summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Dariusz Michaluk [Thu, 8 Mar 2018 14:12:55 +0000 (15:12 +0100)]
Improve optee access control configuration
- drop optee supplicant daemon capabilities,
- run optee supplicant daemon under System::TEF Smack label,
- protect privileged device nodes with security_fw group and System::TEF Smack label.
Change-Id: Idda142be300c9db4d1ad79dda267e8ab051cedb9
r.tyminski [Tue, 16 Jan 2018 13:05:03 +0000 (14:05 +0100)]
Adding Bsymbolic flag to linker.
Flag is necessary to avoid calling invalid function implementation.
Previously functions from tef-libteec was called instead of
(optee) libteec implementations.
Change-Id: Ibefe5f06e50e282d9a7e2e4fec0a96ee75b1a43f
r.tyminski [Thu, 23 Nov 2017 14:12:30 +0000 (15:12 +0100)]
Including LGPL2.1 license in rpm if needed.
License LGPL2.1 is included when we compile libsqlfs (CGF_SQL_FS=y)
By default we don't use libsqlfs.
Change-Id: I15eb7baf85a58bf748c7b1d6abf29a424c1d6049
Uladzislau Harbuz [Fri, 20 Oct 2017 14:32:47 +0000 (16:32 +0200)]
Change privileges verification.
Revert 'Implement checking of Tizen policies on TA loading.'
Check privileges by mapping privilege tee.client to priv_tee_client
group. Only application with that privilege will able to use
/dev/tee[0-9] devices.
Set devices /dev/tee[0-9] group to priv_tee_client with udev rule.
Change-Id: I87e476a20434e2022fd4a397f5bd02340940e002
r.tyminski [Fri, 6 Oct 2017 15:08:44 +0000 (17:08 +0200)]
Verify privileges only ones.
We verify privileges in tee-supplicant when it loads TA. OpTEE OS loads
TA twice. We need to verify privileges only at the first time.
Change-Id: I0f90b34e648d3b12a62a293d275feaab65e0bc06
Yves Lefloch [Wed, 22 Mar 2017 16:14:07 +0000 (17:14 +0100)]
tee-supplicant: Report error on short buffer when loading TA
Change-Id: Ie1a2a514e302d387d063f5a03cabee944fb4765a
Signed-off-by: Yves Lefloch <YvesMarie_Lefloch@sigmadesigns.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Rafal Tyminski <r.tyminski@partner.samsung.com>
r.tyminski [Thu, 5 Oct 2017 14:28:12 +0000 (16:28 +0200)]
Packaging changes.
Adding manifest.
Setting root of tee fs to /opt.
Little spec cleanup.
Adding udev and service configuration.
Set SYS_TA_PATH to /usr/lib/tastore
Some fixes for cynara usage.
Change-Id: I2fe99d30d88cc1776380a83308b656445d61cf8f
r.tyminski [Thu, 5 Oct 2017 05:27:41 +0000 (05:27 +0000)]
Merge "Allow to define custom tee fs paths." into tizen
u.harbuz [Wed, 28 Jun 2017 15:29:28 +0000 (17:29 +0200)]
Implement checking of Tizen policies on TA loading.
Check if client has Tizen privelege to use TEE.
Allow client to load only TA from its subdirectories.
Allow system applications load TA from system directies.
Add unix socket connection between tee-supplicant and libteec to
allow identify client with cynara.
Change-Id: I8bfecbb4f58f1397d5706cb9af90e0641fbfdec4
r.tyminski [Thu, 29 Jun 2017 09:34:29 +0000 (11:34 +0200)]
Packaging changes.
Adding manifest.
Setting root of tee fs to /opt.
Little spec cleanup.
Adding udev and service configuration.
Change-Id: Ife48795a84a2033404a0b76f74c151ce82303820
r.tyminski [Wed, 14 Jun 2017 13:08:11 +0000 (15:08 +0200)]
Allow to define custom tee fs paths.
Adding ifndef for TEE_FS_SUBPATH and TEE_FS_PATH.
Change-Id: I009b49f96094a230ac1b43d90471cd2519ffb7be
u.harbuz [Mon, 29 May 2017 10:42:17 +0000 (12:42 +0200)]
Add packaging.
Change-Id: I500d7bb7f45d64e4e7269e85ad5b40a7b43cedca
r.tyminski [Mon, 5 Jun 2017 11:12:39 +0000 (13:12 +0200)]
Update from upstream to 2.4.0 version
Change-Id: I748163170cec3409645e3990c4c2d774b01f349f
r.tyminski [Mon, 29 May 2017 10:13:04 +0000 (12:13 +0200)]
Initial commit with upstream sources.
Change-Id: I6af3c03fe09e536b81df3d9f7725f5cf618e3a27
Tizen Infrastructure [Mon, 3 Apr 2017 06:36:33 +0000 (23:36 -0700)]
Initial empty repository
projects / platform / core / security / tef-optee_client.git / log