Lukasz Wojciechowski [Thu, 13 Feb 2014 13:00:46 +0000 (14:00 +0100)]
Update comment in API header file.
[Issue#] N/A
[Feature/Bug] N/A
[Problem] newly recognized tokens were not mentioned in header
[Cause] N/A
[Solution] update header
[Verification] Succesfully build.
Change-Id: Ie0046436822a1b046a7f385c3e954cafde95973b
Kidong Kim [Thu, 13 Feb 2014 02:46:21 +0000 (11:46 +0900)]
fix package type
Change-Id: I7e86cadefea8ec76b5dd8d234dd26fc33bf59f35
Lukasz Wojciechowski [Thu, 30 Jan 2014 15:12:20 +0000 (16:12 +0100)]
Recognize all types of application (+OSP, +EFL)
[Issue#] N/A
[Feature/Bug] N/A
[Problem] OSP and EFL applications are not recognized (treated as OTHER)
[Cause] N/A
[Solution] Recognition added
[Verification] Succesfully build and run tests
Change-Id: I1cf4e81d19ce232db8bd94a8ce687105542b3469
Adam Malinowski [Thu, 30 Jan 2014 10:12:04 +0000 (11:12 +0100)]
Clean scriplet 'post' section.
[Issue#] SSDWSSP-531
[Feature] Removes unneeded file operations from 'post section'.
[Cause] Post section is intended for file operations.
[Solution] Unneeded operations are removed, other are moved to 'install'
and 'files' sections. Details are placed in CAM project.
[Verification] Two ways:
- build packages, install them on target and run tests,
- build image with previously built packages and run tests
Change-Id: I51ccc3dbb8a9b45c3b2da224470b60e2cc830d58
Conflicts:
packaging/libprivilege-control.spec
Pawel Broda [Thu, 16 Jan 2014 11:57:13 +0000 (12:57 +0100)]
New API for getting information about application privileges state
[Issue#] SSDWSSP-627.
[Feature] Introduce new API for getting information
about application privileges state.
[Cause] Privacy Manager uses another database to
get info about app priviliges state.
[Solution] Two API functions are added.
[Verification] Buid, install and run tests.
Change-Id: Ifd987c05442ebb103d2f3fdbf5acc59c6a0affeb
Pawel Broda [Wed, 4 Dec 2013 13:27:26 +0000 (14:27 +0100)]
API for transaction rollback in libprivilege
[Issue#] SSDWSSP-609
[Feature] Provides possibility to rollback transaction.
[Cause] N/A
[Solution] N/A
[Verification] Build and run on the target.
Change-Id: Ic347e8c26733014564ccbc7d024d350bc87391cb
Jan Olszak [Tue, 21 Jan 2014 14:41:41 +0000 (15:41 +0100)]
Correction in sqlite3_finalize error handling.
[Issue#] N/A
[Bug] Error codes in sqlite3 are positive.
[Cause] N/A
[Solution] N/A
[Verfication] Build, run tests.
Change-Id: I32ab59340d3143021ce0990f8d7d7c4c9131e78b
Damian Chromejko [Tue, 3 Dec 2013 11:30:37 +0000 (12:30 +0100)]
Implement perm_app_remove_path() for libprivilege-control API.
[Issue#] SSDWSSP-698
[Bug/Feature] Function used to remove paths along with all associated
rules.
[Cause] Extending libprivilege-control API.
[Solution] Implemented chain of functions exposing requested API.
[Verification] Build, install and run tests.
Change-Id: Idc0d7878d852056085649b698d6afa714a91ba83
Piotr Bartosiewicz [Tue, 21 Jan 2014 14:56:57 +0000 (15:56 +0100)]
Code cleanup
[Issue#] N/A
[Bug/Feature] Unused variables, minor warnings
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: I5530e2459b402ef0625afe13a2e693cd3f415842
Jan Olszak [Mon, 20 Jan 2014 11:15:56 +0000 (12:15 +0100)]
Removed unused linker flags.
[Issue#] SSDWSSP-832
[Feature] Some linker flags were ignored previously and deleted
in gcc 4.8.
[Cause] N/A
[Solution] N/A
[Verification] Build, run tests and run dbuild.
Change-Id: I6fcc1d1d2e65c6c860065df88a1d86a68477540d
Pawel Broda [Wed, 8 Jan 2014 11:38:00 +0000 (12:38 +0100)]
Add some file names to api_feature_loader output
[Issue#] SSDWSSP-606
[Feature] Small change providing more informative output.
[Cause] N/A
[Solution] N/A
[Verification] Build, run on the target, see if api_feature_loader
prints out applied changes.
Pawel Broda [Wed, 8 Jan 2014 11:38:00 +0000 (12:38 +0100)]
Extend api_feature_loader options.
[Issue#] SSDWSSP-606
[Feature] Provides possibility to use globs like '*' or '?' in file names
(i.e. with '-f' option).
This feature is based on glob() function, please have a look at
documentation (man 3 glob) for more details.
For example, having following directory structure:
testfiles /
EFL_1.smack
EFL_2.smack
EFL_3.smack
EFL_5.smak // it's not a typo
GFL_6.smack // it's not a typo
would be possible to issue (quotes are not mandatory):
api_feature_loader --verbose -f"testfiles/*"
in order to load rules from the following files:
EFL_1.smack, EFL_2.smack and EFL_3.smack.
Please note, that EFL_5.smak matches pattern, but the extension
is wrong so it will not be loaded.
[Cause] N/A
[Solution] N/A
[Verification] Build, run od the target, see if /opt/dbspace/.rules-db.db3
is updated.
Change-Id: I6713f33b8e44cdb87659286bce513e68e4f5d98c
Damian Chromejko [Thu, 19 Dec 2013 09:31:30 +0000 (10:31 +0100)]
Add support for shared transaction in libprivilege-control DB.
[Issue#] SSDWSSP-722
[Feature] No redundant rules updating during shared read
transactions.
[Cause] Rules in the DB are unnecessarily updated during shared
read transactions.
[Solution] Rules in the DB are updated only if the current
transaction is not a shared read transaction.
[Verification] Although no additional tests were created, all previous tests
should pass.
Change-Id: I6738add767cf1b666680a956ad19572a99d693e5
Lukasz Wojciechowski [Thu, 19 Dec 2013 09:07:57 +0000 (10:07 +0100)]
Rule tokenizer fix
[Issue#] N/A
[Feature] tokenize_rule may cause Segmentation Fault due to improper use of sscanf.
[Cause] N/A
[Solution] tokenize_rule rewritten
[Verification] Build, install, run tests.
Change-Id: Ief5ef1910ab459d82035887cbc8cda9d8897c734
Damian Chromejko [Fri, 22 Nov 2013 11:49:10 +0000 (12:49 +0100)]
Implement perm_app_get_permissions() API in libprivilege-control.
[Issue#] SSDWSSP-669
[Bug/Feature] Add function to get a list of all permissions of a given
type for the specified application.
[Cause] Extending provided API.
[Solution] Added a chain of functions extending existing API with
necessary features.
[Verification] Build, install, run tests.
Change-Id: I0b3335191e50e954f95804463a2e073f1715e9db
Damian Chromejko [Tue, 26 Nov 2013 15:47:23 +0000 (16:47 +0100)]
Implement perm_app_get_paths() API in libprivilege-control.
[Issue#] SSDWSSP-670
[Bug/Feature] Add a function that retrieves a list of paths of a specified
type for a given application.
[Cause] Extending libprivilege-control API
[Solution] Added a chain of functions extending existing API.
[Verification] Build, install, run tests.
Change-Id: I225668e57030d1bc32cee8e2169fc5070138eec0
Sebastian Grabowski [Mon, 4 Nov 2013 07:18:17 +0000 (08:18 +0100)]
New API for registering app permissions.
[Issue#] SSDWSSP-620
[Bug/Feature] Add new API in libprivilege-control and use it in
security-server.
[Cause] There is a need to prepare changes for installers team
regarding usage of perm_app_setup_permissions function.
[Solution] Function perm_app_setup_permissions (former
perm_app_register_permissions) is intended to
add persistent permissions during installation process.
Function perm_app_enable_permissions from now on should
not be used for initial addition of app permissions.
Dependencies:
security-tests:
I18ddd5d286988584cd822a4b929419c8bc1c6102
[Verification] Build, install, run tests.
Change-Id: I4a14b0f91a5bc7e358339cacb5b93fcf234935eb
Jan Olszak [Mon, 16 Dec 2013 10:14:27 +0000 (11:14 +0100)]
Corrected marking additional rules as modified.
[Issue#] N/A
[Bug/Feature] Smack rules didn't change when additional rules
were deleted.
[Cause] N/A
[Solution] Marked all aditional rules as modiefied.
[Verification] Build, install, run tests.
Change-Id: Idba8c5b2253ee4fa718434567afbc6bce0d30e87
Krzysztof Jackiewicz [Thu, 30 Jan 2014 11:47:43 +0000 (12:47 +0100)]
During package installation there is no test for /opt/dbspace existence.
[Issue#] N/A
[Bug/Feature] When creating databse from scratch during depedencies
installation for gbs build process error occurs:
Error: unable to open database "/opt/dbspace/.rules-db.db3":
unable to open database file.
[Cause] Missing /opt/dbspace directory.
[Solution] Add checking for /opt/dbspace existence. Create directory
if missing.
[Verification] Delete /opt/dbspace, install libprivilege-control, check if
/opt/dbspace and "/opt/dbspace/.rules-db.db3" exists.
Change-Id: I216b75caf63ac69d08b0d3b07981860606dcb6b8
Conflicts:
packaging/libprivilege-control.spec
Lukasz Wojciechowski [Thu, 12 Dec 2013 19:09:01 +0000 (20:09 +0100)]
Store temporary tables in memory instead of in files.
[Issue#] N/A
[Bug/Feature] Temporary tables are being kept in files,
but storing them in memory might speed up
a little bit access to them.
[Cause] N/A
[Solution] Store temporary tables in memory.
[Verification] Build, install, run libprivilege-control
stress tests with time measure and compare
result from before and from after patch.
time libprivilege-control-test --output=text\
--group=libprivilegecontrol_stress
Change-Id: I66408b1b2a17b8e3ff10add7c8bb6abaddbbb019
Piotr Bartosiewicz [Mon, 9 Dec 2013 15:45:55 +0000 (16:45 +0100)]
FOTA/FUS update script for libprivilege
[Issue#] SSDWSSP-711
[Bug] Database schema is not updated after FOTA/FUSE system update.
[Cause] FOTA updates only RO partitions, every RW modifications
(which are usually done in rmp %post) should be done in
a dedicated FOTA script.
[Solution] Added an update script to /etc/opt/upgrade/
[Verification] Use image with database in version 2 (eg.
20131202).
(sqlite3 .rules-db.db3 "PRAGMA user_version;")
Quick verification:
- build
- install
- run /etc/opt/upgrade/220.libprivilege-updater.patch.sh
Full FOTA verification:
- follow instructions from CAM task
- database should be upgraded from 2 to 3
Change-Id: Ia6a707443a83bc776545a079bc550b06a5108d44
Jan Olszak [Fri, 22 Nov 2013 19:32:42 +0000 (20:32 +0100)]
Removed a spell mistake form defines.
[Issue#] N/A
[Bug/Feature] Spell mistake in three defines
[Solution] Renamed *WGT* macros to *WRT*
[Veryfication] Build, install, run tests.
Change-Id: I66b7974e86352020c34fca9ef901664f11b24d87
Krzysztof Jackiewicz [Tue, 21 Jan 2014 13:26:37 +0000 (14:26 +0100)]
Merge remote-tracking branch 'rsa/master' into tizen
Conflicts:
CMakeLists.txt
include/privilege-control.h
packaging/libprivilege-control-conf.manifest
packaging/libprivilege-control.changes
packaging/libprivilege-control.manifest
packaging/libprivilege-control.spec
packaging/smack-default-labeling.service
smack_default_labeling
src/privilege-control.c
Change-Id: I8d0a785c405f9b0df698143e5fa4792c2ac3caef
Jan Olszak [Mon, 2 Dec 2013 17:05:50 +0000 (18:05 +0100)]
Full deletion of previous definition of permission.
[Issue#] N/A
[Bug/Feature] Rules with wildcards were not deleted.
[Cause] N/A
[Solution] Deleteing records from other tables as well.
[Verification] Build, install, run tests.
Change-Id: I5c401829a4b92a903c1eb68351605ef2bb2803f0
Damian Chromejko [Tue, 19 Nov 2013 08:53:24 +0000 (09:53 +0100)]
Add strerror equivalent in libprivilege for more informative error logging.
[Issue#] SSDWSSP-646
[Bug/Feature] Add strerror equivalent in libprivilege for more informative
error logging.
[Cause] Currently there is no way to check the reason for the
error apart from looking directly into the code.
[Solution] An strerror equivalent was created to convert error code
to human-readable error description.
[Verfication] Build, install, run tests.
Change-Id: I9cd4416133e782d52cf9a8488e7b10fcf82546f2
Jan Olszak [Mon, 2 Dec 2013 16:09:39 +0000 (17:09 +0100)]
Delete of a possible unnecessary transaction rollback.
[Issue#] N/A
[Bug/Feature] Error before transaction open
was not PC_ERR_DB_CONNECTION
[Cause] N/A
[Solution] Changed error code.
[Verification] Build, install, run tests.
Marcin Niesluchowski [Thu, 21 Nov 2013 16:43:35 +0000 (17:43 +0100)]
Changing functions' descriptions to be consistent with their content and usage.
[Issue#] SSDWSSP-655
[Bug/Feature] Description is incorrect. Some functions hasn't been marked as
DEPRECATED.
[Cause] Libprivilege-control structure and funcionality change.
[Solution] Descriptions change.
[Verification] N/A
Change-Id: I52318a60e4fbc4edf7a61aedf25d3e7760ca5418
Lukasz Wojciechowski [Tue, 19 Nov 2013 12:56:40 +0000 (13:56 +0100)]
Fix const struct fields change by base_name_from_perm function.
[Issue#] derived from SSDWSSP-644
[Feature] base_name_from_perm changes consts
[Cause] It may cause memory access problems.
[Solution] Change local variables not const struct fields.
[Verification] Build security-tests, run tests on target
Change-Id: I5a2cb62b67243673ae1f8db399d2b6e3cd00e94b
Marek Smolinski [Tue, 26 Nov 2013 10:02:02 +0000 (11:02 +0100)]
Removed internal call perm_begin() inside perm_app_install()
Call perm_begin() inside app_install() function is redundant,
internal call rdb_add_appliaction() makes rdb_begin()
[Issue#] SSDWSSP-673
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] build platform via dbuild,
run osp, wrt installer:
wrt-installer --install
/usr/bin/TestMisiuPysiu123.wgt
wrt-installer --install
/usr/bin/MisiuPysiu123Partner.wgt
wrt-installer --install
/usr/bin/MisiuPysiu123Platform.wgt
osp-installer -i /usr/bin/uqNfgEjqc7-1.0.0-arm.tpk
osp-installer -i /usr/bin/j4RuPsZrNt-1.0.0-arm.tpk
osp-installer -i /usr/bin/V5LKqDFBXm-1.0.0-arm.tpk
wrt-installer --uninstall-name QwCqJ0ttyS
wrt-installer --uninstall-name 7btsV1Y0sX
wrt-installer --uninstall-name G4DE3U2vmW
osp-installer -u uqNfgEjqc7
osp-installer -u j4RuPsZrNt
osp-installer -u V5LKqDFBXm
Change-Id: I154a5424eff562d4a2cb4026a3087208991f6d19
Piotr Bartosiewicz [Wed, 27 Nov 2013 15:10:25 +0000 (16:10 +0100)]
Optimize perm_begin and perm_end
[Issue#] SSDWSSP-596
[Bug/Feature] Database operations executed in perm_begin and perm_end
are very slow.
[Cause] All the rules were calculated every perm_end.
[Solution] Calculate only modified rules.
[Verification] Build, install, run tests - to check correctness.
Compare speed of application installation and
deinstallation before and after library update.
Make sure a database is exactly the same as in new
image (running our tests adds a lot of new rules).
I've notices 2x - 7x speedup (depending on the number of
modified rules).
Change-Id: Ifba86c1c8b09230458482c9c31468245bf3edbbb
Zbigniew Jasinski [Fri, 29 Nov 2013 10:31:22 +0000 (11:31 +0100)]
Change debug flag from TIZEN_ENGINEER_MODE to TIZEN_DEBUG_ENABLE
Also changes in spec file reflecting flag change.
[Issue#] SSDWSSP-697
[Feature/Bug] N/A
[Problem] Many issues in user binaries.
[Cause] N/A
[Solution] Add debug not only for engineering packages.
[Verification] Build with debug flag, run tests.
Change-Id: I50581bf7d0601156059cb8698123ba3dbaffc845
Radoslaw Bartosiak [Mon, 25 Nov 2013 17:42:49 +0000 (18:42 +0100)]
Elimination of relative command paths ambiguity
[Issue#] SSDWSSP-684
[Bug/Feature] A security vulnerability to attacks fixed.
[Cause] Malicious change of PATH variable might be used to an exploit (change of commands).
[Solution] The correct PATH variable set in the script.
[Verification] Build, install and run tests.
Change-Id: I85753bfe4fdf8b5cb9fe7cab1caa5b88725a04a0
Conflicts:
smack_default_labeling
Radoslaw Bartosiak [Tue, 26 Nov 2013 16:37:41 +0000 (17:37 +0100)]
Elimination of floor (_) labeled executables
[Issue#] SSDWSSP-684
[Bug/Feature] A security vulnerability to attacks fixed.
[Cause] Using a floor labeled exec, a malicious process can pollute the floor labeled resources.
[Solution] The floor labeled executables were eliminated.
[Verification] 1) Build, install and run tests.
2) Verify that no executables from the package has the floor label.
Change-Id: I3999cb71c01a29fbe1a2e0e86b0991d21528beb3
Conflicts:
packaging/libprivilege-control.manifest
Casey Schaufler [Fri, 22 Nov 2013 22:23:01 +0000 (14:23 -0800)]
Remove obsolete systemd smack-default-labeling.service
Smack rules are now set directly by systemd. This service
is no longer required.
Change-Id: I7e5b1852efbe1170b4deee8ba411b087c7272af0
Signed-off-by: Casey Schaufler <casey.schaufler@intel.com>
Jan Cybulski [Fri, 22 Nov 2013 07:29:52 +0000 (08:29 +0100)]
Move all sql files to a separate directory
[Issue#] SSDWSSP-615
[Bug/Feature] Sql scripts were added to /usr/share/privilege-control,
which is not the best place, as lots of .rule files are
located in that directory.
[Solution] Move them to subdirectory db.
[Veryfication] Build, install, run tests.
Change-Id: I4f9db8b8fe2a7e3bbf1d37cc2df4ca650493ce3d
Jan Cybulski [Fri, 8 Nov 2013 13:42:04 +0000 (14:42 +0100)]
Add database versioning and upgrading.
[Issue#] SSDWSSP-615
[Bug/Feature] Database upgrade was not possible without data loss.
[Cause] N/A
[Solution] Enable database upgrading by sequential calling upgrade
sql scripts.
Also, move all sql files to /usr/share/privilege-control/.
[Verification] -Remove one of the update files *-to-v2.sql in /db/updates,
build and check if %check script properly detects lack of
that file (build should stop with error).
-Add that file again.
-Build newest libprivilege-control (this)
and libprivilege-control-0.0.58
and libprivilege-control-0.0.59.
-Install libprivilege-control-0.0.58, and then install newest.
-Should install without problems. Run tests.
-Remove database, install V59, and then install newest.
-Should install without problems, Run tests.
-Remove database, install newest.
-Should install without problems, Run tests.
Change-Id: I5b232cba86c252d3ba2ac2e5432dcad816790823
Sebastian Grabowski [Thu, 7 Nov 2013 12:16:18 +0000 (13:16 +0100)]
Move appsetting and antivirus privileges to smack-privilege-conf
[Issue#] SSDWSSP-607
[Bug/Feature] Move appsetting and antivirus privileges to
smack-privilege-conf repository
[Cause] Since wildcards implementation in smack rule templates
appsetting and antivirus privileges no longer needs to
be added with rules-db-data.sql script.
[Solution] Removed obsolete sql statements.
Dependency from smack-privilege-config:
Ife85ad691fe036d1dfb9cfdb489d9e24ecba1947
[Verification] Test content of permission,
permission_app_path_type_rule_view and
permission_app_path_type_rule_view tables/views in
.rules-db.db3 after libprivilege-control installation
and after smack-privilege-config:
Delete rules db:
rm /opt/dbspace/.rules-db.db3
Delete smack rules:
rm /usr/share/privilege-control/*.smack
Install libprivilege-control with this change:
rpm -Uvh --force --nodeps /tmp/rpm/libprivilege-control-*
Run the following sqlite3 commands:
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission;"
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission_permission_rule_view;"
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission_app_path_type_rule_view;"
After these commands there should be no
org.tizen.privilege.appsetting nor
org.tizen.privilege.antivirus entries.
Next, install smack-privilege-config (with
Ife85ad691fe036d1dfb9cfdb489d9e24ecba1947 changes):
rpm -Uvh --force --nodeps /tmp/rpm/smack-privilege-config-*
Run the following sqlite3 commands (the same like above):
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission;"
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission_permission_rule_view;"
sqlite3 -column /opt/dbspace/.rules-db.db3 "select * from permission_app_path_type_rule_view;"
After these commands proper org.tizen.privilege.appsetting and
org.tizen.privilege.antivirus entries should be in the
database.
Change-Id: I329fb361ea57b6cc86650b00074439eedad1c0d3
Ossama Othman [Thu, 21 Nov 2013 00:31:17 +0000 (16:31 -0800)]
Fixed smack default label unit file ordering problem.
Change-Id: Ie1ad6afbf8308706040dc65386ec580a82854b75
Signed-off-by: Ossama Othman <ossama.othman@intel.com>
Jan Olszak [Tue, 12 Nov 2013 15:51:57 +0000 (16:51 +0100)]
Correction in marking labels as modified.
[Issue#] N/A
[Bug/Feature] After uninstalling rules with app's paths stayed.
[Cause] Wrong order of delete - mark as modified.
[Solution] Changed the order.
[Verification] Build, install, run tests.
Change-Id: I3c61c552f845b1bf9e02e76c7b837eb7e59b7634
Jan Olszak [Tue, 12 Nov 2013 10:58:10 +0000 (11:58 +0100)]
Removed a memory leak.
[Issue#] N/A
[Bug/Feature] Memmory leak.
[Cause] N/A
[Solution] Added free at the end.
[Verification] Build, install, run tests.
Change-Id: If90f80a2c60f586628834b0ad5ea06a53aa62488
Krzysztof Jackiewicz [Tue, 12 Nov 2013 08:38:43 +0000 (09:38 +0100)]
Duplicated path error ignored
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Path related rules are not correctly generated after application
upgrade (adding settings folder)
[Cause] Adding existing path to and application causes error and results in a
rollback during perm_end.
[Solution] INSERT in path_view_insert_trigger changed to INSERT OR IGNORE.
[Verification] Upgrade an application. It should succeed despite of registering
paths that already exist in db
Change-Id: Ia0ddfdcac906e44401e6152f839321be967bcb76
Marcin Lis [Tue, 8 Oct 2013 09:41:06 +0000 (11:41 +0200)]
New API for permission checking
[Issue#] SSDWSSP-527
[Feature] Introduce new API function.
[Cause] New API will improve the performance while checking
app permissions. It is also needed by Security Server.
[Solution] One new API function is added, which enables user to check
whether an app with given label has enabled permission
specified by name.
[Verification] Build, install & run tests.
Change-Id: I4c068f593c585d5a16e2ca9f72666aea79fafcab
Sebastian Grabowski [Mon, 4 Nov 2013 13:49:32 +0000 (14:49 +0100)]
Add perm_app_register_permissions function.
[Issue#] SSDWSSP-620
[Bug/Feature] Add new API in libprivilege-control and use it in
installators (perm_app_register_permissions)
[Cause] There is a need that only installators could add
persistent rules
[Solution] Added new perm_app_register_permissions function
[Verification] Just built and run tests
Change-Id: I6703579756a806dcb1b38ccb9d730bd361dd6ab6
Jan Olszak [Mon, 4 Nov 2013 12:07:47 +0000 (13:07 +0100)]
Changed schema_version to user_version.
[Issue#] N/A
[Bug/Feature] N/A
[Cause] N/A
[Solution] Changed schema_version to user_version
[Verification] Build, install.
Change-Id: Ife7d18247d54a89c0cd00460f8b37f7e86579fad
Jan Olszak [Thu, 31 Oct 2013 15:16:15 +0000 (16:16 +0100)]
Correction in schema_version.
[Issue#] N/A
[Bug/Feature] Wrong schema version number.
[Cause] N/A
[Solution] Changed 1.1 to 2.
[Verification] Build, install.
Change-Id: I5dde4094f04d62010d81b4220d79b7df698dd6c0
Jan Olszak [Thu, 17 Oct 2013 17:50:32 +0000 (19:50 +0200)]
Modified perm_end and rdb_end so they return error code.
[Issue#] SSDWSSP-183
[Bug/Feature] Return code when finishing transaction.
[Cause] N/A
[Solution] Added return code
[Verification] Build, install, run tests.
Change-Id: I649bf4b8a1b0313e969ffd5428650fae0a1fb9ff
Krzysztof Jackiewicz [Mon, 28 Oct 2013 14:19:08 +0000 (15:19 +0100)]
Prevent fix - NULL check after dereference.
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Pervent issue CID 34517
[Cause] Variable was checked against NULL after dereferencing.
[Solution] NULL check removed
[Verification] Successfull compilation
Change-Id: Ie8f878c79c2d0e8fe97e8cfa5f2b116e4cb2fd22
Krzysztof Jackiewicz [Fri, 25 Oct 2013 12:47:49 +0000 (14:47 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: Id5b7c2f8b3b8f8d6ebda4cb97927e873f1c71449
Krzysztof Jackiewicz [Fri, 25 Oct 2013 12:47:00 +0000 (14:47 +0200)]
[Release] libprivilege-control_0.0.43.TIZEN
* Revert "add API definition"
* Implement new wildcard ~NPRUNTIME_PATH~ +fix workaround
* Implement adding new WRT rules in libprivilege-control
* add API definition
* Correction in enabling permissions.
* Renamed enums and deleted unused defines
* Modified checking labels and deleted unused checking.
* Change in setup path.
* Change in boot script.
* Adding additional rules.
* Implementation of cross-app rule patterns in *.smack files
* Corrected a mistake in deleting paths.
* Deleting paths on revoking permissions.
* Deleted volatile rules on boot and corrected permission format.
* Modified boot script, added deleting volatile rules.
* Made marking labels as modified beautiful.
* Changed new API names.
* Loading api-features from a file.
* Revert "rollback because of rule database"
* add systemd options
* Add README file
* Compilation flags 'verbose' mode
* Unused function smack_get_access_new removed
* Libprivilege API cleanup
* Add missing information about APP_PATH_ANY_LABEL in header
* Takes compilation profile from command line.
* Add for all anti viruses RWX access to all public-RO and group-RW shared folder
* Simple corrections in api-feature handling. +Fix
Change-Id: I0749261e11e71463e48ec5978cc2e824e6278309
Krzysztof Jackiewicz [Fri, 25 Oct 2013 12:14:23 +0000 (14:14 +0200)]
Revert "add API definition"
This reverts commit
2cc85c9c19921c0421eeddce164431cc162db254.
Marcin Lis [Thu, 24 Oct 2013 09:52:42 +0000 (11:52 +0200)]
Implement new wildcard ~NPRUNTIME_PATH~ +fix workaround
[Issue#] SSDWSSP-599
[Feature] N/A
[Cause] It was impossible to add reverse type rules from
smack-privilege-config additional rules file.
Also there was a need to add rules associated with new path_type
NPRUNTIME_PATH.
[Solution] New wildcard has been introduced, temp workaround fixed.
[Verification] Build, install and run tests including the smack-privilege-config
rpm built from the following commit:
https://review.tizendev.org/gerrit/#/c/245166/
Change-Id: I14cf28ebb3ca9be80d35073db19fe53127cc744d
Marcin Lis [Tue, 22 Oct 2013 18:14:55 +0000 (20:14 +0200)]
Implement adding new WRT rules in libprivilege-control
[Issue#] SSDWSSP-599
[Feature] Introduce new option in perm_app_setup_path which comes
with new enumeration literal to parameter.
[Cause] There is a need for WRT applications to label their own symbolic
link to PluginProcess with label: "<wrt_app_label>.npruntime".
This newly created label should have such smack accesses granted:
<wrt_app_label>.npruntime system::homedir rxat
<wrt_app_label>.npruntime xorg rw
<wrt_app_label>.npruntime <wrt_app_label> rxat
Also app should have the following access also:
<wrt_app_label> <wrt_app_label>.npruntime rw
[Solution] API change: PERM_APP_PATH_NPRUNTIME literal added to enum
"app_path_type_t". Also, middleware can now use it in
perm_app_setup_path to give special EXEC label to executable file
or symbolic link and enable all required accesses.
IMPORTANT: after installing any WRT (WGT) application use:
// ------------------------------------------------
perm_app_setup_path(<wrt_app_id>,
<path_to_symlink>,
PERM_APP_PATH_NPRUNTIME);
// ------------------------------------------------
This will enable required permissions permanently.
[Verification] Build, install on target, run commands:
# sqlite3 /opt/dbspace/.rules-db.db3
sqlite> select * from app_path_type;
sqlite> select * from label_app_path_type_rule_view;
After that verify that there is a row with "NPRUNTIME_PATH" in
the first query result (in app_path_type table), and both
"system::homedir|NPRUNTIME_PATH" and "xorg|NPRUNTIME_PATH"
in the second result.
Also run tests.
Change-Id: I2a3c396c5d8ef38fb49f78fb4c77ec0ec12af57f
Kidong Kim [Thu, 24 Oct 2013 00:30:42 +0000 (09:30 +0900)]
add API definition
Jan Olszak [Fri, 4 Oct 2013 17:00:09 +0000 (19:00 +0200)]
Correction in enabling permissions.
[Issue#] SSDWSSP-183
[Bug/Feature] WRT_platform ect. permissions added as WRT
[Cause] N/A
[Solution] Correction in enabling permissions.
[Verification] Build, install, run tests.
Change-Id: I9c7202615550da2d152c6909b773e4a7d12d0641
Jan Olszak [Fri, 4 Oct 2013 11:03:26 +0000 (13:03 +0200)]
Renamed enums and deleted unused defines
[Issue#] SSDWSSP-479
[Bug/Feature] N/A
[Cause] N/A
[Solution] Renamed enums ect..
[Verification] Build.
Change-Id: Id7d691ae6aecfef3c5f46e6e36ae3ad188f6222c
Jan Olszak [Thu, 3 Oct 2013 14:22:27 +0000 (16:22 +0200)]
Modified checking labels and deleted unused checking.
[Issue#] SSDWSSP-183
[Bug/Feature] Little speed-up in checking application label.
[Cause] N/A
[Solution] Changed the select stmt. Deleted two unused functions.
[Verification] Build, install, run tests.
Change-Id: I69685bed16c7b1bc955bc4695f341e969714a7d1
Jan Olszak [Tue, 1 Oct 2013 16:55:44 +0000 (18:55 +0200)]
Change in setup path.
[Issue#] SSDWSSP-183
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: I299003f07c06230ce16e229bd525de1e9bc94218
Jan Olszak [Tue, 1 Oct 2013 08:55:34 +0000 (10:55 +0200)]
Change in boot script.
[Issue#] SSDWSSP-183
[Bug/Feature] N/A
[Cause] N/A
[Solution] Used redirection to write rules to kernel.
[Verification] Build, install, reboot,
run systemctl status smack-rules.service
Change-Id: I7034823ba6f124a9793657078ada70fc175f53e6
Jan Olszak [Thu, 26 Sep 2013 16:26:19 +0000 (18:26 +0200)]
Adding additional rules.
[Issue#] N/A
[Bug/Feature] New rule patterns in templates.
[Cause] N/A
[Solution] Loading rules from ADDITIONAL_RULES.smack
[Verification] Build, install,
run api_feature_loader --verbose
confirm rules are in /smack/load2
reboot
confirm rules are in /smack/load2
Change-Id: I4cc5a7d0ddd83d9bdff45b61f5ec242d7a9860d6
Jan Olszak [Fri, 13 Sep 2013 15:34:48 +0000 (17:34 +0200)]
Implementation of cross-app rule patterns in *.smack files
[Issue#] N/A
[Bug/Feature] New rule patterns in templates.
[Cause] N/A
[Solution] Implemented wildcards for apps with same privilege
and folder types.
[Verification]Build, install, run tests.
Change-Id: Ia3ea6a66fa627d501202ab703b6796c7c6a34f11
Jan Olszak [Wed, 25 Sep 2013 17:00:19 +0000 (19:00 +0200)]
Corrected a mistake in deleting paths.
[Issue#] SSDWSSP-183
[Bug/Feature] N/A
[Cause] N/A
[Solution] Corrected build brake.
[Verification] Build
Change-Id: I9628305aa22996f152d2ed776552119ab06dccdc
Jan Olszak [Wed, 25 Sep 2013 16:38:46 +0000 (18:38 +0200)]
Deleting paths on revoking permissions.
[Issue#] SSDWSSP-183
[Bug/Feature] Some paths left in the database, but not present.
[Cause] N/A
[Solution] Deleteing app's paths on permission revoke
[Verification] Build, install, run tests.
Change-Id: I8afe30e8e8fb150c49b0d156e7b276359570b8c3
Jan Olszak [Mon, 23 Sep 2013 17:51:28 +0000 (19:51 +0200)]
Deleted volatile rules on boot and corrected permission format.
[Issue#] SSDWSSP-183
[Bug/Feature] Volatile rules were not deleted.
[Cause] N/A
[Solution] Deleteing volatile rules from the database.
[Verification] Build, install, run tests.
Change-Id: Ic5352c1d8f94a78e379b91325dbdbdd25f8428bf
Jan Olszak [Fri, 20 Sep 2013 09:40:10 +0000 (11:40 +0200)]
Modified boot script, added deleting volatile rules.
[Issue#] SSDWSSP-183
[Bug/Feature] Volatile rules were not deleted.
[Cause] N/A
[Solution] Deleteing volatile rules from the database.
[Verification] Build, install, run tests.
Change-Id: Ia7b2667177f5d95b838d8c891d02ecddfaa4a554
Jan Olszak [Tue, 17 Sep 2013 13:59:28 +0000 (15:59 +0200)]
Made marking labels as modified beautiful.
[Issue#] SSDWSSP-183
[Bug/Feature] Marking labels as modified.
[Cause] N/A
[Solution] Moved marking to SQL code and used USING on joins.
[Verification] Build, install, run tests.
Change-Id: I26dc6c6e5fcbccdf7c2a473b111224bba2cfa391
Jan Olszak [Tue, 17 Sep 2013 11:23:44 +0000 (13:23 +0200)]
Changed new API names.
[Issue#] SSDWSSP-183
[Bug/Feature] Renamed new API names.
[Cause] N/A
[Solution] Better api names: perm_begin, perm_end.
[Verification] Build
Change-Id: I3ccadb18292314a5a6f9d636d359a36014135633
Jan Olszak [Fri, 13 Sep 2013 14:43:50 +0000 (16:43 +0200)]
Loading api-features from a file.
[Issue#] SSDWSSP-183
[Bug/Feature] Loading permission from a file.
[Cause] N/A
[Solution] Added option to api_feature_loader.
[Verification] Build, install, use api_feature_loader --file=file_path
run sqlite3 /opt/dbspace/.rules-db.db3 'select * from permission_view;'
and confirm permission is loaded
Change-Id: I662ee3ee116b66f4730251be37ff85206c4276e8
Jan Olszak [Tue, 17 Sep 2013 08:33:20 +0000 (10:33 +0200)]
Revert "rollback because of rule database"
Conflicts:
packaging/libprivilege-control.changes
packaging/libprivilege-control.spec
rule_loader/smack-early-rules.service
rule_loader/smack-late-rules.service
Change-Id: I80d42cdb1ed442db40646b4d5eb8ec0bac1ec0a0
Kidong Kim [Thu, 10 Oct 2013 12:01:47 +0000 (21:01 +0900)]
add systemd options
Change-Id: I7f76391d9b2fe09eda237af057a2b6e1d40e76eb
Bartlomiej Grzelewski [Tue, 15 Oct 2013 12:19:42 +0000 (14:19 +0200)]
Fix build break in osp-installer.
Libprivilege-control did not contain definitions of
* perm_app_setup_path
* app_setup_path
functions.
Change-Id: Iea127337b88d1ba72dcf456828bcfd051d83b2bc
Signed-off-by: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
Bartlomiej Grzelewski [Tue, 8 Oct 2013 12:29:12 +0000 (14:29 +0200)]
Fix build break in osp-installer.
This commit adds mockups for functions required by osp-installer:
* perm_app_set_privilege
* perm_app_id_from_socket
* perm_app_install
* perm_app_uninstall
* perm_app_enable_permissions
* perm_app_disable_permissions
* perm_app_revoke_permissions
* perm_app_reset_permissions
* perm_app_setup_path
* app_setup_path
* perm_app_add_friend
* perm_add_api_feature
Change-Id: I1b9abf5f7c05379089741b288240ebc630326fe4
Signed-off-by: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
Jan Cybulski [Tue, 1 Oct 2013 11:31:10 +0000 (13:31 +0200)]
Add README file
[Issue#] SSDWSSP-528
[Bug/Feature] Added README file.
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: I6742741f7947b8e6cd442ace81c71fe85ee8c62b
Marcin Lis [Fri, 20 Sep 2013 11:32:13 +0000 (13:32 +0200)]
Compilation flags 'verbose' mode
[Issue#] SSDWSSP-496
[Bug/Feature] N/A
[Cause] Potential bug - CMAKE_VERBOSE_MAKEFILE is not turned ON in
packaging spec file, so the default value is used.
[Solution] Turn ON the flag explicitly.
[Verification] Build, verify that compile flags passed to gcc are visible
using different build types (in gbs: --define "build_type ...").
Change-Id: Ib9fc0fa3872688d25462082c4915bb50c80c4143
Krzysztof Jackiewicz [Wed, 4 Sep 2013 15:44:47 +0000 (17:44 +0200)]
Unused function smack_get_access_new removed
[Issue#] N/A
[Feature/Bug] N/A
[Problem] smack_get_access_new is unused
[Cause] N/A
[Solution] Removed
[Verification] Successfull compilation
Change-Id: I3a87d3b55f70ee55b68973b2af71aa5524865bf9
Krzysztof Jackiewicz [Wed, 4 Sep 2013 15:51:03 +0000 (17:51 +0200)]
Libprivilege API cleanup
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Fixed array instead of pointer was used as an API function argument
[Cause] N/A
[Solution] Function modified. Unnecessary include removed
[Verification] Successfull compilation of libprivilege-control and security-tests
Change-Id: I333611c51e9f17152e1353d38516024212ce91e1
Lukasz Kostyra [Tue, 27 Aug 2013 13:56:48 +0000 (15:56 +0200)]
Add missing information about APP_PATH_ANY_LABEL in header
[Issue#] SSDWSSP-481
[Bug] Information about perm_app_setup_path in privilege-control.h didn't cover
APP_PATH_ANY_LABEL app_path_type.
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: I40d4292b880bc007dfa5ce3d78430b3e64940a9f
Bartlomiej Grzelewski [Thu, 1 Aug 2013 10:53:19 +0000 (12:53 +0200)]
Takes compilation profile from command line.
This command will start compilation with debug(-O0 -g -ggdb)
gbs lb -A armv7l --define "build_type DEBUG"
Default command will use RELEASE profile(-02 -g):
gbs lb -A armv7l
[Issue#] N/A
[Bug] N/A
[Cause] N/A
[Problem] N/A
[Solution] N/A
[Verification] Run tests.
Change-Id: I4bc6f0b0ee2c98919f47c7550c609d9bf5b396de
Janusz Kozerski [Wed, 21 Aug 2013 12:18:37 +0000 (14:18 +0200)]
Add for all anti viruses RWX access to all public-RO and group-RW shared folder
[Issue#] SSDWSSP-463
[Feature/Bug] Add for all anti viruses RWX access to all public-RO, group-RW, and setting-RW shared folders
[Problem] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests - all should pass. Install at least one application for every shared folder
(public RO, group RW, setting RW), next call an API function perm_app_setup_path for installation
of anti virus application, and check if anti virus have the RWX access to all shared folders.
Then install another three application (one for every type of shared folers), and check if anti virus
have an access to these new installed shared folders.
Change-Id: I41f9417e36edc2f4efe9a5a5c57c2b50c07e14f7
Marcin Lis [Fri, 16 Aug 2013 08:30:48 +0000 (10:30 +0200)]
Simple corrections in api-feature handling. +Fix
[Issue#] SSDWSSP-405
[Bug] Impossible to add Api-Feature with template label "~APP~"
and enable permissions granted by newly created feature
[Cause] Mistakes in app label parsing and adding permissions from Api-Feature
[Solution] Two simple corrections
Also template label macros are moved to common header
Also fix for ~APP~ label allowance has been added
[Verification] Build and run all tests
* sync with the following security-tests commit:
http://slp-info.sec.samsung.net/gerrit/#/c/267785/
Change-Id: Iebe39035ecb6a423cb19541f130bd25218f7ca1a
Krzysztof Jackiewicz [Wed, 21 Aug 2013 09:28:00 +0000 (11:28 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: I74187a8f548ee1ce8105837d2bf21c3b4dac126f
Krzysztof Jackiewicz [Wed, 21 Aug 2013 08:53:56 +0000 (10:53 +0200)]
Release version 0.0.42.TIZEN
* missing tag
Change-Id: I2dcfdb135d1c74e2b2be07b6a9e055818d91e47b
Rafal Krypa [Mon, 19 Aug 2013 12:42:53 +0000 (14:42 +0200)]
Release version 0.0.42.TIZEN
* Changed dlog logging buffer.
* Adapt code for new libsmack API
* Rewrite internal function app_uninstall_remove_early_rules()
* Create format strings for scanf statically.
* Add support for new access mode for setting locks ("l")
* Fix unwanted differences between SLP and RSA repositories.
* Add better debug logs to libprivilege-control
* Fill in missing changelog information for previous releases.
Change-Id: Ia7105acee863a342bd296405be4044f7954dfa0b
Rafal Krypa [Mon, 19 Aug 2013 12:06:43 +0000 (14:06 +0200)]
Fix unwanted differences between SLP and RSA repositories.
[Issue#] N/A
[Bug] Undesired differences in source code between SLP and RSA.
[Cause] Developers not careful while submitting changes to both repos.
[Solution] Enumerate and fix the differences.
[Verification] No functional changes has been made.
Change-Id: Ifec35b4ee5bdc2f3613de25cb49b0ebe876681bf
Lukasz Kostyra [Thu, 18 Jul 2013 07:33:14 +0000 (09:33 +0200)]
Add better debug logs to libprivilege-control
[Issue#] SSDWSSP-406
[Feature] Adds debug logs which log additional useful informations in libprivilege-control. Create additional defines for SECURE_SLOG*
logs to allow disabling specific types of SECURE logs.
[Cause] Many functions in libprivilege-control didn't log useful information - input parameters, files used or switch branches taken.
[Solution] Add macros which log such information. Additional defines wrapping SECURE_SLOG* log macros are now defined as SECURE_C_LOG*.
[Verification] Run libprivilege-control-test from security-tests package and check using dlogutil whether functions log their input
parameters, files used and switch branches taken. Make sure to enable definition DLOG_DEBUG_ENABLED in CMakeLists.txt
before building the package.
Change-Id: Ifec47d04b7a5aef806caab85fe3709e36aae8afe
Rafal Krypa [Fri, 26 Jul 2013 10:39:16 +0000 (12:39 +0200)]
Add support for new access mode for setting locks ("l")
[Issue#] SSDWSSP-372
[Feature] Properly work on system with new access mode enabled.
[Cause] Additional Smack access implemented in kernel.
[Solution] Extend appropriate arrays.
[Verification] Build, install, run tests.
Change-Id: I745ade7ae15aa231882e9d7cacfa35ed4fc2f29e
Rafal Krypa [Fri, 26 Jul 2013 10:36:08 +0000 (12:36 +0200)]
Create format strings for scanf statically.
[Issue#] SSDWSSP-372
[Feature] Remove unneeded memory allocations for scanf format strings.
[Cause] When reading Smack rules, fields length must be checked.
[Solution] Create format strings with legnth specifiers at build time.
[Verification] Build, install, run tests.
Change-Id: Ib0b20e3d46fe0d4af957f13a37627d14831283d2
Rafal Krypa [Wed, 24 Jul 2013 12:02:34 +0000 (14:02 +0200)]
Rewrite internal function app_uninstall_remove_early_rules()
[Issue#] SSDWSSP-372
[Bug] Old code prone to errors, with implementation problems.
[Cause] Fragile file parsing. Using temporary file. Unneeded semaphore, with wrong permissions.
[Solution] Write more robust function, copying the file in place.
[Verification] Run libprivilege-control-tests.
Change-Id: I12f89f1c1c0c4bc43ffbb69db84cfb88b98c821b
Jan Cybulski [Mon, 29 Jul 2013 11:06:32 +0000 (13:06 +0200)]
Adapt code for new libsmack API
[Issue#] SSDWSSP-433
[Feature] Change libsmack for compatibility with a newly changed smack API.
[Cause] Now libsmack functions: smack_new_label_from_self() and smack_new_label_from_socket(), in case of success, are returning value greater than 0.
[Solution] Change expected result.
[Verification] Run tests.
Change-Id: Idca56a593179f02d84df808bdc6c5ca01685e62d
Maciej Wereski [Wed, 22 May 2013 07:29:48 +0000 (09:29 +0200)]
[systemd upgrade] merge from devel_systemd branch of RSA
Remove passwd and group files from conf package
These files are moved to setup package.
Conflicts:
packaging/libprivilege-control.changes
packaging/libprivilege-control.spec
Change-Id: Ief4c08f186010486deeaa37e61c357e64385a1f0
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Jan Olszak [Thu, 4 Jul 2013 12:22:02 +0000 (14:22 +0200)]
Changed dlog logging buffer.
[Issue#] dlog logged in a wrong buffer.
[Bug/Feature] Recent prevent bugs need fix.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run "dlogutil -c", run tests, run "dlogutil -b main PRIVILEGE_CONTROL" (no loggs), "dlogutil -b system PRIVILEGE_CONTROL" (loggs..)
Change-Id: Ief75512faddec867ad82c2e710b78b9f2be18659
Krzysztof Jackiewicz [Mon, 12 Aug 2013 08:39:31 +0000 (10:39 +0200)]
Merge rsa/tizen_2.2 into rsa/master
Change-Id: I5659d92a2f8b5ea3dff28b4405fb0bd0ac7e1176
Krzysztof Jackiewicz [Mon, 12 Aug 2013 08:38:13 +0000 (10:38 +0200)]
[Release] libprivilege-control_0.0.41.TIZEN
* Re-release (previous release did not succeed)
Change-Id: I6333a5fe1be06dcddf0fb88b73e2e7f50c074452
Krzysztof Jackiewicz [Thu, 8 Aug 2013 12:31:49 +0000 (14:31 +0200)]
[Release] libprivilege-control_0.0.40.TIZEN
* Smack app rule loading during boot
* API function naming changed
* Generic solution for adding shared dir rules
* Parameter checking
* Language errors fixed
* Deprecated code removed
* EFL app type added
Change-Id: I006ea9d637c51f6e01f71364543b5922ed6bb7f4
Jan Cybulski [Tue, 30 Jul 2013 07:18:00 +0000 (09:18 +0200)]
Add support for EFL apps
[Issue#] SSDWSSP-436
[Feature] Support for EFL apps.
[Cause] N/A
[Solution] Add new type of application in app_type_t.
[Verification] Build, run test,
Change-Id: I2823e60d498532dd5970a0c483ae09158e1ed612
Bartlomiej Grzelewski [Fri, 19 Jul 2013 14:34:24 +0000 (16:34 +0200)]
Remove deprected code.
Function app_give_access was implemented inside security-server.
[Issue#] N/A
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Successful build libprivilege-control and
security-server.
Change-Id: Idf64d087cb81561ff5d278d4b1fe6aaf723d8906
Zofia Abramowska [Wed, 24 Jul 2013 14:27:41 +0000 (16:27 +0200)]
Fixing language errors
[Issue#] SSDWSSP-431
[Bug/Feature] N/A
[Cause] Some grammar & spelling errors in comments and logs
[Solution] Fixed language
[Verification] Build.
Change-Id: I5137a3a6d5c30441c190b332ec9b9507cc52a5b0
Lukasz Kostyra [Tue, 16 Jul 2013 13:22:35 +0000 (15:22 +0200)]
Fix libprivilege-control not checking input parameters
[Issue#] SSDWSSP-376
[Bug] libprivilege-control crashed when called with wrong input parameters (like NULL, or empty string)
[Cause] Most of libprivilege-control APIs didn't check for correct input parameters
[Solution] libprivilege-control APIs which didn't check for correct input parameters were patched with such check
[Verification] Run libprivilege-control-test (from security-tests package), or input incorrect parameter to any API function
Change-Id: Iae4c49ddb6420b776491db8584368f7370c02ed2
Baptiste DURAND [Tue, 23 Jul 2013 17:37:21 +0000 (19:37 +0200)]
Call setguid function with the APP group ID retreives from /etc/group through getgrouplists function call.
Janusz Kozerski [Tue, 9 Jul 2013 11:42:09 +0000 (13:42 +0200)]
Add generic solution for adding rules to shared dirs (RO & RW)
[Issue#] SSDWSSP-391
[Feature/Bug] N/A
[Problem] N/A
[Cause] Hardcoded rules in source code.
[Solution] Add generic solution to generate rules for shared directories.
[Verification] Run libprivilege-control tests. All should pass. Check if rules from files PATH_RULES_GROUP_RW.smack and PATH_RULES_PUBLIC_RO.smack are added.
Change-Id: I8598bcd3265f47b10bc99c810fba581ab81adee4
Pawel Polawski [Mon, 15 Jul 2013 15:00:23 +0000 (17:00 +0200)]
Revert "Work around for rule loading to allow email-service and contacts-servce access to shared directory of everybody."
This reverts commit
b75c40940304b319c2ffa2a34365faa92f0c41b1.
Change-Id: I31771df2ce5ec4d9bf174deccc57dd9762e6e4d1
projects / platform / core / security / libprivilege-control.git / log