Yunjin Lee [Tue, 4 Sep 2018 05:39:56 +0000 (14:39 +0900)]
Add core privilege: updatecontrol.admin
Change-Id: If1e3189606da462782cbae64a53ab2d0692991ae
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 20 Aug 2018 07:56:21 +0000 (16:56 +0900)]
Fix typo in tool and guide
- Fix typo in privilege update tool
- Fix typo and add white spaces for new line
Change-Id: I78c7c9398accf4787ee0533e74cf79efd1d4c93f
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 30 Mar 2018 04:44:32 +0000 (13:44 +0900)]
Web app with api_version 4.0 will have storage privileges by default on mobile/tv profile
- Map web storage privileges to 4.0 by default for mobile/tv profile
- Modify web storage privileges's mapping from messaging.read, write according to the profile
- Change API privilege_package_info_is_privacy_requestable() to get privilege as input parameter
- Policy type of storage privacy on installation time
_______|___|____Mobile____|___Wearable___|___TV____|
|3.0| Allow | Allow | Allow |
Native |4.0| Ask | Ask | Allow |
_______|5.0|_Ask__________|_Ask__________|_Allow___|
|3.0| Allow | Allow | Allow |
Web |4.0| Allow | Ask | Allow |
_______|5.0|_Ask__________|_Ask__________|_Allow___|
Change-Id: I4b2981353ee309f8114b8df06d98af67c23a86b6
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Kim Kidong [Tue, 14 Aug 2018 02:08:17 +0000 (02:08 +0000)]
Merge "Release version 1.0.3" into tizen
Yunjin Lee [Tue, 14 Aug 2018 01:55:12 +0000 (10:55 +0900)]
Release version 1.0.3
- Modify privacy status related APIs
- Fix test code to work properly
- Remove profile from privacy info
- Modify privilege update tool
- Fix test code
Change-Id: I6aeea9839ee7bdf43ecd1c02e674e17de94db555
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 26 Jul 2018 05:08:39 +0000 (14:08 +0900)]
Fix test code
- Use chromium-efl app when testing privilege_info_get_privilege_type():
It's installed on both mobile and wearable profile.
Change-Id: I4be1350ea961ab6f12feefe46d5e4bc16b1f8ba4
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 25 Jul 2018 10:47:11 +0000 (19:47 +0900)]
Modify privilege update tool
- Fix typo in the guide/guide message
- Change usertype asterisk handling
- Do only necessary updates instead of running security-manager-policy-reload
Change-Id: I3f38cd09ad760dbb5ef48d1960e04a206d6d430a
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 24 Jul 2018 07:23:45 +0000 (16:23 +0900)]
Remove profile from privacy info
- Set privacy info regardless of the profile. Profile can decide not to
support privacy privilege feature but privilege itself is privacy
privilege and just not giving policy type as ASK USER.
Change-Id: I2b7f60ebd87dece3caaf8ee6b7ad2173795a2ff2
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 17 Jul 2018 07:57:36 +0000 (16:57 +0900)]
Fix test code to work properly
Change-Id: I0032115af0fea6d4c4f6ea4595ca4ab8f6f8fea2
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 17 Jul 2018 05:35:41 +0000 (14:35 +0900)]
Modify privacy status related APIs
- Do privacy status check at privacy_package_info APIs: If askuser's
disabled, do not set/unset privacy package info; just return.
- Do not check privacy status at privilege_db_manager
Change-Id: I00f19d68d3ec1e0f40ed628c928c6fa32ecbe3d2
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 27 Jun 2018 08:31:35 +0000 (17:31 +0900)]
Release version 1.0.2
- Update privacy whitelist
- Change location.enable privilege as non-privacy privilege
- Add macros printf_green and printf_red
- Fix of the test checking the privilege privacy
Change-Id: I677ebf216644b6128daa7044371f5b5f23d46ecf
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 26 Jun 2018 05:27:34 +0000 (14:27 +0900)]
Update privacy whitelist
- Change com.samsung.samsungaccount.samsungaccountservice to com.samsung.tizen.samsung-account
Change-Id: I60d64df4cfdca13657217697e36baf5c426f2183
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 19 Jun 2018 03:54:53 +0000 (12:54 +0900)]
Change location.enable privilege as non-privacy privilege
- location.enable privilege allows app to control the user's location service
and it doesn't allow app to use user's location information hence remove
it from privacy privilege list.
Change-Id: If1e8eea612820e2e954b61f74041525ef16067a9
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Pawel Kowalski [Thu, 24 May 2018 05:46:06 +0000 (07:46 +0200)]
Add macros printf_green and printf_red
Macros printf_green and printf_red allow to print color messages in
simpler way than before. For example macro printf_green replaces
following lines:
__color_to_green();
printf(...);
__color_to_origin();
Change-Id: I77be0f2793b7524fef863390df5e9c65070a4de0
Signed-off-by: Pawel Kowalski <p.kowalski2@partner.samsung.com>
Pawel Kowalski [Wed, 23 May 2018 12:28:51 +0000 (14:28 +0200)]
Fix of the test checking the privilege privacy
Change-Id: I0df9859f13472220d5cf85ea9881054f5587e4c7
Signed-off-by: Pawel Kowalski <p.kowalski2@partner.samsung.com>
Yunjin Lee [Wed, 23 May 2018 02:47:46 +0000 (11:47 +0900)]
Update privacy whitelist
- mobile profile
+ com.samsung.service-enabler.samsung-cloud
+ com.samsung.samsungaccount.samsungaccountservice
- wearable profile
+ com.samsung.samsungaccount.samsungaccountservice
Change-Id: Idf8c38d768710b5d354caa1e7bf021bc01b6ee6a
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 12 Apr 2018 10:10:10 +0000 (19:10 +0900)]
Add getting privileges in the same privacy group
- For privacy status checking, Settings or askuser requires
all privileges of the same privacy group when a privilege is given so
added API to get them at once.
Change-Id: I0b866c889b3eb6dfaa1db6246936446aadd2c1d5
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 22 Mar 2018 05:16:33 +0000 (14:16 +0900)]
Add privilege and privacy whitelist update tool
- It requires security-manager-policy-reload
Change-Id: I0ff94c72ed0dc2fbd9ed92a6061db7e2808006f7
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 4 Apr 2018 02:30:47 +0000 (11:30 +0900)]
Add core privilege softap and softap.admin
Change-Id: Iee2197b0e416fcb62fcadd090936ebb80363f67c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 23 Mar 2018 09:18:29 +0000 (18:18 +0900)]
Add core privilege voicecontrol.manager
Change-Id: Ifbb58d6f7f1d83f136c5b56958af99804aca3314
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 21 Mar 2018 04:28:37 +0000 (13:28 +0900)]
Consider globalapp uid when checking dpm prevent policy
Change-Id: I715380f552ab48e4d1510cb2d6f77277c50ab91f
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 21 Mar 2018 02:40:55 +0000 (11:40 +0900)]
Fix resource leak
Change-Id: I857648379836299aebed321f2f68ae77ddd653e0
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 20 Feb 2018 04:02:04 +0000 (13:02 +0900)]
Fix to free dictionary
Change-Id: I9800e1ecae517f6847c346d1cad754dab84be939
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 26 Jan 2018 07:38:36 +0000 (16:38 +0900)]
Fix to finalize DB when exception occurred
Change-Id: I4416b5246f5ad8ee543a671a5d45e2fdaa59a795
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 25 Jan 2018 05:19:20 +0000 (14:19 +0900)]
Remove profile/version from privilege information
- Remove profile and version from privilege info
- Remove profile and version distinctions from privilege mapping
except default privilege and web storage privilege case
- Left original file as legacy_res (It can be used for platform version < 5.0)
Change-Id: I33c521b2840ac6a78baecea75d44024363c7613a
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 22 Jan 2018 07:19:24 +0000 (16:19 +0900)]
Integrate privilege DBs
- Integrate privilege DBs into one: (old) core_privilege_info.db,
core_privilege_mapping.db, wrt_privilege_info.db, and
wrt_privilege_mapping.db into (new) privilege.db
- Use sqlite csv import function instead of parsing csv file.
It cuts down required time for rpm build.
- privilege_info table contains core/wrt privilege definition.
- privilege_mapping table contains core/wrt privilege mapping
information.
- privacy_privilege_info.csv file contains privacy privilege of each
profile. We can handle privacy privileges according to the profile.
(For example, privilege A can be a privacy privilege in profile 'mobile' and
non-privacy privilege in profile 'tv')
- Modified DB queries accordingly.
- Update release version.
- TODO: remove profile and version from privilege information except
default privilege mapping.
Change-Id: Ie14e92092aadc81734d7082e4bb67be26a9cdf84
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 5 Jan 2018 06:26:36 +0000 (15:26 +0900)]
Add web privilege: externalstorage/mediastorage
- Decided to treat storage related privilegs as privacy from 4.0 and web doesn't
have such a privilege
- Add storage privileges and remove it from original mapping from 4.0
Change-Id: I64192b1a0574fecb511369af0bf2dbc3168a74e1
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 21 Nov 2017 05:57:43 +0000 (14:57 +0900)]
Add storage privacy
- Add storage privacy: http://tizen.org/privacy/storage
- Add http://tizen.org/privilege/externalstorage and
http://tizen.org/privilege/mediastorage to storage privacy
Change-Id: I17531580916fb95251daca1ea2cfea245dd63bb1
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 3 Jan 2018 01:43:43 +0000 (10:43 +0900)]
Add core privilege: devicecertificate
Change-Id: Ic5ca994527c94cb932f591d8987afef998b5317a
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 13 Dec 2017 01:44:10 +0000 (10:44 +0900)]
Fix syntax error in mdm query
Change-Id: I2a0b508df8498d6bbce1d67ff3381042ec4dfb43
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 20 Nov 2017 09:34:02 +0000 (18:34 +0900)]
Get global app user ID from config file when updating policy DB
Change-Id: Iedee971096ca536e8e227ce590171d8b5f3b7957
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 20 Nov 2017 09:32:13 +0000 (18:32 +0900)]
Modify privacy DB to store user settable privacy packages only
Change-Id: I079c245ed5e0248e78810ec7909b8044f4f7056d
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 15 Nov 2017 01:51:32 +0000 (10:51 +0900)]
Add web tee.client privilege for all profile
Change-Id: I2b51276820979cdc6cf307c0013e958a089aaa23
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 26 Oct 2017 07:03:06 +0000 (16:03 +0900)]
Update privacy white list
Change-Id: I41ede1fedea5e467ab701bb529c33e2abd3735d8
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 25 Oct 2017 02:12:33 +0000 (11:12 +0900)]
Fix api-version comparison bug
- 4.0 is greater than 4 in sqlite query.
To handle api-version 4 properly, fix the number to compare to 4 from 4.0.
Change-Id: Id07d7afe37c6fcacb9e13b2f7d8bba7941385d72
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 25 Oct 2017 02:07:59 +0000 (02:07 +0000)]
Revert "Do not return privilege type privacy for web app"
- Privacy privilege manager Web device API will be supported.
This reverts commit
240edda34e40e2ad20b1dccc478143533780ac00.
Change-Id: I3ab7cb16b767cdcef0909a969713f3c6227882fe
Yunjin Lee [Mon, 23 Oct 2017 06:00:38 +0000 (15:00 +0900)]
Do not return privilege type privacy for web app
- From 4.0, developer should use privacy-privilege-manager APIs to request privacy privileges. Currently, ppm APIs are supported for native and C# applications but no web device APIs, yet. Hence, allow web applications to get privacy privileges without privacy request popups.
Change-Id: I33941aaf684a1a72d0b0c46351f10edc9bc29f01
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 19 Oct 2017 05:35:23 +0000 (14:35 +0900)]
Add DID of peripheralio privilege
Change-Id: Ib93f32360eab5d57347d76bfc1de55f18cc1d239
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 17 Oct 2017 03:03:56 +0000 (12:03 +0900)]
Change core privilege level from public to partner: blocknumber.read and blocknumber.write
Change-Id: I64adde1ba7d6ce342fb84516e3befc9dee68a759
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 16 Oct 2017 02:32:53 +0000 (11:32 +0900)]
Update language files: peripheralio
Change-Id: I4cdf5708e429ea23f1c395a08d88f178bf64e96b
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 28 Sep 2017 07:14:51 +0000 (16:14 +0900)]
Add core privilege: peripheralio
- privilege required to communicate with peripherals
Change-Id: I60584dd8d70c445b04dd4c1c5ac633e1a61c32e6
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 26 Sep 2017 10:16:31 +0000 (19:16 +0900)]
Remove core/web privilege from all profile: d2d.datasharing
Change-Id: I45a7c0eef59085f34dcb390ba7abcd566e9d7e37
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 26 Sep 2017 07:57:50 +0000 (16:57 +0900)]
Fix memory leak
Change-Id: I501ffe0d0588a383496c7ca126d5627ee3ed40bd
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 26 Sep 2017 07:37:31 +0000 (16:37 +0900)]
Remove redundant value is_privacy_requestable from privacy_package table
Change-Id: I85ea9024671aef27b2cdb08748d1bb4c25f22873
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 19 Sep 2017 04:27:16 +0000 (13:27 +0900)]
Add web privileges : appmanager.launch, datasharing
Change-Id: Idc2effd1ff016304f36b37de28561e5fcfacec45
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 18 Sep 2017 08:19:25 +0000 (17:19 +0900)]
Modify mapping table for internal appdebugging privilege
- Add internal appdebugging privilege itself as mapped privilege
Change-Id: I1c8065b8025c7ee28c2af57144b1a6a0c20dcd28
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 15 Sep 2017 06:10:39 +0000 (15:10 +0900)]
Remove api-version check from privilege verification
- Check certificate signature level iff the privilege exists.
- Do not return error for not exist/deprecated privilege.
- Return PRVMGR_ERR_INVALID_PRIVILEGE for internal privileges.
Change-Id: If7cd242acbd9a070a983f747959f22f0711bd7df
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 13 Sep 2017 02:07:15 +0000 (11:07 +0900)]
Apply tizen coding rule
Change-Id: Iafc8ee13e7f2cdc1c82a74056b9fd7baa4b0d365
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 12 Sep 2017 10:48:08 +0000 (19:48 +0900)]
Remove unnecessary logs
Change-Id: Iefbabc9a173cc007f5ecfab9c2186a0bdd6f0e39
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 11 Sep 2017 02:05:16 +0000 (11:05 +0900)]
Add core privilege for wearable profile: apphistory.read
Change-Id: Ie46b1e42673f0346f4b05719e46187e97f6c3c6a
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 8 Sep 2017 06:52:39 +0000 (15:52 +0900)]
Update language files
Change-Id: Ibed8e8495f13da59874c8de0e0a6fd8a56be864b
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 5 Sep 2017 11:03:24 +0000 (20:03 +0900)]
Modify privacy package APIs to handle global app case
- When an application is installed/uninstalled/updated by owner(admin user),
uid 376(TZ_SYS_GLOBALAPP_USER) is passed.
Current privacy package APIs can handle only local apps so
modify them to handle global app case.
Change-Id: Ib912fad803b54521ada675ea7d2f1aa180a3785a
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 23 Aug 2017 02:47:09 +0000 (11:47 +0900)]
Remove DISABLE_ASKUSER check from where it is not required
- privilege_db_manager_is_user_settable() works according to the predefined privacy whitelist and DISABLE_ASKUSER should not affect on it.
Change-Id: Ieec2a2926abec4152555ffad8bb63b924bd0597c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 24 Jul 2017 04:47:46 +0000 (13:47 +0900)]
Add core privilege gestureactivation and gesturegrab for mobile and wearable profile
Change-Id: I5524ad0f728567d7254c8b5e011e8f10a02c5e7c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 20 Jul 2017 06:56:26 +0000 (15:56 +0900)]
Do not return privilege type privacy for apps with api-version lower than 4.0
- Privacy request API is available since Tizen 4.0
so apps with lower api-version can not request privacy at runtime.
Therefore modify privilege_info_get_privilege_type() not to return
PRIVILEGE_MANAGER_PRIVILEGE_TYPE_PRIVACY for apps
with api-version lower than 4.0.
Change-Id: I1660fa25ce26a08b1537fda9387e8568eec56865
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 14 Jun 2017 06:23:26 +0000 (15:23 +0900)]
Add privacy DB
- Add privacy DB to store privacy package info
- Remove redundant build: No need to build policy DB for each profile
Change-Id: Ib2f7550b9e7f0d7c8788d6a1bfcf1ebadc1b6581
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 10 Jul 2017 05:56:38 +0000 (05:56 +0000)]
Revert "Add web wifidirect privilege for mobile, wearable, and tv profile"
- Remove web wifidirect privilege from all profile due to the cancellation of the ACR
This reverts commit
464320e419e85efda5a3632cfead05e1163fd418.
Change-Id: Iee690d078edf1e9c3216525a3d0ec941a0a50a38
Yunjin Lee [Wed, 5 Jul 2017 11:14:39 +0000 (20:14 +0900)]
Remove duplicate 'const'
Change-Id: I4f79eb7c66ac1cdd27602108b5785f537a470d88
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 5 Jul 2017 08:35:58 +0000 (17:35 +0900)]
Add core privilege for mobile/wearable profile: blocknumber.read, blocknumber.write
Change-Id: Id6c4a359f772ab329a7f0883671a4c98ee2011a6
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 13 Jun 2017 07:36:28 +0000 (16:36 +0900)]
Modify script to create policy db at FOTA upgrade
Change-Id: Ibc5f9275b42610cd750a332b4df13a1ddd7971ac
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 12 Jun 2017 08:14:36 +0000 (17:14 +0900)]
Revise privilege verification and remove legacy code
- Revise enum
- Revise privilege verification logic
- Remove APIs not used anymore
Change-Id: I441d8367324dd7a3ab7c57bbca7647adbbd30f57
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 30 Jun 2017 08:20:35 +0000 (17:20 +0900)]
Add web privileges for wearable profile: account.read, account.write, contact.read, and contact.write
Change-Id: I7cc78296d30323b5061cb66e180083cd2576de6a
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 29 Jun 2017 05:17:24 +0000 (14:17 +0900)]
Add web wifidirect privilege for mobile, wearable, and tv profile
Change-Id: I7f56f2efb3b15d6bc5790dca573511ef0ed75946
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 20 Jun 2017 07:49:30 +0000 (16:49 +0900)]
Update privacy whitelist for wearable preloaded apps
Change-Id: Iaedaf0036172b392e59f4792f72afd93aea99382
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 8 Jun 2017 09:25:30 +0000 (18:25 +0900)]
Remove web bluetooth, d2d.datasharing privilege from tv profile
Change-Id: I0ca5573adfac77e8c42b122ce3d2d8afb45d1d01
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 8 Jun 2017 02:36:14 +0000 (11:36 +0900)]
Add web privilege for wearable profile: calendar.read, calendar.write
Change-Id: I3cb73482ae566c790e0b6ac094a7ca06a375cec4
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 1 Jun 2017 04:05:33 +0000 (13:05 +0900)]
Update privacy white list for wearable preloaded apps
Change-Id: Ifd9ec24550c399299aabaf691ca1a927bf09150e
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Kim Kidong [Mon, 29 May 2017 08:01:35 +0000 (08:01 +0000)]
Merge "Revert "Deprecate wrt privilege: nfc.admin"" into tizen
Jin-gyu Kim [Mon, 29 May 2017 08:00:22 +0000 (08:00 +0000)]
Revert "Deprecate wrt privilege: nfc.admin"
This reverts commit
2a3da8b247b95724f38f24d108cf3e1f348defce.
Change-Id: I4ea61a1e04c830d606f3a8eacf7974fbdae8217c
Yunjin Lee [Wed, 24 May 2017 01:50:51 +0000 (10:50 +0900)]
Update privacy white list for preloaded apps
Change-Id: Ibb7b65d1892375894bba79ca3e83302c3c222efa
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 22 May 2017 07:04:49 +0000 (16:04 +0900)]
Add missing mapped privilege for wrt recorder
- Add http://tizen.org/privilege/internal/buxton/camcorder
Change-Id: I7da513f9165114db83fc11c4aa74e4089977864d
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 22 May 2017 05:34:18 +0000 (14:34 +0900)]
Add wrt privilege: recorder
Change-Id: I51b856bc43546b0e4d4c4007b753972e3699f026
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 19 May 2017 08:23:43 +0000 (17:23 +0900)]
Add core privilege: zigbee, zigbee.admin
Change-Id: Idf8c7f3f7efb4937b9ddcb18b2e6fceb05bc00a5
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 19 May 2017 06:52:56 +0000 (15:52 +0900)]
Deprecate wrt privilege: nfc.admin
Change-Id: I9a279d8a5c3deb80c4e7f487dd87d0195791a7f1
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 18 May 2017 10:59:55 +0000 (19:59 +0900)]
Add core privilege: tee.client
- Add core privilege http://tizen.org/privilege/tee.client for mobile/wearable/tv profile
Change-Id: I6065da358aac19f171008cc8cb17703d74165a06
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 22 Feb 2017 07:49:26 +0000 (16:49 +0900)]
Remove unused definitions and API
- remove definition related to api_version length check
- remove privilege_info_is_privacy2 (it was temporary support)
Change-Id: I4677507b726eb9cf502086fee52307f4e708297a
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 11 May 2017 02:27:19 +0000 (11:27 +0900)]
Add web privilege for wearable/tv profile: apphistory.read
Change-Id: I3c7b18b418b704bf4fd0ed53492b18adb15ac938
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 12 Apr 2017 02:08:40 +0000 (11:08 +0900)]
Add web privilege for mobile profile: apphistory.read
Change-Id: I67701cf6708c0a44920259c3874269bc33dc4971
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jin-gyu.kim [Thu, 30 Mar 2017 00:48:35 +0000 (09:48 +0900)]
Use %license macro to copy license file.
Change-Id: I51eb930e523fd55929c0ec7f2f5e70034d506972
Yunjin Lee [Wed, 22 Mar 2017 07:53:47 +0000 (16:53 +0900)]
Add API to see if the applciation is on the privacy white list
Change-Id: Ic274c314ee3cf94e554fafcc8d315c16f6681fc4
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
MyungJoo Ham [Mon, 14 Nov 2016 10:24:01 +0000 (19:24 +0900)]
Remove Profile Build Dependency: Do it at runtime
- This is for Tizen 4.0.
: Tizen 4.0 Configurability and Build Blocks require
to remove all profile-depending build options in spec files.
(No More profile macros!)
- It is recommended to distinguish features/profiles at runtime.
unless it incurs too much overhead, which requires you to
create multiple binaries and subpackages.
The configuration file is /etc/privilege-checker.ini
For example:
$ cat /etc/privilege-checker.ini
[General]
Profile = mobile
$
You can apply same ini file for server-running scenarios.
- This has a bit of code cleaning in build scripts.
(e.g., BuildRequires is global to all subpackages.)
- When you SR this, you need to create JIRA-TRE of:
: Add security-privilege-manager-profile_tv for tv profile
: Add security-privilege-manager-profile_wearable for wearable profile
: Add security-privilege-manager-profile_mobile for wearable profile
patchset7: rebased and coding style updated
Change-Id: I901bf017cd088bbb657144ad34a8d1209b648f15
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
Yunjin Lee [Mon, 23 Jan 2017 05:03:57 +0000 (14:03 +0900)]
Add policy DB update script for mdm blacklist
Change-Id: I7c831554c2e643ac31be9be332e0351b5afbb0cb
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 20 Jan 2017 06:17:00 +0000 (15:17 +0900)]
Apply runtime askuser-disable on new API
Change-Id: I9871901ef1c0e12cbf53ae021df69b4e974ad711
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 16 Jan 2017 07:05:58 +0000 (16:05 +0900)]
Support 2.3 issued web privilege set of mobile/wearable profile for 2.2.x
- There's no platform version 2.2.1 indeed but requirement of backward compatibility exist by product released with version 2.2.x
hence change platform 2.3 issued privilege's from version to 2.2.1 (mapping table only)
- The list of modified privileges are as follows(mobile/wearable)
: account.read, account.write, audiorecorder, call, camera, healthinfo, internet, nfc.cardemulation, volume.set
Change-Id: Ifb45f3c19bd5d0cfa7fb99a51679d8d209c5c9cc
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 13 Jan 2017 07:12:51 +0000 (16:12 +0900)]
Remove negative symbol from return value
- Error enum was modified to negative value hence no need to return error enum with negative symbol
Change-Id: I4c359d5389be4344d07936505679186ce082422c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 4 Jan 2017 06:20:44 +0000 (15:20 +0900)]
Handle black list check error properly
Change-Id: I5756f03a099e67dc31f321d99eeaf12cd0c4a1e6
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Tue, 3 Jan 2017 11:47:03 +0000 (20:47 +0900)]
Fix not exist privilege check bug of web under 2.3.1
Change-Id: Icb1aebf4239ca4c31bf5bc24686da0f034c26135
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 23 Dec 2016 07:34:22 +0000 (16:34 +0900)]
Add API to set/unset privilege disable list
- Add API to set/unset privilege disable list
- Add API to get disabled privilege list of certain user
- Remove compile warning : invalid multibyte sequence
Change-Id: Ib1a07e2adbb23430dde8aec7e3fe4b165a1288cd
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 21 Dec 2016 09:17:23 +0000 (18:17 +0900)]
Add API to get privilege type
- Add API to get privilege type.
It determines privilege type according to the given uid and package id
on the basis of ask policy white list per privacy and mdm black list.
- Add table for privacy white list.
It stores whitelist for ask policy and whether the privacy is user-settable or not.
Possible privacy option format is "*-{privacyA}-{privacyB}.." or "{privacyA}+{privacyB}+...".
If pkg should not be seen in privacy setting menu then set 'settable' flag to 0.
If 'settable' flag is set to 1 for the privacy or not exist for the privacy then then pkg privacy option is user-settable for that privacy.
Change-Id: I720e9f5abcf02c89b3a09238d5fbafe26bf8e044
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 2 Jan 2017 02:25:37 +0000 (11:25 +0900)]
Map internal usermanage privilege to systemsettings.admin
Change-Id: I14ef494c9abb9f0b1dd5f44e9c11668e6c2f9776
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 30 Dec 2016 07:38:32 +0000 (16:38 +0900)]
Add web push privilege to tv profile
Change-Id: I412469beb787742a5b2632e38bf1a4706acc02e2
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 26 Dec 2016 10:10:11 +0000 (19:10 +0900)]
Update wrt privilege mapping table: power privilege
Change-Id: Ia2633d04b871cf2564b4e0531e34253b4ed56289
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jooseong lee [Fri, 23 Dec 2016 02:05:15 +0000 (11:05 +0900)]
Fix typo in previous commit
Change-Id: I9c9a2c9666e647550d3960b1e371b5a92022e5a5
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Thu, 22 Dec 2016 08:06:28 +0000 (17:06 +0900)]
Provide location privilege to all web application (below required version 2.3)
Change-Id: I95cb5a696ad55478bff50791167ddc41feb4f7e0
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jin-gyu.kim [Mon, 19 Dec 2016 02:03:57 +0000 (11:03 +0900)]
Add the functionality to disable askuser in run-time.
Change-Id: I6f542060d29578757103a63f9835e12ba9245fa1
jooseong lee [Fri, 16 Dec 2016 04:09:46 +0000 (13:09 +0900)]
Add display privilege to all web application
When web applications use html video elements, web engine calls
display privileged api, which makes cynanre deny. Display privilege
should be provided to all web application like as Tizen2.x
Change-Id: I32f49289426cfc5e8233e3efe1d399f7516648db
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Yunjin Lee [Mon, 12 Dec 2016 11:17:10 +0000 (20:17 +0900)]
Remove internal privacymanagement and usermanagement privilege from mapping table
Change-Id: I1477b038dd6200083a4892c8b642583b0627c48c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 12 Dec 2016 11:14:25 +0000 (20:14 +0900)]
Do not treat internal privileges as privacy related
Change-Id: Id14795ba85f80e9e374903fbef62ba645a19411a
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Thu, 8 Dec 2016 08:25:58 +0000 (17:25 +0900)]
Change policy db directory and fix typo
- Change policy db directory to TZ_SYS_DB and modify its security configuration for DPM
- Fix typo in profile definition
Change-Id: Ib6feae1a74bd4ff5f172caa0bf669f6053b25a05
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 7 Dec 2016 07:32:04 +0000 (16:32 +0900)]
Add DISABLE_ASKUSER definition for profiles not using it
Change-Id: Iaf37662cc564544cc4756f02f6f0ccafd9dbe917
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>