platform/core/security/privilege-checker.git
7 weeks agoAdd core privilege: isu.admin 44/317444/2 accepted/tizen_9.0_unified accepted/tizen_unified accepted/tizen_unified_dev accepted/tizen_unified_toolchain accepted/tizen_unified_x accepted/tizen_unified_x_asan tizen_9.0 accepted/tizen/9.0/unified/20241031.000236 accepted/tizen/unified/20240911.161946 accepted/tizen/unified/dev/20240913.055516 accepted/tizen/unified/toolchain/20241004.102126 accepted/tizen/unified/x/20240912.013849 accepted/tizen/unified/x/asan/20241014.000533 tizen_9.0_m2_release
Mateusz Moscicki [Tue, 10 Sep 2024 08:50:51 +0000 (10:50 +0200)]
Add core privilege: isu.admin

Change-Id: Ibe9111abbf1b92e911ebe896c0f21bdd1a8f0c2c
Signed-off-by: Mateusz Moscicki <m.moscicki2@partner.samsung.com>
11 months agoAdd a negative test case privilege_db_manager_is for privilege_db_manager.c for modul... 72/315372/1
tranthanhtung2001 [Wed, 22 Nov 2023 00:34:21 +0000 (07:34 +0700)]
Add a negative test case privilege_db_manager_is for privilege_db_manager.c for module privilege_checker (80.1% Lcoverage)

Change-Id: Ia21b4c79fe5eec300221439aad5432ddfbab871b
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
11 months agoAdd a negative test case privilege_db_manager_is_user_settable in privilege_db_manager.c 70/315370/1
tranthanhtung2001 [Tue, 21 Nov 2023 23:02:20 +0000 (06:02 +0700)]
Add a negative test case privilege_db_manager_is_user_settable in privilege_db_manager.c

Change-Id: Ie3bd9387c734364184b7b17b1c9f0d1183a6b676
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
11 months agoAdd test case privilege_db_manager_get_privacy_id_by_privilege for privilege_db_manag... 64/315364/2
tranthanhtung2001 [Tue, 21 Nov 2023 22:07:15 +0000 (05:07 +0700)]
Add test case privilege_db_manager_get_privacy_id_by_privilege for privilege_db_manager.c in privilege_checker module

Change-Id: I2b163c33250352919efd8d8db9eedbd909de21ba
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
11 months agoEdit and add negative test case for privilege_db_manager_get_privacy_by_privilege 17/315317/3
tranthanhtung2001 [Thu, 23 Nov 2023 01:43:02 +0000 (08:43 +0700)]
Edit and add negative test case for privilege_db_manager_get_privacy_by_privilege

Change-Id: I2aa6de760b1e9b0883c5844bfe528e2bd9282c3e
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
11 months agoAdd positive and edit negative test case for privilege_db_manager_get_privacy_filtere... 99/315299/1
tranthanhtung2001 [Wed, 22 Nov 2023 23:00:32 +0000 (06:00 +0700)]
Add positive and edit negative test case for privilege_db_manager_get_privacy_filtered_privilege_info_list

Change-Id: I245edb622e1c17c6dc9fac74d895d5b67e168d8b
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
11 months agoAdd negative test case for privilege_db_manager_get_all_privacy_package_list with... 98/315298/2
tranthanhtung2001 [Wed, 22 Nov 2023 22:01:50 +0000 (05:01 +0700)]
Add negative test case for privilege_db_manager_get_all_privacy_package_list with uid does not exist

Change-Id: Ie84f80a1b14492f7db2f911d4d962d64fb1e94c0
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
3 months agoFix the last failed test case in privilege_db_manager.c file for privilege checker... 85/314685/1
tranthanhtung2001 [Wed, 17 Jul 2024 09:52:06 +0000 (16:52 +0700)]
Fix the last failed test case in privilege_db_manager.c file for privilege checker module

Change-Id: I9aabb4fe723d43c1c3de857ea97f6f3753813f67
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
3 months agoFix failed test cases in privilege-info.c 88/314588/4
Le [Tue, 16 Jul 2024 03:49:08 +0000 (10:49 +0700)]
Fix failed test cases in privilege-info.c

Change-Id: I774343dda0230b5e07a90a46ba78fcb59a2c21b0
Signed-off-by: Le <xuan.tien@samsung.com>
3 months agoFix all tests case FAIL for file privilege_db_manager.c in privilege checker module 94/314594/3
tranthanhtung2001 [Tue, 16 Jul 2024 04:20:29 +0000 (11:20 +0700)]
Fix all tests case FAIL for file privilege_db_manager.c in privilege checker module

Change-Id: I876132d0df3613e994aec610cea6e69ac09dae84
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
3 months agoAdd tests privilege_db_manager_get_privilege_list_by_pkgid_and_privacy 48/314548/2
tranthanhtung2001 [Mon, 15 Jul 2024 06:46:37 +0000 (13:46 +0700)]
Add tests privilege_db_manager_get_privilege_list_by_pkgid_and_privacy
Add tests privilege_db_manager_get_privacy_filtered_privilege_info_list

Change-Id: I14bc3cbb429335656f35d76de52a6c8a1d7d3bcc
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
3 months agoRefactoring source code privilege checker 78/312678/22
tranthanhtung2001 [Thu, 13 Jun 2024 02:39:10 +0000 (09:39 +0700)]
Refactoring source code privilege checker

Change-Id: Iaeac4e860925ad5221284cba4d018214b061d1da
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
4 months agoFix failed test case when askuser enabled 13/314013/4
Thien [Thu, 4 Jul 2024 03:56:02 +0000 (10:56 +0700)]
Fix failed test case when askuser enabled

Change-Id: I2d39f0bf4a1982d5e56fe2c75512636fc690a5ff
Signed-off-by: Thien <khanh.thien@samsung.com>
4 months agoFix potential defect: COMMAND_INJECTION 37/314037/1
Thien [Thu, 4 Jul 2024 08:51:42 +0000 (15:51 +0700)]
Fix potential defect: COMMAND_INJECTION

Change-Id: Idef972258f99ea1c8d5cc58417c679cb8ea55da4
Signed-off-by: Thien <khanh.thien@samsung.com>
4 months agoAdd test cases for privilege-package-info.c when askuser is disabled 25/312925/12
Thien [Mon, 17 Jun 2024 09:12:11 +0000 (16:12 +0700)]
Add test cases for privilege-package-info.c when askuser is disabled

Change-Id: Id0c49a9c498599e169c927421694ffac996d3a85
Signed-off-by: Thien <khanh.thien@samsung.com>
4 months agoAdd test for privilege_info_foreach_privilege_group_list_by_pkgid_and_uid 40/312840/8
Le [Mon, 17 Jun 2024 03:40:48 +0000 (10:40 +0700)]
Add test for privilege_info_foreach_privilege_group_list_by_pkgid_and_uid

Add test for privilege_info_foreach_privilege_list_by_pkgid_and_privilege_group
Add test for privilege_info_foreach_privilege_list_by_pkgid_and_privilege_group_and_uid

Change-Id: Iaec1df2e06088149b97b1a2d806081112b553381
Signed-off-by: Le <xuan.tien@samsung.com>
4 months agoAdd tests for privilege_db_manager_get_privacy_list_by_pkgid 91/311791/3
tranthanhtung2001 [Tue, 28 May 2024 03:08:41 +0000 (10:08 +0700)]
Add tests for privilege_db_manager_get_privacy_list_by_pkgid

Add tests for privilege_db_manager_get_package_list_by_privacy

Change-Id: Ia281de9dd5488c12b6ba8bae5e15f7decf1a644d
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
4 months agoAdd test for privilege_info_foreach_privilege_group_list_by_pkgid 09/311809/5
Le [Tue, 28 May 2024 08:01:46 +0000 (15:01 +0700)]
Add test for privilege_info_foreach_privilege_group_list_by_pkgid

Change-Id: I9f891320c1f91b46f3f64d1c9a09965c92bf870f
Signed-off-by: Le <xuan.tien@samsung.com>
4 months agoAdd tests for privilege_info_get_privilege_display_name_by_package_type 03/311703/4
Le [Fri, 24 May 2024 05:51:03 +0000 (12:51 +0700)]
Add tests for privilege_info_get_privilege_display_name_by_package_type

Change-Id: Ie6c15224ff59fce750f8e967e4a7d20754ad3f77
Signed-off-by: Le <xuan.tien@samsung.com>
4 months agoAdd tests for privilege_db_manager_is_privacy_requestable 97/311697/4
tranthanhtung2001 [Fri, 24 May 2024 02:45:22 +0000 (09:45 +0700)]
Add tests for privilege_db_manager_is_privacy_requestable

Add tests for privilege_db_manager_get_all_privacy_package_list

Change-Id: I7e03d40155796038457d37b0b9f4658a90e7411a
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
4 months agoAdd KR translation to keymanager.extended privilege 79/312279/2 accepted/tizen/unified/20240612.095954 accepted/tizen/unified/dev/20240620.005638 accepted/tizen/unified/toolchain/20240624.121657 accepted/tizen/unified/x/20240612.110428 accepted/tizen/unified/x/asan/20240625.092900
Dariusz Michaluk [Wed, 5 Jun 2024 12:05:57 +0000 (14:05 +0200)]
Add KR translation to keymanager.extended privilege

Change-Id: I773a1812202a4e0b66b80dc136fab8efa00d59b5

5 months agoMerge "Add core privilege: keymanager.extended" into tizen accepted/tizen/unified/20240603.032421 accepted/tizen/unified/x/20240604.013047
Tomasz Swierczek [Fri, 31 May 2024 04:30:17 +0000 (04:30 +0000)]
Merge "Add core privilege: keymanager.extended" into tizen

5 months agoMerge "Add tests for privilege_db_manager_set_package_privacy_privilege_info Add...
Tomasz Swierczek [Thu, 23 May 2024 06:38:23 +0000 (06:38 +0000)]
Merge "Add tests for privilege_db_manager_set_package_privacy_privilege_info Add tests for privilege_db_manager_unset_package_privilege_info" into tizen

5 months agoAdd tests for privilege_db_manager_set_package_privacy_privilege_info 88/311288/4
tranthanhtung2001 [Fri, 17 May 2024 08:35:57 +0000 (15:35 +0700)]
Add tests for privilege_db_manager_set_package_privacy_privilege_info
Add tests for privilege_db_manager_unset_package_privilege_info

Change-Id: Ib96ea19a06ed7f162c09793a97f97ed173c2e20b
Signed-off-by: tranthanhtung2001 <tran.tung@samsung.com>
5 months ago Add tests for privilege_info_get_privilege_noti_info_list 74/310774/9
Le [Wed, 8 May 2024 04:44:24 +0000 (11:44 +0700)]
 Add tests for privilege_info_get_privilege_noti_info_list
 Add tests for privilege_info_get_privilege_description_by_package_type

Change-Id: I8e2eb9851dd1db2c75a720311bc78aec62f34965
Signed-off-by: Le <xuan.tien@samsung.com>
5 months agoAdd core privilege: keymanager.extended 22/311322/1
Dariusz Michaluk [Fri, 17 May 2024 11:32:22 +0000 (13:32 +0200)]
Add core privilege: keymanager.extended

- keymanager.extended (platform level): app can use extended CKMC API

Change-Id: I567fe10fbcc62a2a09b3171f23caed8a5161e579

7 months agoAdjust coverage script after lcov upgrade 00/309200/1
Dariusz Michaluk [Fri, 5 Apr 2024 11:13:59 +0000 (13:13 +0200)]
Adjust coverage script after lcov upgrade

Change-Id: Ic7a67c4db8debb6d1e187294aa4f7ad3d36fcaa7

8 months agoAdd core privilege: wifi.secureinfo 41/306341/3 accepted/tizen/unified/20240223.160533 accepted/tizen/unified/toolchain/20240311.065528 accepted/tizen/unified/x/20240226.075426
Krzysztof Malysa [Tue, 20 Feb 2024 10:20:00 +0000 (11:20 +0100)]
Add core privilege: wifi.secureinfo

- wifi.secureinfo (platform level): app can read Wi-Fi security information

Change-Id: I69921cab17c57cdb66906b77f20f01173bcb8cfb

10 months agoRemove tizen-locale dependency 18/303418/1 accepted/tizen_unified_riscv accepted/tizen/unified/20231228.165735 accepted/tizen/unified/riscv/20240103.054656
Dariusz Michaluk [Wed, 27 Dec 2023 09:52:01 +0000 (10:52 +0100)]
Remove tizen-locale dependency

Change-Id: If262cff1b5117edd543424b47ede4a7404458a5f

21 months agoFix tv.inputdevice privilege display name 46/287446/1
Yunjin Lee [Mon, 30 Jan 2023 04:58:37 +0000 (13:58 +0900)]
Fix tv.inputdevice privilege display name

- Remove 'eg.' from tv.inputdevice privilege's display name

Change-Id: Ia02ed2879409b644a51c637384a5df32e92042b9
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
2 years agoMake pkginfo-server restart after pkgmgr info is changed. 09/280409/6
Tomasz Swierczek [Mon, 29 Aug 2022 15:09:23 +0000 (17:09 +0200)]
Make pkginfo-server restart after pkgmgr info is changed.

 "I'm a product
  Of my environment
  So don't blame me, I just work here"

              - Offspring, "Americana"

Tests mimic application installation by altering sqlite DB manually.

This however, leaves pkginfo-server daemons' internal cache in bad state,
not maching the DB, effectively making changes not visible to its clients.

This patch is an obscene attempt to fix this terrible issue by killig
that daemon after completing the DB modiffications.

With this change, unit tests should all pass again (6 were failing before).

Proper solution to the problem would probably require installing regular
small applications in place of mimicking their installation, which
would be a much, much bigger and time-costly refactoring.

Also, added more debug information.

Change-Id: I826bde1e56001d87ddbaeee5efe4f03ade32db42

2 years agoFix privilege names (typo) 06/280406/3
Tomasz Swierczek [Mon, 29 Aug 2022 14:31:04 +0000 (16:31 +0200)]
Fix privilege names (typo)

Change-Id: Idb2b50918b03fca204727e4f2e9f367ffe5099b9

2 years agoRelease version 1.3.1 05/277005/1 accepted/tizen_7.0_unified_hotfix tizen_7.0_hotfix accepted/tizen/7.0/unified/20221110.063649 accepted/tizen/7.0/unified/hotfix/20221116.105627 accepted/tizen/8.0/unified/20231005.093659 accepted/tizen/unified/20220630.211943 submit/tizen/20220629.054736 tizen_7.0_m2_release tizen_8.0_m2_release
Yunjin Lee [Wed, 29 Jun 2022 04:59:15 +0000 (13:59 +0900)]
Release version 1.3.1

- As tizen_6.5 privilege-checker uses 1.2.x, move tizen(_7.0)
    privilege-chcker's version to 1.3.x

Change-Id: I329a0ef827f13df46a993522c9e55e7ea9d18980
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
2 years agoFix asan build fail 90/276990/1
Yunjin Lee [Wed, 29 Jun 2022 00:46:48 +0000 (09:46 +0900)]
Fix asan build fail

- Fix asan build fail due to the multiple definition

Change-Id: I59d2c4f58d9d065683a30fdf648e1c2d8662ac47
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
2 years agoAdd tests for privilege_info_has_privacy_attr 44/271744/2
Tomasz Swierczek [Fri, 25 Feb 2022 13:57:08 +0000 (14:57 +0100)]
Add tests for privilege_info_has_privacy_attr

This patch is supposed to increase code coverage of unit tests.

Change-Id: Ieeb1148c0f7a5bab5abd6591b940f5612c61de88

2 years agoAdd prefixes for positive & negative test cases 37/268337/1
Tomasz Swierczek [Mon, 20 Dec 2021 14:21:35 +0000 (15:21 +0100)]
Add prefixes for positive & negative test cases

Most test cases in the code of privilege-checker use the:

__tcinfo()

call to setup their name for proper logging. These tests that use this
infrastructure will be properly categorized.

Change-Id: Iae7b3bb79369c0df5eb5e35c4d3254f0687eb16b

2 years agoFix duplicated privilege error 36/267236/1 accepted/tizen/unified/20211203.125444 submit/tizen/20211130.065744 submit/tizen/20211201.022754
Yunjin Lee [Tue, 30 Nov 2021 05:58:45 +0000 (14:58 +0900)]
Fix duplicated privilege error

Change-Id: Ie7e3ad29b2aeb8a84e61f42acb76c7e5493890e5
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
2 years agoFix print type for 64bit 74/267174/1 submit/tizen/20211129.042638
Yunjin Lee [Mon, 29 Nov 2021 04:09:52 +0000 (13:09 +0900)]
Fix print type for 64bit

- aarch and x86_64 expect 'long unsigned int' for '%zu' and build fails
hence fix it to '%u'

Change-Id: I5568ef3616e1542aeeac78bf32f23f61459a4d2f
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
2 years agoRelease version 1.2.16 36/267136/1 submit/tizen/20211126.070118
Yunjin Lee [Fri, 26 Nov 2021 06:57:17 +0000 (15:57 +0900)]
Release version 1.2.16

- Fix to handle major version exceed two digits

Change-Id: I1fac70214b40a52bdd8a906d6a9b794a2fc9fb82
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
2 years agoFix to handle major version exceed two digits 31/266931/5
Yunjin Lee [Mon, 22 Nov 2021 11:04:42 +0000 (20:04 +0900)]
Fix to handle major version exceed two digits

- Tizen uses api-version of X.X.X.X form and managed privilege's issued
and deprecated api-version in text form. So far, the major version has
never exceeded two digits. However, dotnet apis have api version 10 from
tizen verion 7.0 and need to handle that cases.
  Since the major version has never exceeded two digits, every not deprecated
privileges' to_api_version is set to 9.9 hence updated it to 99.9.
  Plus, the previous method compared versions in text and there's a problem
that 9 becomes larger when comparing 9 and 10.
  Therefore uses __get_api_version_code() to compare api-versions on code.
  Manipulate api-versions to comparable form and store it on DB would be
the clearest way but it will make other burdens (need to update upgrade
script for migration of /opt/dbspace/.privacy.db) and it might harm the
readability of the debugging logs.
  So I just modified it to get api-version from DB and manipuate and compare.

Change-Id: I89475ff033c018defc09d2a3524665be1260ec6d
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
3 years agoRelease version 1.2.15 28/264828/1 accepted/tizen/6.5/unified/20211028.115923 accepted/tizen/unified/20211001.085512 submit/tizen/20210930.101145 submit/tizen/20211202.194228 submit/tizen_6.5/20211028.162401 tizen_6.5.m2_release
Yunjin Lee [Thu, 30 Sep 2021 10:10:11 +0000 (19:10 +0900)]
Release version 1.2.15

- Update privacy whitelist of IoT profile

Change-Id: I582a45a437b484dde004dc07f53e5bf42212526b
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
3 years agoUpdate privacy whitelist of IoT profile 28/264428/1
Piotr Czaja/Advanced Frameworks (PLT) /SRPOL/Engineer/Samsung Electronics [Fri, 17 Sep 2021 09:50:22 +0000 (11:50 +0200)]
Update privacy whitelist of IoT profile

- Add org.tizen.fitness (profile/iot/apps/dotnet/fitness)

Change-Id: I0393266b8c2bdbd4a723f605511fb736e4a32579
Signed-off-by: Piotr Czaja/Advanced Frameworks (PLT) /SRPOL/Engineer/Samsung Electronics <p.czaja@samsung.com>
3 years agoRelease version 1.2.14 54/264354/1 accepted/tizen/unified/20210917.024333 submit/tizen/20210916.085235
Yunjin Lee [Thu, 16 Sep 2021 08:50:45 +0000 (17:50 +0900)]
Release version 1.2.14

- Update privacy whitelist of IoT profile

Change-Id: I3b309221905cb63601958aeb576c3e39d36c0b2f
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
3 years agoUpdate privacy whitelist of IoT profile 47/264347/1
Yunjin Lee [Thu, 16 Sep 2021 08:26:26 +0000 (17:26 +0900)]
Update privacy whitelist of IoT profile

- Add org.tizen.MusicPlayer (profile/iot/apps/dotnet/music-player)

Change-Id: I51df70a0fefab51b09880e95379a366739accffc
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
3 years agoRelease 1.2.13 50/259650/1 accepted/tizen/unified/20210615.120246 submit/tizen/20210611.104600
Tomasz Swierczek [Thu, 10 Jun 2021 10:35:06 +0000 (12:35 +0200)]
Release 1.2.13

- Fix static analysis issues

Change-Id: I9afe420f103909c3f16db1142b1d283052962141

3 years agoMerge "Fix issues from static analysis" into tizen
Dariusz Michaluk [Wed, 9 Jun 2021 11:48:52 +0000 (11:48 +0000)]
Merge "Fix issues from static analysis" into tizen

3 years agoFix issues from static analysis 05/258705/2
Tomasz Swierczek [Mon, 24 May 2021 11:48:16 +0000 (13:48 +0200)]
Fix issues from static analysis

Change-Id: I25fbddde6d1ea649217e77095fff1cc546ad16da

3 years agoRelease version 1.2.12 58/257058/1 accepted/tizen/unified/20210420.002103 submit/tizen/20210419.060143
Yunjin Lee [Mon, 19 Apr 2021 05:05:32 +0000 (14:05 +0900)]
Release version 1.2.12

- Add core privileges: usb.host and log

Change-Id: I3e620a647301e79db3171ce1ea8915f147efa20c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
3 years agoAdd core privileges: usb.host and log 73/256673/2
Yunjin Lee [Fri, 9 Apr 2021 04:36:21 +0000 (13:36 +0900)]
Add core privileges: usb.host and log

- usb.host: app can access to connected external USB devices
- log: app can access to platform log data
- both are platform level

Change-Id: Id071a4c4f94f0ccb7312637c7c60153b2e87aa5c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
3 years agoRelease version 1.2.11 63/256463/1 accepted/tizen/unified/20210406.000333 submit/tizen/20210405.042357
Yunjin Lee [Mon, 5 Apr 2021 04:09:13 +0000 (13:09 +0900)]
Release version 1.2.11

- Update privilege description

Change-Id: Iefe21cfe87fd6331fca068beb765c7c55f301d99
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
3 years agoUpdate privilege description 13/256313/1
Yunjin Lee [Thu, 1 Apr 2021 05:30:20 +0000 (14:30 +0900)]
Update privilege description

- Update description of bugreport.admin privilege and related language files

Change-Id: I62bdefb2e666e62435754e4ccfe06f498cd43a66
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
3 years agoAdd missing privilege-checker package 77/255977/2 accepted/tizen/unified/20210326.013902 submit/tizen/20210326.013710
Yunjin Lee [Fri, 26 Mar 2021 01:21:32 +0000 (10:21 +0900)]
Add missing privilege-checker package

- privilege-checker package is included in ks files so that if the
package is missing then image will break. We need to remove it by JIRA
process.(with other product side anouncement)

Change-Id: I8145196c3bd7fe84c87461655fd7b7fbcde944f5
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
3 years agoRelease version 1.2.10 18/255718/1 accepted/tizen/unified/20210325.122732 submit/tizen/20210323.045229 submit/tizen/20210324.085352
Yunjin Lee [Tue, 23 Mar 2021 03:00:09 +0000 (12:00 +0900)]
Release version 1.2.10

- Add core privilege: bugreport.admin
- Fix coverage generation in rpm 4.14.1
- Automate code coverage measurement
- Cleanup cmake/spec infrastructure
- Merge all tests into one binary
- Remove unused legacy files
- Fix files access rights

Change-Id: If75b97c8256f19448173ceae0e3a175242a78189
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
3 years agoAdd core privilege: bugreport.admin 17/255717/1
Yunjin Lee [Tue, 23 Mar 2021 02:07:41 +0000 (11:07 +0900)]
Add core privilege: bugreport.admin

- With http://tizen.org/privilege/bugreport.admin, app can request
creation of system or app's bugreport.
- DID will be added soon

Change-Id: I06125902f997ce1043e3464d1f0e24c8ef70ca88
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
3 years agoFix coverage generation in rpm 4.14.1 86/254486/1
Tomasz Swierczek [Wed, 3 Mar 2021 13:37:04 +0000 (14:37 +0100)]
Fix coverage generation in rpm 4.14.1

Debug source package directories now have different names.

Change-Id: Iaa4e2be1cadd51ab8c9b4db415a91b1efb65547f

3 years agoAutomate code coverage measurement 18/251618/4
Dariusz Michaluk [Fri, 15 Jan 2021 08:19:30 +0000 (09:19 +0100)]
Automate code coverage measurement

To gather unit tests coverage report:
- use COVERAGE build_type,
- install security-privilege-manager-coverage rpm,
- run privilege-checker-coverage.sh script.

Change-Id: I79142f2b87e7ecdc8fae3efad903dfebd3f3a654

3 years agoCleanup cmake/spec infrastructure 31/251531/5
Dariusz Michaluk [Thu, 14 Jan 2021 10:01:22 +0000 (11:01 +0100)]
Cleanup cmake/spec infrastructure

Change-Id: I5be717880e1d100b63a0214a87a54fb4c1744d0c

3 years agoMerge all tests into one binary 17/251617/4
Dariusz Michaluk [Fri, 15 Jan 2021 09:28:58 +0000 (10:28 +0100)]
Merge all tests into one binary

Change-Id: I3b72244f5e74407a9fa98aad04d0385d61b9970b

3 years agoRemove unused legacy files 30/251530/4
Dariusz Michaluk [Thu, 14 Jan 2021 17:49:54 +0000 (18:49 +0100)]
Remove unused legacy files

Change-Id: I4bafc918d083795cfd575d7a38afb2a42fac1e85

3 years agoFix files access rights 29/251529/4
Dariusz Michaluk [Wed, 13 Jan 2021 15:29:49 +0000 (16:29 +0100)]
Fix files access rights

Change-Id: I5712f848da51cfef24d6b2ac6fb1c3747ddb5135

4 years agoRelease version 1.2.9 04/244104/1 accepted/tizen_6.0_unified_hotfix tizen_6.0_hotfix accepted/tizen/6.0/unified/20201030.115239 accepted/tizen/6.0/unified/hotfix/20201103.004059 accepted/tizen/unified/20200921.095055 accepted/tizen/unified/20210326.000331 submit/tizen/20200915.070844 submit/tizen/20200917.015851 submit/tizen/20210326.000945 submit/tizen_6.0/20201029.205104 submit/tizen_6.0_hotfix/20201102.192504 submit/tizen_6.0_hotfix/20201103.114804 tizen_6.0.m2_release
Yunjin Lee [Tue, 15 Sep 2020 05:19:11 +0000 (14:19 +0900)]
Release version 1.2.9

- Update web networkbearerselection mapping

Change-Id: Ibf94606b56ca17fdeeaa0be251bc60408c3c5f95
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoUpdate web networkbearerselection mapping 15/244015/1
Yunjin Lee [Mon, 14 Sep 2020 05:42:28 +0000 (14:42 +0900)]
Update web networkbearerselection mapping

- Some native network.set privilged APIs' were changed to network.route
privileged APIs and web networkbearerselection privileged APIs are
wrapper of those. Hence add mapping for network.route privilege.

Change-Id: I5e9f1138e2d63c1471fee9807a03633e04f0762b
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRelease version 1.2.8 77/243877/1 accepted/tizen/unified/20200914.131452 submit/tizen/20200911.015346
Yunjin Lee [Fri, 11 Sep 2020 01:47:52 +0000 (10:47 +0900)]
Release version 1.2.8

- Add privilege_info_has_privacy_attr()

Change-Id: I00c986653b9954ab2178da4813a5474e56edd852
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoAdd privilege_info_has_privacy_attr() 28/243728/1
Yunjin Lee [Wed, 9 Sep 2020 10:24:13 +0000 (19:24 +0900)]
Add privilege_info_has_privacy_attr()

- Add API to check whether the given privilege has privacy attribute.
(privilege_info_is_privacy() can return different result according to
 the environment whether privacy is enabled or not, but it doesn't.)

Change-Id: I678651ee9f8400282621d787fa8346a55597b1c6
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRelease version 1.2.7 33/243133/1 accepted/tizen/unified/20200904.154118 submit/tizen/20200903.083407
Yunjin Lee [Thu, 3 Sep 2020 08:28:16 +0000 (17:28 +0900)]
Release version 1.2.7

- Get privilege notification info list with locale
- Get privilege display name or description with package type
- Update language files and fix wrong DID

Change-Id: If7fb96e75f0c26fd0beba43cecf415f7a720ccdb
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoGet privilege notification info list with locale 92/242392/8
Yunjin Lee [Wed, 26 Aug 2020 08:28:28 +0000 (17:28 +0900)]
Get privilege notification info list with locale

- To make privilege-info to wrapper of this package, add proper
functions for that
- Revise privilege_info_get_privilege_info_list() into
privilege_info_get_privilege_noti_info_list()
- Revise privilege_info_free_privilege_info_list() into
privilege_info_free_privilege_noti_info_list()

Change-Id: I8cb7bf764490279aa05a280e01d49cffc09980e8
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoGet privilege display name or description with package type 31/242131/3
Yunjin Lee [Mon, 24 Aug 2020 10:03:49 +0000 (19:03 +0900)]
Get privilege display name or description with package type

- To make privilege-info to wrapper of this package, add proper
functions for that
- Revise privilege db APIs to get privilege display name or description
regardless of the package type if the given package type is
PRVMGR_PACKAGE_TYPE_NONE

Change-Id: I98d869f1a238faeaa486f17c831471c46c81b3c6
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoUpdate language files and fix wrong DID 89/242589/1
Yunjin Lee [Fri, 28 Aug 2020 06:09:50 +0000 (15:09 +0900)]
Update language files and fix wrong DID

- Update language files for network.route privilege and fix wrong DID of
it

Change-Id: I83032c7035147d3a3743eb804a0def7a426b9b34
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRelease version 1.2.6 27/241327/1 accepted/tizen/unified/20200821.042435 submit/tizen/20200820.051038
Yunjin Lee [Wed, 19 Aug 2020 07:36:06 +0000 (16:36 +0900)]
Release version 1.2.6

- Add core privilege: network.route

Change-Id: I15c57a880307e7574c44dffe1812c038f9f4cb58
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoAdd core privilege: network.route 92/241292/1
Yunjin Lee [Wed, 19 Aug 2020 05:14:27 +0000 (14:14 +0900)]
Add core privilege: network.route

- network.route: With this privilege, app can add or remove route table
entries.

Change-Id: Id02f70d26b954a3ce2836253e3b89900f11b60bb
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRelease version 1.2.5 37/240937/2 accepted/tizen/unified/20200818.130026 submit/tizen/20200813.042541
Yunjin Lee [Thu, 13 Aug 2020 03:57:54 +0000 (12:57 +0900)]
Release version 1.2.5

- Split APIs not to access DB while trying to access DB
- Update privacy whitelist for IoT profile

Change-Id: I5241cc0dc6d37e1fa46eb17a01eb813dd9fbc2f0
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoMerge "Split APIs not to access DB while trying to access DB" into tizen
Yunjin Lee [Thu, 13 Aug 2020 03:54:20 +0000 (03:54 +0000)]
Merge "Split APIs not to access DB while trying to access DB" into tizen

4 years agoSplit APIs not to access DB while trying to access DB 66/240766/2
Yunjin Lee [Tue, 11 Aug 2020 07:13:12 +0000 (16:13 +0900)]
Split APIs not to access DB while trying to access DB

- Split some APIs access DB while trying to access DB

Change-Id: I3a840fbd15a6f4b767c7e7601f4796610d7eeb8b
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoUpdate privacy whitelist for IoT profile 99/240599/1
Yunjin Lee [Mon, 10 Aug 2020 02:09:11 +0000 (11:09 +0900)]
Update privacy whitelist for IoT profile

- Update org.tizen.wallpaper-ui-service is changed to
  org.tizen.wallpaper-ui-service_common

Change-Id: Ie8609d508125c9ebee55e71a8b03d18b58e700c3
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRelease version 1.2.4 01/240401/1 accepted/tizen/unified/20200810.123151 submit/tizen/20200806.054000
Yunjin Lee [Thu, 6 Aug 2020 05:31:58 +0000 (14:31 +0900)]
Release version 1.2.4

- Add default privilege mapping for IoT profile
- Remove unused critical privilege related APIs
- Bind begin and finish transaction
- Rename privilege_info_db_row and related function
- Remove redundancy of statement evaluation

Change-Id: Ic22ea1ee19d9f0f48c607980aea26266349470f7
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoAdd default privilege mapping for IoT profile 15/240315/2
Yunjin Lee [Wed, 5 Aug 2020 07:45:28 +0000 (16:45 +0900)]
Add default privilege mapping for IoT profile

- Add web default privilege mapping for IoT profile. (core default
privilege mapping has no difference with common profile so there's no
update for core privilege.)
- Minimum api-version for IoT profile is native 5.0 / web & csharp 5.5.
- Fix askuser enable determination of local tc.
  It refers to https://review.tizen.org/gerrit/#/c/platform/core/security/privilege-checker/+/234846/

Change-Id: I730d02d879033561b238303bd435bc0a81822db3
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRemove unused critical privilege related APIs 85/239285/2
Yunjin Lee [Thu, 23 Jul 2020 10:31:32 +0000 (19:31 +0900)]
Remove unused critical privilege related APIs

- There was a requirement at first time but was not used hence remove
all of them.

Change-Id: I6919e6c6a84ed6f20ef719d744ae22c18f279ae0
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoBind begin and finish transaction 14/238914/7
Yunjin Lee [Mon, 20 Jul 2020 08:15:24 +0000 (17:15 +0900)]
Bind begin and finish transaction

- Bind begin and finish transaction process as macros.
- Add retry for begin transaction.

Change-Id: I462356303732bafe1bbbba35581abcd2f6698427
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRename privilege_info_db_row and related function 64/238264/6
Yunjin Lee [Fri, 10 Jul 2020 05:33:28 +0000 (14:33 +0900)]
Rename privilege_info_db_row and related function

- Originally privilege_info_db_row_s was made to have all privilege info
such as privilege name, level, issued and deprecaed version or so. But
the required privilege info for privilege verification was reduced to
only privilege level and now, the name is not matched to its role. Hence
rename it properly.

- struct
  - AS-IS: privilege_info_db_row_s
  - TO-BE: privilege_level_info_s
- functions
  - AS-IS: privilege_db_manager_get_privilege_list()
  - TO-BE: privilege_db_manager_get_privilege_level_info_list()

  - AS-IS: free_privilege_info_db_row_list()
  - TO-BE: free_privilege_level_info_list()

Change-Id: Ie72fe0fe423742bc1e7b5f12ff243dd56af23a47
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRemove redundancy of statement evaluation 22/238222/8
Yunjin Lee [Thu, 9 Jul 2020 09:11:12 +0000 (18:11 +0900)]
Remove redundancy of statement evaluation

- Simple statement evaluation
  - Remove unnecessary value assign
  - Remove redundancy of sqlite3_step and modify
    'do-while' to 'while'
- Add free function for list allocated by
  privilege_db_manager_get_privilege_list()
- TODO: Add error check for some cases
- TODO: Integrate some sql errors
- TODO: Rename privilege_info_db_row & add functions for it

Change-Id: I2973d22e8a21bbe358a8a773da36a77306794c9d
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRelease version 1.2.3 (modified) 85/238985/1 accepted/tizen/unified/20200722.144616 submit/tizen/20200721.035331 submit/tizen/20200721.042437
Yunjin Lee [Tue, 21 Jul 2020 03:48:04 +0000 (12:48 +0900)]
Release version 1.2.3 (modified)

- Fix potential memory leak
- Update IoT privacy whitelist
- Modify privilege verification messaging
- Revise logic to get privilege display name and description
- Fix asan build fail
- Bind repeated steps for accessing DB
- Adjust API changes to local test

Remove a commit causing cyclic dependency from the release

Change-Id: I85a479f6624f9a3ff2390e2425df6b8970a2b523
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRevert "Get package cert level if there's no cert level given" 74/238974/2
Yunjin Lee [Tue, 21 Jul 2020 02:05:30 +0000 (02:05 +0000)]
Revert "Get package cert level if there's no cert level given"

This reverts commit cd1a5b8fb247a8a40b5a30d97c5089c94c49d3a2.

- Due to the cyclic dependency, privilege-checker can't use cert-svc APIs.
  cert-svc <-> key-manager <-> security-manager <-> privilege-checker

Change-Id: I6a2a289b5c36f07b75e8188c7cc2e7a287b6f09c

4 years agoRelease version 1.2.3 17/238917/2 submit/tizen/20200720.104233
Yunjin Lee [Mon, 20 Jul 2020 08:32:23 +0000 (17:32 +0900)]
Release version 1.2.3

- Fix potential memory leak
- Update IoT privacy whitelist
- Get package cert level if there's no cert level given
- Modify privilege verification messaging
- Revise logic to get privilege display name and description
- Fix asan build fail
- Bind repeated steps for accessing DB
- Adjust API changes to local test

Change-Id: If9274e94f004254dc6fb4742e1aeb8b948c25f74
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoFix potential memory leak 30/238930/1
Yunjin Lee [Mon, 20 Jul 2020 10:05:17 +0000 (19:05 +0900)]
Fix potential memory leak

- If TRY_INIT_DB fails, string allocated by __make_privilege_list_str()
will be lost.

Change-Id: I2d7e3b9ccb6b1cf3bd4d1e18a33d6e60f9acbaeb
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoUpdate IoT privacy whitelist 15/238915/2
Yunjin Lee [Mon, 20 Jul 2020 08:20:43 +0000 (17:20 +0900)]
Update IoT privacy whitelist

- Add org.tizen.firmware-update-ui to IoT privacy whitelist

Change-Id: Ia962a8bd1c03e2a5ae5e2d4fbf8a4d46e6c11700
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoGet package cert level if there's no cert level given 11/238011/2
Yunjin Lee [Tue, 7 Jul 2020 10:28:03 +0000 (19:28 +0900)]
Get package cert level if there's no cert level given

- To check whether the package is privacy whitelisted or not, get pkg
cert level from input param. If the given cert level is
PRVMGR_PACKAGE_VISIBILITY_NONE then get package cert level from
pkgmgr-info and certsvc.

Change-Id: I85ca805867a7a17a49eccfd3f6d6cc6edb44fc54
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoModify privilege verification messaging 03/237403/4
Yunjin Lee [Fri, 26 Jun 2020 10:01:20 +0000 (19:01 +0900)]
Modify privilege verification messaging

- Adjust function/variable name to its role.
- Remove redunant code.
- Remove build warning bypass trick.
- Make messaging logic simpler.

Change-Id: Ib5e113f147bbbaf4597da3ccb2798467f1ddbae3
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRevise logic to get privilege display name and description 18/236818/4
Yunjin Lee [Mon, 22 Jun 2020 08:39:57 +0000 (17:39 +0900)]
Revise logic to get privilege display name and description

- Remove redundant code and branch that never passed through.
- Return NULL if the given privilege have no DID to display
    - The same changes as privilege-info :
      https://review.tizen.org/gerrit/#/c/platform/core/security/privilege-info/+/231441/

Change-Id: I7093d1a38970ca2a11b0933025845baed2a1e04b
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoMerge "Fix asan build fail" into tizen
Yunjin Lee [Thu, 9 Jul 2020 08:01:12 +0000 (08:01 +0000)]
Merge "Fix asan build fail" into tizen

4 years agoFix asan build fail 42/238142/3
Yunjin Lee [Thu, 9 Jul 2020 02:24:07 +0000 (11:24 +0900)]
Fix asan build fail

- How to build with asan:
    $ gbs build -A {architecture} --include-all --extra-packs asan-force-options,asan-build-env --define 'asan 1'

Change-Id: I4c655ac01d9061362a1cf1cc53bc6defe14bc55d
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoBind repeated steps for accessing DB 37/237737/2
Yunjin Lee [Fri, 3 Jul 2020 06:24:56 +0000 (15:24 +0900)]
Bind repeated steps for accessing DB

- Bind check query and prepare DB into a function
- Make open / prepare DB as try / return
- Leave comment for TODO

Change-Id: I16b1e150bae44829255baa49f76d349f311a352c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoAdjust API changes to local test 71/236771/3
Yunjin Lee [Mon, 22 Jun 2020 04:46:24 +0000 (13:46 +0900)]
Adjust API changes to local test

- adjust privilege_info_get_privilege_type() interface changes
- enable local test build

Change-Id: I42b7b5ef3329ffd026c576eb6510a05abfaa43a0
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRelease version 1.2.2 84/236284/1 accepted/tizen/unified/20200617.055830 submit/tizen/20200616.060249 submit/tizen/20200616.062412
Yunjin Lee [Tue, 16 Jun 2020 02:56:42 +0000 (11:56 +0900)]
Release version 1.2.2

- Add privilege profile type for IoT
- Add privacy whitelist for IoT profile
- Determine askuser enable by security config file
- Add IoT profile
- Add cert level to privacy whitelist table

Change-Id: I619eca0149494e3c5324f69adb7c7c1874b1b833
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoAdd privilege profile type for IoT 49/234849/4
Yunjin Lee [Fri, 29 May 2020 07:19:49 +0000 (16:19 +0900)]
Add privilege profile type for IoT

Change-Id: Ifdd154343825e2f2783a68e955c1db8c48998d9d
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoAdd privacy whitelist for IoT profile 53/236253/1
Yunjin Lee [Tue, 16 Jun 2020 02:49:54 +0000 (11:49 +0900)]
Add privacy whitelist for IoT profile

- Based on RPI4 IoT headed image (20200615.1)

Change-Id: I84bc6993185b24aac3aeafc90b7f9d807f46fe4f
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoDetermine askuser enable by security config file 46/234846/3
Yunjin Lee [Fri, 29 May 2020 07:09:17 +0000 (16:09 +0900)]
Determine askuser enable by security config file

- When checking current target support askuser or not, see whether the
askuser_disable file exist or not.

- The profile file is used for checking different storage privacy support
among profiles.

Change-Id: I7be583ac275f10575220c6ace3d1dd64522c14fe
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoMerge "Add IoT profile" into tizen
Yunjin Lee [Thu, 28 May 2020 10:52:08 +0000 (10:52 +0000)]
Merge "Add IoT profile" into tizen

4 years agoAdd cert level to privacy whitelist table 23/232123/2
Yunjin Lee [Tue, 28 Apr 2020 10:12:35 +0000 (19:12 +0900)]
Add cert level to privacy whitelist table

- Add cert_level to privacy_whitelist table to check privacy whitelisted
app by its pkgid and cert level

Change-Id: Idcb6d3e8f1936b08b226115cf6a33dde52b88970
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoRelease version 1.2.1 15/234715/1 accepted/tizen/unified/20200529.124102 submit/tizen/20200528.071929 submit/tizen/20200529.012726
Yunjin Lee [Thu, 28 May 2020 06:56:56 +0000 (15:56 +0900)]
Release version 1.2.1

- Fix asan build error
- Modify privilege_info_get_privilege_type() interface

Change-Id: If22254236bc8857ccf895643ba0708b89664be8c
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
4 years agoFix asan build error 33/234533/4
Yunjin Lee [Wed, 27 May 2020 05:54:15 +0000 (14:54 +0900)]
Fix asan build error

- How to build with ASan:
  gbs build -A {architecture} --include-all --extra-packs asan-force-options,asan-build-env --define 'asan 1'

Change-Id: I3f3ffcc29d1b75c7ee08024688399df27320567f
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>