summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Adrian Szyndela [Thu, 25 Jul 2019 08:01:33 +0000 (10:01 +0200)]
policychecker: allow 'destination without interface' rules
It seems that the checking rules that require all the policy rules
with send_type="method_call" to have specified send_interface
are too strong.
This relaxes the checking rules a bit by allowing rules that:
- are in the "default" or "mandatory" contexts;
- have 'send_type' or 'receive_type set' to "method_call";
- have specified 'send_destination' or 'receive_sender'.
That is, we don't require "send_interface" or "receive interface" anymore
for such rules.
Change-Id: Iefa9bb5a5e23319c7549fa597ab00b5c88600585
sanghyeok.oh [Wed, 8 May 2019 11:58:15 +0000 (20:58 +0900)]
policychecker: rename to dbuspolicy-checker
Use 'dbuspolicy-' as prefix of dbus policy related tool name
Change-Id: I72a6ab822312346a4efc51bd9a5737c52ce90a11
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
sanghyeok.oh [Tue, 23 Apr 2019 06:18:15 +0000 (15:18 +0900)]
policychecker: add rule for group 'priv_*'
/usr/share/security-manager/policy/privilege-group.list
In case of App, 'priv_*' group is assigned by it's cynara privilege.
But, user daemon also has related 'priv_*' groups.
Due to this group assignment policy rule for group priv_* affects application, user daemons and process who has priv_*.
To prevent this unintended situation, block rule for group 'priv_*'.
Change-Id: I888f28375b017ec00c5fb85bc59557b2145bffbc
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
Hyotaek Shim [Fri, 19 Apr 2019 02:12:35 +0000 (11:12 +0900)]
Set PATH env explicitly for better security
Change-Id: If9f558321e170d9653df6715047949dcbf82900d
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Adrian Szyndela [Thu, 10 Jan 2019 11:29:12 +0000 (12:29 +0100)]
policychecker: allow signal rules if send_path is present
In case a rule contained send_path, we required it also to have
send_destination or send_destination_prefix.
However, a rule may be crafted for signals, which are broadcast,
therefore they don't have any destination at all.
This patch relaxes the requirement a bit, allowing rules
having send_path without send_destination under condition that
the rule contains send_interface and send_type='signal' attributes.
Change-Id: I99ff19271121f726df81e2aed8a124a78f7eadbc
Adrian Szyndela [Wed, 9 Jan 2019 15:46:32 +0000 (16:46 +0100)]
policychecker: add rules for send_destination_prefix
Added rules for send_destination_prefix.
Additionally, modified 'default denials' rule to take into account
possible own_prefix values. This is limited by XPath/Schematron
possibilities, and is currently set to 8 prefixes for each
tested destination.
Change-Id: I7a653b1f55339e67e63e9c97b0c6ba37ff2c9b73
Adrian Szyndela [Wed, 12 Dec 2018 15:42:19 +0000 (16:42 +0100)]
dbus-policychecker: adjust maxdepth for xsltproc
Maxdepth 20000 for xsltproc seems to be too low, as it complains
for "potential infinite recursion" when there is no infinite recursion.
Change-Id: I873c8a9a4ba4fd58e13557308bb55cf2470d9b82
Adrian Szyndela [Thu, 15 Nov 2018 16:01:27 +0000 (17:01 +0100)]
policychecker: allow sending signal rules with only send_interface
If the global policy for signals is deny, then we need a way
to choose who can send signals. They (usually) have no destination,
so the allowing rules can't have destination.
This commit changes checking rules to allow policy rules with
send_interface constraint, without send_destination, when
send_type="signal" is allows specified.
Change-Id: I041b4e409cbffeae2edaaec8bb2dfa8f60e3994f
Adrian Szyndela [Thu, 4 Oct 2018 08:44:17 +0000 (10:44 +0200)]
policychecker: simplified field selection
Privilege field selection was selected using two seds,
but it is sufficient to use one cut, as it is suited
precisely for such tasks.
Additionally, minor improvements:
- removed array in favor of space separated string to avoid bash dependency;
- added call to sort for uniq to work properly;
- introduced a variable for cynara database path.
Change-Id: Ica9455cc14f714a2fe0acbea7fe019d067cbf9eb
Hyotaek Shim [Thu, 4 Oct 2018 02:52:32 +0000 (11:52 +0900)]
Add comments on Cynara privilege formats
Change-Id: I3a620bd89deed55231a7c2b52f3abb154c28c805
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Adrian Szyndela [Wed, 3 Oct 2018 13:52:22 +0000 (15:52 +0200)]
policychecker: add more types of privileges
Added three more types of privileges.
Requested by bro kim.
Change-Id: I3219a7b10cd4b5c784a88abe1fb034dde10bb0ff
Adrian Szyndela [Thu, 16 Aug 2018 12:40:21 +0000 (14:40 +0200)]
policychecker: removed at_console from checking duplicates
At_console has its own "deprecated" checking rule, so we assume that
at_console rules are those to be removed. Thus, there is no point
in showing "duplicate" warning for duplicate rules in other contexts.
Change-Id: Ifdf7e3745d7ece49772ba3a3aad01a213b657d0c
Adrian Szyndela [Tue, 14 Aug 2018 13:54:50 +0000 (15:54 +0200)]
policychecker: modified 'Unconstrained allow' rule
Unconstrained allow rule was reporting any allow in context default
or mandatory.
Now, it reports those rules in both contexts that:
- allow send_type='method_call' but do not specify destination and interface;
- allow send_path but do not specify destination;
- allow receive_type='method_call' but do not specify sender and interface;
- allow receive_path but do not specify sender.
Additionally, in user and group context send_destination is required
when send_type="method_call" or send_path is present, and receive_sender
is required when receive_type="method_call" or receive_path is present.
Change-Id: Icd822bf4b3e2f105a07e80ca61415410faaeb00a
Karol Lewandowski [Wed, 11 Jul 2018 10:07:55 +0000 (12:07 +0200)]
packaging: make package 'noarch' as it contains only scripts
Change-Id: Ib7aafe0ce59da009259f22469d83cfc7bf25f701
Karol Lewandowski [Wed, 11 Jul 2018 10:07:45 +0000 (12:07 +0200)]
packaging: minor fixes
Change-Id: I8b61b31c52ff190ac6541e90762fd0895ed018e8
Adrian Szyndela [Thu, 28 Jun 2018 12:49:42 +0000 (14:49 +0200)]
packaging, integrating with Tizen
Also, some improvements in shell scripts.
Change-Id: I10a06b8b30f45722746361b7ce27364baaebc957
Aleksy Barcz [Mon, 25 Jun 2018 14:27:38 +0000 (16:27 +0200)]
Policy checker: initial version
Policy checker is based on Schematron, which allows writing
declarative checks for xml files (see rules.xml file for details) and
yields xml output (which is converted to plain text for readability, but it
can be converted to any format). The checker is a shell script, it
depends only on xsltproc (libxslt-tools package in Tizen), so it's very
lightweight.
We can run the checker on any single dbus configuration file, e.g.:
./check ./test-policy.conf (a test policy containing violations of all
the implemented rules). So, during a package installation we can run
the checker on it's dbus configuration file.
Change-Id: I523b7a730fc93a0d4f99bc8ba750be7b6f0e051c
Tizen Infrastructure [Fri, 22 Jun 2018 05:43:52 +0000 (05:43 +0000)]
Initial empty repository