Zofia Abramowska [Fri, 7 Oct 2016 14:50:13 +0000 (16:50 +0200)]
PrivilegeDb: Add getting packages installed for user
Change-Id: I6be6d8b438918408df20d12b34204e10a0ca750e
Krzysztof Jackiewicz [Thu, 29 Sep 2016 12:25:16 +0000 (14:25 +0200)]
Explicitly instantiate LogSystemSingleton
To guarantee that a template class is instantiated only once it has to be
instantiated explicitly. This should solve the problem with "doubletons". Also,
it makes logs from libsecurity-manager-commons library visible.
Change-Id: I45bc6d6330a7ff27bacf9dfdfcd6a24f1e1225bf
Krzysztof Jackiewicz [Fri, 30 Sep 2016 09:56:53 +0000 (11:56 +0200)]
Limit number of sql queries during installation
Change-Id: Iaad44912ae806544822d26f66add6ce8f0908d0b
jooseong lee [Fri, 7 Oct 2016 08:02:57 +0000 (17:02 +0900)]
Add packagemanger.info privilege for 'User::Shell' domain
Shell process requires packagemanger.info privilege to debug
native applications.
Change-Id: I93e643b50694fb21778063f5fa512908929ee864
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Rafal Krypa [Wed, 28 Sep 2016 16:54:33 +0000 (18:54 +0200)]
Release version 1.2.1
- Change the way of app process label generation
- Update default policy for new domain('User::Shell')
Change-Id: Idad431f3857a936b0ee8c0d2be2f5f0d89205d50
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 29 Sep 2016 13:27:04 +0000 (15:27 +0200)]
Migrate security policy after app labeling schema changed
Adapt existing security policy to patch
5b9adf81 (Change the way of app
process label generation).
Migrate existing policy to support package upgrade:
- modify existing Cynara policy
- modify existing Smack rules for applications
Change-Id: I3d75afe4da2f58040657c01c44a7d57e986332d2
Rafal Krypa [Thu, 29 Sep 2016 13:26:48 +0000 (15:26 +0200)]
Fix policy versioning mechanism
The policy versioning must properly handle two scenarios:
- initial install of security-manager-policy package - mostly happening during
image build
- upgrade of security-manager-policy package - mostly happening during
development
To keep information about policy version, we have the file in
%{TZ_SYS_VAR}/security-manager/policy-version. Update script will check the
current value of policy version and apply appropriate update.
But during image build, the entire policy will be provided in desired version
at once, so the package must provide final version value to the configuration
file.
Previous mechanism had a flaw that preveted update scripts from running in both
scenarios. Configuration files marked as %config(noreplace) in RPM spec file
aren't overwritten with a new version during package upgrade, but there is an
exception for that rule. If the configuration file wasn't modified on disk, the
new file from upgraded package will overwrite the old one. And the policy update
script is run from %post section, when all files from the new package are
already unpacked.
To solve the above problem, a modified version upgrade is provided:
- security-manager-policy will provide an empty policy-version file as
%config(noreplace). The contents of this file in the package will not change
- policy update script will check the version file:
* if it's not empty, the script will apply relevant migration updates and
write higher version to the file (supporting package upgrade scenario)
* if it's empty, the script will write there latest available version number,
without actually applying the updates (supporting image build scenario)
Additionally, to fix the previous versioning schema, if the policy-version file
exists and is not-empty (package upgrade) and equal to 1, special actions will
be taken to handle security-manager-policy upgrade from version 1:
- the policy-version file will be modified by %pre script to put "0" value in it
Thanks to this step, an upgrade from policy version 1 will be performed as
expected. This is needed as workaround move from non-working upgrade mechanism
to a working one.
Change-Id: I4bcdcd2d6db63e25711b6bd25b03531f13e5d1da
Rafal Krypa [Thu, 29 Sep 2016 14:33:11 +0000 (16:33 +0200)]
Merge remote-tracking branch 'sandbox/zabramowska/hybrid' into tizen
Change-Id: I02ff2db20b2ff327724fc574ad16f86cceb84efa
Rafal Krypa [Thu, 29 Sep 2016 14:30:59 +0000 (16:30 +0200)]
Fix what I broken while amending
5b9adf81b4
Correct my optimizaion of SmackRules::generateAppPkgNameFromLabel().
Now it should properly locate "::App::" substring in the analyzed label.
Change-Id: I9289d1ab5bf0336bd6f42fa38ee31cfcfaba5cf5
jooseong lee [Mon, 26 Sep 2016 07:14:14 +0000 (16:14 +0900)]
Update default policy for new domain('User::Shell')
New domain is for shell process, which need packagemanger.admin
privilege to install applications. And root shell will get all privileges.
* Add new domain : https://review.tizen.org/gerrit/#/c/89586/
* Update onlycap list : https://review.tizen.org/gerrit/#/c/89619/
Change-Id: I9e079edad90615c1a3af16b35c10aaaa65993b80
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Zofia Abramowska [Thu, 15 Sep 2016 13:01:59 +0000 (15:01 +0200)]
SmackRules: Don't add rule when subject==object
Change-Id: I1c57783927a9ed3cf79bfda1dd929e375caff94e
Zofia Abramowska [Thu, 8 Sep 2016 16:29:45 +0000 (18:29 +0200)]
Change the way of app process label generation
Application process label depends on isHybrid flag, if flag
value is:
* 0 - all applications in package has the same process label:
"User::Pkg::pkg_id"
* 1 - each application in package has different process label:
"User::Pkg::pkg_id::App::app_Id"
Due to this change, app identifying API changes its behaviour:
for hybrid applications both app_id and pkg_id are returned,
for non-hybrid applications only pkg_id is returned.
From now on identyfing particular application is not always
possible.
Change-Id: Ice62b03be632524ec452569b6c8419f357db1b7f
Rafal Krypa [Tue, 27 Sep 2016 11:16:59 +0000 (13:16 +0200)]
Pass application labels instead of names in security_manager_monitor
In an upcoming change, generation of application process label will
require additional information, application name will not be sufficient.
To keep security_manager_monitor functional and effective, it is better
to generate application label on the service side and take the labels
without further processing on the client side.
Appropriate policy migration is also provided to migrate old apps-names
files to new apps-labels.
Change-Id: Ica3b2a0dc4f3295e4ead71285684c656e34f2006
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 19 Sep 2016 08:24:38 +0000 (10:24 +0200)]
Add policy migration infrastructure
Add support for migrating policy configuration. We already have policy version
information (current version is 1). When a change happens, appropriate script
should be provided for migration and bumping the version.
Change-Id: Iee5bdcc368a879053cd20e8feb37b67931218ad3
Rafal Krypa [Wed, 18 May 2016 09:32:31 +0000 (11:32 +0200)]
Use C++ file interface in permissible-set
Read and write files with enabled app labels using C++ interface instead of
pure glibc.
Change-Id: I81dce9bc6f3ef6ec2ac910deb22c31f7edbfdc5a
Zofia Abramowska [Thu, 8 Sep 2016 10:05:11 +0000 (12:05 +0200)]
Pass pkgName and isHybrid flag to label generation
Change-Id: I1663fe48998014e4b8a0dd53220cfed64cc154e9
Zofia Abramowska [Wed, 7 Sep 2016 16:14:30 +0000 (18:14 +0200)]
Pass labels instead of appNames in SmackRules
Change-Id: Ib89939a4c785517e9e7654f6f62b98fc83cac2a1
Zofia Abramowska [Tue, 6 Sep 2016 15:01:17 +0000 (17:01 +0200)]
Fetch process label from service
Change-Id: I961de3bc1aff1a98f9062c881ca75f858319551f
Zofia Abramowska [Wed, 7 Sep 2016 11:18:40 +0000 (13:18 +0200)]
Fetch is_hybrid flag from db
Change-Id: Ie77b94b551bedb4eff569379f0c0726578147d7f
Zofia Abramowska [Fri, 2 Sep 2016 16:35:53 +0000 (18:35 +0200)]
Add is hybrid flag to application install request
"IsHybrid" is introduced to distinguish between different
types of packages. Hybrid package assumes, that applications
inside it can have different privileges, so they should be
labeled separately. Any other package will have all applications
labeled the same and label will be generated from package name.
This commit does not yet interpret this flag, apart from db,
From now on db will accept only applications from the same package,
which have the same setting of isHybrid flag.
Change-Id: Ic94d2147fa9684279d8b8a41ad6ee99b555cd766
Zofia Abramowska [Fri, 2 Sep 2016 14:51:14 +0000 (16:51 +0200)]
Change names of smack rules templates
Change-Id: Ifa2ca9aa7b53dec6ae1a5a09de4f452c994ea056
Rafal Krypa [Tue, 20 Sep 2016 11:41:36 +0000 (13:41 +0200)]
Release version 1.2.0
- Add internal privilege for internal APIs
- Add support for USER_TYPE_SECURITY
- Add policy versioning
- Add API for identifying application from Cynara client
Change-Id: Ibe72a331a8acd08ff3eadc8749b34b91ea0d523c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Zofia Abramowska [Fri, 16 Sep 2016 09:57:35 +0000 (11:57 +0200)]
Add API for identifying application from Cynara client
Change-Id: I1f906cb2200fc38e99f5225b951b596ff2d5c507
Zofia Abramowska [Tue, 6 Sep 2016 09:33:24 +0000 (11:33 +0200)]
Add policy versioning
Policy versioning will be used to reload policy when the
way it is generated changes. Additional script for reloading policy
between versions will be provided when policy generation is changed.
Change-Id: I778b6ebcdf6233924223921f65e2a037df0345b3
Zofia Abramowska [Mon, 29 Aug 2016 13:19:14 +0000 (15:19 +0200)]
Add support for USER_TYPE_SECURITY
Change-Id: I45ba88fc3a69ec632af6b195f82e288a25388288
jooseong lee [Mon, 25 Jul 2016 05:13:16 +0000 (14:13 +0900)]
Add internal privilege for internal APIs
Internal APIs are only for service daemons, which means any applications
must not call them. To internal policy checking inside daemon’s code,
we can use cynara check with this new internal privilege.
* http://tizen.org/privilege/internal/service
There are some internal privileges for the same purpose,
such as inputdevice.block privilege. These privileges will be replaced
to this privilege.
Change-Id: I415e635f017fb83d8a326739077635b2537d4db7
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Yunjin Lee [Mon, 5 Sep 2016 07:09:26 +0000 (16:09 +0900)]
Release version 1.1.17
- Add/remove core privilege(fido.client/ dpm.settings)
- Remove core privilege : vpnservice.admin
- Fix log prefix (tag) for Pedantic log level
- Check tgkill() result
- Move release fence after the last global variable is modified
- Replace obsolete tkill with tgkill
- Add variadic template for deserialization
Change-Id: Ida63ca692cfce636ca78a64ac2c2a5383abaf397
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 31 Aug 2016 08:45:30 +0000 (17:45 +0900)]
Add/remove core privilege
- add fido.client
- remove dpm.settings
Change-Id: If4e4e15692f11afd11269c938e657d2fc6bf7680
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 12 Aug 2016 02:24:07 +0000 (11:24 +0900)]
Remove core privilege : vpnservice.admin
Refer to https://review.tizen.org/gerrit/#/c/83497/
Change-Id: Ieaf205d822bc560955b9c5464d2b98988c4cf08c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Radoslaw Bartosiak [Mon, 22 Aug 2016 11:01:50 +0000 (13:01 +0200)]
Fix log prefix (tag) for Pedantic log level
Change-Id: If973da5d653d2a5f5bee49a2d321e1232968cedf
SigODned-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Krzysztof Jackiewicz [Wed, 24 Aug 2016 14:45:21 +0000 (16:45 +0200)]
Check tgkill() result
tgkill() returns an error if we're attempting to send a signal to non-existing
thread. If this is the case don't increment the sent signals counter.
Change-Id: I1cf10fe5a056e7715660b02647dfdef4a6406ff3
Krzysztof Jackiewicz [Wed, 24 Aug 2016 13:49:22 +0000 (15:49 +0200)]
Move release fence after the last global variable is modified
The global variable g_tid_attr_current_map is being read by other threads. To
guarantee that its modification in main thread is visible in other threads the
release fence should be set *after* the modification.
Change-Id: Iff7bdd4053baa86f13a0465e52c599396e2dcb8f
Krzysztof Jackiewicz [Wed, 24 Aug 2016 13:59:33 +0000 (15:59 +0200)]
Replace obsolete tkill with tgkill
Change-Id: I23c2ecf80802b7fdfb9a14c19265285579d69266
Bartlomiej Grzelewski [Mon, 13 Jun 2016 09:42:22 +0000 (11:42 +0200)]
Add variadic template for deserialization
Similiar template already exist for serialization
Change-Id: I922e8f08f658645a61b62a74eaa8928d7bb238c7
jin-gyu.kim [Mon, 29 Aug 2016 01:22:31 +0000 (10:22 +0900)]
Release version 1.1.16
Implement libnss_securitymanager
Add security_manager_groups_for_uid()
Rewrite shared RO directory support in security-manager
Change-Id: Ia84f81babf4fef47eb21409c00a0c239570811ff
Mateusz Forc [Fri, 19 Aug 2016 10:52:01 +0000 (12:52 +0200)]
Rewrite shared RO directory support in security-manager
Extend support to all apps instead of only 2.x apps.
Migrate database to version 7:
Add shared_ro INTEGER column in pkg table
Conflicts:
src/common/include/privilege_db.h
src/common/privilege_db.cpp
Change-Id: Id925342c37651ee0d87cf14de4d806ef63c678fb
Aleksander Zdyb [Wed, 22 Jun 2016 12:31:44 +0000 (14:31 +0200)]
Implement libnss_securitymanager
It's a Name Service Switch plugin needed to apply
additional, resource related groups for users.
Change-Id: Ie702a22e73e9a23ef71d595bce44ec17bf8b7dde
Aleksander Zdyb [Wed, 22 Jun 2016 12:47:52 +0000 (14:47 +0200)]
Add security_manager_groups_for_uid()
This function returns resource-related groups for
given user.
Change-Id: I8b4a2bf2c2e85769543929e0ff5f0247dd60137a
Yunjin Lee [Mon, 22 Aug 2016 05:03:14 +0000 (14:03 +0900)]
Release version 1.1.15
Add core privilege: appdir.shareddata
Change-Id: I695d2b5c2296c6a1460bbef269cd592a201a48d1
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 22 Aug 2016 01:48:51 +0000 (10:48 +0900)]
Add core privilege: appdir.shareddate
Change-Id: I505c39c3e1335fdc2b1c784bd77a1cb633726202
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Tomasz Swierczek [Fri, 12 Aug 2016 17:13:29 +0000 (19:13 +0200)]
Release version 1.1.14
Moving user and global apps-names files to /opt/var
Simplify declaration and generation of unique_ptrs
Fix contraints for app installation.
Change-Id: Ifc962b06f15e18b505d63771b008145fe42b80d7
Radoslaw Bartosiak [Thu, 4 Aug 2016 17:09:53 +0000 (19:09 +0200)]
Moving user and global apps-names files to /opt/var
Due to introduction of lazymount, config files must be
moved to new destinations (which are mounted earlier)
*) /opt/var/security-manager/apps-names (global file)
**) /opt/var/security-manager/{USER}/apps-names (local file)
Change-Id: Iaf7ec74d8bc596eb377b15aad9cab9f8f857d966
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsunODg.com>
Rafal Krypa [Wed, 1 Jun 2016 08:24:29 +0000 (10:24 +0200)]
Simplify declaration and generation of unique_ptrs
The unique_ptr-based RAII pattern is used in several places in
security-manager. Declaration of unique pointer variables can be awkward
and hard to read.
This patch hides the nasty details of unique_ptr types declaration behind
a template function. It is loosely inspired by std::make_unique from C++14.
Change-Id: Ifbd8b5ab409fd8646d149d6294cb60bd2ac873a8
Krzysztof Jackiewicz [Wed, 6 Apr 2016 13:55:20 +0000 (15:55 +0200)]
Fix contraints for app installation.
[Problem] It's possible to insert an app similar to existing one (differs with
version, pkg name, author name) or pollute the db with unused entries in pkg
and author.
[Solution] Split app table into app(package) and user_app(instances). Introduce
more strict constraint checking.
[Verification] Run security-manager-tests --regexp=49 (and all remaining tests
as a regression check)
Change-Id: I2fb02f75981748024de93c2d486fa6eb8afaf88a
Yunjin Lee [Fri, 22 Jul 2016 01:53:56 +0000 (10:53 +0900)]
Release version 1.1.13
Change-Id: Ifd347ce6176c19b2b08906b11386aac62ce2df14
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 22 Jul 2016 01:48:35 +0000 (10:48 +0900)]
Fix typo in service file SmackProcessLabel set
Change-Id: I2971f9a7d209869ce3e7919a0b1dd0757225dcd3
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jooseong lee [Thu, 21 Jul 2016 00:56:10 +0000 (09:56 +0900)]
Release version 1.1.12
Handle missing Cynara error codes, throw specific exceptions
Add missing logs in service on several service calls
Mark old path registration function as deprecated
Set SmackProcessLabel to System::Privileged
Change-Id: I584efb6ca2783a0ba896512fcbb7a472bdc71c58
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Yunjin Lee [Wed, 20 Jul 2016 10:45:02 +0000 (19:45 +0900)]
Set SmackProcessLabel to System::Privileged
Change-Id: I01a252b8d209d21440477ff82fc3611f8dc191bf
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Krzysztof Jackiewicz [Thu, 28 Apr 2016 13:45:39 +0000 (15:45 +0200)]
Mark old path registration function as deprecated
[Problem] security_manager_app_inst_req_add_path is deprecated
[Solution] mark as deprecated
[Verification] Successfull compilation
Change-Id: I55d235d3e98b376348a6373573838fe1489fe750
Rafal Krypa [Thu, 30 Jun 2016 15:12:11 +0000 (17:12 +0200)]
Add missing logs in service on several service calls
Some service calls do produce debug logs, some other don't.
This patch adds missing ones.
Change-Id: Ic33c2f2053cf2ee8f4f6b41aa1f0abc92cff1cec
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 30 Jun 2016 15:14:08 +0000 (17:14 +0200)]
Handle missing Cynara error codes, throw specific exceptions
Some new error codes have been added to Cynara:
- CYNARA_API_CONFIGURATION_ERROR
- CYNARA_API_INVALID_COMMANDLINE_PARAM
- CYNARA_API_BUFFER_TOO_SHORT
- CYNARA_API_DATABASE_CORRUPTED
Change-Id: Ieb12ca2ff2b7650acbe2478761254bfc7ce7a2c9
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
jooseong lee [Thu, 14 Jul 2016 13:03:30 +0000 (22:03 +0900)]
Release version 1.1.11
Add systemd option - Restart
Update policy template for onlycap featur
Change-Id: Ib3a76acf0f965fbea1d2dc9a275a49e579911aa8
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Thu, 14 Jul 2016 11:31:59 +0000 (20:31 +0900)]
Update policy template for onlycap feature
We add new sub domain('System::Privilege') to System domain.
Refers to: https://review.tizen.org/gerrit/#/c/80083/
Change-Id: Ibb4b84ffbc0b3bab73ccb1c8d3c5aa1a200e8a1e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Kidong Kim [Mon, 11 Jul 2016 07:52:19 +0000 (16:52 +0900)]
Add systemd option - Restart
If service terminates unexpectedly, security-manager should
be restarted always.
Change-Id: I0bdf66cbdffeb535e48342739ef375fa365e4678
Signed-off-by: Kidong Kim <kd0228.kim@samsung.com>
Tomasz Swierczek [Fri, 1 Jul 2016 08:16:04 +0000 (10:16 +0200)]
Release version 1.1.10
Don't store application privileges in db
Fix return type in setup_smack function
Do not exit when security_manager_prepare_app fails
Change-Id: Ibeb5737d096f2e9b70ffcc21e89db2441de81200
Bartlomiej Grzelewski [Mon, 13 Jun 2016 10:15:43 +0000 (12:15 +0200)]
Remove definition PRIVILEGE_VERSION
You cannot have macro and value with the same name.
As this definition was not used in the project it has
been removed instead of fixing.
Change-Id: I15ffa99bf155859afb1906d137422db5d7614849
Kidong Kim [Fri, 1 Jul 2016 07:59:11 +0000 (16:59 +0900)]
Do not exit when security_manager_prepare_app fails
Because security_manager_prepare_app is called by launcher directly,
I think the launcher should do error handling by itself. This is problem
reported by product team, and identified as being successful after
applying this patch
Change-Id: Icf94ef07ef92bff8e2ce631bb72026e999ef6c15
Signed-off-by: Kidong Kim <kd0228.kim@samsung.com>
Oskar Ĺšwitalski [Wed, 29 Jun 2016 07:41:53 +0000 (09:41 +0200)]
Fix return type in setup_smack function
Change-Id: I52c8390beb6264ae0fddfcf3e02062fbafaed7b7
Signed-off-by: Oskar Ĺšwitalski <o.switalski@samsung.com>
Rafal Krypa [Thu, 30 Jun 2016 13:59:01 +0000 (15:59 +0200)]
Don't store application privileges in db
Application privileges are now retrieved from Cynara whenever needed.
Private database of security-manager doesn't need to duplicate this data,
Cynara now acts as storage for app-privilege assignment.
Change-Id: I5b799e88dddbd622ac44b88e41baf8e88c9327d0
Tomasz Swierczek [Tue, 28 Jun 2016 10:22:51 +0000 (12:22 +0200)]
Release version 1.1.9
Define PATH environment variable in scripts.
Fix wrong tizen2X apps fetching on app uninstall
Change-Id: I29e336f633a4e79ed5fedb7f8b1a72a3167d8df7
jin-gyu.kim [Tue, 28 Jun 2016 07:55:58 +0000 (16:55 +0900)]
Define PATH environment variable in scripts.
Change-Id: I0b144b5dac51f84ff2256dfa0abcb8e5872af603
Zofia Abramowska [Fri, 24 Jun 2016 11:01:49 +0000 (13:01 +0200)]
Fix wrong tizen2X apps fetching on app uninstall
Change-Id: I9fea05b7c765b0bd9e36cf9d6f211f0f225b245e
Tomasz Swierczek [Thu, 23 Jun 2016 14:52:34 +0000 (16:52 +0200)]
Release version 1.1.8
Fix global apps deinstallation
Remove DPL String class and dependencies on it
Add internal privilege for web only privilege
ServiceImpl: remove sharing rules on application uninstall
PrivilegeDB: Add private sharing squashing
PrivilegeDB: Add getters for fetching owner/target private sharing
Return error when private sharing doesn't exist
Change-Id: I66f63e3d17ef3d2344a4606e60daf1a037d8fed8
Radoslaw Bartosiak [Thu, 23 Jun 2016 14:33:12 +0000 (16:33 +0200)]
Fix global apps deinstallation
Change-Id: I374ad96218304714af15f23dbfdf1173fbd56c3a
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Thu, 23 Jun 2016 09:24:59 +0000 (11:24 +0200)]
Remove DPL String class and dependencies on it
Security-manager doesn't use DPL String, it was taken in as requirement
of DPL SQLConnection. The DPL String class introduces needless dependency
on libicu. Since our code doesn't operate on UTF-8 strings and doesn't
really need libicu, it's better to drop DPL String altogether.
Change-Id: Ia64a7e8ac8237642b0aae8b74bed28ddcaefe8c4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Yunjin Lee [Mon, 13 Jun 2016 08:13:16 +0000 (17:13 +0900)]
Add internal privilege for web only privilege
Some web APIs are not a wrapper of native API so web privileges for those have no mapping native privilege.
They all are mapped to http://tizen.org/privilege/notexist now so web application with one of those privilege can get access to other web only privilged APIs.
Therefore we add internal privileges for them to check the permission properly. (format of http://tizen.org/privilege/internal/web/xxxx)
If web privilege name is http://tizen.org/privilege/websetting then mapping internal privilege name is http://tizen.org/privilege/internal/web/websetting.
Change-Id: I8385fa80c17e2b830c944aaa07c6ea3e5758b898
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Rafal Krypa [Wed, 15 Jun 2016 14:10:14 +0000 (16:10 +0200)]
ServiceImpl: remove sharing rules on application uninstall
Drop all related private sharing to uninstalled application
(where it appears as owner application or target application).
Change-Id: I3b9b73f325486c5463b6a38be23d0bad2bce5399
Rafal Krypa [Wed, 18 May 2016 08:02:22 +0000 (10:02 +0200)]
PrivilegeDB: Add private sharing squashing
Squash specific private sharing so counter is set to 1.
This makes it easier to remove private sharing for
uninstalled applications.
Change-Id: Ide7360d4381ffa26492a176fe1d2d64247b22d31
Zofia Abramowska [Fri, 26 Feb 2016 16:08:51 +0000 (17:08 +0100)]
PrivilegeDB: Add getters for fetching owner/target private sharing
Add getter functions to privilege db to fetch sharing info for
specified owner application or specified target application.
These are required to properly drop rules on application
uninstallation.
Change-Id: I7ea9933d65f453cf8838c519759be9a4036dacb9
Zofia Abramowska [Thu, 7 Apr 2016 10:57:01 +0000 (12:57 +0200)]
Return error when private sharing doesn't exist
Change-Id: Ib2f79da356c9b6830afe0654e79f70b627842ec4
Tomasz Swierczek [Thu, 16 Jun 2016 12:22:12 +0000 (14:22 +0200)]
Release version 1.1.7
Add internal privilege for app debugging
Add core privileges
Add check if privileges were properly dropped
Threads security context synchronization
Added parameter mode and made more generic getDirContents function
Prepare setup_smack client function for running without CAP_MAC_ADMIN
Fix installation user mangling
Disable ASKUSER policy by default
Fix policy access control for accessing another user's policy
Add proper policy setup for privacy-related privileges
Fix doxygen comments
Change-Id: I72faf5a7c10fe28cde0e6ed22bb8fe7c82189109
Yunjin Lee [Tue, 10 May 2016 06:58:21 +0000 (15:58 +0900)]
Add internal privilege for app debugging : when specific option is set, app-installers will add this privilege to app privilege list
Change-Id: I75cd6c567d67c3963e0629c2dd2f2e5e7c7bebdf
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Fri, 17 Jun 2016 04:20:31 +0000 (13:20 +0900)]
Add core privileges
- antivirus.* privileges: antivirus.admin, antivirus.scan, antivirus.webprotect
- dpm.* privileges: dpm.bluetooth, dpm.browser, dpm.camera, dpm.clipboard, dpm.debugging, dpm.email, dpm.location, dpm.lock, dpm.message, dpm.microphone, dpm.password, dpm.security, dpm.settings, dpm.storage, dpm.usb, dpm.wifi, dpm.wipe, dpm.zone
It refers to https://review.tizen.org/gerrit/#/c/75182/
Change-Id: I8740097ba9ef12100426e56e9f69ca6799c449b4
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Rafal Krypa [Thu, 14 Jan 2016 15:48:19 +0000 (16:48 +0100)]
Add check if privileges were properly dropped
Check if every thread in process has same stats as thread
calling security_manager_prepare_app() and exit from process
if they do not.
Change-Id: I008c2b8e442edb6a5f9f1d74bf13f95465b6bdca
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Zbigniew Jasinski [Wed, 1 Jun 2016 15:43:29 +0000 (17:43 +0200)]
Threads security context synchronization
- use lambda as signal handler
- return error if not all threads synced
- change NULL to nullptr
- added std::atomic_thread_fence for memory synchronization
- block SIGUSR1 signal during threads counting
- set signal set to empty
- added waiting loop for signal propagation
- reset signal handler after threads synced, not before
- synchronization of both: Smack labels and Linux capabilities
Change-Id: Ia9d6a503e88523c387ab1ba30e0e9a5a94f05a5c
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Zbigniew Jasinski [Wed, 8 Jun 2016 10:03:26 +0000 (12:03 +0200)]
Added parameter mode and made more generic getDirContents function
Like previously, for files in dir use getFilesFromDirectory.
For listing directories only - getDirsFromDirectory.
Change-Id: Ic7ed060fcbaef90e3a6f15d8815a3f1ec522d062
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Tomasz Swierczek [Fri, 10 Jun 2016 11:59:00 +0000 (13:59 +0200)]
Prepare setup_smack client function for running without CAP_MAC_ADMIN
Without CAP_MAC_ADMIN we'll not be able to relabel opened sockets, which,
after analysis, seems unnecessary.
Change-Id: I2c2d7af60cbfe79e9a5edc9ee56ef5e1ed9edbf7
Radoslaw Bartosiak [Fri, 10 Jun 2016 15:14:09 +0000 (17:14 +0200)]
Fix installation user mangling
Set global user as the owner of preloaded applications and
applications installed globally.
Change-Id: Idb3f194aacefa7afaa047de6bfdfdb1bee6b8736
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Tomasz Swierczek [Wed, 8 Jun 2016 07:50:36 +0000 (09:50 +0200)]
Disable ASKUSER policy by default
This is needed for UI-less Tizen (potential) profiles.
Change-Id: Icb4a801b598c074412c770047cbc7686780ed704
Tomasz Swierczek [Fri, 3 Jun 2016 12:04:19 +0000 (14:04 +0200)]
Fix policy access control for accessing another user's policy
Test with: https://review.tizen.org/gerrit/#/c/73009/
Change-Id: I8eb503d6a2ffb21afecf65206fdef28458734283
Tomasz Swierczek [Wed, 1 Jun 2016 13:44:47 +0000 (15:44 +0200)]
Add proper policy setup for privacy-related privileges
Thanks to privielge-checker module API we can setup
"ASK-USER"/popup Cynara policy for privacy-related privileges.
Test with https://review.tizen.org/gerrit/#/c/72604/
Change-Id: I6bb8bc1dffc1e607c09b7722c6fac33b29620b4e
Lukasz Pawelczyk [Fri, 10 Jun 2016 11:42:52 +0000 (13:42 +0200)]
Fix doxygen comments
This fixes all of the doxygen comment tags (/**) and a plethora of other
errors and inconsistencies. Mostly missing argument names for \param.
This is not a comprehensive doxygen comments review, but it does fix all
the doxygen errors and warnings and makes it possible to generate
somewhat correct doxygen documentation.
Change-Id: Ib030dab7a5c116a8a6a9ccb3665dd79163a7b632
Tomasz Swierczek [Wed, 25 May 2016 11:12:55 +0000 (13:12 +0200)]
Release version 1.1.6
Changes:
Fix issues with local user app instalaltion and inotify file watches.
Fix and generalize generation of default "apps-names" configuration files
Allow application directories to be placed in /etc/skel/apps_rw
Introduce an interface class for tzplatform-config
Implement API for managing list of permitted labels for launcher
Simplify and fix code generating SharedRO Smack rules
Cleanup around Tizen2X apps/packages generation functions
Add tizen version handling to the cmd line tool
Add dlog log provider. Make log backend configurable.
Revert "Completely remove dlog remainings"
Change-Id: I0ec94afe33c98a5023836ba1e19460e4525d9628
Rafal Krypa [Wed, 4 May 2016 14:24:15 +0000 (16:24 +0200)]
Remove executable bit from non-executable files
Source files should not be marked as executable.
Change-Id: I44d9bea2cb0979dbb82cc03b451ded57c95f2041
Tomasz Swierczek [Wed, 25 May 2016 09:50:56 +0000 (11:50 +0200)]
Fix issues with local user app instalaltion and inotify file watches.
Added per-user context to usage of tzplatform-config.
Change-Id: I20b145169d056bbbd3683713167c9b9655bdcbbd
Rafal Krypa [Wed, 25 May 2016 07:47:09 +0000 (09:47 +0200)]
Fix and generalize generation of default "apps-names" configuration files
Per user "apps-names" files are used by recently merged functionality for
app label monitor for the application launcher.
The following fixes are provided:
- Don't hardcode /etc/skel/apps_rw, generate it from tzplatform-config
- Apply Smack labels in %post instead of %install to make the labels
effective. RPM packages don't keep file xattrs, Smack labels must always
be applied in package %post or in manifest.
- Mark the files as config files to avoid overwrite of apps-names in
TZ_SYS_RW_APP when security-manager is upgraded
Change-Id: I18a3cc81fad0759b453a1c3b1b14ddea443bde56
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 23 May 2016 09:55:43 +0000 (11:55 +0200)]
Allow application directories to be placed in /etc/skel/apps_rw
For the purpose of registering paths for each user, including users that
aren't yet created, installer wants to place some initial files or
directories in /etc/skel. If installation request in security-manager is
of type SM_APP_INSTALL_GLOBAL or SM_APP_INSTALL_PRELOADED, it will now
allow such paths.
Change-Id: I270034db426dce306bc149e27099290c7c26b10d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 23 May 2016 15:43:59 +0000 (17:43 +0200)]
Introduce an interface class for tzplatform-config
Create TizenPlatrofmConfig wrapper class for tzplatform-config library.
The wrapper takes care of error checking, user context and type conversions.
Change-Id: I1bd8e7cbcd525ece909cecf4f14a9b7c6fa5d5f4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Radoslaw Bartosiak [Fri, 29 Apr 2016 14:16:22 +0000 (16:16 +0200)]
Implement API for managing list of permitted labels for launcher
Four new API functions:
- security_manager_app_labels_monitor_init
- security_manager_app_labels_monitor_finish
- security_manager_app_labels_monitor_get_fd
- security_manager_app_labels_monitor_process
They provide functionality needed for the launcher to run without
CAP_MAC_ADMIN. It will rely on new feature of Smack:
relabel-self list of labels, that a process can change its label
to without special capabilities.
The new APIs will enable the launcher to wait for changes of
apps labels list (when an app is installed or uninstalled) and
to update its relabel-list with a separate, dedicated function.
Change-Id: I1d8a7bce8c081ba27e7c388ee096c7c07005d92d
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Rafal Krypa [Fri, 20 May 2016 11:55:04 +0000 (13:55 +0200)]
Simplify and fix code generating SharedRO Smack rules
Smack rules for cross-package access to SharedRO labels are now kept in
a separate file that is fully regenerated after a Tizen 2.x application
is installed or removed.
This also fixes error that the previous implementation had, with superflous
Smack rule from Tizen 2.x applications to SharedRO rule of their own pkg.
Such rules collided with rules of the same subject and object but different
access modes. Each app gets such rule for SharedRO label of own package
from app-rules-template.smack template, but with RW access. Overwrite of
such rule by cross-package RO rule lead to incorrect access.
Change-Id: I70ee47606c7548d1c0d2dee83eacaae4b64cea9c
Lukasz Pawelczyk [Thu, 12 May 2016 10:56:11 +0000 (12:56 +0200)]
Cleanup around Tizen2X apps/packages generation functions
Create two separate functions, one for apps and one for packages. This
way we remove code duplication that was there before.
Remove the exclusion rule from the "packages" part. It wouldn't even work
properly when there were more then one app from the same package and was
just confusing. Further commits in this series are about handling
possible duplicates properly.
Change-Id: I31f3cb032cb1baab2940e9847547e3d2e3921335
Lukasz Pawelczyk [Wed, 11 May 2016 12:50:27 +0000 (14:50 +0200)]
Add tizen version handling to the cmd line tool
Change-Id: I4ce2d523599131f64999f227251d31620e3f1749
Dariusz Michaluk [Mon, 2 May 2016 08:11:29 +0000 (10:11 +0200)]
Add dlog log provider. Make log backend configurable.
Change-Id: I5474b0eb641e0349d8f2c6b30080f527fe8be53d
Dariusz Michaluk [Mon, 2 May 2016 07:03:15 +0000 (09:03 +0200)]
Revert "Completely remove dlog remainings"
This reverts commit
756ca93d1b5cb1024919aae81723a7a03434c9a3.
Change-Id: Ic05a47a70cdce84b88fdd1727dff1d8747f05d9c
jooseong lee [Wed, 18 May 2016 01:50:36 +0000 (10:50 +0900)]
Release version 1.1.5
Changes:
Fixing small spelling error in db.sql, reproduction only with building new image with MIC
Require usermanagement permission for local app installation for other users
Fix the update of package cross-rules during uninstallation
Path registration requests - server side implementation
Path registration requests - client side implementation
Move author_id to pkg - server code adjustment
Move author_id to pkg - db migration
Add path registration API stub
Add privilege-group mapping for tethering.admin privilege
Change-Id: If05b9ead7643cfa971f65d680879bacb9d48030e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Tomasz Swierczek [Tue, 17 May 2016 11:34:43 +0000 (13:34 +0200)]
Fixing small spelling error in db.sql, reproduction only with building new image with MIC
At image-build time DB was created from scratch and one SQL command was broken.
Column name was fixed.
Change-Id: I9d4be97489299529a18d7345cf253ab00e2ee752
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
Rafal Krypa [Tue, 10 May 2016 16:06:50 +0000 (18:06 +0200)]
Require usermanagement permission for local app installation for other users
When installation type is set to SM_APP_INSTALL_LOCAL, but uid in the
request is different that uid of the calling user, security-manager will
now require the usermanagement permission, i.e.:
http://tizen.org/privilege/internal/usermanagement
The following API functions are affected:
- security_manager_app_install
- security_manager_app_uninstall
- security_manager_paths_register
Change-Id: Ic9e583e4da923ea391987fbb0cfff7f0abbbc2bb
Krzysztof Jackiewicz [Wed, 4 May 2016 09:26:46 +0000 (11:26 +0200)]
Fix the update of package cross-rules during uninstallation
[Problem] During app uninstallation the package rules are updated basing on the
list of apps being a part of the package. However the app being uninstalled is
not removed from this list which may generate unwanted smack rules.
[Solution] Remove uninstalled app from package contents list.
[Verification] Test is not yet implemented.
Change-Id: I867e65a996d0c797dfab9bcaaf15bbaf1a4261c4
Krzysztof Jackiewicz [Mon, 2 May 2016 09:16:16 +0000 (11:16 +0200)]
Path registration requests - server side implementation
[Feature] Provide API for package path registration
[Solution] Update server side logic.
[Verification] Run tests
Change-Id: Ie20db0c0764d48b97ef195ea422aa120f38c7125
Krzysztof Jackiewicz [Mon, 2 May 2016 07:28:33 +0000 (09:28 +0200)]
Path registration requests - client side implementation
[Feature] Provide API for package path registration.
[Solution] Add client side implementation + communication.
[Verification] Run tests. TODO prepare tests.
Change-Id: Iae9a03894a9780fb4b0a9242e278e940d2e2989d
projects / platform / core / security / security-manager.git / log