From aaf2876e7aeafad907ce509dafc60f7ca66fd69f Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Thu, 23 Jan 2014 18:03:27 +0100 Subject: [PATCH] Prepare release for tizen.org Changes: * Reset manifest. * Security policy for security-server sockets has been removed. * Minor fixes required by g++ 4.8. * Removed unused code. * Version update. * Fix conflicts in manifest file. [Issue#] SSDWSSP-816 [Bug] N/A [Cause] N/A [Solution] N/A [Verification] N/A Change-Id: I39e55c0355f561465b8f3ae777e6bcd46097ec86 --- CMakeLists.txt | 8 +--- packaging/security-server.manifest | 31 ++----------- packaging/security-server.spec | 15 ++++--- src/server/client/client-socket-privilege.cpp | 51 +--------------------- src/server/service/password-file.cpp | 4 +- src/server/service/privilege-by-pid.cpp | 24 +--------- systemd/security-server-app-permissions.socket | 2 +- .../security-server-app-privilege-by-name.socket | 2 +- systemd/security-server-cookie-check.socket | 2 +- systemd/security-server-data-share.socket | 2 +- systemd/security-server-get-gid.socket | 2 +- systemd/security-server-open-for.socket | 2 +- systemd/security-server-password-check.socket | 2 +- systemd/security-server-password-reset.socket | 2 +- systemd/security-server-password-set.socket | 2 +- systemd/security-server-privilege-by-pid.socket | 2 +- 16 files changed, 26 insertions(+), 127 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c6f634c..476b94a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -50,6 +50,7 @@ ADD_DEFINITIONS("-Wextra") # Generate even more extra warni STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}") ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"") + ADD_DEFINITIONS("-DSMACK_ENABLED") IF (CMAKE_BUILD_TYPE MATCHES "DEBUG") @@ -61,13 +62,6 @@ SET(TARGET_SECURITY_SERVER "security-server") SET(TARGET_SECURITY_CLIENT "security-server-client") SET(TARGET_SERVER_COMMON "security-server-commons") -INSTALL(FILES - ${CMAKE_SOURCE_DIR}/packaging/libsecurity-server-client.manifest - ${CMAKE_SOURCE_DIR}/packaging/security-server.manifest - DESTINATION - /usr/share -) - ADD_SUBDIRECTORY(src) ADD_SUBDIRECTORY(build) ADD_SUBDIRECTORY(systemd) diff --git a/packaging/security-server.manifest b/packaging/security-server.manifest index 5bb6fbf..017d22d 100644 --- a/packaging/security-server.manifest +++ b/packaging/security-server.manifest @@ -1,30 +1,5 @@ - - - - - - - - - - - - + + + diff --git a/packaging/security-server.spec b/packaging/security-server.spec index 7e776a4..4bca923 100644 --- a/packaging/security-server.spec +++ b/packaging/security-server.spec @@ -1,19 +1,18 @@ Name: security-server Summary: Security server and utilities -Version: 0.0.73 +Version: 0.0.118 Release: 1 Group: Security/Service License: Apache-2.0 Source0: %{name}-%{version}.tar.gz +Source1: security-server.manifest +Source2: libsecurity-server-client.manifest BuildRequires: cmake BuildRequires: zip BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(openssl) BuildRequires: libattr-devel BuildRequires: pkgconfig(libsmack) -Requires(preun): systemd -Requires(post): systemd -Requires(postun): systemd BuildRequires: pkgconfig(libprivilege-control) BuildRequires: pkgconfig(libsystemd-daemon) %{?systemd_requires} @@ -58,7 +57,8 @@ Certificates for the Tizen Web-Runtime %prep %setup -q -cp %{SOURCE1001} . +cp %{SOURCE1} . +cp %{SOURCE2} . %build %if 0%{?sec_build_binary_debug_enable} @@ -130,7 +130,8 @@ fi %postun -n libsecurity-server-client -p /sbin/ldconfig %files -n security-server -%manifest %{_datadir}/security-server.manifest +%manifest security-server.manifest +%defattr(-,root,root,-) %attr(755,root,root) /usr/bin/security-server %{_libdir}/libsecurity-server-commons.so.* %attr(-,root,root) /usr/lib/systemd/system/multi-user.target.wants/security-server.service @@ -163,7 +164,7 @@ fi %{_datadir}/license/%{name} %files -n libsecurity-server-client -%manifest %{name}.manifest +%manifest libsecurity-server-client.manifest %defattr(-,root,root,-) %{_libdir}/libsecurity-server-client.so.* %{_datadir}/license/libsecurity-server-client diff --git a/src/server/client/client-socket-privilege.cpp b/src/server/client/client-socket-privilege.cpp index 5fcd286..4d90902 100644 --- a/src/server/client/client-socket-privilege.cpp +++ b/src/server/client/client-socket-privilege.cpp @@ -36,37 +36,6 @@ #include -//static int get_exec_path(pid_t pid, std::string &exe) -//{ -// using namespace SecurityServer; -// -// try{ -// MessageBuffer send, recv; -// Serialization::Serialize(send, pid); -// -// int result = sendToServer( -// SERVICE_SOCKET_EXEC_PATH, -// send.Pop(), -// recv); -// if(result != SECURITY_SERVER_API_SUCCESS) -// return result; -// -// Deserialization::Deserialize(recv, result); -// if(result != SECURITY_SERVER_API_SUCCESS) -// return result; -// -// Deserialization::Deserialize(recv, exe); -// return result; -// } catch (MessageBuffer::Exception::Base &e) { -// LogDebug("SecurityServer::MessageBuffer::Exception " << e.DumpToString()); -// } catch (std::exception &e) { -// LogDebug("STD exception " << e.what()); -// } catch (...) { -// LogDebug("Unknown exception occured"); -// } -// return SECURITY_SERVER_API_ERROR_UNKNOWN; -//} - SECURITY_SERVER_API int security_server_check_privilege_by_sockfd(int sockfd, const char *object, @@ -112,25 +81,7 @@ int security_server_check_privilege_by_sockfd(int sockfd, return SECURITY_SERVER_API_ERROR_SOCKET; } - ret = security_server_check_privilege_by_pid(cr.pid, object, access_rights); - - //Getting path for logs -// if (SECURITY_SERVER_API_SUCCESS != get_exec_path(cr.pid, path)) { -// LogError("Failed to read executable path for process " << cr.pid); -// } -// -// if (ret == SECURITY_SERVER_API_SUCCESS) -// LogSecureDebug("SS_SMACK: caller_pid=" << cr.pid << ", subject=" << -// (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" << -// object << ", access=" << access_rights << ", result=" << -// ret << ", caller_path=" << path.c_str()); -// else -// LogSecureWarning("SS_SMACK: caller_pid=" << cr.pid << ", subject=" << -// (subjectPtr.get() ? subjectPtr.get() : "NULL") << ", object=" << -// object << ", access=" << access_rights << ", result=" << -// ret << ", caller_path=" << path.c_str()); - - return ret; + return security_server_check_privilege_by_pid(cr.pid, object, access_rights); } SECURITY_SERVER_API diff --git a/src/server/service/password-file.cpp b/src/server/service/password-file.cpp index 79cc549..6f59589 100644 --- a/src/server/service/password-file.cpp +++ b/src/server/service/password-file.cpp @@ -123,10 +123,10 @@ namespace SecurityServer unsigned int algorithm; Deserialization::Deserialize(stream, algorithm); switch (algorithm) { - case IPassword::PasswordType::NONE: + case (unsigned int)IPassword::PasswordType::NONE: ptr.reset(new NoPassword()); break; - case IPassword::PasswordType::SHA256: + case (unsigned int)IPassword::PasswordType::SHA256: ptr.reset(new SHA256Password(stream)); break; default: diff --git a/src/server/service/privilege-by-pid.cpp b/src/server/service/privilege-by-pid.cpp index bcb8659..bfe34eb 100644 --- a/src/server/service/privilege-by-pid.cpp +++ b/src/server/service/privilege-by-pid.cpp @@ -96,28 +96,6 @@ bool PrivilegeByPidService::processOne(const ConnectionID &conn, MessageBuffer & LogDebug("SMACK is not available. Subject label has not been read."); retval = 1; } -// char *path = read_exe_path_from_proc(pid); -// -// if (retval > 0) -// LogDebug("SS_SMACK: " -// << "caller_pid=" << pid -// << ", subject=" << subject -// << ", object=" << object -// << ", access=" << access_rights -// << ", result=" << retval -// << ", caller_path=" << path); -// else -// LogError("SS_SMACK: " -// << "caller_pid=" << pid -// << ", subject=" << subject -// << ", object=" << object -// << ", access=" << access_rights -// << ", result=" << retval -// << ", caller_path=" << path); -// -// if (path != NULL) -// free(path); - if (retval == 1) //there is permission retCode = SECURITY_SERVER_API_SUCCESS; @@ -137,7 +115,7 @@ bool PrivilegeByPidService::processOne(const ConnectionID &conn, MessageBuffer & << ", object=" << object << ", access=" << access_rights << ", result=" << retval - << ", caller_path=" << (path ? path : "")); + << ", caller_path=" << (path ? path : "" )); free(path); } diff --git a/systemd/security-server-app-permissions.socket b/systemd/security-server-app-permissions.socket index 814de37..7271ff2 100644 --- a/systemd/security-server-app-permissions.socket +++ b/systemd/security-server-app-permissions.socket @@ -1,7 +1,7 @@ [Socket] ListenStream=/tmp/.security-server-api-app-permissions.sock SocketMode=0777 -SmackLabelIPIn=security-server::api-app-permissions +SmackLabelIPIn=* SmackLabelIPOut=@ Service=security-server.service diff --git a/systemd/security-server-app-privilege-by-name.socket b/systemd/security-server-app-privilege-by-name.socket index b5a032f..da595c3 100644 --- a/systemd/security-server-app-privilege-by-name.socket +++ b/systemd/security-server-app-privilege-by-name.socket @@ -1,7 +1,7 @@ [Socket] ListenStream=/tmp/.security-server-api-app-privilege-by-name.sock SocketMode=0777 -SmackLabelIPIn=security-server::api-app-privilege-by-name +SmackLabelIPIn=* SmackLabelIPOut=@ Service=security-server.service diff --git a/systemd/security-server-cookie-check.socket b/systemd/security-server-cookie-check.socket index ecd953b..0f889a4 100644 --- a/systemd/security-server-cookie-check.socket +++ b/systemd/security-server-cookie-check.socket @@ -1,7 +1,7 @@ [Socket] ListenStream=/tmp/.security-server-api-cookie-check.sock SocketMode=0777 -SmackLabelIPIn=security-server::api-cookie-check +SmackLabelIPIn=* SmackLabelIPOut=@ Service=security-server.service diff --git a/systemd/security-server-data-share.socket b/systemd/security-server-data-share.socket index 4b1f540..bd858c6 100644 --- a/systemd/security-server-data-share.socket +++ b/systemd/security-server-data-share.socket @@ -1,7 +1,7 @@ [Socket] ListenStream=/tmp/.security-server-api-data-share.sock SocketMode=0777 -SmackLabelIPIn=security-server::api-data-share +SmackLabelIPIn=* SmackLabelIPOut=@ Service=security-server.service diff --git a/systemd/security-server-get-gid.socket b/systemd/security-server-get-gid.socket index 0b06c46..0a0852c 100644 --- a/systemd/security-server-get-gid.socket +++ b/systemd/security-server-get-gid.socket @@ -1,7 +1,7 @@ [Socket] ListenStream=/tmp/.security-server-api-get-gid.sock SocketMode=0777 -SmackLabelIPIn=security-server::api-get-gid +SmackLabelIPIn=* SmackLabelIPOut=@ Service=security-server.service diff --git a/systemd/security-server-open-for.socket b/systemd/security-server-open-for.socket index 1c41f2d..a0886a3 100644 --- a/systemd/security-server-open-for.socket +++ b/systemd/security-server-open-for.socket @@ -1,7 +1,7 @@ [Socket] ListenStream=/tmp/.security-server-api-open-for.sock SocketMode=0777 -SmackLabelIPIn=security-server::api-open-for +SmackLabelIPIn=* SmackLabelIPOut=@ Service=security-server.service diff --git a/systemd/security-server-password-check.socket b/systemd/security-server-password-check.socket index 057746c..d3ac5d5 100644 --- a/systemd/security-server-password-check.socket +++ b/systemd/security-server-password-check.socket @@ -1,7 +1,7 @@ [Socket] ListenStream=/tmp/.security-server-api-password-check.sock SocketMode=0777 -SmackLabelIPIn=security-server::api-password-check +SmackLabelIPIn=* SmackLabelIPOut=@ Service=security-server.service diff --git a/systemd/security-server-password-reset.socket b/systemd/security-server-password-reset.socket index 2ce101d..377d722 100644 --- a/systemd/security-server-password-reset.socket +++ b/systemd/security-server-password-reset.socket @@ -1,7 +1,7 @@ [Socket] ListenStream=/tmp/.security-server-api-password-reset.sock SocketMode=0777 -SmackLabelIPIn=security-server::api-password-reset +SmackLabelIPIn=* SmackLabelIPOut=@ Service=security-server.service diff --git a/systemd/security-server-password-set.socket b/systemd/security-server-password-set.socket index 19e677a..0dee1e7 100644 --- a/systemd/security-server-password-set.socket +++ b/systemd/security-server-password-set.socket @@ -1,7 +1,7 @@ [Socket] ListenStream=/tmp/.security-server-api-password-set.sock SocketMode=0777 -SmackLabelIPIn=security-server::api-password-set +SmackLabelIPIn=* SmackLabelIPOut=@ Service=security-server.service diff --git a/systemd/security-server-privilege-by-pid.socket b/systemd/security-server-privilege-by-pid.socket index 8de4cbb..8fd46f2 100644 --- a/systemd/security-server-privilege-by-pid.socket +++ b/systemd/security-server-privilege-by-pid.socket @@ -1,7 +1,7 @@ [Socket] ListenStream=/tmp/.security-server-api-privilege-by-pid.sock SocketMode=0777 -SmackLabelIPIn=security-server::api-privilege-by-pid +SmackLabelIPIn=* SmackLabelIPOut=@ Service=security-server.service -- 2.7.4