I broken while amending
5b9adf81b4
Correct my optimizaion of SmackRules::generateAppPkgNameFromLabel().
Now it should properly locate "::App::" substring in the analyzed label.
Change-Id: I9289d1ab5bf0336bd6f42fa38ee31cfcfaba5cf5
jooseong lee [Mon, 26 Sep 2016 07:14:14 +0000 (16:14 +0900)]
Update default policy for new domain('User::Shell')
New domain is for shell process, which need packagemanger.admin
privilege to install applications. And root shell will get all privileges.
* Add new domain : https://review.tizen.org/gerrit/#/c/89586/
* Update onlycap list : https://review.tizen.org/gerrit/#/c/89619/
Change-Id: I9e079edad90615c1a3af16b35c10aaaa65993b80
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Zofia Abramowska [Thu, 15 Sep 2016 13:01:59 +0000 (15:01 +0200)]
SmackRules: Don't add rule when subject==object
Change-Id: I1c57783927a9ed3cf79bfda1dd929e375caff94e
Zofia Abramowska [Thu, 8 Sep 2016 16:29:45 +0000 (18:29 +0200)]
Change the way of app process label generation
Application process label depends on isHybrid flag, if flag
value is:
* 0 - all applications in package has the same process label:
"User::Pkg::pkg_id"
* 1 - each application in package has different process label:
"User::Pkg::pkg_id::App::app_Id"
Due to this change, app identifying API changes its behaviour:
for hybrid applications both app_id and pkg_id are returned,
for non-hybrid applications only pkg_id is returned.
From now on identyfing particular application is not always
possible.
Change-Id: Ice62b03be632524ec452569b6c8419f357db1b7f
Rafal Krypa [Tue, 27 Sep 2016 11:16:59 +0000 (13:16 +0200)]
Pass application labels instead of names in security_manager_monitor
In an upcoming change, generation of application process label will
require additional information, application name will not be sufficient.
To keep security_manager_monitor functional and effective, it is better
to generate application label on the service side and take the labels
without further processing on the client side.
Appropriate policy migration is also provided to migrate old apps-names
files to new apps-labels.
Change-Id: Ica3b2a0dc4f3295e4ead71285684c656e34f2006
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 19 Sep 2016 08:24:38 +0000 (10:24 +0200)]
Add policy migration infrastructure
Add support for migrating policy configuration. We already have policy version
information (current version is 1). When a change happens, appropriate script
should be provided for migration and bumping the version.
Change-Id: Iee5bdcc368a879053cd20e8feb37b67931218ad3
Rafal Krypa [Wed, 18 May 2016 09:32:31 +0000 (11:32 +0200)]
Use C++ file interface in permissible-set
Read and write files with enabled app labels using C++ interface instead of
pure glibc.
Change-Id: I81dce9bc6f3ef6ec2ac910deb22c31f7edbfdc5a
Zofia Abramowska [Thu, 8 Sep 2016 10:05:11 +0000 (12:05 +0200)]
Pass pkgName and isHybrid flag to label generation
Change-Id: I1663fe48998014e4b8a0dd53220cfed64cc154e9
Zofia Abramowska [Wed, 7 Sep 2016 16:14:30 +0000 (18:14 +0200)]
Pass labels instead of appNames in SmackRules
Change-Id: Ib89939a4c785517e9e7654f6f62b98fc83cac2a1
Zofia Abramowska [Tue, 6 Sep 2016 15:01:17 +0000 (17:01 +0200)]
Fetch process label from service
Change-Id: I961de3bc1aff1a98f9062c881ca75f858319551f
Zofia Abramowska [Wed, 7 Sep 2016 11:18:40 +0000 (13:18 +0200)]
Fetch is_hybrid flag from db
Change-Id: Ie77b94b551bedb4eff569379f0c0726578147d7f
Zofia Abramowska [Fri, 2 Sep 2016 16:35:53 +0000 (18:35 +0200)]
Add is hybrid flag to application install request
"IsHybrid" is introduced to distinguish between different
types of packages. Hybrid package assumes, that applications
inside it can have different privileges, so they should be
labeled separately. Any other package will have all applications
labeled the same and label will be generated from package name.
This commit does not yet interpret this flag, apart from db,
From now on db will accept only applications from the same package,
which have the same setting of isHybrid flag.
Change-Id: Ic94d2147fa9684279d8b8a41ad6ee99b555cd766
Zofia Abramowska [Fri, 2 Sep 2016 14:51:14 +0000 (16:51 +0200)]
Change names of smack rules templates
Change-Id: Ifa2ca9aa7b53dec6ae1a5a09de4f452c994ea056
Rafal Krypa [Tue, 20 Sep 2016 11:41:36 +0000 (13:41 +0200)]
Release version 1.2.0
- Add internal privilege for internal APIs
- Add support for USER_TYPE_SECURITY
- Add policy versioning
- Add API for identifying application from Cynara client
Change-Id: Ibe72a331a8acd08ff3eadc8749b34b91ea0d523c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Zofia Abramowska [Fri, 16 Sep 2016 09:57:35 +0000 (11:57 +0200)]
Add API for identifying application from Cynara client
Change-Id: I1f906cb2200fc38e99f5225b951b596ff2d5c507
Zofia Abramowska [Tue, 6 Sep 2016 09:33:24 +0000 (11:33 +0200)]
Add policy versioning
Policy versioning will be used to reload policy when the
way it is generated changes. Additional script for reloading policy
between versions will be provided when policy generation is changed.
Change-Id: I778b6ebcdf6233924223921f65e2a037df0345b3
Zofia Abramowska [Mon, 29 Aug 2016 13:19:14 +0000 (15:19 +0200)]
Add support for USER_TYPE_SECURITY
Change-Id: I45ba88fc3a69ec632af6b195f82e288a25388288
jooseong lee [Mon, 25 Jul 2016 05:13:16 +0000 (14:13 +0900)]
Add internal privilege for internal APIs
Internal APIs are only for service daemons, which means any applications
must not call them. To internal policy checking inside daemon’s code,
we can use cynara check with this new internal privilege.
* http://tizen.org/privilege/internal/service
There are some internal privileges for the same purpose,
such as inputdevice.block privilege. These privileges will be replaced
to this privilege.
Change-Id: I415e635f017fb83d8a326739077635b2537d4db7
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Yunjin Lee [Mon, 5 Sep 2016 07:09:26 +0000 (16:09 +0900)]
Release version 1.1.17
- Add/remove core privilege(fido.client/ dpm.settings)
- Remove core privilege : vpnservice.admin
- Fix log prefix (tag) for Pedantic log level
- Check tgkill() result
- Move release fence after the last global variable is modified
- Replace obsolete tkill with tgkill
- Add variadic template for deserialization
Change-Id: Ida63ca692cfce636ca78a64ac2c2a5383abaf397
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 31 Aug 2016 08:45:30 +0000 (17:45 +0900)]
Add/remove core privilege
- add fido.client
- remove dpm.settings
Change-Id: If4e4e15692f11afd11269c938e657d2fc6bf7680
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 12 Aug 2016 02:24:07 +0000 (11:24 +0900)]
Remove core privilege : vpnservice.admin
Refer to https://review.tizen.org/gerrit/#/c/83497/
Change-Id: Ieaf205d822bc560955b9c5464d2b98988c4cf08c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Radoslaw Bartosiak [Mon, 22 Aug 2016 11:01:50 +0000 (13:01 +0200)]
Fix log prefix (tag) for Pedantic log level
Change-Id: If973da5d653d2a5f5bee49a2d321e1232968cedf
SigODned-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Krzysztof Jackiewicz [Wed, 24 Aug 2016 14:45:21 +0000 (16:45 +0200)]
Check tgkill() result
tgkill() returns an error if we're attempting to send a signal to non-existing
thread. If this is the case don't increment the sent signals counter.
Change-Id: I1cf10fe5a056e7715660b02647dfdef4a6406ff3
Krzysztof Jackiewicz [Wed, 24 Aug 2016 13:49:22 +0000 (15:49 +0200)]
Move release fence after the last global variable is modified
The global variable g_tid_attr_current_map is being read by other threads. To
guarantee that its modification in main thread is visible in other threads the
release fence should be set *after* the modification.
Change-Id: Iff7bdd4053baa86f13a0465e52c599396e2dcb8f
Krzysztof Jackiewicz [Wed, 24 Aug 2016 13:59:33 +0000 (15:59 +0200)]
Replace obsolete tkill with tgkill
Change-Id: I23c2ecf80802b7fdfb9a14c19265285579d69266
Bartlomiej Grzelewski [Mon, 13 Jun 2016 09:42:22 +0000 (11:42 +0200)]
Add variadic template for deserialization
Similiar template already exist for serialization
Change-Id: I922e8f08f658645a61b62a74eaa8928d7bb238c7
jin-gyu.kim [Mon, 29 Aug 2016 01:22:31 +0000 (10:22 +0900)]
Release version 1.1.16
Implement libnss_securitymanager
Add security_manager_groups_for_uid()
Rewrite shared RO directory support in security-manager
Change-Id: Ia84f81babf4fef47eb21409c00a0c239570811ff
Mateusz Forc [Fri, 19 Aug 2016 10:52:01 +0000 (12:52 +0200)]
Rewrite shared RO directory support in security-manager
Extend support to all apps instead of only 2.x apps.
Migrate database to version 7:
Add shared_ro INTEGER column in pkg table
Conflicts:
src/common/include/privilege_db.h
src/common/privilege_db.cpp
Change-Id: Id925342c37651ee0d87cf14de4d806ef63c678fb
Aleksander Zdyb [Wed, 22 Jun 2016 12:31:44 +0000 (14:31 +0200)]
Implement libnss_securitymanager
It's a Name Service Switch plugin needed to apply
additional, resource related groups for users.
Change-Id: Ie702a22e73e9a23ef71d595bce44ec17bf8b7dde
Aleksander Zdyb [Wed, 22 Jun 2016 12:47:52 +0000 (14:47 +0200)]
Add security_manager_groups_for_uid()
This function returns resource-related groups for
given user.
Change-Id: I8b4a2bf2c2e85769543929e0ff5f0247dd60137a
Yunjin Lee [Mon, 22 Aug 2016 05:03:14 +0000 (14:03 +0900)]
Release version 1.1.15
Add core privilege: appdir.shareddata
Change-Id: I695d2b5c2296c6a1460bbef269cd592a201a48d1
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 22 Aug 2016 01:48:51 +0000 (10:48 +0900)]
Add core privilege: appdir.shareddate
Change-Id: I505c39c3e1335fdc2b1c784bd77a1cb633726202
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Tomasz Swierczek [Fri, 12 Aug 2016 17:13:29 +0000 (19:13 +0200)]
Release version 1.1.14
Moving user and global apps-names files to /opt/var
Simplify declaration and generation of unique_ptrs
Fix contraints for app installation.
Change-Id: Ifc962b06f15e18b505d63771b008145fe42b80d7
Radoslaw Bartosiak [Thu, 4 Aug 2016 17:09:53 +0000 (19:09 +0200)]
Moving user and global apps-names files to /opt/var
Due to introduction of lazymount, config files must be
moved to new destinations (which are mounted earlier)
*) /opt/var/security-manager/apps-names (global file)
**) /opt/var/security-manager/{USER}/apps-names (local file)
Change-Id: Iaf7ec74d8bc596eb377b15aad9cab9f8f857d966
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsunODg.com>
Rafal Krypa [Wed, 1 Jun 2016 08:24:29 +0000 (10:24 +0200)]
Simplify declaration and generation of unique_ptrs
The unique_ptr-based RAII pattern is used in several places in
security-manager. Declaration of unique pointer variables can be awkward
and hard to read.
This patch hides the nasty details of unique_ptr types declaration behind
a template function. It is loosely inspired by std::make_unique from C++14.
Change-Id: Ifbd8b5ab409fd8646d149d6294cb60bd2ac873a8
Krzysztof Jackiewicz [Wed, 6 Apr 2016 13:55:20 +0000 (15:55 +0200)]
Fix contraints for app installation.
[Problem] It's possible to insert an app similar to existing one (differs with
version, pkg name, author name) or pollute the db with unused entries in pkg
and author.
[Solution] Split app table into app(package) and user_app(instances). Introduce
more strict constraint checking.
[Verification] Run security-manager-tests --regexp=49 (and all remaining tests
as a regression check)
Change-Id: I2fb02f75981748024de93c2d486fa6eb8afaf88a
Yunjin Lee [Fri, 22 Jul 2016 01:53:56 +0000 (10:53 +0900)]
Release version 1.1.13
Change-Id: Ifd347ce6176c19b2b08906b11386aac62ce2df14
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 22 Jul 2016 01:48:35 +0000 (10:48 +0900)]
Fix typo in service file SmackProcessLabel set
Change-Id: I2971f9a7d209869ce3e7919a0b1dd0757225dcd3
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jooseong lee [Thu, 21 Jul 2016 00:56:10 +0000 (09:56 +0900)]
Release version 1.1.12
Handle missing Cynara error codes, throw specific exceptions
Add missing logs in service on several service calls
Mark old path registration function as deprecated
Set SmackProcessLabel to System::Privileged
Change-Id: I584efb6ca2783a0ba896512fcbb7a472bdc71c58
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Yunjin Lee [Wed, 20 Jul 2016 10:45:02 +0000 (19:45 +0900)]
Set SmackProcessLabel to System::Privileged
Change-Id: I01a252b8d209d21440477ff82fc3611f8dc191bf
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Krzysztof Jackiewicz [Thu, 28 Apr 2016 13:45:39 +0000 (15:45 +0200)]
Mark old path registration function as deprecated
[Problem] security_manager_app_inst_req_add_path is deprecated
[Solution] mark as deprecated
[Verification] Successfull compilation
Change-Id: I55d235d3e98b376348a6373573838fe1489fe750
projects / platform / core / security / security-manager.git / log