Yunjin Lee [Wed, 16 Mar 2016 01:58:11 +0000 (10:58 +0900)]
Add privilege-group mapping for mapservice
Change-Id: I36c0a8be95b201176980bf6fed303a48885a01dc
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Zbigniew Jasinski [Thu, 10 Mar 2016 14:46:55 +0000 (15:46 +0100)]
Add installation types (global, local, preloaded).
Before this commit installation type was based on UID.
With this commit it is possible to set type of installation (global, local,
preloaded) during app installation request. If type is not specified,
and installation is performed by global user, default 'SM_APP_INSTALL_GLOBAL'
type of installation is set. Otherwise installation type is set to
'SM_APP_INSTALL_LOCAL'.
New API function avaliable:
* int security_manager_app_inst_req_set_install_type(app_inst_req *p_req,
const enum app_install_type type)
Change-Id: I745da8fc7a7393c360ed6d281a1f729d22bb89e6
Rafal Krypa [Mon, 14 Mar 2016 13:17:18 +0000 (14:17 +0100)]
Resolve symlinks in TZ_SYS_RW_APP/TZ_USER_APP before validating app paths
Change-Id: Iefa723380df60af802e33bbeb95d4d0ebe543444
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
keeho.yang [Fri, 11 Mar 2016 02:07:47 +0000 (11:07 +0900)]
Change TZ_SYS_RO_SHARE from TZ_SYS_SHARE
Change-Id: I99c921a7cfe5a03920e8787087b9d38157df851d
Rafal Krypa [Mon, 29 Feb 2016 10:11:23 +0000 (11:11 +0100)]
Sanitize naming convention for id/name of an app/pkg/author
Until now it was very confusing for security-manager developers what
variables like "appId" or "authorId" meant. We had a mixed convention
for both textual identifiers, supplied by API users and internal numerical
identifiers, assigned by security-manager database.
Since now a new convention is established:
- textual identifiers of application, package or author are called
respectively: app name, pkg name and author name
- numerical identifiers, assigned by security-manager database are called
app id, pkg id and author id
For now there remains one exception from the above rules - public headers
of libsecurity-manager-client. API function names and parameters specified
in public headers remain unchanged for backward compatibility.
We might change those too in the future.
Change-Id: Id0df5da9b68f29c6ef0969521cd02732f4f880d4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 26 Feb 2016 15:16:36 +0000 (16:16 +0100)]
Split very long public header to smaller, logically consistent parts
The header security-manager.h is now split into the following parts:
- app-manager.h
- app-runtime.h
- app-sharing.h
- user-manager.h
- policy-manager.h
The original header includes all new headers, so depending applications don't
need to change their code.
Change-Id: I8dd56124b20e675c76daa86752ccb0cbd0126927
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 26 Feb 2016 13:05:34 +0000 (14:05 +0100)]
Small fixes in functions generating Smack labels
- properly release memory in SmackLabels::getSmackLabelFromSocket()
- use libsmack function in SmackLabels::getSmackLabelFromPath()
Change-Id: I837947a16dff90d84e751176cab0692cd70278c0
Yunjin Lee [Mon, 22 Feb 2016 09:02:04 +0000 (18:02 +0900)]
Remove d2d.admin and d2d.appcontrol and Add use_ir privilege
Change-Id: I2fb4ad8b4a35f498f3a27bfb882b77973ffd9b44
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Zbigniew Jasinski [Fri, 19 Feb 2016 12:18:13 +0000 (13:18 +0100)]
Updated version for release
Version: 1.1.0
Release: 3
Change-Id: I2ea66996980c7c61fef3c662479e04eec68c5bc9
Zbigniew Jasinski [Wed, 20 Jan 2016 11:04:27 +0000 (12:04 +0100)]
Added 'nether' package as required for install.
Change-Id: Id1d90aeb108b7f5bec751006bf740fb9087b1c4b
Zbigniew Jasinski [Tue, 16 Feb 2016 16:29:13 +0000 (17:29 +0100)]
Updated version for release
Version: 1.1.0
Release: 2
Change-Id: I49569d258b16bc02bc920215c618afe6692184ef
Bartlomiej Grzelewski [Thu, 11 Feb 2016 15:05:03 +0000 (16:05 +0100)]
Move pkg rules to new template file.
Change-Id: Ibc0a79a8f0d850ab47d43236a20a975186dfcfbe
Bartlomiej Grzelewski [Tue, 9 Feb 2016 11:09:36 +0000 (12:09 +0100)]
Move authors rules to new template file.
Change-Id: Ic5341e94823ef9e7be44705aeae3e5833b2b2b7b
Bartlomiej Grzelewski [Fri, 5 Feb 2016 16:41:05 +0000 (17:41 +0100)]
Simplify error codes in project.
Change-Id: I8cd78e66cd0e7ebda56f148b7bc52229b73f45c4
Bartlomiej Grzelewski [Thu, 4 Feb 2016 15:38:37 +0000 (16:38 +0100)]
Remove master and slave mode.
Change-Id: Ia02b2ba10deef665eea203a0147cce301d46db8c
Bartlomiej Grzelewski [Fri, 29 Jan 2016 15:24:28 +0000 (16:24 +0100)]
Security manager reports error druing author removal.
The function Step will return false if you
run DELETE command in sql language. It's not an error.
Change-Id: I7f6abdb26a5ae9e1e192f3d6477020a4a868e398
Rafal Krypa [Thu, 4 Feb 2016 11:14:51 +0000 (12:14 +0100)]
Remove functionality for handling privilege mapping between Tizen versions
This functionality is now implemented in privilege-checker, where it belongs.
Change-Id: Ib6bafa0e4cf5255f6dfec72a21f9d7978e26b4de
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Zofia Abramowska [Fri, 29 Jan 2016 10:39:31 +0000 (11:39 +0100)]
Add cleanup service for shared private paths
Add new systemd service, which at system startup relabels all files
shared before reboot to proper label for application pkd.
This is only required when private sharings aren't dropped before
system shutdwon.
Change-Id: Ie1b6de01c2b8a5fc02de11b67f23d3b3ff545fbf
Zofia Abramowska [Fri, 29 Jan 2016 10:06:31 +0000 (11:06 +0100)]
Implement logic of apply/drop sharing in ServiceImpl
Change-Id: I23ca6948cb523c336857f80ec0530f6cfebd25bc
Zofia Abramowska [Wed, 27 Jan 2016 11:59:18 +0000 (12:59 +0100)]
Add dummy support for apply/drop sharing rules in Master
Add new MasterReq functions for sending Smack rules request
to Master service and dummy handling on Master service side.
Change-Id: I638be66e61f06686a1ffc7d6c15c3e3bcfe991ae
Zofia Abramowska [Tue, 26 Jan 2016 18:06:42 +0000 (19:06 +0100)]
Add dummy handling of apply/drop sharing in server
Change-Id: I64dbb7a18296a09617bdbad82794ec246ae716c9
Zofia Abramowska [Thu, 28 Jan 2016 14:36:40 +0000 (15:36 +0100)]
Support labeling shared private paths
Created labels are unique per path by using crypt()
with salt generated from owner package id and path passed as
parameters.
Added getting smack label from file, this will be required to
ascertain that path is a private path of application.
Change-Id: Id82ee50249795be4158acecc6c377e1390ae2d85
Zofia Abramowska [Fri, 29 Jan 2016 14:58:26 +0000 (15:58 +0100)]
Add default empty authorsId to setupPath
Change-Id: I7e11e6eeab09b7db372003f832f89f38fe0074cf
Zofia Abramowska [Wed, 27 Jan 2016 18:47:07 +0000 (19:47 +0100)]
Support rules for apply/drop sharing in SmackRules
Change-Id: I25c25853dd8af6c77b554505fc9f5d0231fea389
Zofia Abramowska [Tue, 26 Jan 2016 15:27:53 +0000 (16:27 +0100)]
Support private sharing in PrivilegeDb
Add proper methods in PrivilegeDb class for handling application
private path sharing.
Change-Id: I280ade4fb8daea7c4f2eac7355bcfa0a1ece73f3
Zofia Abramowska [Tue, 26 Jan 2016 11:13:17 +0000 (12:13 +0100)]
Add private sharing to sqlite database
This patch introduces changes to database schema required to store
information about private path sharing.
Change-Id: I5c31decb1af2e062e5fb23108ffc9236c82763b6
Zofia Abramowska [Mon, 25 Jan 2016 15:05:32 +0000 (16:05 +0100)]
Add dummy API for private sharing apply/drop
This patch introduces new client API for sharing private files
between two applications. New request type is added : private_sharing_req,
and functions to send new request to server:
* security_manager_private_sharing_apply()
* security_manager_private_sharing_drop()
Change-Id: Ia718a9bb5abeb1dfe886149985b7515242900fa3
Bartlomiej Grzelewski [Fri, 29 Jan 2016 10:04:47 +0000 (11:04 +0100)]
Support for removing application.
Change-Id: Ic36c335fcd1f7e2f56f1db7d56cb1d1329e52823
Bartlomiej Grzelewski [Tue, 26 Jan 2016 14:13:39 +0000 (15:13 +0100)]
Support SECURITY_MANAGER_PATH_TRUSTED_RW during installation.
All trusted paths should be properly labelled after package
installation.
Change-Id: I766aa029d1f1e85e84ebc388ded389620faa757c
Bartlomiej Grzelewski [Fri, 29 Jan 2016 13:47:54 +0000 (14:47 +0100)]
Store author information in database.
Change database schema. New schema will allow to store author
information. Change implementaion of privilege. It is able
to insert author information to database.
Change-Id: I5b16e76dd7d9a1896f63120fbe6928e634b08898
Krzysztof Jackiewicz [Tue, 19 Jan 2016 11:25:55 +0000 (12:25 +0100)]
Add author id serialization
[Verification] Run tests
Change-Id: I07ffd72cc951ac669a9eac22f6cb72804392738c
Krzysztof Jackiewicz [Wed, 13 Jan 2016 13:31:13 +0000 (14:31 +0100)]
Prepare API stubs for trusted/shared path support
[Verification] Compile & run tests.
Change-Id: I8ba2d7fe641292b5d10d2eb90b71059690bde9a9
Maciej J. Karpiuk [Tue, 26 Jan 2016 12:26:14 +0000 (13:26 +0100)]
shared folder backward compatibility
Added support for declaring specific shared folder for 2.X apps only.
Added support for installing apps with declared target tizen API type.
When installing app, the package shared folder gets specific label.
The owner application has RWX rules to it's shared folder.
All other applications get no access if are targetted to Tizen 3.0 version,
or RO access when are targetted to Tizen 2.X.
If the installed app is targetted to Tizen 2.X version, it get rules to shared
folders of other 2.X packages.
Change-Id: Ibffebc824176874e627c3f84e51718de1457357a
Rafal Krypa [Fri, 15 Jan 2016 15:17:48 +0000 (16:17 +0100)]
Introduce API for checking application privileges based on app_id
New API security_manager_app_has_privilege() will enable privilege checks
against applications that are not running at the moment and cannot be
checked against a running process.
The function checks permission against Cynara database, while using a
proper application identifier (Smack label) derived from app_id.
Change-Id: I9ef82896fecf3ac7a20324155f9e7f130c2a071b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 19 Jan 2016 11:26:38 +0000 (12:26 +0100)]
cynara: fix casting Cynara answer into bool type
Cynara check API returns either CYNARA_API_PERMISSION_DENIED (=1)
CYNARA_API_PERMISSION_ALLOWED (=2). This was badly cast in
SecurityManager::Cynara class to bool type, causing both return values
to be interpreted as true.
Change-Id: I5c96cfab5156e7aae81103cf8cf0d91d1b8293ab
Adam Malinowski [Tue, 29 Sep 2015 06:16:11 +0000 (08:16 +0200)]
Add 'socket/pid to appId and pkgId' functionality
This patch introduces client functions for obtaining package Id
and application Id of an application with given socket descriptor
or process identifiers.
To test this functionality run tests added in patch:
https://review.tizen.org/gerrit/#/c/48887/
Change-Id: Ib9bd924563ea932ecf64d421f90bc3dde3bb38ec
Rafal Krypa [Thu, 14 Jan 2016 16:29:33 +0000 (17:29 +0100)]
security-manager-cmd: adjust acceptable path types to supported values
Change-Id: Ife4354fd2b892ae46658fa8886f2c3599d3ed316
Janusz Kozerski [Wed, 9 Dec 2015 15:29:43 +0000 (16:29 +0100)]
Fix issue with mutiple install the same app for different users
If the same application has been installed for more than one user,
then while uninstallation Smack rule file should remain in the system
until the last "instance" of application is present.
Change-Id: Ice8b1b7afe036028efcabf5a77732db0811763c4
Rafal Krypa [Wed, 23 Dec 2015 08:39:23 +0000 (09:39 +0100)]
Fix security-manager-policy-reload erasing existing entries
The policy reload script, while reloading user type buckets, used to
unintentionally erase existing entries mapping users to user types.
This was caused by the way in which user type buckets were reloaded:
by removing the bucket and recreating it with intended contents.
Erasing the bucket is wrong - it also erases all links to it.
Changing the reload mechanism to clean the bucket instead.
Change-Id: I6279b2f75d1b7136679edf228d89eb2b001bd76b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Patrick Ohly [Wed, 19 Aug 2015 13:02:32 +0000 (15:02 +0200)]
security-manager-policy-reload: do not depend on GNU sed
\U (= make replacement uppercase) is a GNU sed extension which is not
supported by other sed implementation's (like the one from
busybox). When using busybox, the bucket for user profiles became
USER_TYPE_Uadmin instead USER_TYPE_ADMIN.
To make SecurityManager more portable, better use tr to turn the
bucket name into uppercase.
Change-Id: I425256d3e9bd6619678763cbe1657e926116d48d
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Patrick Ohly [Tue, 24 Mar 2015 11:54:03 +0000 (04:54 -0700)]
systemd: stop using compat libs
libsystemd-journal and libsystemd-daemon are considered obsolete
in systemd since 2.09 and may not be available (not compiled
by default).
The code works fine with the current libsystemd, so just
use that.
Change-Id: I5a272bc3ad1e93dd3bb5001b537a134a4ef856bc
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
José Bollo [Fri, 8 Jan 2016 15:53:46 +0000 (16:53 +0100)]
socket-manager: removes tizen specific call
The function 'smack_fgetlabel' is specific to Tizen
and is no more maintained upstream.
Change-Id: I3802742b1758efe37b33e6d968ff727d68f2fd1f
Signed-off-by: José Bollo <jobol@nonadev.net>
jooseong.lee [Mon, 21 Dec 2015 04:50:33 +0000 (13:50 +0900)]
Add new native privileges(d2d.admin, d2d.appcontrol, d2d.datasharing)
Refers to: https://review.tizen.org/gerrit/#/c/54954/
Change-Id: I967d6ee7045854a7621212ee42e72a78bd26fdad
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
jooseong.lee [Thu, 17 Dec 2015 07:52:25 +0000 (16:52 +0900)]
Add privilege-group mapping for message.read privilege
Refer to :
https://review.tizen.org/gerrit/#/c/54684/
Change-Id: Ida34724ac3ad1eece34110ef56de17c855b1757a
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
Yunjin Lee [Mon, 7 Dec 2015 07:53:49 +0000 (16:53 +0900)]
Apply ASLR on security-manager
Change-Id: I80bc8cb24195db96f98dd7d50fa71fa1ce315fc4
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jooseong.lee [Thu, 26 Nov 2015 10:21:53 +0000 (19:21 +0900)]
Fix getting a zone name from gid
Assume there are no containers if cpuset dosen't present
Change-Id: If97fd885595a3ace9691fe2ad88ec4219f43909f
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
Oskar Świtalski [Thu, 19 Nov 2015 13:26:55 +0000 (14:26 +0100)]
Fix klocwork issues
Change-Id: I3f3df9132638e4690ebd6b133c5458867fd52404
Signed-off-by: Oskar Świtalski <o.switalski@samsung.com>
Radoslaw Bartosiak [Tue, 6 Oct 2015 15:37:30 +0000 (17:37 +0200)]
Add privilege-group mapping for four privileges
According to Tizen security policy, services might be allowed to check
access to resources using DAC groups corresponding to privileges
https://wiki.tizen.org/wiki/Security/User_and_group_ID_assignment_policy.
This commit introduces mapping between groups and privileges needed by
libmm-camcorder and media-content projects.
Change-Id: I8763bb83a8b294c05b4623c0a921e739d3be7bc5
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
jooseong.lee [Thu, 15 Oct 2015 09:35:36 +0000 (18:35 +0900)]
Added internal/buxton privilege for internal keys.
Only trusted system service is accessible to internal key.
Change-Id: Ibe49685a836ab194cfdbff54ff0608627fa7c2a8
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
jooseong.lee [Mon, 12 Oct 2015 07:34:47 +0000 (16:34 +0900)]
Add internal privileges and update mapping table for 'vconf to buxton2'
We have been using vconf key since Tizen2.x and
recommend to converting a Tizen vconf-based app over to Buxton now.
https://wiki.tizen.org/wiki/Buxton
Buxton uses 'cynara check' to enforce security unlike vconf using Smack.
This patch add some internal privileges to support compatibilites
for 2.x vconf-based app as below:
* http://tizen.org/privilege/internal/default/public
* http://tizen.org/privilege/internal/default/partner
* http://tizen.org/privilege/internal/default/platform
* http://tizen.org/privilege/internal/buxton/account.read
* http://tizen.org/privilege/internal/buxton/camcorder
* http://tizen.org/privilege/internal/buxton/contact.read
* http://tizen.org/privilege/internal/buxton/location
* http://tizen.org/privilege/internal/buxton/message.read
* http://tizen.org/privilege/internal/buxton/network.get
* http://tizen.org/privilege/internal/buxton/nfc
* http://tizen.org/privilege/internal/buxton/nfc.cardemulation
* http://tizen.org/privilege/internal/buxton/readonly
* http://tizen.org/privilege/internal/buxton/telephony
* http://tizen.org/privilege/internal/webappdefault
I will update a detailed history for internal privilges soon.
https://wiki.tizen.org/wiki/Security/Tizen_3.X_Internal_Privilege_Mapping
Change-Id: Ifadada7299873e42f26b35bfc4d526c04041c0b7
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
Yunjin Lee [Thu, 24 Sep 2015 07:00:26 +0000 (16:00 +0900)]
Update webappdefault privilege mapping
Change-Id: I44d9058f15651cb097cc65c8cbdad80bab966a30
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jooseong.lee [Thu, 24 Sep 2015 05:06:46 +0000 (14:06 +0900)]
Added access to internal/usermanagement privilege for admin user type
(https://review.tizen.org/gerrit/#/c/48086/).
Change-Id: I714de6763b6f75e5f5c8bbc6f505abe7c0fa278d
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
Rafal Krypa [Wed, 16 Sep 2015 09:03:51 +0000 (11:03 +0200)]
Rewrite and fix CynaraAdmin::SetPolicies
Method CynaraAdmin::Setpolicies, updating Cynara policy for an application,
was previously written to accept two vectors of privileges:
previously enabled privileges and privileges that should be enabled.
Vectors were used to calculate privileges to disable and privileges to
enable in Cynara. It required that both vectors are sorted and without
duplicates. Callers of this method fetched privileges from data base, which
provides sorting and unification.
This was broken in commit
626f947e0bb6fd90d4c20fd914981d5b752ab1e6
(Change smack labeling to be appId based). The second vector was taken
directly from application installation request, that wasn't necessarily
sorted or unique.
This method can be simplified now withot the need for sorted vectors. In
fact only one vector is necessarry now, because cynara-admin provides
support for listing policies (it didn't when the method was initially
written). Now it only takes vector of privileges that should be enabled,
in arbitrary order, that may contain duplicates. It lists previously enabled
privileges directly from Cynara, calculates the difference and sends
updated policies back to Cynara.
Change-Id: I15ca331cf5f46ae43c7665977df7eb4d3c7e986c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Tomasz Swierczek [Fri, 11 Sep 2015 10:07:03 +0000 (12:07 +0200)]
Added access to internal DBus privilege for all user types
(the privielge: http://tizen.org/privilege/internal/dbus).
This is needed for user-level services to access dbus session bus.
Applications will not be given access to the privilege because
their manifests should not contain that privilege.
Change-Id: Ibaed2522f96b6d99c139e333540618ee3f91b4ad
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
jooseong.lee [Wed, 9 Sep 2015 14:04:04 +0000 (23:04 +0900)]
Update privilege list: Add missing privileges to mapping
Change-Id: If63103f7ab8c5b96c4ca122765388acbb2e635e8
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
Rafal Krypa [Thu, 3 Sep 2015 15:13:59 +0000 (17:13 +0200)]
Release version 1.1.0
Change-Id: Idf0c77468200bea93b28b8d12ca4970cfdbe9b9d
Rafal Krypa [Thu, 3 Sep 2015 14:31:30 +0000 (16:31 +0200)]
Add missing Smack rules from System to ~PKG~ and ~PKG~::RO
System domain must also access files labeled with pkgId-based label.
Change-Id: I35ec4c092945b12480caae035055a4b00659d013
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 3 Sep 2015 12:20:49 +0000 (14:20 +0200)]
Fix labeling of SECURITY_MANAGER_PATH_RW paths
- Don't set exec label on executables. Smack label should be set only by
launcher. Also that exec label was wrong. Apps run with appId-based label,
not pkgId-based.
- Set transmute attribute. To keep all files in SECURITY_MANAGER_PATH_RW
labeled with pkgId-based label, directories must be transmutable.
Change-Id: I3ce69ae70796d2d591b57c75bd175c9c3ea99028
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 31 Aug 2015 16:07:06 +0000 (18:07 +0200)]
Always print warning log messages
Several types of log messages are printed only when the code is build in DEBUG
mode. This includes warning messages, but they should be printed always.
Warning logs are generated in erroneous situation and they should not be lost
int RELEASE builds.
Change-Id: I9e9934c13b066492294cb5bd76d94030b6ee43c7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 31 Aug 2015 18:07:21 +0000 (20:07 +0200)]
Adapt application file labeling to new requirements
The following changes has been made:
- application base path must now be APPS_ROOT/$pkgID, not
APPS_ROOT/$pkgID/$appID
- application base path is now enforced, no files outside base path allowed
- application base path will be labeled with User::Pkg::$pkgID, no transmute
- SECURITY_MANAGER_PATH_TYPE_RO will be labeled with User::Pkg::$pkgID::RO
- applications get a Smack rule for RO access to User::Pkg::$pkgID::RO
- SECURITY_MANAGER_PATH_PUBLIC_RO will be labeled with User::Home
- SECURITY_MANAGER_PATH_PRIVATE and SECURITY_MANAGER_PATH_PUBLIC path types
Change-Id: I2d0260effcbe8da0c0e9130b89b4b34e7e104d29
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Mon, 31 Aug 2015 08:50:03 +0000 (10:50 +0200)]
Convert ServiceImpl namespace to a class
This class will be used in future patches:
- to hold ownership of Cynara and PrivilegeDb objects
- to polymorph into basic, slave and off-line versions
- to synchronize multiple concurrent clients (multi-threading is coming)
Change-Id: I54f0ecda081db17350209c3e56debd91927e364e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Thu, 30 Jul 2015 16:19:12 +0000 (18:19 +0200)]
Implement and use template methods for serialization of multiple variables
Change-Id: I84f0deaa1a8623d1f3cc1039f6b8689a4d9b4ae1
Aleksander Zdyb [Fri, 31 Jul 2015 11:05:55 +0000 (13:05 +0200)]
Add security_manager_groups_get() API
This function returns array of groups bound to privileges.
It's needed by nice-lad to identify resources to be subject
of auditing.
Change-Id: Ie7a195507a02a30d54f93ffbc351c403f2c83000
Yunjin Lee [Wed, 2 Sep 2015 04:57:50 +0000 (13:57 +0900)]
Update privilege list: Add missing privileges to user buckets and mapping list
Change-Id: Ic47dfa9255b4bb5fe3e8e98a2e2d9c06dc475877
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Mon, 31 Aug 2015 09:06:00 +0000 (18:06 +0900)]
Update privilege mapping list
Change-Id: If17b3aedf5abc9041eb033973a2b9e3b8596b9ef
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 26 Aug 2015 10:45:48 +0000 (03:45 -0700)]
Revert "Revert "Update privilege list according to the latest privilege set in 2.x""
This reverts commit
e7f796f63565ffbcef91b4bdba6a0a6d112ecabb.
Change-Id: I5d14578100bd0631679eba84936ce1d8bca8f93e
Kim Kidong [Wed, 26 Aug 2015 10:32:22 +0000 (03:32 -0700)]
Revert "Update privilege list according to the latest privilege set in 2.x"
This reverts commit
8014cacc52f716ec424d43938967c21164ea3854.
Change-Id: I0c3df1d8c99986adc87ab9a6546efecf34629613
Yunjin Lee [Wed, 26 Aug 2015 08:48:00 +0000 (17:48 +0900)]
Update privilege list according to the latest privilege set in 2.x
Remove deprecated privileges and Add new privileges.
Change-Id: I385a61e02bb86a112da1be730e17f4461cf4d049
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Krzysztof Jackiewicz [Thu, 28 Aug 2014 15:44:08 +0000 (17:44 +0200)]
Fix potential buffer overflow error CID: 40674
Change backported from security-server repository.
Change-Id: Ifcbd8ebe4ddfa4c04dd000639cab2c60648c3943
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Zofia Abramowska [Tue, 11 Aug 2015 15:25:28 +0000 (17:25 +0200)]
Add script and config for privilege mapping setting
Change-Id: I28d9b62547c5415f7cfc3c5934b75d4b6b6c020f
Lukasz Wojciechowski [Fri, 10 Jul 2015 11:54:21 +0000 (13:54 +0200)]
Fix tzplatform-config linkage
tzplatform-config was linked with cmd and service,
but wasn't with common and client libraries.
In fact it's used only by common library.
This patch makes, only common library links with libtzplatform-config.
Linkage with binaries is removed.
Change-Id: Ia6bee0c47d1e5496c36a5479e19be198e4e1ab9b
Oskar Świtalski [Thu, 30 Jul 2015 12:14:12 +0000 (14:14 +0200)]
Fix resetting prepared statement
Prepared statement should be reset/finalized
after making new one, otherwise database will
be in BUSY state and locked.
Change-Id: I679d3d41b1de406112a93c6d0c73ff0d0aae5d63
Zofia Abramowska [Wed, 15 Jul 2015 16:03:41 +0000 (18:03 +0200)]
Implement service side of privileges mapping
Change-Id: I9e737fc0fd15a3eb248612f84b202d0a397bd35f
Zofia Abramowska [Tue, 7 Jul 2015 10:15:09 +0000 (12:15 +0200)]
Implement serialization of privilege mapping API
Change-Id: Ic57758eca88b97485d748ff73267ba23e04efd45
Zofia Abramowska [Thu, 16 Jul 2015 11:53:12 +0000 (13:53 +0200)]
Remove libprivilege leftover
Change-Id: I8613ab6312eed889138652f5c89e55845e884b82
Zofia Abramowska [Tue, 7 Jul 2015 12:47:19 +0000 (14:47 +0200)]
Add privilege mappings to PrivilegeDb
Change-Id: I8ff2a6fd7db7bd61d8d3b43ad3f2e033536843fe
Zofia Abramowska [Tue, 7 Jul 2015 13:02:21 +0000 (15:02 +0200)]
Use sql bind with std::string
Change-Id: I23b3dc715cfb760cd1c84364aae8d2132d7f853a
Zofia Abramowska [Tue, 7 Jul 2015 12:57:07 +0000 (14:57 +0200)]
Support std::string in SqlConnection binding
Change-Id: I24bc608cfece4849639fcf529148cfdcf4af27a7
Zofia Abramowska [Mon, 6 Jul 2015 15:38:44 +0000 (17:38 +0200)]
Prepare db for privilege mapping
Change-Id: I21d85830d97c250048c1c24b777897d2a9da5d13
Zofia Abramowska [Mon, 6 Jul 2015 15:38:30 +0000 (17:38 +0200)]
Add API for privilege mapping between versions
Change-Id: Id61c2e4d8ff0252f6269ba3c6756170bdca38295
jooseong [Mon, 3 Aug 2015 11:03:16 +0000 (20:03 +0900)]
Add lock permission to 'System::Shared' label in app-rules-template.smack
Change-Id: I168785779c19a9d79c8baf96b188934db9beb019
jooseong.lee [Thu, 18 Jun 2015 05:37:04 +0000 (14:37 +0900)]
Add 'sed' dependency to fix a image creation error
Change-Id: I2a20f7cdd16e3b4d18fb8497c0e51f66604d1935
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>
José Bollo [Wed, 10 Jun 2015 13:03:48 +0000 (15:03 +0200)]
Add missing dependency to tzplatform
Change-Id: Ifdf742b820a4cf7b76ef1dc6f8c831a24bfb55ef
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Lukasz Kostyra [Thu, 27 Nov 2014 16:14:08 +0000 (17:14 +0100)]
Implement master and slave mode
Final patch with master and slave mode implementation. Every container should
have its own privilege DB - slave will delegate calls to SMACK and to Cynara
Administrative Socket to master.
[Verification] Build, install, run tests on hosts - no changes should occur.
Run tests in containers:
* Run a container
* bind-mount /run/security-manager-master.socket and
/run/cynara/cynara.socket to container
* Run tests
Keep in mind, some might fail due to tests not being
container-aware.
Change-Id: Ibd1d884ad7dba6a15ebaa068c2c216a88562eb50
Rafal Krypa [Fri, 17 Apr 2015 09:17:02 +0000 (11:17 +0200)]
cynara: rewrite class using cynara async API for parallel processing
Cynara class method check() can now be called in parallel by multiple
threads. Each call blocks until it gets a response.
This is a first step toward making security-manager multi-threaded, for
processing multiple requests in parallel.
Cynara class remains a singleton for now, but eventually there will be
single instance constructed (and destructed) from the main thread and
called for checks from separate threads processing user requests.
Change-Id: Ie1f55b9610caf45dc0df06dbd713070d39ccac07
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 17 Apr 2015 09:18:32 +0000 (11:18 +0200)]
cynara: handle additional error codes from Cynara API
These error codes appeared in Cynara API after security-manager was
integrated with it.
Change-Id: Iba495040bd8bbb9a879a0fd27e880bb7547ed583
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Kostyra [Mon, 17 Nov 2014 11:48:55 +0000 (12:48 +0100)]
Extract communication functions to common library
Since slave service will use the same functions as client library to send data,
these are extracted in this commit and will be used in the next change.
[Verification] Build, install, run tests.
Change-Id: I4b9e11015c657066657f493e87d68958283bb947
Rafal Krypa [Fri, 6 Feb 2015 17:25:11 +0000 (18:25 +0100)]
Prepare security-manager for master-slave mode
This commit prepares security-manager for work in master/slave mode.
In order to properly install/uninstall applications inside containers,
security-manager inside container (slave) must delegate calls related to
SMACK to security-manager outside a container (master).
Since entire master/slave mode is a huge change, it is divided into two
commits - this is the first one. Logic for master service and changes in
service to work as slave are left for second commit.
With this change security-manager launched without additional arguments should
work as it did.
Change-Id: If05cdeb2d2c35c046bf4cb46d884a3689dab57ad
Jacek Bukarewicz [Wed, 25 Mar 2015 10:44:33 +0000 (11:44 +0100)]
Release version 1.0.2
Change-Id: Ia46e9cf268fe0a7302066ee014e5d44c393fb587
Lukasz Wojciechowski [Wed, 25 Mar 2015 10:50:36 +0000 (11:50 +0100)]
Don't call Cynara if there are no policies to set
Change-Id: I3a25cbc0cdbf5ee4cb82890fbd40ea4e51b8a08d
Stephane Desneux [Wed, 25 Mar 2015 10:27:38 +0000 (11:27 +0100)]
Raise socket inactivity timeout to 300s
This is a quick workaround to installation problems on slow targets.
Bug-Tizen: TC-2483
Change-Id: I6515438e7fdc02ba6c6de6efba32cfcaaa030f7f
Signed-off-by: Stephane Desneux <stephane.desneux@open.eurogiciel.org>
Rafal Krypa [Fri, 20 Mar 2015 15:19:44 +0000 (16:19 +0100)]
Release version 1.0.1
Change-Id: Ied8852ec3ed3e8dc3ea3457a99ee4a9822349f55
Rafal Krypa [Thu, 19 Mar 2015 16:53:03 +0000 (17:53 +0100)]
Fix advisory locking in client library
Enhance off-line mode detection based on lock:
- don't use exceptions for non-exceptional code paths
- only attempt off-line mode if caller is root
Also fix misleading logs informing about lock failures (that doesn't
lead to actual security-mnanager failures) caused by lock attempt on a
lock file without proper permissions.
Change-Id: Ie7fca37154a1993cd46c59a0204837904593e5db
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Wed, 18 Mar 2015 10:27:47 +0000 (11:27 +0100)]
security-manager-policy: add missing dependencies on required tools
The policy loading script uses sqlite3 and tzplatform-get programs. The
package should depend on them.
Change-Id: I16d5b3b9d4914ba791a493305fbdf4a57c2f37a7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Sebastian Grabowski [Tue, 16 Dec 2014 13:37:46 +0000 (14:37 +0100)]
Removed timeout for poll.
Security-server in many cases may need much more time than just 2s to
accomplish given client request. It seems to be reasonable to just
remove the timeout by changing it to be infinite.
Change-Id: Iae8074b3bb5bfa134fd6dc324907ad3bba6f3b9b
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>
Jacek Bukarewicz [Wed, 11 Mar 2015 15:07:14 +0000 (16:07 +0100)]
Remove references to non-existing security-manager.target
Change-Id: I57a6d196be2d87b51d63c3226a40480e21e91e9f
Rafal Krypa [Fri, 6 Mar 2015 17:46:38 +0000 (18:46 +0100)]
Release version 1.0.0
Change-Id: I11bb09f16e150b4a95f7385084f3f8c08ce94790
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Tue, 10 Mar 2015 09:48:08 +0000 (10:48 +0100)]
Fix grant all privileges to programs with "User" and "System" Smack labels
Cynara rules for granting said policy was added to the wrong bucket.
Another bucket, with default "Deny" policy was shadowing them.
Adding the rules to the proper bucket now.
Change-Id: Iec6b3bd093e89c8b3629994681871c94f797187b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 6 Mar 2015 17:52:20 +0000 (18:52 +0100)]
Drop workaround for all applications labeled with "User" label
Because every app used to have the same label, special fixes were needed for
app uninstallation not to break Smack policy for "User" label. Now with final
application labels this is no longer needed. Dropping the workaround.
Change-Id: I83d3df1499f8c0eb21d2c954c2fcba3283938a5e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Rafal Krypa [Fri, 6 Mar 2015 17:22:14 +0000 (18:22 +0100)]
Provide support for loading privilege-group mapping
A mapping file in policy/privilege-group.list will be contained in
security-manager-policy package. All mappings from that file will be loaded
during package installation by security-manager-policy-reload tool.
For development purposes it is also possible to modify the mapping file
on the image and re-run security-manager-policy-reload.
Change-Id: I9a7d5b16888de98013da281978e299c5b19750ce
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
projects / platform / core / security / security-manager.git / log