summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Adrian Szyndela [Thu, 4 Oct 2018 08:44:17 +0000 (10:44 +0200)]
policychecker: simplified field selection
Privilege field selection was selected using two seds,
but it is sufficient to use one cut, as it is suited
precisely for such tasks.
Additionally, minor improvements:
- removed array in favor of space separated string to avoid bash dependency;
- added call to sort for uniq to work properly;
- introduced a variable for cynara database path.
Change-Id: Ica9455cc14f714a2fe0acbea7fe019d067cbf9eb
Hyotaek Shim [Thu, 4 Oct 2018 02:52:32 +0000 (11:52 +0900)]
Add comments on Cynara privilege formats
Change-Id: I3a620bd89deed55231a7c2b52f3abb154c28c805
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Adrian Szyndela [Wed, 3 Oct 2018 13:52:22 +0000 (15:52 +0200)]
policychecker: add more types of privileges
Added three more types of privileges.
Requested by bro kim.
Change-Id: I3219a7b10cd4b5c784a88abe1fb034dde10bb0ff
Adrian Szyndela [Thu, 16 Aug 2018 12:40:21 +0000 (14:40 +0200)]
policychecker: removed at_console from checking duplicates
At_console has its own "deprecated" checking rule, so we assume that
at_console rules are those to be removed. Thus, there is no point
in showing "duplicate" warning for duplicate rules in other contexts.
Change-Id: Ifdf7e3745d7ece49772ba3a3aad01a213b657d0c
Adrian Szyndela [Tue, 14 Aug 2018 13:54:50 +0000 (15:54 +0200)]
policychecker: modified 'Unconstrained allow' rule
Unconstrained allow rule was reporting any allow in context default
or mandatory.
Now, it reports those rules in both contexts that:
- allow send_type='method_call' but do not specify destination and interface;
- allow send_path but do not specify destination;
- allow receive_type='method_call' but do not specify sender and interface;
- allow receive_path but do not specify sender.
Additionally, in user and group context send_destination is required
when send_type="method_call" or send_path is present, and receive_sender
is required when receive_type="method_call" or receive_path is present.
Change-Id: Icd822bf4b3e2f105a07e80ca61415410faaeb00a
Karol Lewandowski [Wed, 11 Jul 2018 10:07:55 +0000 (12:07 +0200)]
packaging: make package 'noarch' as it contains only scripts
Change-Id: Ib7aafe0ce59da009259f22469d83cfc7bf25f701
Karol Lewandowski [Wed, 11 Jul 2018 10:07:45 +0000 (12:07 +0200)]
packaging: minor fixes
Change-Id: I8b61b31c52ff190ac6541e90762fd0895ed018e8
Adrian Szyndela [Thu, 28 Jun 2018 12:49:42 +0000 (14:49 +0200)]
packaging, integrating with Tizen
Also, some improvements in shell scripts.
Change-Id: I10a06b8b30f45722746361b7ce27364baaebc957
Aleksy Barcz [Mon, 25 Jun 2018 14:27:38 +0000 (16:27 +0200)]
Policy checker: initial version
Policy checker is based on Schematron, which allows writing
declarative checks for xml files (see rules.xml file for details) and
yields xml output (which is converted to plain text for readability, but it
can be converted to any format). The checker is a shell script, it
depends only on xsltproc (libxslt-tools package in Tizen), so it's very
lightweight.
We can run the checker on any single dbus configuration file, e.g.:
./check ./test-policy.conf (a test policy containing violations of all
the implemented rules). So, during a package installation we can run
the checker on it's dbus configuration file.
Change-Id: I523b7a730fc93a0d4f99bc8ba750be7b6f0e051c
Tizen Infrastructure [Fri, 22 Jun 2018 05:43:52 +0000 (05:43 +0000)]
Initial empty repository