Marek Smolinski [Tue, 26 Nov 2013 10:02:02 +0000 (11:02 +0100)]
Removed internal call perm_begin() inside perm_app_install()
Call perm_begin() inside app_install() function is redundant,
internal call rdb_add_appliaction() makes rdb_begin()
[Issue#] SSDWSSP-673
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] build platform via dbuild,
run osp, wrt installer:
wrt-installer --install
/usr/bin/TestMisiuPysiu123.wgt
wrt-installer --install
/usr/bin/MisiuPysiu123Partner.wgt
wrt-installer --install
/usr/bin/MisiuPysiu123Platform.wgt
osp-installer -i /usr/bin/uqNfgEjqc7-1.0.0-arm.tpk
osp-installer -i /usr/bin/j4RuPsZrNt-1.0.0-arm.tpk
osp-installer -i /usr/bin/V5LKqDFBXm-1.0.0-arm.tpk
wrt-installer --uninstall-name QwCqJ0ttyS
wrt-installer --uninstall-name 7btsV1Y0sX
wrt-installer --uninstall-name G4DE3U2vmW
osp-installer -u uqNfgEjqc7
osp-installer -u j4RuPsZrNt
osp-installer -u V5LKqDFBXm
Change-Id: I154a5424eff562d4a2cb4026a3087208991f6d19
Piotr Bartosiewicz [Wed, 27 Nov 2013 15:10:25 +0000 (16:10 +0100)]
Optimize perm_begin and perm_end
[Issue#] SSDWSSP-596
[Bug/Feature] Database operations executed in perm_begin and perm_end
are very slow.
[Cause] All the rules were calculated every perm_end.
[Solution] Calculate only modified rules.
[Verification] Build, install, run tests - to check correctness.
Compare speed of application installation and
deinstallation before and after library update.
Make sure a database is exactly the same as in new
image (running our tests adds a lot of new rules).
I've notices 2x - 7x speedup (depending on the number of
modified rules).
Change-Id: Ifba86c1c8b09230458482c9c31468245bf3edbbb
Zbigniew Jasinski [Fri, 29 Nov 2013 10:31:22 +0000 (11:31 +0100)]
Change debug flag from TIZEN_ENGINEER_MODE to TIZEN_DEBUG_ENABLE
Also changes in spec file reflecting flag change.
[Issue#] SSDWSSP-697
[Feature/Bug] N/A
[Problem] Many issues in user binaries.
[Cause] N/A
[Solution] Add debug not only for engineering packages.
[Verification] Build with debug flag, run tests.
Change-Id: I50581bf7d0601156059cb8698123ba3dbaffc845
Radoslaw Bartosiak [Mon, 25 Nov 2013 17:42:49 +0000 (18:42 +0100)]
Elimination of relative command paths ambiguity
[Issue#] SSDWSSP-684
[Bug/Feature] A security vulnerability to attacks fixed.
[Cause] Malicious change of PATH variable might be used to an exploit (change of commands).
[Solution] The correct PATH variable set in the script.
[Verification] Build, install and run tests.
Change-Id: I85753bfe4fdf8b5cb9fe7cab1caa5b88725a04a0
Conflicts:
smack_default_labeling
Radoslaw Bartosiak [Tue, 26 Nov 2013 16:37:41 +0000 (17:37 +0100)]
Elimination of floor (_) labeled executables
[Issue#] SSDWSSP-684
[Bug/Feature] A security vulnerability to attacks fixed.
[Cause] Using a floor labeled exec, a malicious process can pollute the floor labeled resources.
[Solution] The floor labeled executables were eliminated.
[Verification] 1) Build, install and run tests.
2) Verify that no executables from the package has the floor label.
Change-Id: I3999cb71c01a29fbe1a2e0e86b0991d21528beb3
Conflicts:
packaging/libprivilege-control.manifest
Jan Cybulski [Fri, 22 Nov 2013 07:29:52 +0000 (08:29 +0100)]
Move all sql files to a separate directory
[Issue#] SSDWSSP-615
[Bug/Feature] Sql scripts were added to /usr/share/privilege-control,
which is not the best place, as lots of .rule files are
located in that directory.
[Solution] Move them to subdirectory db.
[Veryfication] Build, install, run tests.
Change-Id: I4f9db8b8fe2a7e3bbf1d37cc2df4ca650493ce3d
Jan Cybulski [Fri, 8 Nov 2013 13:42:04 +0000 (14:42 +0100)]
Add database versioning and upgrading.
[Issue#] SSDWSSP-615
[Bug/Feature] Database upgrade was not possible without data loss.
[Cause] N/A
[Solution] Enable database upgrading by sequential calling upgrade
sql scripts.
Also, move all sql files to /usr/share/privilege-control/.
[Verification] -Remove one of the update files *-to-v2.sql in /db/updates,
build and check if %check script properly detects lack of
that file (build should stop with error).
-Add that file again.
-Build newest libprivilege-control (this)
and libprivilege-control-0.0.58
and libprivilege-control-0.0.59.
-Install libprivilege-control-0.0.58, and then install newest.
-Should install without problems. Run tests.
-Remove database, install V59, and then install newest.
-Should install without problems, Run tests.
-Remove database, install newest.
-Should install without problems, Run tests.
Change-Id: I5b232cba86c252d3ba2ac2e5432dcad816790823
Sebastian Grabowski [Thu, 7 Nov 2013 12:16:18 +0000 (13:16 +0100)]
Move appsetting and antivirus privileges to smack-privilege-conf
[Issue#] SSDWSSP-607
[Bug/Feature] Move appsetting and antivirus privileges to
smack-privilege-conf repository
[Cause] Since wildcards implementation in smack rule templates
appsetting and antivirus privileges no longer needs to
be added with rules-db-data.sql script.
[Solution] Removed obsolete sql statements.
Dependency from smack-privilege-config:
Ife85ad691fe036d1dfb9cfdb489d9e24ecba1947
[Verification] Test content of permission,
permission_app_path_type_rule_view and
permission_app_path_type_rule_view tables/views in
.rules-db.db3 after libprivilege-control installation
and after smack-privilege-config:
Delete rules db:
rm /opt/dbspace/.rules-db.db3
Delete smack rules:
rm /usr/share/privilege-control/*.smack
Install libprivilege-control with this change:
rpm -Uvh --force --nodeps /tmp/rpm/libprivilege-control-*
Run the following sqlite3 commands:
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission;"
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission_permission_rule_view;"
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission_app_path_type_rule_view;"
After these commands there should be no
org.tizen.privilege.appsetting nor
org.tizen.privilege.antivirus entries.
Next, install smack-privilege-config (with
Ife85ad691fe036d1dfb9cfdb489d9e24ecba1947 changes):
rpm -Uvh --force --nodeps /tmp/rpm/smack-privilege-config-*
Run the following sqlite3 commands (the same like above):
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission;"
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission_permission_rule_view;"
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission_app_path_type_rule_view;"
After these commands proper org.tizen.privilege.appsetting and
org.tizen.privilege.antivirus entries should be in the
database.
Change-Id: I329fb361ea57b6cc86650b00074439eedad1c0d3
Jan Olszak [Tue, 12 Nov 2013 15:51:57 +0000 (16:51 +0100)]
Correction in marking labels as modified.
[Issue#] N/A
[Bug/Feature] After uninstalling rules with app's paths stayed.
[Cause] Wrong order of delete - mark as modified.
[Solution] Changed the order.
[Verification] Build, install, run tests.
Change-Id: I3c61c552f845b1bf9e02e76c7b837eb7e59b7634
Jan Olszak [Tue, 12 Nov 2013 10:58:10 +0000 (11:58 +0100)]
Removed a memory leak.
[Issue#] N/A
[Bug/Feature] Memmory leak.
[Cause] N/A
[Solution] Added free at the end.
[Verification] Build, install, run tests.
Change-Id: If90f80a2c60f586628834b0ad5ea06a53aa62488
Krzysztof Jackiewicz [Tue, 12 Nov 2013 08:38:43 +0000 (09:38 +0100)]
Duplicated path error ignored
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Path related rules are not correctly generated after application
upgrade (adding settings folder)
[Cause] Adding existing path to and application causes error and results in a
rollback during perm_end.
[Solution] INSERT in path_view_insert_trigger changed to INSERT OR IGNORE.
[Verification] Upgrade an application. It should succeed despite of registering
paths that already exist in db
Change-Id: Ia0ddfdcac906e44401e6152f839321be967bcb76
Marcin Lis [Tue, 8 Oct 2013 09:41:06 +0000 (11:41 +0200)]
New API for permission checking
[Issue#] SSDWSSP-527
[Feature] Introduce new API function.
[Cause] New API will improve the performance while checking
app permissions. It is also needed by Security Server.
[Solution] One new API function is added, which enables user to check
whether an app with given label has enabled permission
specified by name.
[Verification] Build, install & run tests.
Change-Id: I4c068f593c585d5a16e2ca9f72666aea79fafcab
Sebastian Grabowski [Mon, 4 Nov 2013 13:49:32 +0000 (14:49 +0100)]
Add perm_app_register_permissions function.
[Issue#] SSDWSSP-620
[Bug/Feature] Add new API in libprivilege-control and use it in
installators (perm_app_register_permissions)
[Cause] There is a need that only installators could add
persistent rules
[Solution] Added new perm_app_register_permissions function
[Verification] Just built and run tests
Change-Id: I6703579756a806dcb1b38ccb9d730bd361dd6ab6
Jan Olszak [Mon, 4 Nov 2013 12:07:47 +0000 (13:07 +0100)]
Changed schema_version to user_version.
[Issue#] N/A
[Bug/Feature] N/A
[Cause] N/A
[Solution] Changed schema_version to user_version
[Verification] Build, install.
Change-Id: Ife7d18247d54a89c0cd00460f8b37f7e86579fad
Jan Olszak [Thu, 31 Oct 2013 15:16:15 +0000 (16:16 +0100)]
Correction in schema_version.
[Issue#] N/A
[Bug/Feature] Wrong schema version number.
[Cause] N/A
[Solution] Changed 1.1 to 2.
[Verification] Build, install.
Change-Id: I5dde4094f04d62010d81b4220d79b7df698dd6c0
Jan Olszak [Thu, 17 Oct 2013 17:50:32 +0000 (19:50 +0200)]
Modified perm_end and rdb_end so they return error code.
[Issue#] SSDWSSP-183
[Bug/Feature] Return code when finishing transaction.
[Cause] N/A
[Solution] Added return code
[Verification] Build, install, run tests.
Change-Id: I649bf4b8a1b0313e969ffd5428650fae0a1fb9ff
Krzysztof Jackiewicz [Mon, 28 Oct 2013 14:19:08 +0000 (15:19 +0100)]
Prevent fix - NULL check after dereference.
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Pervent issue CID 34517
[Cause] Variable was checked against NULL after dereferencing.
[Solution] NULL check removed
[Verification] Successfull compilation
Change-Id: Ie8f878c79c2d0e8fe97e8cfa5f2b116e4cb2fd22
Krzysztof Jackiewicz [Fri, 25 Oct 2013 12:47:49 +0000 (14:47 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: Id5b7c2f8b3b8f8d6ebda4cb97927e873f1c71449
Krzysztof Jackiewicz [Fri, 25 Oct 2013 12:47:00 +0000 (14:47 +0200)]
[Release] libprivilege-control_0.0.43.TIZEN
* Revert "add API definition"
* Implement new wildcard ~NPRUNTIME_PATH~ +fix workaround
* Implement adding new WRT rules in libprivilege-control
* add API definition
* Correction in enabling permissions.
* Renamed enums and deleted unused defines
* Modified checking labels and deleted unused checking.
* Change in setup path.
* Change in boot script.
* Adding additional rules.
* Implementation of cross-app rule patterns in *.smack files
* Corrected a mistake in deleting paths.
* Deleting paths on revoking permissions.
* Deleted volatile rules on boot and corrected permission format.
* Modified boot script, added deleting volatile rules.
* Made marking labels as modified beautiful.
* Changed new API names.
* Loading api-features from a file.
* Revert "rollback because of rule database"
* add systemd options
* Add README file
* Compilation flags 'verbose' mode
* Unused function smack_get_access_new removed
* Libprivilege API cleanup
* Add missing information about APP_PATH_ANY_LABEL in header
* Takes compilation profile from command line.
* Add for all anti viruses RWX access to all public-RO and group-RW shared folder
* Simple corrections in api-feature handling. +Fix
Change-Id: I0749261e11e71463e48ec5978cc2e824e6278309
Krzysztof Jackiewicz [Fri, 25 Oct 2013 12:14:23 +0000 (14:14 +0200)]
Revert "add API definition"
This reverts commit
2cc85c9c19921c0421eeddce164431cc162db254.
Marcin Lis [Thu, 24 Oct 2013 09:52:42 +0000 (11:52 +0200)]
Implement new wildcard ~NPRUNTIME_PATH~ +fix workaround
[Issue#] SSDWSSP-599
[Feature] N/A
[Cause] It was impossible to add reverse type rules from
smack-privilege-config additional rules file.
Also there was a need to add rules associated with new path_type
NPRUNTIME_PATH.
[Solution] New wildcard has been introduced, temp workaround fixed.
[Verification] Build, install and run tests including the smack-privilege-config
rpm built from the following commit:
https://review.tizendev.org/gerrit/#/c/245166/
Change-Id: I14cf28ebb3ca9be80d35073db19fe53127cc744d
Marcin Lis [Tue, 22 Oct 2013 18:14:55 +0000 (20:14 +0200)]
Implement adding new WRT rules in libprivilege-control
[Issue#] SSDWSSP-599
[Feature] Introduce new option in perm_app_setup_path which comes
with new enumeration literal to parameter.
[Cause] There is a need for WRT applications to label their own symbolic
link to PluginProcess with label: "<wrt_app_label>.npruntime".
This newly created label should have such smack accesses granted:
<wrt_app_label>.npruntime system::homedir rxat
<wrt_app_label>.npruntime xorg rw
<wrt_app_label>.npruntime <wrt_app_label> rxat
Also app should have the following access also:
<wrt_app_label> <wrt_app_label>.npruntime rw
[Solution] API change: PERM_APP_PATH_NPRUNTIME literal added to enum
"app_path_type_t". Also, middleware can now use it in
perm_app_setup_path to give special EXEC label to executable file
or symbolic link and enable all required accesses.
IMPORTANT: after installing any WRT (WGT) application use:
// ------------------------------------------------
perm_app_setup_path(<wrt_app_id>,
<path_to_symlink>,
PERM_APP_PATH_NPRUNTIME);
// ------------------------------------------------
This will enable required permissions permanently.
[Verification] Build, install on target, run commands:
# sqlite3 /opt/dbspace/.rules-db.db3
sqlite> select * from app_path_type;
sqlite> select * from label_app_path_type_rule_view;
After that verify that there is a row with "NPRUNTIME_PATH" in
the first query result (in app_path_type table), and both
"system::homedir|NPRUNTIME_PATH" and "xorg|NPRUNTIME_PATH"
in the second result.
Also run tests.
Change-Id: I2a3c396c5d8ef38fb49f78fb4c77ec0ec12af57f
Kidong Kim [Thu, 24 Oct 2013 00:30:42 +0000 (09:30 +0900)]
add API definition
Jan Olszak [Fri, 4 Oct 2013 17:00:09 +0000 (19:00 +0200)]
Correction in enabling permissions.
[Issue#] SSDWSSP-183
[Bug/Feature] WRT_platform ect. permissions added as WRT
[Cause] N/A
[Solution] Correction in enabling permissions.
[Verification] Build, install, run tests.
Change-Id: I9c7202615550da2d152c6909b773e4a7d12d0641
Jan Olszak [Fri, 4 Oct 2013 11:03:26 +0000 (13:03 +0200)]
Renamed enums and deleted unused defines
[Issue#] SSDWSSP-479
[Bug/Feature] N/A
[Cause] N/A
[Solution] Renamed enums ect..
[Verification] Build.
Change-Id: Id7d691ae6aecfef3c5f46e6e36ae3ad188f6222c
Jan Olszak [Thu, 3 Oct 2013 14:22:27 +0000 (16:22 +0200)]
Modified checking labels and deleted unused checking.
[Issue#] SSDWSSP-183
[Bug/Feature] Little speed-up in checking application label.
[Cause] N/A
[Solution] Changed the select stmt. Deleted two unused functions.
[Verification] Build, install, run tests.
Change-Id: I69685bed16c7b1bc955bc4695f341e969714a7d1
Jan Olszak [Tue, 1 Oct 2013 16:55:44 +0000 (18:55 +0200)]
Change in setup path.
[Issue#] SSDWSSP-183
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: I299003f07c06230ce16e229bd525de1e9bc94218
Jan Olszak [Tue, 1 Oct 2013 08:55:34 +0000 (10:55 +0200)]
Change in boot script.
[Issue#] SSDWSSP-183
[Bug/Feature] N/A
[Cause] N/A
[Solution] Used redirection to write rules to kernel.
[Verification] Build, install, reboot,
run systemctl status smack-rules.service
Change-Id: I7034823ba6f124a9793657078ada70fc175f53e6
Jan Olszak [Thu, 26 Sep 2013 16:26:19 +0000 (18:26 +0200)]
Adding additional rules.
[Issue#] N/A
[Bug/Feature] New rule patterns in templates.
[Cause] N/A
[Solution] Loading rules from ADDITIONAL_RULES.smack
[Verification] Build, install,
run api_feature_loader --verbose
confirm rules are in /smack/load2
reboot
confirm rules are in /smack/load2
Change-Id: I4cc5a7d0ddd83d9bdff45b61f5ec242d7a9860d6
Jan Olszak [Fri, 13 Sep 2013 15:34:48 +0000 (17:34 +0200)]
Implementation of cross-app rule patterns in *.smack files
[Issue#] N/A
[Bug/Feature] New rule patterns in templates.
[Cause] N/A
[Solution] Implemented wildcards for apps with same privilege
and folder types.
[Verification]Build, install, run tests.
Change-Id: Ia3ea6a66fa627d501202ab703b6796c7c6a34f11
Jan Olszak [Wed, 25 Sep 2013 17:00:19 +0000 (19:00 +0200)]
Corrected a mistake in deleting paths.
[Issue#] SSDWSSP-183
[Bug/Feature] N/A
[Cause] N/A
[Solution] Corrected build brake.
[Verification] Build
Change-Id: I9628305aa22996f152d2ed776552119ab06dccdc
Jan Olszak [Wed, 25 Sep 2013 16:38:46 +0000 (18:38 +0200)]
Deleting paths on revoking permissions.
[Issue#] SSDWSSP-183
[Bug/Feature] Some paths left in the database, but not present.
[Cause] N/A
[Solution] Deleteing app's paths on permission revoke
[Verification] Build, install, run tests.
Change-Id: I8afe30e8e8fb150c49b0d156e7b276359570b8c3
Jan Olszak [Mon, 23 Sep 2013 17:51:28 +0000 (19:51 +0200)]
Deleted volatile rules on boot and corrected permission format.
[Issue#] SSDWSSP-183
[Bug/Feature] Volatile rules were not deleted.
[Cause] N/A
[Solution] Deleteing volatile rules from the database.
[Verification] Build, install, run tests.
Change-Id: Ic5352c1d8f94a78e379b91325dbdbdd25f8428bf
Jan Olszak [Fri, 20 Sep 2013 09:40:10 +0000 (11:40 +0200)]
Modified boot script, added deleting volatile rules.
[Issue#] SSDWSSP-183
[Bug/Feature] Volatile rules were not deleted.
[Cause] N/A
[Solution] Deleteing volatile rules from the database.
[Verification] Build, install, run tests.
Change-Id: Ia7b2667177f5d95b838d8c891d02ecddfaa4a554
Jan Olszak [Tue, 17 Sep 2013 13:59:28 +0000 (15:59 +0200)]
Made marking labels as modified beautiful.
[Issue#] SSDWSSP-183
[Bug/Feature] Marking labels as modified.
[Cause] N/A
[Solution] Moved marking to SQL code and used USING on joins.
[Verification] Build, install, run tests.
Change-Id: I26dc6c6e5fcbccdf7c2a473b111224bba2cfa391
Jan Olszak [Tue, 17 Sep 2013 11:23:44 +0000 (13:23 +0200)]
Changed new API names.
[Issue#] SSDWSSP-183
[Bug/Feature] Renamed new API names.
[Cause] N/A
[Solution] Better api names: perm_begin, perm_end.
[Verification] Build
Change-Id: I3ccadb18292314a5a6f9d636d359a36014135633
Jan Olszak [Fri, 13 Sep 2013 14:43:50 +0000 (16:43 +0200)]
Loading api-features from a file.
[Issue#] SSDWSSP-183
[Bug/Feature] Loading permission from a file.
[Cause] N/A
[Solution] Added option to api_feature_loader.
[Verification] Build, install, use api_feature_loader --file=file_path
run sqlite3 /opt/dbspace/.rules-db.db3 'select * from permission_view;'
and confirm permission is loaded
Change-Id: I662ee3ee116b66f4730251be37ff85206c4276e8
Jan Olszak [Tue, 17 Sep 2013 08:33:20 +0000 (10:33 +0200)]
Revert "rollback because of rule database"
Conflicts:
packaging/libprivilege-control.changes
packaging/libprivilege-control.spec
rule_loader/smack-early-rules.service
rule_loader/smack-late-rules.service
Change-Id: I80d42cdb1ed442db40646b4d5eb8ec0bac1ec0a0
Kidong Kim [Thu, 10 Oct 2013 12:01:47 +0000 (21:01 +0900)]
add systemd options
Change-Id: I7f76391d9b2fe09eda237af057a2b6e1d40e76eb
Jan Cybulski [Tue, 1 Oct 2013 11:31:10 +0000 (13:31 +0200)]
Add README file
[Issue#] SSDWSSP-528
[Bug/Feature] Added README file.
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: I6742741f7947b8e6cd442ace81c71fe85ee8c62b
Marcin Lis [Fri, 20 Sep 2013 11:32:13 +0000 (13:32 +0200)]
Compilation flags 'verbose' mode
[Issue#] SSDWSSP-496
[Bug/Feature] N/A
[Cause] Potential bug - CMAKE_VERBOSE_MAKEFILE is not turned ON in
packaging spec file, so the default value is used.
[Solution] Turn ON the flag explicitly.
[Verification] Build, verify that compile flags passed to gcc are visible
using different build types (in gbs: --define "build_type ...").
Change-Id: Ib9fc0fa3872688d25462082c4915bb50c80c4143
Krzysztof Jackiewicz [Wed, 4 Sep 2013 15:44:47 +0000 (17:44 +0200)]
Unused function smack_get_access_new removed
[Issue#] N/A
[Feature/Bug] N/A
[Problem] smack_get_access_new is unused
[Cause] N/A
[Solution] Removed
[Verification] Successfull compilation
Change-Id: I3a87d3b55f70ee55b68973b2af71aa5524865bf9
Krzysztof Jackiewicz [Wed, 4 Sep 2013 15:51:03 +0000 (17:51 +0200)]
Libprivilege API cleanup
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Fixed array instead of pointer was used as an API function argument
[Cause] N/A
[Solution] Function modified. Unnecessary include removed
[Verification] Successfull compilation of libprivilege-control and security-tests
Change-Id: I333611c51e9f17152e1353d38516024212ce91e1
Lukasz Kostyra [Tue, 27 Aug 2013 13:56:48 +0000 (15:56 +0200)]
Add missing information about APP_PATH_ANY_LABEL in header
[Issue#] SSDWSSP-481
[Bug] Information about perm_app_setup_path in privilege-control.h didn't cover
APP_PATH_ANY_LABEL app_path_type.
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: I40d4292b880bc007dfa5ce3d78430b3e64940a9f
Bartlomiej Grzelewski [Thu, 1 Aug 2013 10:53:19 +0000 (12:53 +0200)]
Takes compilation profile from command line.
This command will start compilation with debug(-O0 -g -ggdb)
gbs lb -A armv7l --define "build_type DEBUG"
Default command will use RELEASE profile(-02 -g):
gbs lb -A armv7l
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Problem] N/A
[Solution] N/A
[Verification] Run tests.
Change-Id: I4bc6f0b0ee2c98919f47c7550c609d9bf5b396de
Janusz Kozerski [Wed, 21 Aug 2013 12:18:37 +0000 (14:18 +0200)]
Add for all anti viruses RWX access to all public-RO and group-RW shared folder
[Issue#] SSDWSSP-463
[Feature/Bug] Add for all anti viruses RWX access to all public-RO, group-RW, and setting-RW shared folders
[Problem] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests - all should pass. Install at least one application for every shared folder
(public RO, group RW, setting RW), next call an API function perm_app_setup_path for installation
of anti virus application, and check if anti virus have the RWX access to all shared folders.
Then install another three application (one for every type of shared folers), and check if anti virus
have an access to these new installed shared folders.
Change-Id: I41f9417e36edc2f4efe9a5a5c57c2b50c07e14f7
Marcin Lis [Fri, 16 Aug 2013 08:30:48 +0000 (10:30 +0200)]
Simple corrections in api-feature handling. +Fix
[Issue#] SSDWSSP-405
[Bug] Impossible to add Api-Feature with template label "~APP~"
and enable permissions granted by newly created feature
[Cause] Mistakes in app label parsing and adding permissions from Api-Feature
[Solution] Two simple corrections
Also template label macros are moved to common header
Also fix for ~APP~ label allowance has been added
[Verification] Build and run all tests
* sync with the following security-tests commit:
http://slp-info.sec.samsung.net/gerrit/#/c/267785/
Change-Id: Iebe39035ecb6a423cb19541f130bd25218f7ca1a
Krzysztof Jackiewicz [Wed, 21 Aug 2013 09:28:00 +0000 (11:28 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: I74187a8f548ee1ce8105837d2bf21c3b4dac126f
Krzysztof Jackiewicz [Wed, 21 Aug 2013 08:53:56 +0000 (10:53 +0200)]
Release version 0.0.42.TIZEN
* missing tag
Change-Id: I2dcfdb135d1c74e2b2be07b6a9e055818d91e47b
Rafal Krypa [Mon, 19 Aug 2013 12:42:53 +0000 (14:42 +0200)]
Release version 0.0.42.TIZEN
* Changed dlog logging buffer.
* Adapt code for new libsmack API
* Rewrite internal function app_uninstall_remove_early_rules()
* Create format strings for scanf statically.
* Add support for new access mode for setting locks ("l")
* Fix unwanted differences between SLP and RSA repositories.
* Add better debug logs to libprivilege-control
* Fill in missing changelog information for previous releases.
Change-Id: Ia7105acee863a342bd296405be4044f7954dfa0b
Rafal Krypa [Mon, 19 Aug 2013 12:06:43 +0000 (14:06 +0200)]
Fix unwanted differences between SLP and RSA repositories.
[Issue#] N/A
[Bug] Undesired differences in source code between SLP and RSA.
[Cause] Developers not careful while submitting changes to both repos.
[Solution] Enumerate and fix the differences.
[Verification] No functional changes has been made.
Change-Id: Ifec35b4ee5bdc2f3613de25cb49b0ebe876681bf
Lukasz Kostyra [Thu, 18 Jul 2013 07:33:14 +0000 (09:33 +0200)]
Add better debug logs to libprivilege-control
[Issue#] SSDWSSP-406
[Feature] Adds debug logs which log additional useful informations in libprivilege-control. Create additional defines for SECURE_SLOG*
logs to allow disabling specific types of SECURE logs.
[Cause] Many functions in libprivilege-control didn't log useful information - input parameters, files used or switch branches taken.
[Solution] Add macros which log such information. Additional defines wrapping SECURE_SLOG* log macros are now defined as SECURE_C_LOG*.
[Verification] Run libprivilege-control-test from security-tests package and check using dlogutil whether functions log their input
parameters, files used and switch branches taken. Make sure to enable definition DLOG_DEBUG_ENABLED in CMakeLists.txt
before building the package.
Change-Id: Ifec47d04b7a5aef806caab85fe3709e36aae8afe
Rafal Krypa [Fri, 26 Jul 2013 10:39:16 +0000 (12:39 +0200)]
Add support for new access mode for setting locks ("l")
[Issue#] SSDWSSP-372
[Feature] Properly work on system with new access mode enabled.
[Cause] Additional Smack access implemented in kernel.
[Solution] Extend appropriate arrays.
[Verification] Build, install, run tests.
Change-Id: I745ade7ae15aa231882e9d7cacfa35ed4fc2f29e
Rafal Krypa [Fri, 26 Jul 2013 10:36:08 +0000 (12:36 +0200)]
Create format strings for scanf statically.
[Issue#] SSDWSSP-372
[Feature] Remove unneeded memory allocations for scanf format strings.
[Cause] When reading Smack rules, fields length must be checked.
[Solution] Create format strings with legnth specifiers at build time.
[Verification] Build, install, run tests.
Change-Id: Ib0b20e3d46fe0d4af957f13a37627d14831283d2
Rafal Krypa [Wed, 24 Jul 2013 12:02:34 +0000 (14:02 +0200)]
Rewrite internal function app_uninstall_remove_early_rules()
[Issue#] SSDWSSP-372
[Bug] Old code prone to errors, with implementation problems.
[Cause] Fragile file parsing. Using temporary file. Unneeded semaphore, with wrong permissions.
[Solution] Write more robust function, copying the file in place.
[Verification] Run libprivilege-control-tests.
Change-Id: I12f89f1c1c0c4bc43ffbb69db84cfb88b98c821b
Jan Cybulski [Mon, 29 Jul 2013 11:06:32 +0000 (13:06 +0200)]
Adapt code for new libsmack API
[Issue#] SSDWSSP-433
[Feature] Change libsmack for compatibility with a newly changed smack API.
[Cause] Now libsmack functions: smack_new_label_from_self() and smack_new_label_from_socket(), in case of success, are returning value greater than 0.
[Solution] Change expected result.
[Verification] Run tests.
Change-Id: Idca56a593179f02d84df808bdc6c5ca01685e62d
Jan Olszak [Thu, 4 Jul 2013 12:22:02 +0000 (14:22 +0200)]
Changed dlog logging buffer.
[Issue#] dlog logged in a wrong buffer.
[Bug/Feature] Recent prevent bugs need fix.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run "dlogutil -c", run tests, run "dlogutil -b main PRIVILEGE_CONTROL" (no loggs), "dlogutil -b system PRIVILEGE_CONTROL" (loggs..)
Change-Id: Ief75512faddec867ad82c2e710b78b9f2be18659
Krzysztof Jackiewicz [Mon, 12 Aug 2013 08:39:31 +0000 (10:39 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: I5659d92a2f8b5ea3dff28b4405fb0bd0ac7e1176
Krzysztof Jackiewicz [Mon, 12 Aug 2013 08:38:13 +0000 (10:38 +0200)]
[Release] libprivilege-control_0.0.41.TIZEN
* Re-release (previous release did not succeed)
Change-Id: I6333a5fe1be06dcddf0fb88b73e2e7f50c074452
Krzysztof Jackiewicz [Thu, 8 Aug 2013 12:31:49 +0000 (14:31 +0200)]
[Release] libprivilege-control_0.0.40.TIZEN
* Smack app rule loading during boot
* API function naming changed
* Generic solution for adding shared dir rules
* Parameter checking
* Language errors fixed
* Deprecated code removed
* EFL app type added
Change-Id: I006ea9d637c51f6e01f71364543b5922ed6bb7f4
Jan Cybulski [Tue, 30 Jul 2013 07:18:00 +0000 (09:18 +0200)]
Add support for EFL apps
[Issue#] SSDWSSP-436
[Feature] Support for EFL apps.
[Cause] N/A
[Solution] Add new type of application in app_type_t.
[Verification] Build, run test,
Change-Id: I2823e60d498532dd5970a0c483ae09158e1ed612
Bartlomiej Grzelewski [Fri, 19 Jul 2013 14:34:24 +0000 (16:34 +0200)]
Remove deprected code.
Function app_give_access was implemented inside security-server.
[Issue#] N/A
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Successful build libprivilege-control and
security-server.
Change-Id: Idf64d087cb81561ff5d278d4b1fe6aaf723d8906
Zofia Abramowska [Wed, 24 Jul 2013 14:27:41 +0000 (16:27 +0200)]
Fixing language errors
[Issue#] SSDWSSP-431
[Bug/Feature] N/A
[Cause] Some grammar & spelling errors in comments and logs
[Solution] Fixed language
[Verification] Build.
Change-Id: I5137a3a6d5c30441c190b332ec9b9507cc52a5b0
Lukasz Kostyra [Tue, 16 Jul 2013 13:22:35 +0000 (15:22 +0200)]
Fix libprivilege-control not checking input parameters
[Issue#] SSDWSSP-376
[Bug] libprivilege-control crashed when called with wrong input parameters (like NULL, or empty string)
[Cause] Most of libprivilege-control APIs didn't check for correct input parameters
[Solution] libprivilege-control APIs which didn't check for correct input parameters were patched with such check
[Verification] Run libprivilege-control-test (from security-tests package), or input incorrect parameter to any API function
Change-Id: Iae4c49ddb6420b776491db8584368f7370c02ed2
Janusz Kozerski [Tue, 9 Jul 2013 11:42:09 +0000 (13:42 +0200)]
Add generic solution for adding rules to shared dirs (RO & RW)
[Issue#] SSDWSSP-391
[Feature/Bug] N/A
[Problem] N/A
[Cause] Hardcoded rules in source code.
[Solution] Add generic solution to generate rules for shared directories.
[Verification] Run libprivilege-control tests. All should pass. Check if rules from files PATH_RULES_GROUP_RW.smack and PATH_RULES_PUBLIC_RO.smack are added.
Change-Id: I8598bcd3265f47b10bc99c810fba581ab81adee4
Pawel Polawski [Mon, 15 Jul 2013 15:00:23 +0000 (17:00 +0200)]
Revert "Work around for rule loading to allow email-service and contacts-servce access to shared directory of everybody."
This reverts commit
b75c40940304b319c2ffa2a34365faa92f0c41b1.
Change-Id: I31771df2ce5ec4d9bf174deccc57dd9762e6e4d1
Jan Cybulski [Mon, 1 Jul 2013 09:27:49 +0000 (11:27 +0200)]
Change API function naming sheme
[Issue#] SSDWSSP-309
[Bug/Feature] Unification of API functions names
[Cause] N/A
[Solution] Adding prefix perm_ for API in libprivilege control.
Deprecating old APIs. Making wrappers for deprecated
functions with calls to the functions with new names.
[Verification] Build. Run libprivilege tests. All should pass.
Change-Id: I38f625cac25b7e06946a7514e5bda0cf42d8da77
Bumjin Im [Tue, 16 Jul 2013 07:41:37 +0000 (16:41 +0900)]
Adding Smack rule for obexd to allow to RX to all app's shared directory
Change-Id: I2ac460b6e59577291f5188708b6b2c5f99500c8b
Pawel Polawski [Fri, 12 Jul 2013 15:06:20 +0000 (17:06 +0200)]
Loading all smack-app rules during boot
[Issue#] SSDWSSP-407
[Bug/Feature] All smack-app rules should be loaded during boot
[Cause] Rules must be loaded without libprivilege database
[Solution] Rules are loaded from path
[Verification] All rules from smack-app dir should
be loaded after reboot automatic
Change-Id: I7229a3209630b26392c57cd4a21471ec354ddc5b
Krzysztof Jackiewicz [Mon, 15 Jul 2013 14:39:13 +0000 (16:39 +0200)]
Merge remote-tracking branch 'rsa/tizen_2.2' into rsa/master
Change-Id: I91f3d9a5a8ce99ec8a37f7180146e8de90d9733b
Bumjin Im [Sat, 13 Jul 2013 11:12:47 +0000 (20:12 +0900)]
Adding W rules to allow email-service move draft email to draft box
Change-Id: Icfa0c2b17c8ce248eb6bc3c9126922cb8eb1112d
Krzysztof Jackiewicz [Fri, 12 Jul 2013 20:04:38 +0000 (22:04 +0200)]
[Release] libprivilege-control_0.0.39.TIZEN
* Smack file concurrent write fixed
Change-Id: I6caf7671904a50f374c66c8e888b50d51c269860
Krzysztof Jackiewicz [Fri, 12 Jul 2013 19:23:19 +0000 (21:23 +0200)]
File locking added
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Two processes may write to smack file at the same time
[Cause] No proper file locking
[Solution] File locking added. Self rules for av and appsetting skipped
[Verification] Tests should pass. Run test_install.sh. Reported number of rules should not change.
Change-Id: I6dc20de7ae518889156a90d3d9c79714b37c2096
Bumjin Im [Fri, 12 Jul 2013 08:41:11 +0000 (17:41 +0900)]
Work around for rule loading to allow email-service and contacts-servce access to shared directory of everybody.
Change-Id: I272a8b29058a736131046e0b3be2a6103e0f62e0
Krzysztof Jackiewicz [Tue, 9 Jul 2013 16:49:50 +0000 (18:49 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: I0db5006222b90dbd52420f6e10985f9918fbd11c
Krzysztof Jackiewicz [Tue, 9 Jul 2013 16:49:02 +0000 (18:49 +0200)]
[Release] libprivilege-control_0.0.38.TIZEN
* Fixed segfault in set_app_privilege
* Prevent bugfixes
Change-Id: I96e4d1556eb684dc3827ef44c1a6decfe9d1a1c8
Zbigniew Jasinski [Tue, 9 Jul 2013 10:01:28 +0000 (12:01 +0200)]
Fixing segfault in libprivilege-control
[Issue#] SSDWSSP-371
[Bug/Feature] segfault in libprivilege-control
[Cause] In set_app_privilege() one should be able to get smack context
from path even if there's no SMACK on the device.
[Solution] Added function params checking.
[Verification] Running libprivilege-control-test.
Change-Id: Id9db1f59aa2c95eab8781747ef6a00bbc6400cc2
Marcin Niesluchowski [Tue, 2 Jul 2013 11:55:11 +0000 (13:55 +0200)]
Fixing prevent defects in libprivilege-control:
* 63125; Minor; Unchecked return value; In function app_uninstall_remove_early_rules
in src/privilege-control.c (defect changed to false positive)
* 63145; Critical; Dereference after null check; In function main
in rule_loader/rule_loader.c
* 63146; Critical; Dereference after null check; In function
app_uninstall_remove_early_rules in src/privilege-control.c
[Issue#] N/A
[Bug/Feature] There are 3 prevent issues to solve.
[Cause] N/A
[Solution] N/A
[Verification] Running libprivilege tests. All should pass.
Change-Id: I5298a40ebef24286fec1149b48cac33e32753c00
Krzysztof Jackiewicz [Tue, 9 Jul 2013 08:47:35 +0000 (10:47 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: I70b290feb641bd95f68a8ee93908c2b7ed90ac46
Krzysztof Jackiewicz [Tue, 9 Jul 2013 08:46:56 +0000 (10:46 +0200)]
[Release] libprivilege-control_0.0.37.TIZEN
* Add contact-service and email-service rule to read shared dirs.
Change-Id: Ifcb064a53eda772a20df5fba52fda86ea62c3a9d
Tomasz Swierczek [Tue, 9 Jul 2013 08:43:25 +0000 (08:43 +0000)]
Merge "Add contact-service and email-service rule to read shared dirs."
Krzysztof Jackiewicz [Tue, 9 Jul 2013 08:13:51 +0000 (10:13 +0200)]
Merge remote-tracking branch 'rsa/tizen_2.2' into rsa/master
Change-Id: Idce316ac3ccae3457d3b50b7403d5a685bf75fec
Janusz Kozerski [Tue, 9 Jul 2013 08:13:32 +0000 (10:13 +0200)]
Add contact-service and email-service rule to read shared dirs.
[Issue#] N/A
[Bug/Feature] Add contact-service and email-service rule to read shared dirs.
[Cause] N/A
[Solution] N/A
[Verification] Build, run tests, check if "contats-service ~SHARED_DIR~ rx" and
"email-service ~SHARED_DIR~ rx" rules are pressent in system.
Change-Id: I0a54ac67a15e9dd5e6509eecd5bdffbc008379ce
Krzysztof Jackiewicz [Mon, 8 Jul 2013 14:33:33 +0000 (16:33 +0200)]
[Release] libprivilege-control_0.0.36.TIZEN
* Boot-time rule loading optimization
Change-Id: Iee85854ff3f6fa68ec244e24b73e398749eb0763
Zofia Abramowska [Fri, 21 Jun 2013 09:38:32 +0000 (11:38 +0200)]
Adding script for early rules loading
[Issue#] SSDWSSP-216
[Feature] Adding script and binary for early rules loading (for
applications needed by livebox)
[Cause] Some applications need to be properly loaded with
livebox
[Solution] Added script and binary which loades rules from early
rules directory
[Verification] this commit depends on
http://slp-info.sec.samsung.net/gerrit/#/c/224189/
when it will be merged livebox should start properly on target
Change-Id: I6ae711d10d90a9f8537b7c514db9cbbaa7bb49db
Janusz Kozerski [Wed, 12 Jun 2013 10:40:52 +0000 (12:40 +0200)]
Early rule loading - livebox issue.
[Issue#] SSDWSSP-298
[Bug/Feature] Livebox issue fix.
[Cause] Missing rules while showing homescreen.
[Solution] Add early-rules loading.
[Verification] Compile. Install at least 2 widgets,
then check if /opt/etc/smack-app-early/accesses.d/WRT file contains
a "livebox.web-provider ~APP~ rwx" rule for every app.
Then uninstall one app and check if rule for this app is gone.
Others rules should remain untouched.
Change-Id: Ie94713620038ebbdcab4e2d41fc01550a6a78fdb
Pawel Polawski [Mon, 3 Jun 2013 12:22:23 +0000 (14:22 +0200)]
Implementation of background rule loading
[Issue#] SSDWSSP-298
[Bug/Feature] Loading SMACK rules in background during device start
[Cause] Loading rules during boot take to much time
[Solution] Rukles loaded for all apps after boot
[Verification] Compile. After homescreen shows up rules should load
automaticly
Change-Id: Ie84aad8e35761a22d1197e994d3eb89ec31587d4
Kidong Kim [Fri, 5 Jul 2013 08:51:47 +0000 (17:51 +0900)]
execute pkg_smack at first boot(temporary)
Tomasz Swierczek [Fri, 5 Jul 2013 08:07:58 +0000 (10:07 +0200)]
[Release] libprivilege-control_0.0.35.TIZEN
* Fix for setting dac
Change-Id: I9bf1bf4bb01cf284b7af163ca7e04375d3ccd5fd
Zbigniew Jasinski [Fri, 5 Jul 2013 07:54:18 +0000 (09:54 +0200)]
Fixing segfault in get_app_gids when app_id = NULL
Change-Id: I1b9e182366da921f1a6bfee50a87e694ca3c1f7f
Krzysztof Jackiewicz [Wed, 3 Jul 2013 17:24:23 +0000 (19:24 +0200)]
[Release] libprivilege-control_0.0.34.TIZEN
* SMACK configuration files moved to smack-privilege-config repo
Change-Id: I946b6fbb09d301abb889bb6b2576e581e5954097
Zbigniew Jasinski [Wed, 3 Jul 2013 15:16:54 +0000 (17:16 +0200)]
[Issue#] SSDWSSP-302
[Bug/Feature] Keeping *.smack files in separate repository.
[Cause] SMACK rule changes cause rebuilding many packages due to
libprivilege-control dependencies.
[Solution] Exclude SMACK rules files from libprivilege-control package.
[Verification] Running tests.
Change-Id: I8513740df4afe3ceac4152fd032f8fad3eb1966a
Kidong Kim [Mon, 1 Jul 2013 10:30:57 +0000 (19:30 +0900)]
add new smack rules for OSP se/secureelement privilege
Kidong Kim [Mon, 1 Jul 2013 09:26:06 +0000 (18:26 +0900)]
add smack rules for sdcard
Kidong Kim [Sat, 29 Jun 2013 04:35:58 +0000 (13:35 +0900)]
add new smack rules for user-space access control
Tomasz Swierczek [Thu, 27 Jun 2013 10:16:22 +0000 (12:16 +0200)]
[Release] libprivilege-control_0.0.33.TIZEN
* Fix bugs reported by prevent tool
* Reduced number of logs
Change-Id: If8fa471a8c9ef2240feb032744ad8e89828f5138
Kidong Kim [Thu, 27 Jun 2013 07:01:21 +0000 (16:01 +0900)]
add smack rules for OSP/WEB app to access clipboard
Kidong Kim [Thu, 27 Jun 2013 02:23:45 +0000 (11:23 +0900)]
add smack rules to synchronize with private
Kidong Kim [Tue, 25 Jun 2013 23:40:04 +0000 (08:40 +0900)]
add smack rules
Marcin Niesluchowski [Mon, 24 Jun 2013 12:27:57 +0000 (14:27 +0200)]
Fixing prevent bugs on libprivilege-control:
* 58766; Critical; Resource Leak; In function register_app_for_public_dirs
in src/privilege-control.c
* 58764; Critical; Resource Leak; In function app_register_av_internal
in src/privilege-control.c
* 53409; Critical; Resource Leak; In function register_app_for_av
in src/privilege-control.c
* 51719; Critical; Resource Leak; In function get_app_gids
in src/access-db.c
* 51572; Critical; Explicit null dereferenced; In function get_all_ids_internal
in src/access-db.c
* 55418; Minor; Unchecked return value from library; In function mark_rules_as_loaded
in src/privilege-control.c
[Issue#] SSDWSSP-335
[Bug/Feature] Recent prevent bugs need fix.
[Cause] N/A
[Solution] N/A
[Verification] Running tests.
Change-Id: I381da2083d8a0fac1be930bfdbf3fca688710fc1
projects / platform / core / security / libprivilege-control.git / log