jin-gyu.kim [Mon, 21 Oct 2019 04:14:43 +0000 (13:14 +0900)]
Add crash-service.service.
- root / root / System permissions
- It is too complicated to change as non-root service, due to too many tools are
related with this service.
- Need to consider again to retrieve root permissions later.
Change-Id: I03ace80d04b11e00ad9824aa26a9324afe7cff8e
Kim Kidong [Thu, 10 Oct 2019 06:52:51 +0000 (06:52 +0000)]
Merge "Support additional privilege-mount lists." into tizen
Dongsun Lee [Tue, 8 Oct 2019 04:27:18 +0000 (13:27 +0900)]
Run central-key-manager service in the upgrade script.
Change-Id: Ie6364b62132c321a7db7c9bf9abe834733c2b6c1
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
jin-gyu.kim [Tue, 1 Oct 2019 05:34:42 +0000 (14:34 +0900)]
Support additional privilege-mount lists.
- Put addtional lists in each profiles to add privilege-mount list.
- This lists will be used in case lists cannot be added automatically
while creating an image. (ex : dev node)
- Currently only mobile profile have this list. If needed, other profiles
can have it as similar way.
Change-Id: Ia154121ea9a1343e6de67f0c18d1e1ca68fcb84e
jin-gyu.kim [Mon, 7 Oct 2019 04:43:01 +0000 (13:43 +0900)]
Add asp-manager.service
- network_fw / network_fw / System permissions.
Change-Id: I568826caee71c80c4c1ba7dc93ede56482dffa2e
Kim Kidong [Mon, 30 Sep 2019 09:56:46 +0000 (09:56 +0000)]
Merge "Add edge-orchestration services to wearable & tv profiles." into tizen
jin-gyu.kim [Mon, 30 Sep 2019 09:30:09 +0000 (18:30 +0900)]
Add edge-orchestration services to wearable & tv profiles.
Change-Id: Ieed4839904f8e0418275576a147c85c2ad0a0d9f
jin-gyu.kim [Mon, 30 Sep 2019 08:29:09 +0000 (17:29 +0900)]
Add rndis.service.
- network_fw / network_fw / System permissions.
Change-Id: I2a3a2799de56562d678dc70535ec1284aaf1d9d4
jin-gyu.kim [Tue, 24 Sep 2019 05:28:09 +0000 (14:28 +0900)]
Fix typo error.
Change-Id: I19f8ad9d879c943367a8323d09bfd00321e749d5
jin-gyu.kim [Tue, 24 Sep 2019 01:25:30 +0000 (10:25 +0900)]
Add batterymonitor.service
- service_fw / service_fw / System permissions.
- Add to wearable target.
Change-Id: Ifac9b4d9fa681b9f871e7ef08c9b5595a696e0d7
jin-gyu.kim [Mon, 23 Sep 2019 05:32:10 +0000 (14:32 +0900)]
Add bluetooth related services
- bluetooth-ag-agents / bluetooth-hf-agent / bluetooth-hid-agent / obex
- All services have network_fw / network_fw / System permissions.
Change-Id: Ief0edae83ccbbd073d0f752a3967dc0ee8cbacaa
jin-gyu.kim [Thu, 19 Sep 2019 02:06:22 +0000 (11:06 +0900)]
Add wifi-ready.service
- network_fw / network_fw / System
- Installed by wearable plugin.
Change-Id: I7bf82141ddf06050e3788be69188ee494bb2a803
jin-gyu.kim [Mon, 9 Sep 2019 09:42:25 +0000 (18:42 +0900)]
Add nvitemd and modemd services
- Installed with plugin-prebuilt on mobile target.
Change-Id: I22b0e79c31c399f6dd2235160d3f3cce19e626b4
jin-gyu.kim [Fri, 30 Aug 2019 01:30:51 +0000 (10:30 +0900)]
Allow root:root to radio-bt-on-stop.service
- To use systemctl, root permission is required.
Change-Id: Ib6c34c154228c74d6dd4d15124c628210705fe82
jin-gyu.kim [Tue, 27 Aug 2019 05:09:44 +0000 (14:09 +0900)]
Add ipsec to the exception list of path check.
Change-Id: Iccee2364312ceb760b3deb6245bfd8f4e5e57a8d
jin-gyu.kim [Mon, 26 Aug 2019 09:14:32 +0000 (18:14 +0900)]
Modify path_check script.
- Read PATH variable in the target script, and compare with predefined
RO directories.
- No need to define all predefiend dirs, only partials are also allowed.
Change-Id: I0905676c2c3d04c75b5333eceadf6fd439fc25ea
jin-gyu.kim [Thu, 22 Aug 2019 08:47:24 +0000 (17:47 +0900)]
Add trm.service to the list.
- system_fw / system_fw / System
- Installed by plugin-prebuilt.
Change-Id: I60656ef17fc372fe1e1b0931f066537a3d130a01
jin-gyu.kim [Mon, 19 Aug 2019 10:26:29 +0000 (19:26 +0900)]
Add capi-ui-sticker.service
Change-Id: I4c4740fa2ce5c314e302899d9852bf51c32b181c
jin-gyu.kim [Mon, 19 Aug 2019 06:38:45 +0000 (15:38 +0900)]
Add wifi_ready service.
Change-Id: Ibbb658c524651c999af17c2bfad7f30c557efa8d
Yunjin Lee [Mon, 19 Aug 2019 04:57:39 +0000 (13:57 +0900)]
Update shellscript exception list
- Add: /usr/share/keyutils/request-key-debug.sh
Change-Id: Ie43235b1af1934b56fb4a8dcb742ee548e3b1408
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Kim Kidong [Wed, 14 Aug 2019 06:53:21 +0000 (06:53 +0000)]
Merge "Set ptrace in smackfs as '1'" into tizen
jin-gyu.kim [Wed, 14 Aug 2019 06:14:09 +0000 (15:14 +0900)]
Add bluetooth related FM radio services
- network_fw / network_fw / System are used.
- cap_net_admin is inherited in this service.
Change-Id: I9122a78a94781c2f79638864e1ed4ab1e0f4bf47
jin-gyu.kim [Thu, 8 Aug 2019 05:20:23 +0000 (14:20 +0900)]
Implement Smack label check script used on desktop.
- Smack label check script requires more than 10 mins in the target.
- To reduce the time, a new script can be run on desktop. It requires
approximately 10 times less compared to running in the target.
Change-Id: I475c0190f4119328377172c50a6657de46d8e72f
Kim Kidong [Tue, 30 Jul 2019 05:14:13 +0000 (05:14 +0000)]
Merge "Add cap_net_raw to bluetoothd" into tizen
jin-gyu.kim [Tue, 30 Jul 2019 05:10:44 +0000 (14:10 +0900)]
Add cap_net_raw to bluetoothd
- bluetoothd uses HCI socket, and it requires cap_net_raw for non-root.
Change-Id: Ie0ef916fc502e8beaa41f5beb17ceee8889e0d7a
jin-gyu.kim [Tue, 30 Jul 2019 04:48:54 +0000 (13:48 +0900)]
Fix the bug in SMACK rule test
- Restore previous SMACK rules when test is failed.
Change-Id: I879dc8c6b5d4460548d398846264656f68d2cf34
Kim Kidong [Fri, 26 Jul 2019 07:02:42 +0000 (07:02 +0000)]
Merge "Re-write SMACK label / rule tests." into tizen
jin-gyu.kim [Fri, 26 Jul 2019 06:48:10 +0000 (15:48 +0900)]
Add systemd delayed target related services
- delayed.service->system-delayed-target-trigger.service
- system-default-target-done.service & system-delayed-target-done.service
: system_fw / system_fw / System and cap_dac_override to touch a flag file.
Change-Id: If7852052828a3f250deaec20b2cb843b4e012698
jin-gyu.kim [Thu, 25 Jul 2019 07:44:49 +0000 (16:44 +0900)]
Set ptrace in smackfs as '1'
- PTRACE_ATTACH is only possible when labels of subject and object
are equal.
Change-Id: I36142a519860a486be67028a7d2b2fbef6941997
jin-gyu.kim [Tue, 23 Jul 2019 05:08:17 +0000 (14:08 +0900)]
Re-write SMACK label / rule tests.
- SMACK label test : Find SMACK label in files which does not exist
in current rule lists.
- SMACK rule test : Compare current rules with default rules plus generated
by security-manager-rules-loader.
NOTE : It takes long to finish SMACK label test. (TM1 : roughly 11mins)
Change-Id: Ia818d412fa21ee7446aab70df5630e95c7ee12bc
jin-gyu.kim [Wed, 24 Jul 2019 07:31:37 +0000 (16:31 +0900)]
Check again lists of log files in aslr & service test.
- aslr & service tests are always succeeded from the 2nd trial.
- Re-validate lists of log files for aslr & service test.
Change-Id: I9cc812889992900e95dab569bd3e455121beb880
jin-gyu.kim [Thu, 18 Jul 2019 02:53:57 +0000 (11:53 +0900)]
Fix typo in service checking script.
- Fix typo in comparing 'SystemdService=' string.
Change-Id: Iee2440460f501325a2ea60c335b7b7a1f8a52453
jin-gyu.kim [Wed, 17 Jul 2019 04:56:29 +0000 (13:56 +0900)]
Re-write service check test.
- Do not check Group & SMACK label for D-Bus service.
- Split funtions for Systemd and D-Bus service check.
Change-Id: I0975eb8a14301d0a0811fec388867540deb2f4b4
jin-gyu.kim [Tue, 16 Jul 2019 02:34:24 +0000 (11:34 +0900)]
Skip checking dbus service which has 'SystemdService' option.
- Enable checking dbus service again.
- If it has 'SystemdService' option, will be launched by systemd service.
- No need to check 'User' and 'Group' option in this case.
Change-Id: I6be8eaae4f17ef69a5dfaaf810fd6054d8a945a1
jin-gyu.kim [Fri, 12 Jul 2019 07:21:06 +0000 (16:21 +0900)]
Disable checking dbus service lists.
- There will be many changes on dbus service file to remove
unnessary uid / gid configurations.
- Temporary disable checking dbus service lists.
Change-Id: Ic40bb3a0ee89e59fd3b1eb97baa8cf93728e31d5
Jin-gyu Kim [Thu, 11 Jul 2019 07:34:10 +0000 (07:34 +0000)]
Merge "Remove unnecessary setting" into tizen
Kichan Kwon [Tue, 2 Jul 2019 06:28:40 +0000 (15:28 +0900)]
Set the SMACK label of dummy_file
Change-Id: Iafcbc574541fb3e247dd5c654b32a2b14bb5a91f
Signed-off-by: Kichan Kwon <k_c.kwon@samsung.com>
INSUN PYO [Mon, 1 Jul 2019 08:00:18 +0000 (17:00 +0900)]
Remove unnecessary setting
Change-Id: Ide8ed939ae7f6102104f53c3ec1cf81a32714a1b
jin-gyu.kim [Mon, 1 Jul 2019 07:10:04 +0000 (16:10 +0900)]
Run security-manager-rules-loader in the upgrade script.
- Without it, security-manager launching is failed.
Change-Id: I5848e9ac6282954fddbe9aa02460c47e31a34120
jin-gyu.kim [Mon, 1 Jul 2019 01:41:46 +0000 (10:41 +0900)]
Create dummy file in the upgrade script.
- dummy file needs to be created in RW partition to support a run-time
permission control.
Change-Id: Ie717bea9000951e546bef414b23ab45e037ff692
Kim Kidong [Mon, 24 Jun 2019 09:33:02 +0000 (09:33 +0000)]
Merge "Add delayed.service" into tizen
jin-gyu.kim [Mon, 24 Jun 2019 07:57:46 +0000 (16:57 +0900)]
Add delayed.service
- It works with root permission to use systemctl.
Change-Id: I51c89979b8f15ee84f65c9a075f96f65514add47
jin-gyu.kim [Mon, 24 Jun 2019 07:32:18 +0000 (16:32 +0900)]
Retrieving capabilities from systemd-user-helper
- This is not used anymore.
Change-Id: I0053dbc74dd99f4fe63105d4440cfa365349966b
jin-gyu.kim [Thu, 20 Jun 2019 04:36:16 +0000 (13:36 +0900)]
Set SMACK label to .multiassistant directory
- Setting SMACK label is required when image is being created.
- Target dir is /etc/skel/share/.multiassistant &
/opt/usr/home/[username]/share/.multiassistant
Change-Id: I889b0d4ede17337b984cd809b2ba75ddf7994d9b
jin-gyu.kim [Thu, 13 Jun 2019 08:15:17 +0000 (17:15 +0900)]
Add ua-manager.service & net.uamd.service
- Set cap_net_raw and cap_sys_rawio
- network_fw:network_fw and System label is used.
Change-Id: I1fbc45864f344f226f10a089e991dd85d2f2d7d6
jin-gyu.kim [Wed, 12 Jun 2019 04:23:12 +0000 (13:23 +0900)]
Add actd.service
- It has a root permission to control systemd units.
Change-Id: Iccadde8b733f6f9d8f4c3acf086090f11d5ef991
Kim Kidong [Tue, 30 Apr 2019 01:31:10 +0000 (01:31 +0000)]
Merge "Add capmgr.service to the list." into tizen
Kim Kidong [Tue, 30 Apr 2019 01:30:43 +0000 (01:30 +0000)]
Merge "Add mdgd.service to the list." into tizen
jin-gyu.kim [Tue, 30 Apr 2019 01:28:13 +0000 (10:28 +0900)]
Add capmgr.service to the list.
Change-Id: Ic52c2d6a9394ef52a82dce34d665715a30945510
jin-gyu.kim [Mon, 29 Apr 2019 10:02:57 +0000 (19:02 +0900)]
Add mdgd.service to the list.
Change-Id: I1dc506eb1ae5caf600860a8cdda1614c566aa506
jin-gyu.kim [Mon, 29 Apr 2019 04:56:03 +0000 (13:56 +0900)]
Updating UID column of policy DB in upgrade script.
- Global UID could be different while upgrading the image.
- Get global UID by referring tizen-platform.conf.
Change-Id: Ic42c503bb82987dcbc2eb69e5585e68f7a1286fd
jin-gyu.kim [Wed, 17 Apr 2019 10:58:42 +0000 (19:58 +0900)]
Implement execute_label_check test.
Change-Id: Ib8d4dc939e7ef4d2acf33b711a1eb83dcbbacf7b
jin-gyu.kim [Wed, 17 Apr 2019 08:30:58 +0000 (17:30 +0900)]
Add edge-orchestration.service to list.
Change-Id: I827da31085a4032d1dfc54b2d4f5b7d7b3ece479
jin-gyu.kim [Wed, 10 Apr 2019 01:55:16 +0000 (10:55 +0900)]
Set SMACK label of netlabel as 'System'
- Previously, it was set as System::Privileged by systemd.
- Basically, network is controlled by Nether with the privilege.
- Therefore, it does not have to be set as System::Privileged.
- Overwrite it as 'System', but in the future, the more smarter
change will be needed.
Change-Id: I5b2e00c1e729b0f404d0ce8e428824bfe260823f
INSUN PYO [Wed, 3 Apr 2019 09:27:40 +0000 (18:27 +0900)]
Remove inactive chsmack code
Root partion is Read-only.
So, You can not change smack label of /usr/bin/wrt-loader and /usr/bin/launchpad-loader at run time.
Change-Id: Ide7ceeeffafead983180f5e6619d5431a9915ec6
Yunjin Lee [Fri, 22 Mar 2019 08:17:29 +0000 (17:17 +0900)]
Restore setuid bit test
Change-Id: Ib1f49c5fb0672c639b6991b094dd6c07af94ca4e
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jin-gyu.kim [Fri, 22 Feb 2019 06:48:40 +0000 (15:48 +0900)]
Change dummy file used in privacy-mount.
- Previously, /dev/null is used for dummy file mount.
- No error was returned, in case un-privileged app process tried
to access there.
- To create an error, the dummy file which only root processes
can be accessed is used for privacy-mount.
Change-Id: If7a31f66420d1311e278e52911a67e4aa94f7696
jin-gyu.kim [Fri, 15 Feb 2019 06:27:48 +0000 (15:27 +0900)]
Add chromium-efl services.
- chromiun-efl & chromium-efl-update services require System::Privileged.
- This is because to change SMACK label of mounted point.
Change-Id: Ie7897ed362e72deee179de3c4694fbbf1e5a4597
jin-gyu.kim [Thu, 24 Jan 2019 06:13:37 +0000 (15:13 +0900)]
Change SMACK access label for onlycap.
- Set SMACK label of /etc/smack/onlycap as un-defined label.
- This is to protect it being writed by some other root processes.
Change-Id: I3e7c0a1c2b21325479d72d03215f771701af040e
jin-gyu.kim [Fri, 18 Jan 2019 07:48:08 +0000 (16:48 +0900)]
Remove Unnecessary SMACK labeling
- "/opt/var/security-manager/rules" is not existed anymore.
Change-Id: I9e64eb60a8642de84b27aa39042e4530aaea906f
jin-gyu.kim [Thu, 6 Dec 2018 04:23:55 +0000 (13:23 +0900)]
Add tts services to the list.
Change-Id: I422faff5f394cf67f5ca8a38b8741a04597f5acf
jin-gyu.kim [Wed, 5 Dec 2018 08:13:00 +0000 (17:13 +0900)]
Remove permitted flag from hostapd's capability.
Change-Id: Icd9b849d493077e67bad0cfb860ad629ac44c38e
jin-gyu.kim [Tue, 4 Dec 2018 06:10:01 +0000 (15:10 +0900)]
Fix bugs in security tests.
- Update the mismatched capablity list.
- Fix ASLR / DEP tests not to print exceptions in log file.
Change-Id: Id4dea459bf265e903d0743541b75dc5d8c9e7940
jin-gyu.kim [Mon, 3 Dec 2018 02:41:47 +0000 (11:41 +0900)]
Change the condition to check ASLR applied.
- "file" cmd can print "pie" not "shared object" for ASLR applied exec.
Change-Id: I0bd6caba258f3b12239f9cd6487b98c54c168431
jin-gyu.kim [Mon, 26 Nov 2018 02:09:26 +0000 (11:09 +0900)]
Move security tests to RO file system.
- Move security tests from /opt to /usr
- Remove redundant security test files.
Change-Id: I7b55fe36d1f74ca6f549b559f190be510546c9b0
Karol Lewandowski [Mon, 19 Nov 2018 16:48:35 +0000 (17:48 +0100)]
Change tlm Smack label to User
Due to removing of pam_smack.so module it's now required to set
systemd service Smack label to User, so that all its child processes
inherit that label.
Change-Id: Ie2463676a44a173d9c749ce11b8620c99a8b1bf2
Karol Lewandowski [Mon, 19 Nov 2018 16:47:24 +0000 (17:47 +0100)]
Update login getty service lists to User::Shell
All "developer" login sessions should use one single label - User::Shell,
same as used by sdb now.
Change-Id: Ie7e489cc6b2ee9230053b2e31fe22327e329481d
jin-gyu.kim [Tue, 13 Nov 2018 02:43:27 +0000 (11:43 +0900)]
Add relro/stack_canary tests.
Change-Id: Ifa639baca65e04d58f23ca231f8bfcd6adfd98b8
jin-gyu.kim [Wed, 14 Nov 2018 02:22:57 +0000 (11:22 +0900)]
Add cap_sys_admin to amd.
Change-Id: I8ae0ceffec6f02865ae6426a133544a45b2d4eca
jin-gyu.kim [Thu, 8 Nov 2018 06:43:06 +0000 (15:43 +0900)]
Fix typos in service lists.
Change-Id: I234b7965050914f3822063a2f04de37c98af2fde
jin-gyu.kim [Wed, 7 Nov 2018 09:34:06 +0000 (18:34 +0900)]
Fix typo in service lists.
Change-Id: I5c2911115cc6f564674fc828894e939f8d5071e2
jin-gyu.kim [Wed, 7 Nov 2018 07:06:25 +0000 (16:06 +0900)]
Modify following changes related with bluetooth-tools.
Give cap_sys_moduel to kmod.
Give cap_net_admin to hciconfig
Add bluetooth-stack-up.service.
Add bluetooth-stack-down.service
Modify bluetooth-stack-down as root.
Change-Id: I5dc4401c5f8c6ef61aa3fbb834a70201920c7f45
keeho.yang [Thu, 27 Sep 2018 04:16:00 +0000 (13:16 +0900)]
Add service list in capability test
Change-Id: I844ea9a550b6a80f3e40002472721fdd6212b53e
jin-gyu.kim [Wed, 19 Sep 2018 01:24:19 +0000 (10:24 +0900)]
Add cap_sys_admin to krate-mount
- It is used to do bind-mount for controlling the file visibility.
Change-Id: I72862fed04f8b717357ef7da791ff5b6f8753d4d
jin-gyu.kim [Thu, 13 Sep 2018 06:00:09 +0000 (15:00 +0900)]
Add display-manager-monitor.service to all profiles.
Change-Id: I8773e27c770e622502a1913593fdfd68d53fa6ee
jin-gyu.kim [Mon, 10 Sep 2018 07:13:31 +0000 (16:13 +0900)]
Add display-manager-monitor.service in the list.
- "/usr/bin/cat" should has "cap_sys_ptrace" to read "/proc/[pid]/stack".
- Working with UID & GID as "graphic_fw" and SMACK label as "System."
Change-Id: I0142d8196ac9808351c3bf89ef06f6463f0c1012
keeho.yang [Fri, 24 Aug 2018 02:44:22 +0000 (11:44 +0900)]
delete lazy_mount.service to service list
Change-Id: Iec34996185bb6ce21329a516dca757c3d106abbb
keeho.yang [Mon, 20 Aug 2018 09:02:07 +0000 (18:02 +0900)]
Add cap_sys_admin capability to session-bind service
Change-Id: I78145edfcbbd4140a684cf8b57863f86b61357c3
keeho.yang [Tue, 14 Aug 2018 01:37:30 +0000 (10:37 +0900)]
Add opt-usr-fsck.service to service list
Change-Id: Idc207386b827ed912981e11af40574687d675ba3
keeho.yang [Thu, 9 Aug 2018 03:01:52 +0000 (12:01 +0900)]
Add wait-mount@.service to service list
Change-Id: I00da247e91f0daa94c52b65b9c65893716448d85
keeho yang [Mon, 6 Aug 2018 06:13:27 +0000 (06:13 +0000)]
Merge "Added capability to inm-manager" into tizen
VBS [Mon, 6 Aug 2018 05:08:08 +0000 (14:08 +0900)]
add inm-manager.service to service list
Change-Id: I6f9283b34235ae3ab511c46a5b370749a9c349e1
taesub.kim [Wed, 18 Jul 2018 07:39:47 +0000 (16:39 +0900)]
Added capability to inm-manager
Change-Id: I4438e65f662c2a464c1132da973187dcc7435bd2
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>
jin-gyu.kim [Thu, 26 Jul 2018 06:00:14 +0000 (15:00 +0900)]
Add device-certificate-manager.service to list
Change-Id: If10bbc9f457de1e0b1476978eda989db1d8a057c
jin-gyu.kim [Tue, 24 Jul 2018 01:09:57 +0000 (10:09 +0900)]
Change USER/GROUP of pkg-db-recovery service.
- pkg-db-recovery service needs to be run as root service to run pkg_initdb.
Change-Id: Ice1568ff06e37620f0c55e0894bcbbf3cb9b1067
jin-gyu.kim [Wed, 20 Jun 2018 08:24:03 +0000 (17:24 +0900)]
Add bt-stack-down service to list.
Change-Id: I672b16cb06bd96a2a1985d1df2b3ffa507d46453
jin-gyu.kim [Fri, 25 May 2018 02:12:09 +0000 (11:12 +0900)]
Add ode-progress-ui@.service to service list.
Change-Id: Ib8ac1d1be4d71fbe29e900a9f391d4ab6de54e3d
Kim Kidong [Tue, 15 May 2018 01:38:31 +0000 (01:38 +0000)]
Merge "Fix bugs in path check script." into tizen
jin-gyu.kim [Mon, 14 May 2018 07:54:26 +0000 (16:54 +0900)]
Fix bugs in path check script.
- Only one script which does not define "PATH" was found before.
- Also, there was problem in checking exception.
- Fix these two bugs.
Change-Id: I7f59bc960adcd6380aac6b938465b1553a6ebb5f
jin-gyu.kim [Mon, 14 May 2018 01:40:03 +0000 (10:40 +0900)]
Add org.tizen.system.storage.service to service lists.
Change-Id: I191da9d424e1f4fd9498ed42cfdb2836dcb722b4
jin-gyu.kim [Thu, 3 May 2018 04:30:34 +0000 (13:30 +0900)]
Give capabilities to audit-trail
- audit-trail needs cap_audit_control and cap_audit_write
- update service list for audit-trail
Change-Id: I2ccc8feb19994293c890ad343bb5c94d910739f4
jin-gyu.kim [Mon, 23 Apr 2018 07:30:13 +0000 (16:30 +0900)]
Apply systemd service file verification.
- If service file is not included in the white list, is will be disabled.
: only for mobile & wearable profiles.
- Update white lists.
Change-Id: Ie58405d4f12680b5f201adbc4d3964d575d2badf
jin-gyu.kim [Thu, 12 Apr 2018 07:59:50 +0000 (16:59 +0900)]
Give capabilities to stc-iptables
- To change non-root daemon, give network related capabilities.
Change-Id: I2385cf7c696eaa297f0ce935625ae1357fb0f987
jin-gyu.kim [Thu, 12 Apr 2018 07:37:05 +0000 (16:37 +0900)]
Remove redundant capabilities and permitted sets.
Change-Id: I82977a8287d32f7215f9c99c0fa35544df5e09e3
jin-gyu.kim [Thu, 18 Jan 2018 08:39:26 +0000 (17:39 +0900)]
change the condition when giving cap to launchpad-loader
Change-Id: I30634470a9cf7923c452107ff9ba7b75b5fee21f
jin-gyu.kim [Mon, 9 Apr 2018 04:53:10 +0000 (13:53 +0900)]
Fix service test to delete Carriage Return.
- If service file is written in window, the unexpected result is
comming due to Carriage Return.
Change-Id: I68638dc44007f2297eab368b15e7af593cd46491
Kim Kidong [Wed, 4 Apr 2018 08:54:53 +0000 (08:54 +0000)]
Merge "Update the upgrade script." into tizen
jin-gyu.kim [Tue, 19 Dec 2017 08:44:18 +0000 (17:44 +0900)]
Fix aslr test
- Remove redundant test files.
- Remove temporary exceptions.
Change-Id: Ifc80a54dced83eb2a5f8eb2306d9b380d46b7396
jin-gyu.kim [Wed, 18 Oct 2017 00:50:26 +0000 (09:50 +0900)]
Fix to parse script file while running aslr-test.
- This was applied by "https://review.tizen.org/gerrit/#/c/143944/" before.
- But, it was retrieved by mistake.
Change-Id: Iaf6a2b643b0559413ed56475eceefeebc02546f2
jin-gyu.kim [Tue, 17 Oct 2017 05:58:50 +0000 (14:58 +0900)]
Retrieve execution permission from ASLR not applied files.
Change-Id: I98f8636c00cd1e82f31b2f90dea4fc87f7fec985
projects / platform / core / security / security-config.git / log