seolheui kim [Tue, 19 Jun 2018 08:14:25 +0000 (17:14 +0900)]
Add flag file to check ode progress for mount unit
- create & remove "/opt/etc/.odeprogress" file
- fix to use klay filesystem for flag files
Change-Id: Iae42716b6edd907ebe8fd21a7050cfa1f488a4bd
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Tue, 12 Jun 2018 02:22:01 +0000 (11:22 +0900)]
Modify enum values for corrupted encryption
- combine State::CorruptedEncryption and State::CorruptedDecryption with State::Corrupted
to avoid build break since State::Corrupted is used in other packages.
Change-Id: I14ba9ee1c51dc35240a7151f7ddf545453555ced
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Jaemin Ryu [Tue, 12 Jun 2018 01:22:07 +0000 (01:22 +0000)]
Merge "Change to require libcrypto instead of openssl" into tizen
seolheui kim [Mon, 11 Jun 2018 05:27:47 +0000 (14:27 +0900)]
Separate corrupted error and fix external recovery API
- separate corrupted error into "error_partially_encrypted" and "error_partially_decrypted"
- fix to expose the external recovery API and add it to cli tool
Change-Id: I601a83a6a72e22be5c44d13ff830896300c5e578
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Sungbae Yoo [Mon, 11 Jun 2018 08:28:41 +0000 (17:28 +0900)]
Change to require libcrypto instead of openssl
This is for a fota issue that openssl can't be used in fota progress
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: If619d47f6c823b0560fb44cb7f5467fef5838d3e
seolheui kim [Fri, 8 Jun 2018 07:24:28 +0000 (16:24 +0900)]
Fix reboot dbus name
Change-Id: I4839ff93dcd5cd50ce0bf8c965c5917fee0cce53
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Fri, 8 Jun 2018 06:51:29 +0000 (15:51 +0900)]
fix reboot parameter to send dbus in recovery method
Change-Id: Ie0e898c2b4badebc776df40efbc9687f9b95bf4e
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 7 Jun 2018 12:53:33 +0000 (21:53 +0900)]
Fix recovery method for internal encryption
- add recovery method to expose to client
- fix logic of recovery
- add recovery command to ode-admin-cli
Change-Id: I6eb162a83bb2796fd597f3b118a788b304939a41
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 24 May 2018 05:19:10 +0000 (14:19 +0900)]
Fix showProgressUI service name
Change-Id: I8be450868943589c352d9741d4f4a20aed5ff6a4
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 9 May 2018 12:31:43 +0000 (21:31 +0900)]
Apply encryption progress UI service
Change-Id: Ibfe33fb459bf57a16a660bcabb9b9d34c878d7b0
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Tue, 24 Apr 2018 06:02:59 +0000 (15:02 +0900)]
Fix coverity issues
- fix to catch exceptions from division by zero
- fix to unchecked return values
- remove logically dead code and unused value
Change-Id: I9b9e9c88fd12034a7a737e871d9626b96a736407
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 4 Apr 2018 04:05:19 +0000 (13:05 +0900)]
oded : Add Partial RELRO for excutables
Change-Id: I221c074730ae30c2ea3c073c895d18620f841cef
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Krzysztof Jackiewicz [Wed, 7 Feb 2018 09:44:20 +0000 (10:44 +0100)]
Release version 0.0.5
Change-Id: I1015edf4ed9a75f5d1ce55b4783e458a64c5ce8d
Krzysztof Jackiewicz [Thu, 1 Feb 2018 14:02:34 +0000 (15:02 +0100)]
Wait for unit to stop instead of sleeping
Oded asks systemd to stop certain units before unmounting /opt/usr but it
doesn't wait for confirmation. Instead it performs sleep(1).
This commit implements a mechanism that waits for unit stop confirmation from
systemd.
Change-Id: I50d4ca8d234221b8af457852548a5d9230f4ec2b
Krzysztof Jackiewicz [Wed, 31 Jan 2018 16:01:47 +0000 (17:01 +0100)]
Stop security-manager before unmounting /opt/usr
Security-manager creates mounts in a mount namespace that are invisible to
oded. Although /opt/usr is unmounted in oded's namespace it is still mounted
in the one used by SM. As a result device mapper can't use the device to
load the table.
This commit adds security-manager.service and socket to the list of known units
that have to be killed before unmounting /opt/usr. Socket is stopped to prevent
security-manager from being restarted. This is just a temporary solution. It
does not prevent other services from blocking ode by using mount namespaces.
Change-Id: I53584f17efc56fa39a503025d4f68010c3b3dbb3
Krzysztof Jackiewicz [Tue, 30 Jan 2018 12:26:24 +0000 (13:26 +0100)]
Improve internal memory unmounting
On some devices there are multiple mounts under /opt/usr. We have to unmount
all the others to unlock the /opt/usr unmounting.
With this commit ode will iterate over all matching entries and try to unmount
all of them. Some of them are unmounted externally and may disappear before the
call to umount() in ode causing EINVAL error. Ode will ignore it.
Change-Id: I306cc61436e4c151a8396a6d26fefc32a9f93826
Krzysztof Jackiewicz [Thu, 1 Feb 2018 08:36:45 +0000 (09:36 +0100)]
Fix indentation of device mapper buffer description
Change-Id: I4b1303677b4418faa40d934a86eb945ee357d927
seolheui kim [Fri, 2 Feb 2018 06:38:10 +0000 (15:38 +0900)]
Fix gmainloop to run in main context.
To receive dbus signals subscribed in main context, replace gmainloop.
Change-Id: I05c08b61ae4165fcbd1a298d26d047af87631b11
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Krzysztof Jackiewicz [Tue, 19 Dec 2017 15:34:24 +0000 (16:34 +0100)]
Release version 0.0.4
Change-Id: Ibaab7ad74ac3fb807472729fc109c4eb3fae5376
Krzysztof Jackiewicz [Tue, 19 Dec 2017 13:43:14 +0000 (14:43 +0100)]
Fix API functions' names
Change-Id: Ibae1919e0f0c490d762ee05f58f01138347f6a22
Krzysztof Jackiewicz [Thu, 30 Nov 2017 08:13:53 +0000 (09:13 +0100)]
Release version 0.0.3
Change-Id: Iec02d56812d5293312751762a05f620d3e30655a
Krzysztof Jackiewicz [Wed, 29 Nov 2017 15:18:46 +0000 (16:18 +0100)]
Remove unused dependencies
Change-Id: I0b0036424ccca0faa206302b964c6251c283e733
Krzysztof Jackiewicz [Fri, 24 Nov 2017 10:03:45 +0000 (11:03 +0100)]
Protect file footer from concurrent access
Add mutex synchronisation.
Can't use runtime::File locks because it's not possible to truncate a file
during writing without closing the descriptor (and unlocking the lock).
Derivation won't help either as the descriptor is private.
Change-Id: I5e22b21dca48b1b3d17ae6b2e4084c1029f84089
Krzysztof Jackiewicz [Fri, 17 Nov 2017 13:46:47 +0000 (14:46 +0100)]
Add upgrade related operations to ode-admin-cli
Change-Id: I6157f0071a84fbdf157545abcf20d8462d7d5e6a
Krzysztof Jackiewicz [Wed, 15 Nov 2017 09:08:59 +0000 (10:08 +0100)]
Add executable for mounting internal memory during FOTA
Change-Id: Idb5f1ed392d3cb0a110242de76acb44f8db8e07a
Krzysztof Jackiewicz [Mon, 27 Nov 2017 13:22:25 +0000 (14:22 +0100)]
Fix mount state check in internal encryption
Oded is keeping the mount state of internal memory in a variable. If oded is
restarted, the internal memory is mounted by ode-recovery (during FOTA) or
manaully via the command line oded may end up with invalid mount state. This
commit makes ode check the actual state of the dm mapping instead.
Change-Id: I2c564e8db858880840ea3dae6d9ebc1fb4f0a7c9
Krzysztof Jackiewicz [Tue, 14 Nov 2017 13:23:55 +0000 (14:23 +0100)]
Add device path getters
Device path getters allow switching from old internal/external key API to new
generic key API (keys.h).
If external and (possibly) internal encryption APIs are modified to accept
device path as an argument instead of using hardcoded value these getters will
become unnecessary.
Change-Id: I78d288798a6cd267a7c6ee8d279d0d33a6813aab
Krzysztof Jackiewicz [Tue, 14 Nov 2017 15:09:48 +0000 (16:09 +0100)]
Add & implement master key storage API
Change-Id: Ifb2ae4bc6161de58bc0b46770a31948cc2780ae2
Krzysztof Jackiewicz [Mon, 13 Nov 2017 16:29:49 +0000 (17:29 +0100)]
Convert KeyGenerator class to a namespace
Change-Id: I5cc3aec04a731ec2b3212a187494dcbeae1ea468
Krzysztof Jackiewicz [Tue, 28 Nov 2017 15:13:12 +0000 (16:13 +0100)]
Properly handle errors related to key storage plugin
- Don't fail if an attempt to remove a non-existing token is made
- Don't fail if the plugin does not recognize the token used for key removal
- Ask the plugin to remove the key before overwriting the token
- Use error codes from ksp API
Change-Id: I9d6e60917b933506cd431d852f859f5c2a29b55f
Krzysztof Jackiewicz [Mon, 13 Nov 2017 16:29:49 +0000 (17:29 +0100)]
Use common typedef for binary data
Change-Id: I8a47b1f6fb3718608a2011e50b79b8e6f466414d
Krzysztof Jackiewicz [Mon, 27 Nov 2017 09:32:31 +0000 (10:32 +0100)]
Add dummy plugin
Change-Id: Id817932002f094c13dc605f86bf911367e854bd5
Krzysztof Jackiewicz [Thu, 9 Nov 2017 09:13:23 +0000 (10:13 +0100)]
Add framework for master key storage
- Add wrapper for dlopen + dlsym + dlclose.
- Add functions for master key management
Change-Id: I6d988320e90e21aad9066899d3bd8ea14b41034c
Krzysztof Jackiewicz [Tue, 28 Nov 2017 09:18:38 +0000 (10:18 +0100)]
Fix error handling in event callback API
Change-Id: If89e767a25c0936dfb485e5f2ba5cc58155d6030
Krzysztof Jackiewicz [Tue, 28 Nov 2017 09:11:31 +0000 (10:11 +0100)]
Fix segfault in ode-admin-cli
Change-Id: I67f3037dacc19e8582bf6277088e73b767c58dfc
Krzysztof Jackiewicz [Tue, 7 Nov 2017 16:08:07 +0000 (17:08 +0100)]
Master key storage plugin API
Change-Id: I81d8cc6376350df9797ebe11134a646b3614744c
Krzysztof Jackiewicz [Thu, 9 Nov 2017 09:44:48 +0000 (10:44 +0100)]
Use KeyServer for server side key managent
- server side uses KeyServer for key management
- refactor key management
- use empty key value in EncryptedKey::decrypt() to differentiate wrong
password from other errors
Change-Id: I7e2c4c0af794309d85ad1182f3ab2a67412a16af
Krzysztof Jackiewicz [Thu, 19 Oct 2017 15:17:39 +0000 (17:17 +0200)]
Key/password management API implementation
Change-Id: Ib74cc6e9212a948a043b483f08159024b642eb77
Krzysztof Jackiewicz [Fri, 10 Nov 2017 16:01:46 +0000 (17:01 +0100)]
Refactor error handling
- Move error translation to a separate file
- Use common error codes in all API
- Convert internal error enum to integers (klay does not support enum
serialization at the moment)
- Update documentation
Change-Id: I0bc49c2a4218e0f4e833bd404dfec50164ad1d1f
Lukasz Pawelczyk [Tue, 21 Nov 2017 13:26:32 +0000 (14:26 +0100)]
Fix mutex being unlocked by a different thread that locked it
Change-Id: I35a4a4a72eb8d14ac561c6a819c92f12979a9b15
Krzysztof Jackiewicz [Tue, 14 Nov 2017 13:33:42 +0000 (14:33 +0100)]
Refactor mtab related functions
Change-Id: I28ba2ddbe1ea5140e53368acff2946790a016896
Krzysztof Jackiewicz [Thu, 19 Oct 2017 06:48:29 +0000 (08:48 +0200)]
Generic API for device key & password management
Since ode is going to be socket activated it can't rely on dbus signals from
storaged anymore. Instead the device node has to be passed via API. This commit
adds a generic API for key/password management. The old functions dedicated for
key/password management in external and internal encryption will be deprecated.
Change-Id: I5ad5166c7a01bb9d3157ad8325d63724ac932432
Pawel Kowalski [Thu, 16 Nov 2017 09:07:44 +0000 (10:07 +0100)]
Fix ode-engine-unit-tests
Change-Id: If14ed39db1806d821303dc792a206db91107f93f
Lukasz Pawelczyk [Tue, 21 Nov 2017 12:08:01 +0000 (13:08 +0100)]
Fix cppcheck/svace warnings
Change-Id: I29b64165784c8162e8ae0fdc50d201856d6540fb
Krzysztof Jackiewicz [Mon, 23 Oct 2017 14:20:57 +0000 (16:20 +0200)]
Release version 0.0.2
Change-Id: I69701cf5fe44323e7e55f0811385f0da28dbe3b1
Krzysztof Jackiewicz [Mon, 16 Oct 2017 14:33:59 +0000 (16:33 +0200)]
Fix typo in API
Change-Id: I3cd49dfe7a19f3b9fa6ff92c34ad5a8302c53774
Krzysztof Jackiewicz [Mon, 23 Oct 2017 14:01:37 +0000 (16:01 +0200)]
Add support for synchronous LUKS API to ode-admin-cli
Change-Id: I86efa9e434b3726fb7947a4e81f048908a5b9ac3
Krzysztof Jackiewicz [Fri, 20 Oct 2017 09:09:20 +0000 (11:09 +0200)]
Synchronous API for LUKS
Change-Id: I30299af2cc523a5ee985fea87e331cf06f3bf96e
Krzysztof Jackiewicz [Mon, 16 Oct 2017 13:02:20 +0000 (15:02 +0200)]
Confirm password when formatting as LUKS
Change-Id: Ib6f9bf88a6adc2147a0ec10d9b9d4ffc7ad140f1
Krzysztof Jackiewicz [Mon, 16 Oct 2017 09:53:03 +0000 (11:53 +0200)]
Fix description of callback return codes
Return codes passed to the callback should not be included as @retval.
Moved to @note section.
Change-Id: Ie14ecc345835bf777a1f1de7844d0fde30cfb3de
Lukasz Pawelczyk [Thu, 12 Oct 2017 15:08:35 +0000 (17:08 +0200)]
Miscellaneous cleanups and cosmetics
Change-Id: Id13214285f62c0e84131e5c8f846c91904a99600
Lukasz Pawelczyk [Wed, 20 Sep 2017 12:05:02 +0000 (14:05 +0200)]
Log messages: unify and add missing
For Internal and External encryption.
Change-Id: I20bd74f06d90b07a2111ffa1a4bff5eff443b81d
Lukasz Pawelczyk [Thu, 14 Sep 2017 12:02:42 +0000 (14:02 +0200)]
*_set_mount_password() must be called before every *_mount()
Change-Id: Ie55ee30a386a1784bff301dc5602b48978095e24
Krzysztof Jackiewicz [Wed, 11 Oct 2017 08:15:58 +0000 (10:15 +0200)]
Remove extension encryption
It is replaced by LUKS API.
Change-Id: I6506eb55d8d90df39014a39c73bef404b3d7f585
Krzysztof Jackiewicz [Fri, 6 Oct 2017 12:16:27 +0000 (14:16 +0200)]
Support for luks API in ode-admin-cli
Allows synchronous formatting, opening and closing of LUKS device. It also
allows waiting for completion notification in a separate process.
Change-Id: I28b4c543bc2a3135bd8cde53fbf6e13181684ffd
Krzysztof Jackiewicz [Mon, 2 Oct 2017 08:43:39 +0000 (10:43 +0200)]
Luks API implementation
- Client part, RMI & Server part with callback notifications
- Extend ClientContext class to support custom notification
Change-Id: I6f049283925b2ae1934bba01ed22c21053b65555
Krzysztof Jackiewicz [Thu, 5 Oct 2017 14:26:49 +0000 (16:26 +0200)]
Set proper label for notification sockets
When a client registers for notification it receives a socket to wait on. The
socket descriptor is transferred using ancillary data. In such cases Smack
checks if Smack rules allow the process that is about to receive it to write to
socket's IPOUT (System::Privileged) and if socket IPIN is allowed to write the
process. CAP_MAC_OVERRIDE is ignored (this may be a bug in Smack). As a result
any process not having System::Privileged label (including ode-admin-cli and UI
apps) is not able to receive the notification socket.
By default notification sockets receive the server's label that is
System::Privileged. This patch sets the IPOUT socket label to '@' so that all
processes can write it and receive the notification socket.
Change-Id: I473099f48e253c4bfe3cebee1a21857d9ea2b963
Krzysztof Jackiewicz [Fri, 29 Sep 2017 09:33:36 +0000 (11:33 +0200)]
Add luks API declaration
Extension encryption is supposed to become a wrapper over cryptsetup. New API
will do exactly that.
Change-Id: I97780fa3b1a59f405478d8bd1fb6eb6272416c33
Krzysztof Jackiewicz [Fri, 13 Oct 2017 15:05:51 +0000 (17:05 +0200)]
Fix logging on server side
Remove rebase leftover.
Change-Id: I423471ce5a5bf6cf41754681f7040bf191833d9b
Krzysztof Jackiewicz [Thu, 21 Sep 2017 12:16:35 +0000 (14:16 +0200)]
Refactor client and server side contexts
- Get rid of files and typedefs with identical names
- Simplify client & server side context
Change-Id: Ib6580b228fd6b9d8771eb81adc06d2b2fef2775b
Krzysztof Jackiewicz [Wed, 11 Oct 2017 08:16:52 +0000 (10:16 +0200)]
Add missing derivation in ExternalEncryptionClient
Change-Id: I3b264d0b7abebe57c5ad1a0ee40a86d80a6514ed
Lukasz Pawelczyk [Wed, 20 Sep 2017 12:33:44 +0000 (14:33 +0200)]
Catch external mount/umount error messages
Change-Id: I0d1917f20a5113734635766f4a83a9eb8896e80e
Lukasz Pawelczyk [Mon, 18 Sep 2017 13:42:16 +0000 (15:42 +0200)]
Make headers in RMI define pure virtual interfaces
- Define *Client and *Server variants as full classes with their own
headers inheriting from RMI interfaces.
Change-Id: I1aa479f1cdac86c63822d59589dd604ba5e2818f
s414kim [Wed, 20 Sep 2017 08:58:54 +0000 (17:58 +0900)]
Remove unnecessary code of secure-erase
- remove reading /dev/zero code.
- changed mtab parsing code to use getmntent().
Change-Id: Ieee126dae6e33577ad9bdbb645c948db088eef3e
Signed-off-by: s414kim <s414.kim@samsung.com>
s414kim [Fri, 22 Sep 2017 08:55:42 +0000 (17:55 +0900)]
Remove 'erase' API from secure-erase
Change-Id: I4d9d287fe3915e1d2a4fd8fc7a405af06139efd0
Signed-off-by: s414kim <s414.kim@samsung.com>
s414kim [Fri, 22 Sep 2017 05:03:03 +0000 (14:03 +0900)]
Remove exception of findDevPath for emulator
- Cause : the mount path doesn't exist on the emulator.
Change-Id: Ibc219808d2fb3a3951e5f77392ab8d86bf29fe42
Signed-off-by: s414kim <s414.kim@samsung.com>
s414kim [Fri, 15 Sep 2017 05:59:13 +0000 (14:59 +0900)]
Remove MD5 from key-generator
- delete MD5 method from key-generator
- replace 'MD5' to 'SHA256' which is used to get hash value
Change-Id: I788a38adbcc34d29061f85cc87f5fee1e1eea26b
Signed-off-by: s414kim <s414.kim@samsung.com>
s414kim [Wed, 30 Aug 2017 11:43:39 +0000 (20:43 +0900)]
Add default secure-erase engine
Change-Id: Ib7e8ff2fe11f41975d34affc47e85b1ee473bdd7
Signed-off-by: s414kim <s414.kim@samsung.com>
Lukasz Pawelczyk [Tue, 12 Sep 2017 12:13:55 +0000 (14:13 +0200)]
ExtensionEncryption: handle encrypted external sd while formatting
There will be two different things mounted as /opt/media/SDCardA1
while external sd card is encrypted and mounted. Handle this case.
TODO for the findKillAndUmount() usage is still valid, this is just an
immediate workaround for the issue.
Change-Id: If0209165401e9fb88895c417b127aad2fcb75828
Lukasz Pawelczyk [Tue, 12 Sep 2017 13:17:42 +0000 (15:17 +0200)]
Move 2 common utility functions to misc.cpp/misc.h
Change-Id: If29bea3be21bac1cd870bc44250d268b083908b4
Lukasz Pawelczyk [Tue, 12 Sep 2017 11:18:04 +0000 (13:18 +0200)]
Small cleanups
- headers
- formatting
- ordering
- change defines to const char* in anonymous namespace
- remove unneeded VCONF redefines
Change-Id: I07fadbe6f11c30214f1bd6839ef046e2c84b6e3c
s414kim [Thu, 14 Sep 2017 08:14:18 +0000 (17:14 +0900)]
Move reference UI packages to ode-ui git.
Change-Id: I9b4fe1a4eb1cad769bc3f836f3521dbf384b5343
Signed-off-by: s414kim <s414.kim@samsung.com>
s414kim [Thu, 14 Sep 2017 00:46:17 +0000 (09:46 +0900)]
Apply tizen coding rules
- Delete redundant blank line
- Add or Remove white-space before '('
Change-Id: I034f3b9e9e57f97eacb5d024df8e47c852349142
Signed-off-by: s414kim <s414.kim@samsung.com>
Lukasz Pawelczyk [Fri, 8 Sep 2017 11:57:01 +0000 (13:57 +0200)]
ExtensionEncryption: add set_mount_password API call
Make this API be more like InternalEncryption where this call might be
required in the same way it is required in InternalEncryption.
Change-Id: I5e3c6fd661d899844a4a5aceaf2a91117c622d2b
Lukasz Pawelczyk [Mon, 11 Sep 2017 11:09:02 +0000 (13:09 +0200)]
Fix extension storage not working properly
- wrong path to dummy_password
- lack of device for erase
Change-Id: I3d3f43f5b97e0742dca20f30e2a1734f0059bf78
Lukasz Pawelczyk [Mon, 11 Sep 2017 11:14:45 +0000 (13:14 +0200)]
Notify and throw if cryptsetup fails
Fix bracket's style in the same function
Change-Id: I22973c995cc489124c57acac23d531605e9f3700
Lukasz Pawelczyk [Fri, 8 Sep 2017 16:40:26 +0000 (18:40 +0200)]
Treat INTERNAL_DEV_NAME as prefix when traversing dir
Internal device name is /dev/disk/by-partlabel/USERDATA on TM2 device
Change-Id: I6cc088bb98aa3b6d7fd05756719dc1dbbfa2d56a
Lukasz Pawelczyk [Fri, 8 Sep 2017 10:18:05 +0000 (12:18 +0200)]
ExternalEncryption: Sync at the very end of the operation
Change-Id: Iec7639130371d1bd2e393e8a71bf11cd4eabd190
Lukasz Pawelczyk [Wed, 16 Aug 2017 15:26:06 +0000 (17:26 +0200)]
InternalEncryption: make umount logic more error proof
Don't umount if the device is not already mounted.
Try to umount if the device is mounted more then once (bind).
Change-Id: I0656146225fb0df429a4da1af743bc1d1cbdb9f9
Lukasz Pawelczyk [Mon, 4 Sep 2017 13:16:51 +0000 (15:16 +0200)]
Catch internal mount/umount error messages
Change-Id: Ic72c3352914600b2bdafa270600e556c0e9385e8
Lukasz Pawelczyk [Mon, 4 Sep 2017 13:11:39 +0000 (15:11 +0200)]
Suppress the SVACE issue
This should be fixed in the future by introducing proper interfaces so
private class members won't have to be added to the RMI
Change-Id: I4ab07f44a2991e63cd1489dcfbaaa1bceaa20647
Lukasz Pawelczyk [Mon, 4 Sep 2017 13:06:03 +0000 (15:06 +0200)]
Fix a possible cached data save failure, sync just before reboot
Change-Id: I6646e36cf600d260128f1d688aa2f74e1e5c6f5f
Lukasz Pawelczyk [Mon, 4 Sep 2017 13:03:28 +0000 (15:03 +0200)]
Fix for internal encryption bug/failure
Stop TLM service so the user session will not restart eliminating the
race between ODE and userdata mount triggered by said user session.
Change-Id: I3f940489dca525de0feceeee204c9860f0ec010f
s414kim [Tue, 5 Sep 2017 10:21:34 +0000 (19:21 +0900)]
Fix memory leak of secure-erase UI
. free the memory allocated for notification and app_control handle.
Change-Id: I35ff9b7a4bd56c74805d61a70f3154ced8b46785
Signed-off-by: s414kim <s414.kim@samsung.com>
s414kim [Mon, 4 Sep 2017 02:07:21 +0000 (11:07 +0900)]
Fix logical error for checking layout type
Change-Id: Icb721fa00c0fd9a70b2005e292eaa9992de72ae3
Signed-off-by: s414kim <s414.kim@samsung.com>
Sungbae Yoo [Mon, 4 Sep 2017 06:13:46 +0000 (15:13 +0900)]
Revert all commits related with root-minimization.
This is a combination of following 6 commits :
Revert "Change the touch file path /tmp to /run"
Revert "Add ecryptfs key linking in the keyring of root user"
Revert "Change ode daemon as non-root"
Revert "Add systemd unit for external storage mount with smackfs* option"
Revert "Revert "Add smackfsroot, smackfsdef in mount options of ecryptfs""
Revert "Change service to on-demand by Systemd socket activation"
Change-Id: If4482b14237715d0f19c45b0ca5573c6ac7b8484
Sungbae Yoo [Fri, 1 Sep 2017 09:06:43 +0000 (18:06 +0900)]
Change the touch file path /tmp to /run
This commit enforces secyrity of scaffolding codes such as ode-*.path and
iode-*.service, which have to be transfered to storaged.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Id67ae73276967c99377e7d8a73421162aea14ea2
Sungbae Yoo [Mon, 28 Aug 2017 11:47:57 +0000 (20:47 +0900)]
Change service to on-demand by Systemd socket activation
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I0a0b8ca9cad833623e8460398368fc7842e59d69
Sungbae Yoo [Fri, 25 Aug 2017 12:04:08 +0000 (21:04 +0900)]
Add ecryptfs key linking in the keyring of root user
Change-Id: Ie9eddecc8f6a274ff2e6e030730a49ad5f1dd773
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
s414kim [Mon, 28 Aug 2017 02:15:36 +0000 (02:15 +0000)]
Merge "Fix password popup parent object" into tizen
Sungbae Yoo [Wed, 23 Aug 2017 09:37:30 +0000 (18:37 +0900)]
Add showing log only when process termination is failed
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Id4747a6b8cbad0a8d62c90e908a763e263305c72
Sungbae Yoo [Tue, 22 Aug 2017 03:01:54 +0000 (12:01 +0900)]
Add ScopedGMainLoop for gmainloop
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I85a68c6180cc4f27fe1c96cf048b2bcbe28eadee
Sungbae Yoo [Thu, 10 Aug 2017 10:43:44 +0000 (19:43 +0900)]
Change ode daemon as non-root
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I687765a06be01fd0cec0c9d98ec63805bbf49c67
s414kim [Tue, 22 Aug 2017 06:55:10 +0000 (15:55 +0900)]
Fix password popup parent object
Change-Id: I50ed2a548fae5e6a1c76aa973aa5633e68dc01d2
Signed-off-by: s414kim <s414.kim@samsung.com>
Lukasz Pawelczyk [Mon, 7 Aug 2017 17:01:34 +0000 (19:01 +0200)]
Replace libcryptsetup usage with /usr/sbin/cryptsetup calls
Change-Id: Ieedae7a30a6db706cdac674a55abf8ca3baf631c
Sungbae Yoo [Wed, 9 Aug 2017 10:09:06 +0000 (19:09 +0900)]
Add systemd unit for external storage mount with smackfs* option
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Ia1ff32955fd0760bde1144b5e009af368c972cea
Sungbae Yoo [Wed, 9 Aug 2017 07:13:09 +0000 (16:13 +0900)]
Revert "Add smackfsroot, smackfsdef in mount options of ecryptfs"
This reverts commit
8f7f71bda2fd81ff50b3e01e347c2fe2bb887c31.
Change-Id: I4bb2a2f6dcde3f0769232a0478f53abe6e3a3c6e
Sungbae Yoo [Wed, 9 Aug 2017 07:01:22 +0000 (16:01 +0900)]
Add to showing external encryption popup after homescreen loading
Limitation: This doesn't wait for homescreen actually.
Just some delays after BootCompleted is received.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I9703ff23717c9fd7f2a2a0d1bea67b85f64d1b7d
Sungbae Yoo [Mon, 7 Aug 2017 05:01:13 +0000 (14:01 +0900)]
Fix not to turn off when progress bar shows
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I517e749b2bf203da9f7471d50c301603b6054094
Lukasz Pawelczyk [Mon, 7 Aug 2017 13:59:54 +0000 (13:59 +0000)]
Merge "Revert "Revert "Implementation of ExtensionEncryption with CryptsetupEngine""" into tizen