review.tizen.org Git - platform/core/security/security-manager.git/log

Add API for identifying application from Cynara client

Change-Id: I1f906cb2200fc38e99f5225b951b596ff2d5c507

Add policy versioning

Policy versioning will be used to reload policy when the
way it is generated changes. Additional script for reloading policy
between versions will be provided when policy generation is changed.

Change-Id: I778b6ebcdf6233924223921f65e2a037df0345b3

Add support for USER_TYPE_SECURITY

Change-Id: I45ba88fc3a69ec632af6b195f82e288a25388288

Add internal privilege for internal APIs

Internal APIs are only for service daemons, which means any applications
must not call them. To internal policy checking inside daemon’s code,
we can use cynara check with this new internal privilege.

* http://tizen.org/privilege/internal/service

There are some internal privileges for the same purpose,
such as inputdevice.block privilege. These privileges will be replaced
to this privilege.

Change-Id: I415e635f017fb83d8a326739077635b2537d4db7
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>

Release version 1.1.17

- Add/remove core privilege(fido.client/ dpm.settings)
- Remove core privilege : vpnservice.admin
- Fix log prefix (tag) for Pedantic log level
- Check tgkill() result
- Move release fence after the last global variable is modified
- Replace obsolete tkill with tgkill
- Add variadic template for deserialization

Change-Id: Ida63ca692cfce636ca78a64ac2c2a5383abaf397
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

Add/remove core privilege

- add fido.client
- remove dpm.settings

Change-Id: If4e4e15692f11afd11269c938e657d2fc6bf7680
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

Remove core privilege : vpnservice.admin

Refer to https://review.tizen.org/gerrit/#/c/83497/

Change-Id: Ieaf205d822bc560955b9c5464d2b98988c4cf08c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

Fix log prefix (tag) for Pedantic log level

Change-Id: If973da5d653d2a5f5bee49a2d321e1232968cedf
SigODned-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>

Check tgkill() result

tgkill() returns an error if we're attempting to send a signal to non-existing
thread. If this is the case don't increment the sent signals counter.

Change-Id: I1cf10fe5a056e7715660b02647dfdef4a6406ff3

Move release fence after the last global variable is modified

The global variable g_tid_attr_current_map is being read by other threads. To
guarantee that its modification in main thread is visible in other threads the
release fence should be set *after* the modification.

Change-Id: Iff7bdd4053baa86f13a0465e52c599396e2dcb8f

Replace obsolete tkill with tgkill

Change-Id: I23c2ecf80802b7fdfb9a14c19265285579d69266

Add variadic template for deserialization

Similiar template already exist for serialization

Change-Id: I922e8f08f658645a61b62a74eaa8928d7bb238c7

Release version 1.1.16

Implement libnss_securitymanager
Add security_manager_groups_for_uid()
Rewrite shared RO directory support in security-manager

Change-Id: Ia84f81babf4fef47eb21409c00a0c239570811ff

Rewrite shared RO directory support in security-manager

Extend support to all apps instead of only 2.x apps.
Migrate database to version 7:
Add shared_ro INTEGER column in pkg table

Conflicts:
src/common/include/privilege_db.h
src/common/privilege_db.cpp

Change-Id: Id925342c37651ee0d87cf14de4d806ef63c678fb

Implement libnss_securitymanager

It's a Name Service Switch plugin needed to apply
additional, resource related groups for users.

Change-Id: Ie702a22e73e9a23ef71d595bce44ec17bf8b7dde

Add security_manager_groups_for_uid()

This function returns resource-related groups for
given user.

Change-Id: I8b4a2bf2c2e85769543929e0ff5f0247dd60137a

Release version 1.1.15

Add core privilege: appdir.shareddata

Change-Id: I695d2b5c2296c6a1460bbef269cd592a201a48d1
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

Add core privilege: appdir.shareddate

Change-Id: I505c39c3e1335fdc2b1c784bd77a1cb633726202
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

Release version 1.1.14

Moving user and global apps-names files to /opt/var
Simplify declaration and generation of unique_ptrs
Fix contraints for app installation.

Change-Id: Ifc962b06f15e18b505d63771b008145fe42b80d7

Moving user and global apps-names files to /opt/var

Due to introduction of lazymount, config files must be
moved to new destinations (which are mounted earlier)
*) /opt/var/security-manager/apps-names (global file)
**) /opt/var/security-manager/{USER}/apps-names (local file)

Change-Id: Iaf7ec74d8bc596eb377b15aad9cab9f8f857d966
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsunODg.com>

Simplify declaration and generation of unique_ptrs

The unique_ptr-based RAII pattern is used in several places in
security-manager. Declaration of unique pointer variables can be awkward
and hard to read.

This patch hides the nasty details of unique_ptr types declaration behind
a template function. It is loosely inspired by std::make_unique from C++14.

Change-Id: Ifbd8b5ab409fd8646d149d6294cb60bd2ac873a8

Fix contraints for app installation.

[Problem] It's possible to insert an app similar to existing one (differs with
version, pkg name, author name) or pollute the db with unused entries in pkg
and author.
[Solution] Split app table into app(package) and user_app(instances). Introduce
more strict constraint checking.

[Verification] Run security-manager-tests --regexp=49 (and all remaining tests
as a regression check)

Change-Id: I2fb02f75981748024de93c2d486fa6eb8afaf88a

Release version 1.1.13

Change-Id: Ifd347ce6176c19b2b08906b11386aac62ce2df14
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

Fix typo in service file SmackProcessLabel set

Change-Id: I2971f9a7d209869ce3e7919a0b1dd0757225dcd3
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

Release version 1.1.12

Handle missing Cynara error codes, throw specific exceptions
Add missing logs in service on several service calls
Mark old path registration function as deprecated
Set SmackProcessLabel to System::Privileged

Change-Id: I584efb6ca2783a0ba896512fcbb7a472bdc71c58
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>

Set SmackProcessLabel to System::Privileged

Change-Id: I01a252b8d209d21440477ff82fc3611f8dc191bf
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

Mark old path registration function as deprecated

[Problem] security_manager_app_inst_req_add_path is deprecated
[Solution] mark as deprecated

[Verification] Successfull compilation

Change-Id: I55d235d3e98b376348a6373573838fe1489fe750

Add missing logs in service on several service calls

Some service calls do produce debug logs, some other don't.
This patch adds missing ones.

Change-Id: Ic33c2f2053cf2ee8f4f6b41aa1f0abc92cff1cec
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Handle missing Cynara error codes, throw specific exceptions

Some new error codes have been added to Cynara:
- CYNARA_API_CONFIGURATION_ERROR
- CYNARA_API_INVALID_COMMANDLINE_PARAM
- CYNARA_API_BUFFER_TOO_SHORT
- CYNARA_API_DATABASE_CORRUPTED

Change-Id: Ieb12ca2ff2b7650acbe2478761254bfc7ce7a2c9
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Release version 1.1.11

Add systemd option - Restart
Update policy template for onlycap featur

Change-Id: Ib3a76acf0f965fbea1d2dc9a275a49e579911aa8
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>

Update policy template for onlycap feature

We add new sub domain('System::Privilege') to System domain.
Refers to: https://review.tizen.org/gerrit/#/c/80083/

Change-Id: Ibb4b84ffbc0b3bab73ccb1c8d3c5aa1a200e8a1e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>

Add systemd option - Restart

If service terminates unexpectedly, security-manager should
be restarted always.

Change-Id: I0bdf66cbdffeb535e48342739ef375fa365e4678
Signed-off-by: Kidong Kim <kd0228.kim@samsung.com>

Release version 1.1.10

Don't store application privileges in db
Fix return type in setup_smack function
Do not exit when security_manager_prepare_app fails

Change-Id: Ibeb5737d096f2e9b70ffcc21e89db2441de81200

Remove definition PRIVILEGE_VERSION

You cannot have macro and value with the same name.
As this definition was not used in the project it has
been removed instead of fixing.

Change-Id: I15ffa99bf155859afb1906d137422db5d7614849

Do not exit when security_manager_prepare_app fails

Because security_manager_prepare_app is called by launcher directly,
I think the launcher should do error handling by itself. This is problem
reported by product team, and identified as being successful after
applying this patch

Change-Id: Icf94ef07ef92bff8e2ce631bb72026e999ef6c15
Signed-off-by: Kidong Kim <kd0228.kim@samsung.com>

Fix return type in setup_smack function

Change-Id: I52c8390beb6264ae0fddfcf3e02062fbafaed7b7
Signed-off-by: Oskar Świtalski <o.switalski@samsung.com>

Don't store application privileges in db

Application privileges are now retrieved from Cynara whenever needed.
Private database of security-manager doesn't need to duplicate this data,
Cynara now acts as storage for app-privilege assignment.

Change-Id: I5b799e88dddbd622ac44b88e41baf8e88c9327d0

Release version 1.1.9

Define PATH environment variable in scripts.
Fix wrong tizen2X apps fetching on app uninstall

Change-Id: I29e336f633a4e79ed5fedb7f8b1a72a3167d8df7

Define PATH environment variable in scripts.

Change-Id: I0b144b5dac51f84ff2256dfa0abcb8e5872af603

Fix wrong tizen2X apps fetching on app uninstall

Change-Id: I9fea05b7c765b0bd9e36cf9d6f211f0f225b245e

Release version 1.1.8

Fix global apps deinstallation
Remove DPL String class and dependencies on it
Add internal privilege for web only privilege
ServiceImpl: remove sharing rules on application uninstall
PrivilegeDB: Add private sharing squashing
PrivilegeDB: Add getters for fetching owner/target private sharing
Return error when private sharing doesn't exist

Change-Id: I66f63e3d17ef3d2344a4606e60daf1a037d8fed8

Fix global apps deinstallation

Change-Id: I374ad96218304714af15f23dbfdf1173fbd56c3a
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>

Remove DPL String class and dependencies on it

Security-manager doesn't use DPL String, it was taken in as requirement
of DPL SQLConnection. The DPL String class introduces needless dependency
on libicu. Since our code doesn't operate on UTF-8 strings and doesn't
really need libicu, it's better to drop DPL String altogether.

Change-Id: Ia64a7e8ac8237642b0aae8b74bed28ddcaefe8c4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Add internal privilege for web only privilege
Some web APIs are not a wrapper of native API so web privileges for those have no mapping native privilege.
They all are mapped to http://tizen.org/privilege/notexist now so web application with one of those privilege can get access to other web only privilged APIs.
Therefore we add internal privileges for them to check the permission properly. (format of http://tizen.org/privilege/internal/web/xxxx)
If web privilege name is http://tizen.org/privilege/websetting then mapping internal privilege name is http://tizen.org/privilege/internal/web/websetting.

Change-Id: I8385fa80c17e2b830c944aaa07c6ea3e5758b898
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

ServiceImpl: remove sharing rules on application uninstall

Drop all related private sharing to uninstalled application
(where it appears as owner application or target application).

Change-Id: I3b9b73f325486c5463b6a38be23d0bad2bce5399

PrivilegeDB: Add private sharing squashing

Squash specific private sharing so counter is set to 1.
This makes it easier to remove private sharing for
uninstalled applications.

Change-Id: Ide7360d4381ffa26492a176fe1d2d64247b22d31

PrivilegeDB: Add getters for fetching owner/target private sharing

Add getter functions to privilege db to fetch sharing info for
specified owner application or specified target application.
These are required to properly drop rules on application
uninstallation.

Change-Id: I7ea9933d65f453cf8838c519759be9a4036dacb9

Return error when private sharing doesn't exist

Change-Id: Ib2f79da356c9b6830afe0654e79f70b627842ec4

Release version 1.1.7

Add internal privilege for app debugging
Add core privileges
Add check if privileges were properly dropped
Threads security context synchronization
Added parameter mode and made more generic getDirContents function
Prepare setup_smack client function for running without CAP_MAC_ADMIN
Fix installation user mangling
Disable ASKUSER policy by default
Fix policy access control for accessing another user's policy
Add proper policy setup for privacy-related privileges
Fix doxygen comments

Change-Id: I72faf5a7c10fe28cde0e6ed22bb8fe7c82189109

Add internal privilege for app debugging : when specific option is set, app-installers will add this privilege to app privilege list

Change-Id: I75cd6c567d67c3963e0629c2dd2f2e5e7c7bebdf
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

Add core privileges
- antivirus.* privileges: antivirus.admin, antivirus.scan, antivirus.webprotect
- dpm.* privileges: dpm.bluetooth, dpm.browser, dpm.camera, dpm.clipboard, dpm.debugging, dpm.email, dpm.location, dpm.lock, dpm.message, dpm.microphone, dpm.password, dpm.security, dpm.settings, dpm.storage, dpm.usb, dpm.wifi, dpm.wipe, dpm.zone

It refers to https://review.tizen.org/gerrit/#/c/75182/

Change-Id: I8740097ba9ef12100426e56e9f69ca6799c449b4
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

Add check if privileges were properly dropped

Check if every thread in process has same stats as thread
calling security_manager_prepare_app() and exit from process
if they do not.

Change-Id: I008c2b8e442edb6a5f9f1d74bf13f95465b6bdca
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Threads security context synchronization

- use lambda as signal handler
- return error if not all threads synced
- change NULL to nullptr
- added std::atomic_thread_fence for memory synchronization
- block SIGUSR1 signal during threads counting
- set signal set to empty
- added waiting loop for signal propagation
- reset signal handler after threads synced, not before
- synchronization of both: Smack labels and Linux capabilities

Change-Id: Ia9d6a503e88523c387ab1ba30e0e9a5a94f05a5c
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>

Added parameter mode and made more generic getDirContents function

Like previously, for files in dir use getFilesFromDirectory.
For listing directories only - getDirsFromDirectory.

Change-Id: Ic7ed060fcbaef90e3a6f15d8815a3f1ec522d062
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>

Prepare setup_smack client function for running without CAP_MAC_ADMIN

Without CAP_MAC_ADMIN we'll not be able to relabel opened sockets, which,
after analysis, seems unnecessary.

Change-Id: I2c2d7af60cbfe79e9a5edc9ee56ef5e1ed9edbf7

Fix installation user mangling

Set global user as the owner of preloaded applications and
applications installed globally.

Change-Id: Idb3f194aacefa7afaa047de6bfdfdb1bee6b8736
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>

Disable ASKUSER policy by default

This is needed for UI-less Tizen (potential) profiles.

Change-Id: Icb4a801b598c074412c770047cbc7686780ed704

Fix policy access control for accessing another user's policy

Test with: https://review.tizen.org/gerrit/#/c/73009/

Change-Id: I8eb503d6a2ffb21afecf65206fdef28458734283

Add proper policy setup for privacy-related privileges

Thanks to privielge-checker module API we can setup
"ASK-USER"/popup Cynara policy for privacy-related privileges.

Test with https://review.tizen.org/gerrit/#/c/72604/

Change-Id: I6bb8bc1dffc1e607c09b7722c6fac33b29620b4e

Fix doxygen comments

This fixes all of the doxygen comment tags (/**) and a plethora of other
errors and inconsistencies. Mostly missing argument names for \param.

This is not a comprehensive doxygen comments review, but it does fix all
the doxygen errors and warnings and makes it possible to generate
somewhat correct doxygen documentation.

Change-Id: Ib030dab7a5c116a8a6a9ccb3665dd79163a7b632

Release version 1.1.6

Changes:

Fix issues with local user app instalaltion and inotify file watches.
Fix and generalize generation of default "apps-names" configuration files
Allow application directories to be placed in /etc/skel/apps_rw
Introduce an interface class for tzplatform-config
Implement API for managing list of permitted labels for launcher
Simplify and fix code generating SharedRO Smack rules
Cleanup around Tizen2X apps/packages generation functions
Add tizen version handling to the cmd line tool
Add dlog log provider. Make log backend configurable.
Revert "Completely remove dlog remainings"

Change-Id: I0ec94afe33c98a5023836ba1e19460e4525d9628

Remove executable bit from non-executable files

Source files should not be marked as executable.

Change-Id: I44d9bea2cb0979dbb82cc03b451ded57c95f2041

Fix issues with local user app instalaltion and inotify file watches.

Added per-user context to usage of tzplatform-config.

Change-Id: I20b145169d056bbbd3683713167c9b9655bdcbbd

Fix and generalize generation of default "apps-names" configuration files

Per user "apps-names" files are used by recently merged functionality for
app label monitor for the application launcher.
The following fixes are provided:
- Don't hardcode /etc/skel/apps_rw, generate it from tzplatform-config
- Apply Smack labels in %post instead of %install to make the labels
  effective. RPM packages don't keep file xattrs, Smack labels must always
  be applied in package %post or in manifest.
- Mark the files as config files to avoid overwrite of apps-names in
  TZ_SYS_RW_APP when security-manager is upgraded

Change-Id: I18a3cc81fad0759b453a1c3b1b14ddea443bde56
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Allow application directories to be placed in /etc/skel/apps_rw

For the purpose of registering paths for each user, including users that
aren't yet created, installer wants to place some initial files or
directories in /etc/skel. If installation request in security-manager is
of type SM_APP_INSTALL_GLOBAL or SM_APP_INSTALL_PRELOADED, it will now
allow such paths.

Change-Id: I270034db426dce306bc149e27099290c7c26b10d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Introduce an interface class for tzplatform-config

Create TizenPlatrofmConfig wrapper class for tzplatform-config library.
The wrapper takes care of error checking, user context and type conversions.

Change-Id: I1bd8e7cbcd525ece909cecf4f14a9b7c6fa5d5f4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Implement API for managing list of permitted labels for launcher

Four new API functions:
- security_manager_app_labels_monitor_init
- security_manager_app_labels_monitor_finish
- security_manager_app_labels_monitor_get_fd
- security_manager_app_labels_monitor_process

They provide functionality needed for the launcher to run without
CAP_MAC_ADMIN. It will rely on new feature of Smack:
relabel-self list of labels, that a process can change its label
to without special capabilities.
The new APIs will enable the launcher to wait for changes of
apps labels list (when an app is installed or uninstalled) and
to update its relabel-list with a separate, dedicated function.

Change-Id: I1d8a7bce8c081ba27e7c388ee096c7c07005d92d
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>

Simplify and fix code generating SharedRO Smack rules

Smack rules for cross-package access to SharedRO labels are now kept in
a separate file that is fully regenerated after a Tizen 2.x application
is installed or removed.

This also fixes error that the previous implementation had, with superflous
Smack rule from Tizen 2.x applications to SharedRO rule of their own pkg.
Such rules collided with rules of the same subject and object but different
access modes. Each app gets such rule for SharedRO label of own package
from app-rules-template.smack template, but with RW access. Overwrite of
such rule by cross-package RO rule lead to incorrect access.

Change-Id: I70ee47606c7548d1c0d2dee83eacaae4b64cea9c

Cleanup around Tizen2X apps/packages generation functions

Create two separate functions, one for apps and one for packages. This
way we remove code duplication that was there before.
Remove the exclusion rule from the "packages" part. It wouldn't even work
properly when there were more then one app from the same package and was
just confusing. Further commits in this series are about handling
possible duplicates properly.

Change-Id: I31f3cb032cb1baab2940e9847547e3d2e3921335

Add tizen version handling to the cmd line tool

Change-Id: I4ce2d523599131f64999f227251d31620e3f1749

Add dlog log provider. Make log backend configurable.

Change-Id: I5474b0eb641e0349d8f2c6b30080f527fe8be53d

Revert "Completely remove dlog remainings"

This reverts commit 756ca93d1b5cb1024919aae81723a7a03434c9a3.

Change-Id: Ic05a47a70cdce84b88fdd1727dff1d8747f05d9c

Release version 1.1.5

Changes:

Fixing small spelling error in db.sql, reproduction only with building new image with MIC
Require usermanagement permission for local app installation for other users
Fix the update of package cross-rules during uninstallation
Path registration requests - server side implementation
Path registration requests - client side implementation
Move author_id to pkg - server code adjustment
Move author_id to pkg - db migration
Add path registration API stub
Add privilege-group mapping for tethering.admin privilege

Change-Id: If05b9ead7643cfa971f65d680879bacb9d48030e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>

Fixing small spelling error in db.sql, reproduction only with building new image with MIC

At image-build time DB was created from scratch and one SQL command was broken.
Column name was fixed.

Change-Id: I9d4be97489299529a18d7345cf253ab00e2ee752
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>

Require usermanagement permission for local app installation for other users

When installation type is set to SM_APP_INSTALL_LOCAL, but uid in the
request is different that uid of the calling user, security-manager will
now require the usermanagement permission, i.e.:

http://tizen.org/privilege/internal/usermanagement

The following API functions are affected:
- security_manager_app_install
- security_manager_app_uninstall
- security_manager_paths_register

Change-Id: Ic9e583e4da923ea391987fbb0cfff7f0abbbc2bb

Fix the update of package cross-rules during uninstallation

[Problem] During app uninstallation the package rules are updated basing on the
list of apps being a part of the package. However the app being uninstalled is
not removed from this list which may generate unwanted smack rules.
[Solution] Remove uninstalled app from package contents list.

[Verification] Test is not yet implemented.

Change-Id: I867e65a996d0c797dfab9bcaaf15bbaf1a4261c4

Path registration requests - server side implementation

[Feature] Provide API for package path registration
[Solution] Update server side logic.

[Verification] Run tests

Change-Id: Ie20db0c0764d48b97ef195ea422aa120f38c7125

Path registration requests - client side implementation

[Feature] Provide API for package path registration.
[Solution] Add client side implementation + communication.

[Verification] Run tests. TODO prepare tests.

Change-Id: Iae9a03894a9780fb4b0a9242e278e940d2e2989d

Move author_id to pkg - server code adjustment

[Problem] Author is not a feature of app anymore. Server code needs to be
adjusted.
[Solution] Get author via pkg instead of app. Rename variables and functions.
Update author's rules in existing ones if a new app with different author is
installed. Separate author rules for app from app-rules-template.smack

[Verification] Run tests (especially author related ones)
TODO: Add author update test case.

Change-Id: I8e42877170809e9e71c8c676b566119e3b16fbd5

Move author_id to pkg - db migration

[Problem] Paths will be registered per pkg but path can be shared between apps
of the same author and the author is a feature of an app.
[Solution] Make author a feature of a pkg. Modify db accordingly and add proper
migration script.

[Verification] Install on v2 version and run tests.

Change-Id: I6a9933ec25094a92f20b76b3f72cbd4064f060c7

Add path registration API stub

[Problem] Path registration is package specific and requires a separate
processing.
[Solution] Create API for package path registration.

[Verification] Successfull compilation

Change-Id: Ie31d756b7dc7ca9bca82305b03dd8000ba6b9bc5

Add privilege-group mapping for tethering.admin privilege

Refer to :
* https://review.tizen.org/gerrit/69079
* https://review.tizen.org/gerrit/69071

Change-Id: Idb914ceaaed4ca208e1de725a22395fd5e82b7d5
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>

Release version 1.1.4

Changes:

Use wildcard user in cynara policy installing a preloaded app

Change-Id: I695c9422a1ff77c493484e18f07fcd9090a2af4e
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>

Use wildcard user in cynara policy installing a preloaded app

Preloaded app is a global app, which is installed in TZ_SYS_RO.
User credential in cynara app policy should be wildcard.

Change-Id: I54841d051d1e7671e23e2cecae0a1ed1a601395a
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>

Release version 1.1.3

Changes:

Change logic of security_manager_set_process_groups_from_appid
Don't check permissions on API calls in off-line mode
Fix implementation of filesystem.cpp
Move smack files to new directory
refactoring: use common function template for getting label by libsmack
Add installation types (global, local, preloaded).
Integrate with Cynara, clients must be privileged
db: update schema to version 2
Add constraint error in database logic.
More error messages
Use app instead of app_pkg_view in sqlite queries
security-manager-policy-reload: don't print errors on image build
Add privilege-group mapping for iotcon
Remove unused table version
Adjust Cynara privileges required by privacy manager APIs
Revert "Add installation types (global, local, preloaded)."
DB: Change app ids to app names in private sharing
Revoke subject label of uninstalled application

Change-Id: I0882ea1a261643b942e35cf528d0367599293c3d
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>

Change logic of security_manager_set_process_groups_from_appid

The API function sets groups in application candidate process.
The following changes are applied:
- groups are based on privileges assigned to appId, not pkgId - don't
  consider privileges granted to other apps in the package
- if the process was previously added to any group that is mapped to
  a privilege and app doesn't have access to that privilege, the group
  will be removed from the process
- no group will be added to the process more than once

Change-Id: Ifbb5fe48f2ad0bcc69ca00c13e6d7f2a20b148a2
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Don't check permissions on API calls in off-line mode

Off-line mode was introduced to be used during image creation, when no
services are running. It enables root to perform some security-manager
operations on the client side.

But in off-line mode not only security-manager isn't running. No services
run, including cynara service. When libsecurity-manager-client tries to
check whether the off-line mode user has access to proper privilege, it
fails because cynara_check() has no off-line mode.

Permission checking in such scenario isn't required. The user is already
checked for UID 0 and even if it gets away from that check, it wouldn't be
able to perform actual operations without being super user.

Change-Id: I087bbc6b29a702a445d4498b96a950ca1e919efd
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Fix implementation of filesystem.cpp

The function getFilesFromDirectory should not follow
links. It should return the list of files in directlry.

Change-Id: I142f8e0bc3a992da2f14d69e758426aff5df2ab6

Move smack files to new directory

All smack rules generated by security-manager will be merged to one
file. This will speed up start process as reading one big file is
much faster than opening and reading a lot of small ones.

The rules related with apps are loaded by security-manager-rules-loader
service after local-fs.target. Before local-fs.terget smack rules
related to user app are not required. We may load this rules in
service that is triggered after local-fs.target and improve systemd
start time.

Change-Id: I64c961b90ee84772815f41dceefa15b567399763

refactoring: use common function template for getting label by libsmack

Merging repeated code pattern where a libsmack function is used to fetch
Smack label, the result must be wrapped into std::string and memory
allocated by libsmack safely freed.

Change-Id: I67136fc5f78fd7974d27feafb0ee2d3164df9461
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Add installation types (global, local, preloaded).

Before this commit installation type was based on UID.
With this commit it is possible to set type of installation (global, local,
preloaded) during app installation request. If type is not specified,
and installation is performed by global user, default 'SM_APP_INSTALL_GLOBAL'
type of installation is set. Otherwise installation type is set to
'SM_APP_INSTALL_LOCAL'.

New API function avaliable:

* int security_manager_app_inst_req_set_install_type(app_inst_req *p_req,
const enum app_install_type type)

Change-Id: I1abfff547482c7adfedc09d9832569a294752d41

Integrate with Cynara, clients must be privileged

Several API functions now require the caller to hold appropriate privilege.
Ultimately new internal privileges will be created and used by security-manager.
For now, when appropriate privilege is missing, use "notexist" privilege
placeholder.

Privileges required per API:
- security_manager_app_install
  * http://tizen.org/privilege/notexist (private installation)
  * http://tizen.org/privilege/notexist (global installation)

- security_manager_app_uninstall
  * http://tizen.org/privilege/notexist (private uninstallation)
  * http://tizen.org/privilege/notexist (global uninstallation)

- security_manager_private_sharing_apply
  * http://tizen.org/privilege/notexist

- security_manager_private_sharing_drop
  * http://tizen.org/privilege/notexist

- security_manager_policy_update_send
  * http://tizen.org/privilege/notexist (for setting own policy)
  * http://tizen.org/privilege/internal/usermanagement (for setting policy for other or all)

- security_manager_get_configured_policy_for_admin
  * http://tizen.org/privilege/internal/usermanagement

- security_manager_get_configured_policy_for_self
  * http://tizen.org/privilege/notexist

- security_manager_get_policy
  * http://tizen.org/privilege/notexist (for fetching own policy)
  * http://tizen.org/privilege/internal/usermanagement (for fetching policy for other or all)

- security_manager_user_add
  * http://tizen.org/privilege/internal/usermanagement

- security_manager_user_delete
  * http://tizen.org/privilege/internal/usermanagement

Change-Id: Id67473db434b13d977fbd2fa704db3ac1bd1c32b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

db: update schema to version 2

Since last release database schema was modified. We now have proper tools
for handling such changes. The update to version 2 covers all schema
differences since last release.

Change-Id: I5bbc3297065468f17f28d15c28c5232c34d3507f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

db: Add update script

The script performs update of current security-manager database
by using intermediate schema updaters (located in db/updates) and
by applying views from main db schema (db/db.sql).

Verification:
Build with higher package version, upgrade package with rpm -Uh.
The script will activate and update DB version on target to 1.

Change-Id: I4d185f7e47d4ae9df53349627b8f97be22ef2642
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Add constraint error in database logic.

[Problem] Constraint errors can't be distinguished from othes.
[Solution] Introduce constraint error, update documentation and add fix
exception handling in service_impl.cpp.

[Verification] Run tests

Change-Id: Ie16e02bdf7028fc28df0e4981d77879cb65eb3bf

More error messages

Some error messages were missing. One could get misleading error messages.
For example, during app installation, if app directory doesn't exist,
one get "Failed getting app dir for user uid: ..."

* added more error messages
* added errno info for realpath()

Change-Id: I1cddc007b53417ca664e40a08fd60cf05adb9654
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>

Use app instead of app_pkg_view in sqlite queries

[Problem] Few existing queries use app_pkg_view although the app itself is
sufficient.
[Solution] Use app instead of app_pkg_view in queries where possible.

[Verification] Run security-manager-tests

Change-Id: I212651e95982644004876ca426a213fd1a08bc65

security-manager-policy-reload: don't print errors on image build

The policy reload script, when recreating user type buckets for Cynara,
first tries to erase them and then create fresh ones. But on the first run,
during image build, there are no user type buckets in Cynara.

The error during erase is ignored by the script, as it should be, but misleading
error messages are also printed to stderr.
The error messagess should be silenced.

Change-Id: Ib09651560f15263793d758698e792a01471e1657

Add privilege-group mapping for iotcon

iotcon service change server-client APIs to library.
This library need to check access to resources using DAC groups
corresponding to privileges, network.get and internet.

Refers to : https://review.tizen.org/gerrit/#/c/64715/

Change-Id: I8e23a0b25fb06f5196a1db177c1f610da09d1ecd
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>

Remove unused table version

[Problem] Version table is unused
[Solution] Remove it

[Verification] Run tests

Change-Id: Ib0b3b1800a8231928e607ca83fd2386828be001b