Jin-gyu Kim [Mon, 3 May 2021 08:13:19 +0000 (17:13 +0900)]
Add missing SMACK labelling cmd in change_permission.
This does not affect any operation, but need to reset SMACK label
for any mismatch in SMACK label.
Change-Id: I0d6053c341d4070d25b7a0839ef439a4972ed424
Jin-gyu Kim [Mon, 3 May 2021 05:34:25 +0000 (14:34 +0900)]
Do not use rpm command in set_capability
"rpm" command cannot be existed in some cases.
Instead of using it, check a specific file path to determine a certain
rpm is installed or not.
Change-Id: I6f5fda1cd35cac3bc039c5b4e008b28eafdeb1c1
Jin-gyu Kim [Fri, 23 Apr 2021 05:31:51 +0000 (14:31 +0900)]
Create a new script for setting permissions.
This script needs to be run while image is being created or updated.
(After in-house applications are installed.)
We could consider it to be run in security-config service, but it will
increase the 1st boot time.
Change-Id: I5a11dd720ea46ae69b1acc6be09305c74fb39292
jin-gyu.kim [Mon, 31 Aug 2020 03:41:15 +0000 (03:41 +0000)]
Add org.tizen.engine-loader.service & engine-loader.service
Change-Id: If29668b7740b958de88d6dd633c85ee2094097b9
jin-gyu.kim [Fri, 17 Jan 2020 08:32:34 +0000 (17:32 +0900)]
Add wait-mount@opt-usr.service
- system_fw / system_fw / System permissions
- Added for emulator profiles
Change-Id: I8614c2ac34fdbd7bd00f6e4a23cbf12445031083
jin-gyu.kim [Wed, 10 Apr 2019 01:55:16 +0000 (10:55 +0900)]
Set SMACK label of netlabel as 'System'
- Previously, it was set as System::Privileged by systemd.
- Basically, network is controlled by Nether with the privilege.
- Therefore, it does not have to be set as System::Privileged.
- Overwrite it as 'System', but in the future, the more smarter
change will be needed.
Change-Id: I5b2e00c1e729b0f404d0ce8e428824bfe260823f
Kichan Kwon [Tue, 2 Jul 2019 06:28:40 +0000 (15:28 +0900)]
Set the SMACK label of dummy_file
Change-Id: Iafcbc574541fb3e247dd5c654b32a2b14bb5a91f
Signed-off-by: Kichan Kwon <k_c.kwon@samsung.com>
Kim Kidong [Mon, 1 Jul 2019 07:29:01 +0000 (07:29 +0000)]
Merge "Create dummy file in the upgrade script." into tizen_5.0
jin-gyu.kim [Mon, 1 Jul 2019 01:41:46 +0000 (10:41 +0900)]
Create dummy file in the upgrade script.
- dummy file needs to be created in RW partition to support a run-time
permission control.
Change-Id: Ie717bea9000951e546bef414b23ab45e037ff692
jin-gyu.kim [Fri, 22 Feb 2019 06:48:40 +0000 (15:48 +0900)]
Change dummy file used in privacy-mount.
- Previously, /dev/null is used for dummy file mount.
- No error was returned, in case un-privileged app process tried
to access there.
- To create an error, the dummy file which only root processes
can be accessed is used for privacy-mount.
Change-Id: If7a31f66420d1311e278e52911a67e4aa94f7696
Kim Kidong [Mon, 1 Jul 2019 07:28:53 +0000 (07:28 +0000)]
Merge "Change dummy file used in privacy-mount." into tizen_5.0
jin-gyu.kim [Mon, 1 Jul 2019 07:10:04 +0000 (16:10 +0900)]
Run security-manager-rules-loader in the upgrade script.
- Without it, security-manager launching is failed.
Change-Id: I5848e9ac6282954fddbe9aa02460c47e31a34120
jin-gyu.kim [Thu, 20 Jun 2019 04:36:16 +0000 (13:36 +0900)]
Set SMACK label to .multiassistant directory
- Setting SMACK label is required when image is being created.
- Target dir is /etc/skel/share/.multiassistant &
/opt/usr/home/[username]/share/.multiassistant
Change-Id: I889b0d4ede17337b984cd809b2ba75ddf7994d9b
jin-gyu.kim [Mon, 29 Apr 2019 04:56:03 +0000 (13:56 +0900)]
Updating UID column of policy DB in upgrade script.
- Global UID could be different while upgrading the image.
- Get global UID by referring tizen-platform.conf.
Change-Id: Ic42c503bb82987dcbc2eb69e5585e68f7a1286fd
jin-gyu.kim [Thu, 6 Dec 2018 04:26:41 +0000 (13:26 +0900)]
Add tts services to the list.
Change-Id: I06dea97887eb1ac130c08823b4724a124f17643f
jin-gyu.kim [Mon, 3 Dec 2018 02:41:47 +0000 (11:41 +0900)]
Change the condition to check ASLR applied.
- "file" cmd can print "pie" not "shared object" for ASLR applied exec.
Change-Id: I0bd6caba258f3b12239f9cd6487b98c54c168431
jin-gyu.kim [Mon, 26 Nov 2018 02:09:26 +0000 (11:09 +0900)]
Move security tests to RO file system.
- Move security tests from /opt to /usr
- Remove redundant security test files.
Change-Id: I7b55fe36d1f74ca6f549b559f190be510546c9b0
jin-gyu.kim [Tue, 13 Nov 2018 02:43:27 +0000 (11:43 +0900)]
Add relro/stack_canary tests.
Change-Id: Ifa639baca65e04d58f23ca231f8bfcd6adfd98b8
Yunjin Lee [Thu, 22 Nov 2018 02:52:38 +0000 (02:52 +0000)]
Merge "Change tlm Smack label to User" into tizen_5.0
Karol Lewandowski [Mon, 19 Nov 2018 16:48:35 +0000 (17:48 +0100)]
Change tlm Smack label to User
Due to removing of pam_smack.so module it's now required to set
systemd service Smack label to User, so that all its child processes
inherit that label.
Change-Id: Ie2463676a44a173d9c749ce11b8620c99a8b1bf2
(cherry picked from commit
2c840b16f1363877a89497807c968ef6e46610ce)
Karol Lewandowski [Mon, 19 Nov 2018 16:47:24 +0000 (17:47 +0100)]
Update login getty service lists to User::Shell
All "developer" login sessions should use one single label - User::Shell,
same as used by sdb now.
Change-Id: Ie7e489cc6b2ee9230053b2e31fe22327e329481d
(cherry picked from commit
34bfe27518b9b8b973bf039a0182a63c05efe315)
jin-gyu.kim [Wed, 14 Nov 2018 02:22:57 +0000 (11:22 +0900)]
Add cap_sys_admin to amd.
Change-Id: I8ae0ceffec6f02865ae6426a133544a45b2d4eca
jin-gyu.kim [Wed, 19 Sep 2018 01:24:19 +0000 (10:24 +0900)]
Add cap_sys_admin to krate-mount
- It is used to do bind-mount for controlling the file visibility.
Change-Id: I72862fed04f8b717357ef7da791ff5b6f8753d4d
jin-gyu.kim [Thu, 13 Sep 2018 06:00:09 +0000 (15:00 +0900)]
Add display-manager-monitor.service to all profiles.
Change-Id: I8773e27c770e622502a1913593fdfd68d53fa6ee
jin-gyu.kim [Mon, 10 Sep 2018 07:13:31 +0000 (16:13 +0900)]
Add display-manager-monitor.service in the list.
- "/usr/bin/cat" should has "cap_sys_ptrace" to read "/proc/[pid]/stack".
- Working with UID & GID as "graphic_fw" and SMACK label as "System."
Change-Id: I0142d8196ac9808351c3bf89ef06f6463f0c1012
keeho.yang [Fri, 24 Aug 2018 02:44:22 +0000 (11:44 +0900)]
delete lazy_mount.service to service list
Change-Id: Iec34996185bb6ce21329a516dca757c3d106abbb
keeho.yang [Mon, 20 Aug 2018 09:02:07 +0000 (18:02 +0900)]
Add cap_sys_admin capability to session-bind service
Change-Id: I78145edfcbbd4140a684cf8b57863f86b61357c3
keeho.yang [Tue, 14 Aug 2018 01:37:30 +0000 (10:37 +0900)]
Add opt-usr-fsck.service to service list
Change-Id: Idc207386b827ed912981e11af40574687d675ba3
keeho.yang [Thu, 9 Aug 2018 03:01:52 +0000 (12:01 +0900)]
Add wait-mount@.service to service list
Change-Id: I00da247e91f0daa94c52b65b9c65893716448d85
keeho yang [Mon, 6 Aug 2018 06:13:27 +0000 (06:13 +0000)]
Merge "Added capability to inm-manager" into tizen
VBS [Mon, 6 Aug 2018 05:08:08 +0000 (14:08 +0900)]
add inm-manager.service to service list
Change-Id: I6f9283b34235ae3ab511c46a5b370749a9c349e1
taesub.kim [Wed, 18 Jul 2018 07:39:47 +0000 (16:39 +0900)]
Added capability to inm-manager
Change-Id: I4438e65f662c2a464c1132da973187dcc7435bd2
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>
jin-gyu.kim [Thu, 26 Jul 2018 06:00:14 +0000 (15:00 +0900)]
Add device-certificate-manager.service to list
Change-Id: If10bbc9f457de1e0b1476978eda989db1d8a057c
jin-gyu.kim [Tue, 24 Jul 2018 01:09:57 +0000 (10:09 +0900)]
Change USER/GROUP of pkg-db-recovery service.
- pkg-db-recovery service needs to be run as root service to run pkg_initdb.
Change-Id: Ice1568ff06e37620f0c55e0894bcbbf3cb9b1067
jin-gyu.kim [Wed, 20 Jun 2018 08:24:03 +0000 (17:24 +0900)]
Add bt-stack-down service to list.
Change-Id: I672b16cb06bd96a2a1985d1df2b3ffa507d46453
jin-gyu.kim [Fri, 25 May 2018 02:12:09 +0000 (11:12 +0900)]
Add ode-progress-ui@.service to service list.
Change-Id: Ib8ac1d1be4d71fbe29e900a9f391d4ab6de54e3d
Kim Kidong [Tue, 15 May 2018 01:38:31 +0000 (01:38 +0000)]
Merge "Fix bugs in path check script." into tizen
jin-gyu.kim [Mon, 14 May 2018 07:54:26 +0000 (16:54 +0900)]
Fix bugs in path check script.
- Only one script which does not define "PATH" was found before.
- Also, there was problem in checking exception.
- Fix these two bugs.
Change-Id: I7f59bc960adcd6380aac6b938465b1553a6ebb5f
jin-gyu.kim [Mon, 14 May 2018 01:40:03 +0000 (10:40 +0900)]
Add org.tizen.system.storage.service to service lists.
Change-Id: I191da9d424e1f4fd9498ed42cfdb2836dcb722b4
jin-gyu.kim [Thu, 3 May 2018 04:30:34 +0000 (13:30 +0900)]
Give capabilities to audit-trail
- audit-trail needs cap_audit_control and cap_audit_write
- update service list for audit-trail
Change-Id: I2ccc8feb19994293c890ad343bb5c94d910739f4
jin-gyu.kim [Mon, 23 Apr 2018 07:30:13 +0000 (16:30 +0900)]
Apply systemd service file verification.
- If service file is not included in the white list, is will be disabled.
: only for mobile & wearable profiles.
- Update white lists.
Change-Id: Ie58405d4f12680b5f201adbc4d3964d575d2badf
jin-gyu.kim [Thu, 12 Apr 2018 07:59:50 +0000 (16:59 +0900)]
Give capabilities to stc-iptables
- To change non-root daemon, give network related capabilities.
Change-Id: I2385cf7c696eaa297f0ce935625ae1357fb0f987
jin-gyu.kim [Thu, 12 Apr 2018 07:37:05 +0000 (16:37 +0900)]
Remove redundant capabilities and permitted sets.
Change-Id: I82977a8287d32f7215f9c99c0fa35544df5e09e3
jin-gyu.kim [Thu, 18 Jan 2018 08:39:26 +0000 (17:39 +0900)]
change the condition when giving cap to launchpad-loader
Change-Id: I30634470a9cf7923c452107ff9ba7b75b5fee21f
jin-gyu.kim [Mon, 9 Apr 2018 04:53:10 +0000 (13:53 +0900)]
Fix service test to delete Carriage Return.
- If service file is written in window, the unexpected result is
comming due to Carriage Return.
Change-Id: I68638dc44007f2297eab368b15e7af593cd46491
Kim Kidong [Wed, 4 Apr 2018 08:54:53 +0000 (08:54 +0000)]
Merge "Update the upgrade script." into tizen
jin-gyu.kim [Tue, 19 Dec 2017 08:44:18 +0000 (17:44 +0900)]
Fix aslr test
- Remove redundant test files.
- Remove temporary exceptions.
Change-Id: Ifc80a54dced83eb2a5f8eb2306d9b380d46b7396
jin-gyu.kim [Wed, 18 Oct 2017 00:50:26 +0000 (09:50 +0900)]
Fix to parse script file while running aslr-test.
- This was applied by "https://review.tizen.org/gerrit/#/c/143944/" before.
- But, it was retrieved by mistake.
Change-Id: Iaf6a2b643b0559413ed56475eceefeebc02546f2
jin-gyu.kim [Tue, 17 Oct 2017 05:58:50 +0000 (14:58 +0900)]
Retrieve execution permission from ASLR not applied files.
Change-Id: I98f8636c00cd1e82f31b2f90dea4fc87f7fec985
jin-gyu.kim [Mon, 19 Mar 2018 05:57:20 +0000 (14:57 +0900)]
Update the upgrade script.
- No need to delete ask-type rule when upgrading from 4.0 to 5.0
Change-Id: I2f86d534262865c8d03512f07348a9bd2de22223
Yunjin Lee [Fri, 2 Mar 2018 06:13:52 +0000 (15:13 +0900)]
Update privacy mount script and remove privacy package migration script
- Update privacy mount script according to the privilege info db changes
- Remove privacy package migration script: No changes among 4.0 and 5.0
Change-Id: Iae97f02817568aede9cd49324d8e822b0be618ca
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jin-gyu.kim [Tue, 20 Feb 2018 02:16:58 +0000 (11:16 +0900)]
Add capabilites to bluetoothd
- cap_net_admin / cap_net_bind_service are needed to use socket and bind.
Change-Id: Icdaf1aa5704f9741760eadefe6c8260d17c1e44b
jin-gyu.kim [Wed, 24 Jan 2018 04:15:50 +0000 (13:15 +0900)]
Fix upgrade script to change global uid.
- If global uid is diffrent, it should be changed in security-manager db.
Change-Id: I6e9380467c6b29d5097c37685477265e9d8634ee
jin-gyu.kim [Tue, 21 Nov 2017 08:30:41 +0000 (17:30 +0900)]
Modify FOTA script.
- In some cases, rpm version is not available.
- Therefore, use the harded value for cynara-db-migration upgrade in FOTA.
Change-Id: I68e8f18ecb44c681157a79b3afa528a3b5e421c0
jin-gyu.kim [Wed, 17 Jan 2018 04:49:14 +0000 (13:49 +0900)]
Remove redundant setcap to gpsd
- gpsd is installed by plugin-prebuilt.
Change-Id: If2e953d7835849b16bb47e089f7cf289d7a8e526
jin-gyu.kim [Tue, 9 Jan 2018 10:41:20 +0000 (19:41 +0900)]
Enable run-time permission only for specific profiles.
- Run-time permission is not required for all profiles.
- Set the flag file which can distinguish it.
Change-Id: I70397952cc2c25fb7d127391c2ff3d88e9ee94d4
jin-gyu.kim [Fri, 22 Dec 2017 05:42:11 +0000 (14:42 +0900)]
update privacy mount list
Change-Id: I539c156a778372ba42ebc3ce78006ed06b9e87f4
jin-gyu.kim [Fri, 12 Jan 2018 06:30:46 +0000 (15:30 +0900)]
Add condition when giving capabilities to launchpad-loader.
Change-Id: Icce63b730011340ed9f58f7cf94b7f815ded3ce8
jin-gyu.kim [Fri, 5 Jan 2018 07:11:46 +0000 (16:11 +0900)]
Fix upgrade script.
- upgrade script should include security-config setting (ex : group id set)
Change-Id: Ic07f9b0606033df6728c1fa0e9d7a86816139b60
jin-gyu.kim [Wed, 20 Dec 2017 06:59:22 +0000 (15:59 +0900)]
Remove redundant test scripts.
Change-Id: I69217a2c235b0883d4dd45f19538773084da799c
jin-gyu.kim [Fri, 22 Dec 2017 07:56:11 +0000 (16:56 +0900)]
Add cap_syslog to dlog_logger
- This is needed to use syslog()
Change-Id: I5d6e2b5b8e23cb4b1751145aedeb89e0521ee127
Conflicts:
test/capability_test/new_capabilities_exception.list
jin-gyu.kim [Mon, 18 Dec 2017 06:44:22 +0000 (15:44 +0900)]
Update set_capability
- Give capabilities for launchpad in security-config.
- Remove redundant permitted flags from excute files.
Change-Id: I858a170a15d33db2d395bb49c030c1ab1d1d05c6
jin-gyu.kim [Mon, 18 Dec 2017 06:12:31 +0000 (15:12 +0900)]
Remove the redundant capability.
: cap_mac_admin is not required to dotnet-launcher
: scd-launcher is not existed anymore.
: oded is running as a root.
Change-Id: Ic137a9ce76281d42a20a04838d7ab62131604469
Jin-gyu Kim [Tue, 5 Dec 2017 05:08:07 +0000 (05:08 +0000)]
Merge "Added capability to tcpdump" into tizen
Jin-gyu Kim [Tue, 5 Dec 2017 05:05:37 +0000 (05:05 +0000)]
Merge "Rebuild arm test util binaries for PIE and relro" into tizen
taesub kim [Tue, 5 Dec 2017 01:55:04 +0000 (10:55 +0900)]
Added capability to tcpdump
Change-Id: Ia966b73cee758100656c4e55ca8822a45d3cc166
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>
Igor Kotrasinski [Thu, 30 Nov 2017 12:42:20 +0000 (13:42 +0100)]
Rebuild arm test util binaries for PIE and relro
Change-Id: I45957d2a3b650fc0389c14f3bd60c6acd4a9b189
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Kim Kidong [Tue, 28 Nov 2017 05:51:33 +0000 (05:51 +0000)]
Merge "Change uid / gid of ttrace-marker" into tizen
jin-gyu.kim [Tue, 28 Nov 2017 05:46:18 +0000 (14:46 +0900)]
Give cap_dac_override to net-config.
- It is required to access bridge device.
Change-Id: I9517a978c5d8035081d7caa9cb311ce62fc71aa2
jin-gyu.kim [Mon, 27 Nov 2017 08:11:46 +0000 (17:11 +0900)]
Change uid / gid of ttrace-marker
Change-Id: I4808621180783caa2839c9dd690cee2cfa16decc
jin-gyu.kim [Fri, 24 Nov 2017 06:46:09 +0000 (15:46 +0900)]
give cap_dac_override to network modules
- cap_dac_override is required to access bridge device
Change-Id: I520f5337a95f23b599de8b938ce0b20abd9f1597
INSUN PYO [Wed, 22 Nov 2017 07:36:53 +0000 (16:36 +0900)]
add dbus gui/gid & gumd gid & buxton uid/gid
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Signed-off-by: Inkyun Kil <inkyun.kil@samsung.com>
Change-Id: I1b7c73d219f65b3de17d5d166c146c6a3f09fd0d
Yunjin Lee [Mon, 20 Nov 2017 10:05:15 +0000 (19:05 +0900)]
Modify FOTA script: privacy DB should store user settable privacy packages only
Change-Id: I12773eacba17c7417af8fc168d0c43b80377df66
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
r.tyminski [Fri, 17 Nov 2017 08:13:35 +0000 (09:13 +0100)]
Add group priv_tee_client for tee.client privilege.
Change-Id: Idd601f5804dbada7fa414e2c963a86fc578af4f3
Kim Kidong [Wed, 15 Nov 2017 02:03:42 +0000 (02:03 +0000)]
Merge "Split checking service lists by profiles." into tizen
keeho.yang [Wed, 8 Nov 2017 02:53:45 +0000 (11:53 +0900)]
update stabel file in wearable emul
Change-Id: Ib6fd037af110a0cd162c944c905f6f6e120d223a
keeho.yang [Mon, 6 Nov 2017 07:04:53 +0000 (16:04 +0900)]
update wearable service
Change-Id: I652a0b5aded602cf7d92f280aafbc748b31420b3
keeho.yang [Fri, 27 Oct 2017 07:41:09 +0000 (16:41 +0900)]
add exception list
Change-Id: I9e2124c82f738c46c2c09376d5ed939f83ec919c
jin-gyu.kim [Wed, 25 Oct 2017 08:10:03 +0000 (17:10 +0900)]
Split checking service lists by profiles.
Change-Id: I8592cd705950e15260cab413ad16559e28de1e58
jin-gyu.kim [Fri, 20 Oct 2017 03:02:30 +0000 (12:02 +0900)]
Give cap_sys_admin to dotnet-launcher and wrt-loader.
Change-Id: I4956bd116cd8f15649ef4bf3ef66622b3c69f0f9
jin-gyu.kim [Thu, 26 Oct 2017 05:26:19 +0000 (14:26 +0900)]
Give capabilities to connman-vpnd & charon
- charon is executed from connman and it needs capabilities.
Change-Id: I5f96cde9115104a1e21abbb41894e9c1f4fe5e04
Yunjin Lee [Wed, 25 Oct 2017 02:08:19 +0000 (02:08 +0000)]
Revert "Fix FOTA script : Handle pkg_type when privacy db migration"
refers to: https://review.tizen.org/gerrit/#/c/157525/
This reverts commit
aa3dee639475532204e2f9435c53c04053368fad.
Change-Id: I381c71c94f8597faf43789e74f39c771591a7924
keeho.yang [Tue, 24 Oct 2017 10:10:00 +0000 (19:10 +0900)]
add emuld, vmodem service
Change-Id: I1f33166fdc762652a81105cbd0893ea8bc7385db
keeho.yang [Tue, 24 Oct 2017 09:41:11 +0000 (18:41 +0900)]
update emul list
Change-Id: I4db51e38bce99dfdf8d147207db427e30a7509aa
Yunjin Lee [Mon, 23 Oct 2017 07:52:59 +0000 (16:52 +0900)]
Fix FOTA script : Handle pkg_type when privacy db migration
refer to: https://review.tizen.org/gerrit/#/c/156999/
Change-Id: I7c81c81ea373bc58b11220d60fd9401f7db75511
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Yunjin Lee [Wed, 18 Oct 2017 07:44:06 +0000 (16:44 +0900)]
Enable Askuser
Change-Id: I65b92a5357a0739538f52079186fa51e3c9eb650
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
keeho yang [Mon, 16 Oct 2017 05:51:22 +0000 (05:51 +0000)]
Merge "Add ifcfg to exception of path check test" into tizen
keeho.yang [Wed, 11 Oct 2017 10:36:52 +0000 (19:36 +0900)]
update service list according to service verification file
Change-Id: I600d014864268b5e2ed1456b526bfbc3400b625f
Yunjin Lee [Mon, 25 Sep 2017 11:01:49 +0000 (20:01 +0900)]
Add FOTA script for privacy package migration
Change-Id: Iafd731b51eb8beae4e6ca710b76217f6df7d62c1
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
Kim Kidong [Wed, 11 Oct 2017 07:50:32 +0000 (07:50 +0000)]
Merge "Fix upgrade script" into tizen
jin-gyu.kim [Wed, 11 Oct 2017 07:22:32 +0000 (16:22 +0900)]
Add ifcfg to exception of path check test
Change-Id: Ia164c4ffc1f39e0add7c17fd2db972ee24e6885d
jin-gyu.kim [Fri, 22 Sep 2017 10:57:43 +0000 (19:57 +0900)]
Fix upgrade script
- pkgmgr will update app information only if version is changed.
- Therefore, migrate the privious security and cynara database.
Change-Id: Ibb7641439855a71dbc93e3ff61c062f5051bb079
jin-gyu.kim [Tue, 10 Oct 2017 10:13:21 +0000 (19:13 +0900)]
Apply ASLR to execstack i386 & x86_64 versions.
Change-Id: I8c29d4a81eb5e120f3af6cdbb5c961ae403a3a86
Yunjin Lee [Thu, 21 Sep 2017 06:08:16 +0000 (15:08 +0900)]
Revise dep test script
Change-Id: Iaaaa3fabd772dc12609a8b98a67b324e81004df0
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
jin-gyu.kim [Thu, 21 Sep 2017 04:39:10 +0000 (13:39 +0900)]
Remove root_minimization test from image test.
Change-Id: I01accba8133e40f7e44ab8d44162349f8eb4f7da
jin-gyu.kim [Wed, 20 Sep 2017 02:06:41 +0000 (11:06 +0900)]
Give cap_net_raw to telephony-daemon
- This is required to use raw socket.
Change-Id: I99f3c59a74024f7ebfff0a434abf616cb24a9cf1
Hyotaek Shim [Wed, 13 Sep 2017 02:34:36 +0000 (11:34 +0900)]
Set the permission and smack label of TZ_USER_CONTENT/symbolic link files including /opt/usr/home/owner/media/Shared
lrwxrwxrwx 1 root priv_mediastorage _ 21 Sep 13 2017 Shared -> /opt/usr/media_shared
Change-Id: I6af858c16c05ec60a5c457cd2be7fb3d0b70a257
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
keeho.yang [Mon, 4 Sep 2017 08:48:27 +0000 (17:48 +0900)]
Update service according to Service File Verification
Change-Id: Ib637bd9b55f95f4e399faddd83dca50193680400
keeho.yang [Fri, 25 Aug 2017 02:53:42 +0000 (11:53 +0900)]
Add new service daemon to non_root_list
Change-Id: Ibb9196c64ce53ff0654b4bb6d40dba21afcaab3e
jin-gyu.kim [Thu, 24 Aug 2017 13:11:56 +0000 (22:11 +0900)]
Apply changing permission of /var/lib/misc to all profiles.
- It was only applied on mobile / wearable profiles before.
- This should be worked on other profiles also.
Change-Id: I62584c73eb638d68b82944a7ea0de862c53b6503
projects / platform / core / security / security-config.git / log