Yunjin Lee [Tue, 20 Jun 2017 07:11:25 +0000 (16:11 +0900)]
Add script to maintain mdm enabled policy
Change-Id: I316edb73c77eaba6667c67427ff14cb8618258c9
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Sunmin Lee [Wed, 14 Jun 2017 11:17:24 +0000 (20:17 +0900)]
Revert "Upgrade: Do not use systemctl"
For now, background executed processes are terminated
after update-init.sh.
To keep them running, revert background execution to systemctl.
This reverts commit
0226e19350dc400e0b1b7d6f9e5387e5287997d4.
Change-Id: I229ad4e3b3f1c39b00697e3b2a5b6c9df5980d02
Yunjin Lee [Tue, 13 Jun 2017 07:27:56 +0000 (16:27 +0900)]
Modify script to create policy db at FOTA upgrade
Change-Id: I86ec27ac971678a8a7bb933286266f00cd789df5
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jin-gyu.kim [Sat, 1 Apr 2017 06:44:40 +0000 (15:44 +0900)]
Merge remote-tracking branch 'origin/tizen' into tizen_3.0
Kim Kidong [Sat, 1 Apr 2017 02:07:35 +0000 (19:07 -0700)]
Merge "Revert "Remove unnecessary uid - system_share"" into tizen
Jin-gyu Kim [Sat, 1 Apr 2017 02:04:59 +0000 (19:04 -0700)]
Revert "Remove unnecessary uid - system_share"
This reverts commit
6b377897a79dab8e0c9ddcc4d97467b9c06b2fff.
Change-Id: I001bf5dd69437be3f7e8e485dc22a5a6a7aac2e0
Kidong Kim [Fri, 31 Mar 2017 04:37:45 +0000 (13:37 +0900)]
Merge remote-tracking branch 'origin/tizen' into tizen_3.0
Kidong Kim [Fri, 31 Mar 2017 04:36:08 +0000 (13:36 +0900)]
Merge branch 'tizen' of ssh://review.tizen.org:29418/platform/core/security/security-config into tizen
Kidong Kim [Fri, 31 Mar 2017 04:01:09 +0000 (13:01 +0900)]
Remove unnecessary uid - system_share
The 'system_share' should be used as group id.
Remove this uid in order to prevent to misuse.
Change-Id: I50efda072c98bb52ba81c60717363e70628a07a6
Signed-off-by: Kidong Kim <kd0228.kim@samsung.com>
Kidong Kim [Fri, 31 Mar 2017 04:01:09 +0000 (13:01 +0900)]
remove unnecessary uid - system_share
Change-Id: I50efda072c98bb52ba81c60717363e70628a07a6
Signed-off-by: Kidong Kim <kd0228.kim@samsung.com>
jin-gyu.kim [Thu, 30 Mar 2017 10:23:33 +0000 (19:23 +0900)]
Merge remote-tracking branch 'origin/tizen' into tizen_3.0
jin-gyu.kim [Thu, 30 Mar 2017 09:16:09 +0000 (18:16 +0900)]
Set SMACK labelling to SMACK rules dir.
Change-Id: I2bcd0a71d9dae9c487fb394ca836e4cb79234bfe
jin-gyu.kim [Thu, 30 Mar 2017 03:54:00 +0000 (12:54 +0900)]
Merge remote-tracking branch 'origin/tizen' into tizen_3.0
jin-gyu.kim [Thu, 30 Mar 2017 03:50:13 +0000 (12:50 +0900)]
Merge remote-tracking branch 'origin/tizen' into tizen_3.0
jin-gyu.kim [Wed, 29 Mar 2017 04:54:10 +0000 (13:54 +0900)]
Use %license macro to copy license file.
Change-Id: I5744b4491d94b95e07356fd88320c914f980eee7
Kim Kidong [Tue, 28 Mar 2017 06:23:44 +0000 (23:23 -0700)]
Merge "optimize the testing time of run_dep_test.sh" into tizen
Kim Kidong [Tue, 28 Mar 2017 06:23:32 +0000 (23:23 -0700)]
Merge "Optimize the test time of path_check.sh" into tizen
Yunjin Lee [Tue, 28 Mar 2017 04:30:22 +0000 (13:30 +0900)]
optimize the testing time of run_dep_test.sh
Change-Id: I6a53740b88e0d23a56964a5da18e3fea6c0882f4
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jin-gyu.kim [Tue, 28 Mar 2017 04:29:14 +0000 (13:29 +0900)]
Optimize the test time of path_check.sh
Change-Id: I423ae3050e07e0ee7a9d49b989591b2296512860
jin-gyu.kim [Mon, 27 Mar 2017 10:04:22 +0000 (19:04 +0900)]
Optimize the testing time of root_minimization.sh
Change-Id: I5db5bcf93deabd583062c5fff505ec88b1276c9d
Kim Kidong [Thu, 23 Mar 2017 10:21:48 +0000 (03:21 -0700)]
Merge "Add image_test.sh" into tizen
Kim Kidong [Thu, 23 Mar 2017 10:20:40 +0000 (03:20 -0700)]
Merge "Fix the bug in smack label check test." into tizen
jin-gyu.kim [Thu, 23 Feb 2017 05:34:09 +0000 (14:34 +0900)]
Add image_test.sh
- This script will be used at the time of image build.
Change-Id: I94c67b397450ede4913360afed0851c88678e087
keeho.yang [Thu, 9 Feb 2017 05:40:03 +0000 (14:40 +0900)]
remove inheritable in xdelta3
Change-Id: Ib73ead908c24a291e48a66dc2ccea2f74f7e9923
keeho.yang [Thu, 9 Feb 2017 05:35:18 +0000 (14:35 +0900)]
remove inheritable in xdelta3
Change-Id: I74d2b271e2db8f72e9f026111cd4a736bab14738
keeho.yang [Thu, 9 Feb 2017 05:13:15 +0000 (14:13 +0900)]
add make socket permission(ICMPv6) for tizen4.0
Change-Id: I67fabc0ec2a43347b1e57ee79f6a7bf8a71707da
jin-gyu.kim [Mon, 6 Feb 2017 07:47:30 +0000 (16:47 +0900)]
Fix the bug in smack label check test.
- Some cases could not be checked during smack label test.
- Fix the conditional statement.
Change-Id: Ic67bef26cfc4430bb5bcdd618b3910e6dc14f47e
jooseong lee [Mon, 23 Jan 2017 10:01:45 +0000 (19:01 +0900)]
Add cap_dac_override to /usr/bin/pkg_cleardata
Change-Id: Ibc582992e0b002f3dba349725b4c8e0134606515
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Yunjin Lee [Mon, 23 Jan 2017 05:01:50 +0000 (14:01 +0900)]
Add config file for mdm blacklist
Change-Id: Ib9d3dd94878499f9623953037b709f37090af9e0
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Sunmin Lee [Mon, 16 Jan 2017 04:52:07 +0000 (13:52 +0900)]
Upgrade: Do not use systemctl
The system offline update is going to be done without
basic.target. However, systemctl command requires basic.target
internally. So, replace it with backgroud command.
Change-Id: Ie6a4f83054cc633284be96be93df052287cd9a7c
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jin-gyu.kim [Mon, 2 Jan 2017 08:23:43 +0000 (17:23 +0900)]
Move writable files to /opt/share.
- /usr/share folder is not available to store writable files.
Change-Id: I06638cbbe0a575eee42d0ecf294b51a3d92727a9
jooseong lee [Wed, 28 Dec 2016 07:55:59 +0000 (16:55 +0900)]
Set smack label to /etc/skel/share/.voice and {user home}/share/.voice
Change-Id: I1ea6b92c00f261daf43abc971bc05b8cb4bbd9bc
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
keeho.yang [Mon, 26 Dec 2016 06:43:28 +0000 (15:43 +0900)]
Sync root daemon list to 1223 binary
Change-Id: I9d127c1166203f3ba658e2d143d5621533c8e925
keeho.yang [Wed, 21 Dec 2016 09:49:20 +0000 (18:49 +0900)]
add non_daemon_list
Change-Id: I9098407424b52319353f2e0249b8370223565f52
jin-gyu.kim [Mon, 19 Dec 2016 09:24:22 +0000 (18:24 +0900)]
Modify SMACK rule test.
- System User rwxa
- System::Privileged User rwxa
Change-Id: Icfd1e03cfb8869e7544b2d8f1dd65393c0753100
jin-gyu.kim [Mon, 19 Dec 2016 04:53:40 +0000 (13:53 +0900)]
Modify SMACK rule test.
Change-Id: I35a135c58389f88ac5da965532d29beb93ab8c64
Jin-gyu Kim [Fri, 16 Dec 2016 09:48:52 +0000 (01:48 -0800)]
Merge "check exception list on 1212 binary" into tizen
keeho.yang [Fri, 16 Dec 2016 09:44:08 +0000 (18:44 +0900)]
check exception list on 1212 binary
Change-Id: Icabb889b63486d2cae1adcb1ae13752715205c57
Jin-gyu Kim [Fri, 16 Dec 2016 07:49:48 +0000 (23:49 -0800)]
Merge "update list on 1214 binary" into tizen
keeho.yang [Thu, 15 Dec 2016 07:35:08 +0000 (16:35 +0900)]
update list on 1214 binary
Change-Id: I3278dd47e040fef6b02d7320f69428b7b99c53d6
Yunjin Lee [Tue, 13 Dec 2016 11:51:46 +0000 (20:51 +0900)]
Update ASLR exception list
Change-Id: Ied335c22f0d7c6ad31062325f58bf61a43ec96a0
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jin-gyu.kim [Tue, 13 Dec 2016 05:01:17 +0000 (14:01 +0900)]
Give cap_chown to email-service.
Change-Id: Ic297307bbcea35cca6ebf103eb73cd3434716e75
jin-gyu.kim [Mon, 12 Dec 2016 06:00:35 +0000 (15:00 +0900)]
Fix security-test
- Add rule ~PROCESS ~PROCESS, rxxat for the same non-hybrid app label.
Change-Id: I749a37bc2d2b63e31ceeb187bc466b1a2c191e1b
keeho.yang [Tue, 6 Dec 2016 06:28:07 +0000 (15:28 +0900)]
remove capability in connman, net-config
Change-Id: Ia3e371ab6c5afbdcfc6a2e37e8692b59983f4d6d
Kim Kidong [Mon, 5 Dec 2016 04:29:12 +0000 (20:29 -0800)]
Merge "Remove redundant cap_dac_override capabilities." into tizen
jin-gyu.kim [Fri, 2 Dec 2016 04:14:41 +0000 (13:14 +0900)]
Change the label of the upgrade script.
Change-Id: Ibb6c482a69e976e64a778b65b5234c54500ff0bf
jin-gyu.kim [Fri, 2 Dec 2016 02:15:12 +0000 (11:15 +0900)]
Remove redundant cap_dac_override capabilities.
Change-Id: Idb66a81bd335bd0f4ae34217abd628fc9bbcc9ae
Kim Kidong [Mon, 28 Nov 2016 11:34:26 +0000 (03:34 -0800)]
Merge "Add cap_dac_read_search to pkg_getsize" into tizen
jin-gyu.kim [Mon, 28 Nov 2016 11:31:45 +0000 (20:31 +0900)]
Add cap_dac_read_search to pkg_getsize
Change-Id: I4cd931484ca6f8491a998c556a6aecb99bdaa8d2
Sunmin Lee [Thu, 24 Nov 2016 14:08:32 +0000 (23:08 +0900)]
Trigger services using systemd
Change-Id: I1c1b1179a0cee7e35beb1a98f316fffad53e7dab
Sunmin Lee [Thu, 24 Nov 2016 14:08:32 +0000 (23:08 +0900)]
Trigger services using systemd
Change-Id: I1c1b1179a0cee7e35beb1a98f316fffad53e7dab
jooseong lee [Thu, 24 Nov 2016 02:15:04 +0000 (11:15 +0900)]
Sleep before security-manager-cmd in upgrade script
Change-Id: I20e4c17e6eb1705a115028169b28c52241d8c0d9
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Wed, 23 Nov 2016 09:58:33 +0000 (18:58 +0900)]
Update default user on cynara db during 3.0 upgrade
Change-Id: I85b02be01c4c2bacf1af6e4316c7fa13f03e6a68
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Wed, 23 Nov 2016 01:23:15 +0000 (10:23 +0900)]
Add CAP_NET_ADMIN and CAP_NET_RAW to xtables-muti for nether
refer to: https://review.tizen.org/gerrit/#/c/79675/
Change-Id: I993819b50d56812fe27360999093d4fccd5351e4
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Tue, 22 Nov 2016 08:42:33 +0000 (17:42 +0900)]
Set TZ_USER_APP directory permission in gumd script
Some service daemons, non root, access to application data directory.
In case, they have cap_dac_override. We will change file permission
to access app data directory for service daemon and remove their
cap_dac_override.
Change-Id: I0d007f9277229b9be889d9cb01c3c79e82f8b1db
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jin-gyu.kim [Mon, 21 Nov 2016 05:59:44 +0000 (14:59 +0900)]
Add rpm description in log file.
Change-Id: Ibe8c8cfa81ffafb992ec0c132ea7b35f1f5154c7
jooseong lee [Mon, 21 Nov 2016 02:52:21 +0000 (11:52 +0900)]
Fix typo
Change-Id: I6e6df5f8602dc35e1abbf727ea34ba23d2e68212
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Mon, 21 Nov 2016 02:49:49 +0000 (11:49 +0900)]
Add cap_dac_override to data-provider-master
Change-Id: I53b9ad1d0e630a25142526a4c1be99b3f8fbebbd
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Fri, 18 Nov 2016 09:21:57 +0000 (18:21 +0900)]
Update upgrade script
* Dyntransition file('apps_name') was renamed to 'apps_labels'
* systemctl command is not working on migration.
Just launch cynara and security-manager manually.
Change-Id: Ifaf6121e8c924f9212ebed4187132730b20ce02b
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Mon, 14 Nov 2016 04:02:34 +0000 (13:02 +0900)]
Update security-test(smack-rule, smack-basic) scripts
* Application process's prefix label was changed. (User::App -> User::Pkg)
- https://review.tizen.org/gerrit/#/c/88317/
* Added 'l' permission to SharedRO rule
- https://review.tizen.org/gerrit/#/c/96752/
Change-Id: I9b139ebb41599ec0e33edf527732eae4b0e2f8c2
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
keeho.yang [Wed, 19 Oct 2016 09:37:13 +0000 (18:37 +0900)]
Update root test list on 1019
Change-Id: I9d3968e70868c3dfbbb1f0d17cd0b01f8f588f0d
Seongwook Chung [Tue, 18 Oct 2016 02:30:06 +0000 (11:30 +0900)]
Restore capability for boot-animation
Change-Id: I2726ee99b97e975f80ad1fcdaeca88a6d8970ca0
Signed-off-by: Seongwook Chung <seong.chung@samsung.com>
keeho.yang [Thu, 13 Oct 2016 07:55:16 +0000 (16:55 +0900)]
add capability to emul-common-preinit, emul-setup-audio-volume service
Change-Id: I8448eac338f9f238c93af8a8f9b010f1a2c43cdc
keeho.yang [Tue, 11 Oct 2016 08:09:35 +0000 (17:09 +0900)]
add capability with ei permisstion in chmod, chgrp
Change-Id: Ieacc75f906e296149a777e19041db38b3d6ac4d1
keeho.yang [Mon, 10 Oct 2016 08:24:50 +0000 (17:24 +0900)]
delete capability on boot-animatino and shutdown-animation
Change-Id: Ia255792781ec950a8191338ef61dc75ae1b6c477
jooseong lee [Mon, 10 Oct 2016 01:15:03 +0000 (10:15 +0900)]
Revert 'Set Smack execute label('User::Shell') to /usr/bin/sh'
Change-Id: Ia67267368748340efbed691e856d2d76e01db28f
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
keeho yang [Fri, 7 Oct 2016 09:42:55 +0000 (02:42 -0700)]
Merge "Change script and list about root test and capability test" into tizen
Seongwook Chung [Fri, 7 Oct 2016 09:40:03 +0000 (02:40 -0700)]
Merge "add capability for mobileap-agent, connman, net-config package" into tizen
keeho.yang [Fri, 7 Oct 2016 08:25:57 +0000 (17:25 +0900)]
add capability for mobileap-agent, connman, net-config package
Since network daemons change uid from root to network_fw,
thoes daemons need posix capabilities
Change-Id: I3242312db4ffd9a169241e4d3d043fa3ceefedca
jooseong lee [Fri, 7 Oct 2016 08:25:20 +0000 (17:25 +0900)]
Set Smack execute label('User::Shell') to /usr/bin/sh
'User::Shell' is a new domain for only shell process.
Actually it should be set by bash packages. This is a
temporary patch.
Change-Id: Id71cc28ed0a07e5c12186f60a2201c2231f925c4
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jin-gyu.kim [Thu, 6 Oct 2016 09:45:45 +0000 (18:45 +0900)]
Modify security-test.
There are changes in SMACK rules. (app id -> pkg id, User:Shell)
Therefore, secutiy-test also change the check criteria.
Change-Id: I42df1f77874f231906ce8fc575735125c8e904b3
Seongwook Chung [Fri, 30 Sep 2016 01:22:45 +0000 (10:22 +0900)]
Change script and list about root test and capability test
Signed-off-by: Seongwook Chung <seong.chung@samsung.com>
jin-gyu.kim [Tue, 27 Sep 2016 03:59:12 +0000 (12:59 +0900)]
Fix the type in CMakeLists of security-test.
Change-Id: I38d56609afbc0e08252338152288185a9b1028dd
jooseong lee [Mon, 26 Sep 2016 07:10:06 +0000 (16:10 +0900)]
Add User::Shell to onlycap list
'User::Shell' is a new domain for only shell process.
* https://review.tizen.org/gerrit/#/c/89586/
Change-Id: Icfb489f375fc02395f69005105f8e84683676009
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Kim Kidong [Thu, 22 Sep 2016 00:35:26 +0000 (17:35 -0700)]
Merge "Remove profile build dependencies - There will be base package and sub pacakges of each profiles." into tizen
jin-gyu.kim [Thu, 8 Sep 2016 09:28:20 +0000 (18:28 +0900)]
Remove profile build dependencies
- There will be base package and sub pacakges of each profiles.
Change-Id: I5e376ce937ff0f43d4b1ab858500d45bfe68a856
jin-gyu.kim [Tue, 20 Sep 2016 05:05:55 +0000 (14:05 +0900)]
Change group and permission of TZ_USER_HOME.
- Some services could not read db file under TZ_USER_HOME.
- system_share group will can read it with this change.
Change-Id: Idf719b4979e583e13b5f735342c363b00449e4f5
jooseong lee [Mon, 19 Sep 2016 02:43:58 +0000 (11:43 +0900)]
Rename upgrade script(011.security_upgrade.sh)
Change-Id: I363b329d1d238e66f74b2dbacdbfc5bf85f8d388
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Kunhoon Baik [Tue, 13 Sep 2016 10:01:03 +0000 (19:01 +0900)]
Reset fail state of cynara service at upgrade.
Cynara is launched & failed several time before creating /var/cynara.
Thus, without reseting fail state, restarting cynara service may be failed.
This patch solves the non-deteminant cynara state issue.
Change-Id: I4ad6d928f33dcbd65bf90f5db31a05a766c11291
Seongwook Chung [Thu, 8 Sep 2016 08:31:46 +0000 (17:31 +0900)]
Check existence of execution file before capability setting
Change-Id: Id4b39c477e0cc924786e477cae31b2686d09b658
Signed-off-by: Seongwook Chung <seong.chung@samsung.com>
Seongwook Chung [Thu, 8 Sep 2016 05:29:24 +0000 (14:29 +0900)]
Display absolute path of object file in log about security test
Change-Id: I73c308b9541b8eabf62e29d0fe45a34cff928369
Signed-off-by: Seongwook Chung <seong.chung@samsung.com>
Kim Kidong [Mon, 19 Sep 2016 00:36:36 +0000 (17:36 -0700)]
Merge "Insert telephony id into disk group for telephony package" into tizen
jin-gyu.kim [Fri, 9 Sep 2016 09:10:13 +0000 (18:10 +0900)]
Restart services after upgrade script is finished.
Change-Id: Icda49c9f44dc2af527f448f8d13b362bd674f108
jooseong lee [Thu, 8 Sep 2016 06:16:52 +0000 (15:16 +0900)]
Make TZ_USER_DB/privacy directory to protect privacy data
Some Databases have privacy data like as contact and calendar.
We should restrict access to these DBs from malware applications.
TZ_USER_DB/privacy is a new dbspace which any applications can't access.
Change-Id: Ia01e7695126a4f0a627cb90c9f878e3abe1b289d
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Thu, 8 Sep 2016 04:49:12 +0000 (13:49 +0900)]
Set permissions for TZ_SYS_GLOBALUSER_DB(/opt/usr/dbspace)
Change-Id: I38ce24618ccda5c9cb0dabbe0c388eeab9de67d8
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Seongwook Chung [Thu, 8 Sep 2016 00:59:42 +0000 (09:59 +0900)]
Insert telephony id into disk group for telephony package
Since telephony package decided to use telephony id instead of network_fw,
replace telephony from network_fw
Change-Id: I7cd42c924de643fe870831ff3fa31e84622f2f18
Signed-off-by: Seongwook Chung <seong.chung@samsung.com>
jooseong lee [Wed, 7 Sep 2016 10:56:30 +0000 (19:56 +0900)]
Remove smack labeling('User') for xwalk-runtime
xwalk-runtime is for direct app-launching unlike launchpad-loader
and wrt-loader. So we should remove execute label for chanaging process label
to app label.
Change-Id: Ic6c9e0527e248f6699b2cbc59062a82ab443a644
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Wed, 7 Sep 2016 09:18:27 +0000 (18:18 +0900)]
Run set_label in platform upgrade script
Change-Id: Icff0527cdc3d3ed2dabe9b7308b1113e28c8188f
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
keeho.yang [Fri, 2 Sep 2016 05:52:29 +0000 (14:52 +0900)]
change root daemon to non daemon(deivced-vibrator, nvitemd)
Change-Id: Ib540b97b269bfcdf572a0ca22224ff44bfe664cf
jooseong lee [Thu, 25 Aug 2016 02:46:41 +0000 (11:46 +0900)]
Update platform upgrade script to remove non used files
Change-Id: I530fcb095f1295e929a880d637a6c4d816a04548
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Thu, 25 Aug 2016 01:19:33 +0000 (10:19 +0900)]
Change password filename to 'password.old' during Tizen platform upgrade
Auth-fw will load 2.x password file created by security-server after
Tizen platform upgrade(2.4 -> 3.0). But 2.x password is different with
current password format. So I add postfix '.old' to 2.x password filename
to reconstruct old password format in auth-fw.
Refer to : https://review.tizen.org/gerrit/#/c/85385/
Change-Id: I7d6b3982f5c17c3143175e7819fa49ee9b6a53de
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Wed, 24 Aug 2016 07:28:58 +0000 (16:28 +0900)]
Add platform upgrade script for Tizen3.0
'Platform upgrade image' has only RO partition(rootfs). And RW
partition should be updated by several scripts(/usr/share/upgrade/
scripts). This upgrade script for security feature performs below things.
* Remove non used directories/files
ex. security-server data directories, rules db
* Make directories/files in RW partition for 3.0 security services
ex. /opt/var/security-manager
* Init Cynara and security-manager db
* Set file permission, Smack labeling
Change-Id: I163405710685c2f1873bee35d97ef35a519d6ce7
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Seongwook Chung [Mon, 22 Aug 2016 04:30:29 +0000 (21:30 -0700)]
Merge "add capability to boot-animation" into tizen
keeho.yang [Tue, 16 Aug 2016 08:48:16 +0000 (17:48 +0900)]
add capability to boot-animation
Change-Id: Id5f536163ecb88842e15ea178ab0caa8bdede79d
jin-gyu.kim [Thu, 18 Aug 2016 09:06:11 +0000 (18:06 +0900)]
Change SQL query command in smack rule test.
- Security-manager.db changes the name of db view.
Change-Id: I5fd08d04db1bb07595ed3033c7b4cc1229cecc6c
jooseong lee [Thu, 11 Aug 2016 00:56:39 +0000 (09:56 +0900)]
Add cap_dac_override to xdelta3
Change-Id: I786cf860298da90d0158fc45c42af5714583bfba
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
jooseong lee [Wed, 10 Aug 2016 11:02:41 +0000 (20:02 +0900)]
Add cap_dac_override, cap_chown and cap_fowner to tpk-backend and wgt-backend
Change-Id: I2ca9c55b73604f4efb6d5f3088e2e46b2d23d212
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
keeho.yang [Wed, 3 Aug 2016 03:57:38 +0000 (12:57 +0900)]
add cap_dac_override to gpsd
Change-Id: Ie2b0eb476939cc8f8764843c0ecc15c8c1e3e424
jooseong lee [Fri, 22 Jul 2016 07:17:54 +0000 (16:17 +0900)]
Remove execute smack labeling for onlycap feature
We added 'SmackProcessLabel' to all system service files.
Change-Id: I44f2b2eeba17b90b6eaf654ccccc22d804e17e25
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Yunjin Lee [Wed, 20 Jul 2016 10:36:54 +0000 (19:36 +0900)]
Set SmackProcessLabel to System::Privileged
Change-Id: Ib49f9488a8eec6f152652d28fec587e047dd8cd5
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
projects / platform / core / security / security-config.git / log