Add script and config for privilege mapping setting

author Zofia Abramowska <z.abramowska@samsung.com>

Tue, 11 Aug 2015 15:25:28 +0000 (17:25 +0200)

committer Zofia Abramowska <z.abramowska@samsung.com>

Wed, 12 Aug 2015 09:48:18 +0000 (11:48 +0200)
author Zofia Abramowska <z.abramowska@samsung.com>
Tue, 11 Aug 2015 15:25:28 +0000 (17:25 +0200)
committer Zofia Abramowska <z.abramowska@samsung.com>
Wed, 12 Aug 2015 09:48:18 +0000 (11:48 +0200)
diff --git a/policy/CMakeLists.txt b/policy/CMakeLists.txt

index bd08edc..bb795dd 100644 (file)
--- a/policy/CMakeLists.txt
+++ b/policy/CMakeLists.txt
@@ -2,4 +2,5 @@ FILE(GLOB USERTYPE_POLICY_FILES usertype-*.profile)
  INSTALL(FILES ${USERTYPE_POLICY_FILES} DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
  INSTALL(FILES "app-rules-template.smack" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
  INSTALL(FILES "privilege-group.list" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
+INSTALL(FILES "privilege-mapping.list" DESTINATION ${SHARE_INSTALL_PREFIX}/security-manager/policy)
  INSTALL(PROGRAMS security-manager-policy-reload DESTINATION ${BIN_INSTALL_DIR})
diff --git a/policy/privilege-mapping.list b/policy/privilege-mapping.list

new file mode 100644 (file)

index 0000000..732165d
--- /dev/null
+++ b/policy/privilege-mapping.list
@@ -0,0 +1,195 @@
+2.3 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read
+2.3 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write
+2.3 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.get
+2.3 3.0 http://tizen.org/privilege/alarm http://tizen.org/privilege/alarm.set
+2.3 3.0 http://tizen.org/privilege/application.info http://tizen.org/privilege/packagemanager.info
+2.3 3.0 http://tizen.org/privilege/application.kill http://tizen.org/privilege/appmanager.kill
+2.3 3.0 http://tizen.org/privilege/application.launch http://tizen.org/privilege/appmanager.launch
+2.3 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read
+2.3 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate
+2.3 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill
+2.3 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/bluetooth.gap http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/bluetooth.health http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/bluetooth.spp http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/bluetoothmanager http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/bookmark.read http://tizen.org/privilege/bookmark.admin
+2.3 3.0 http://tizen.org/privilege/bookmark.write http://tizen.org/privilege/bookmark.admin
+2.3 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read
+2.3 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.read
+2.3 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write
+2.3 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call
+2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read
+2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.read
+2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write
+2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/contact.write
+2.3 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write
+2.3 3.0 http://tizen.org/privilege/content.read http://tizen.org/privilege/content.write
+2.3 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write
+2.3 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/appmanager.launch
+2.3 3.0 http://tizen.org/privilege/datacontrol.consumer http://tizen.org/privilege/datasharing
+2.3 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download
+2.3 3.0 http://tizen.org/privilege/filesystem.read http://tizen.org/privilege/systemsettings.admin
+2.3 3.0 http://tizen.org/privilege/filesystem.write http://tizen.org/privilege/systemsettings.admin
+2.3 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen
+2.3 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo
+2.3 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime
+2.3 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet
+2.3 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager
+2.3 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led
+2.3 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location
+2.3 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/camera
+2.3 3.0 http://tizen.org/privilege/mediacapture http://tizen.org/privilege/recorder
+2.3 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client
+2.3 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server
+2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/email
+2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/message.read
+2.3 3.0 http://tizen.org/privilege/messaging.read http://tizen.org/privilege/mediastorage
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/callhistory.read
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/callhistory.write
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/contact.write
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/email
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/message.read
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/message.write
+2.3 3.0 http://tizen.org/privilege/messaging.send http://tizen.org/privilege/mediastorage
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.read
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/callhistory.write
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/contact.write
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/email
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.read
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/message.write
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/mediastorage
+2.3 3.0 http://tizen.org/privilege/messaging.write http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/networkbearerselection http://tizen.org/privilege/network.set
+2.3 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin
+2.3 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation
+2.3 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/nfc.common http://tizen.org/privilege/nfc
+2.3 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/nfc.p2p http://tizen.org/privilege/nfc
+2.3 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/nfc.tag http://tizen.org/privilege/nfc
+2.3 3.0 http://tizen.org/privilege/notification.read http://tizen.org/privilege/notification
+2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification
+2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/packagemanager.info
+2.3 3.0 http://tizen.org/privilege/notification.write http://tizen.org/privilege/notification
+2.3 3.0 http://tizen.org/privilege/package.info http://tizen.org/privilege/packagemanager.info
+2.3 3.0 http://tizen.org/privilege/packagemanager.install http://tizen.org/privilege/packagemanager.admin
+2.3 3.0 http://tizen.org/privilege/power http://tizen.org/privilege/display
+2.3 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push
+2.3 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/setting http://tizen.org/privilege/systemsettings.admin
+2.3 3.0 http://tizen.org/privilege/system http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/systeminfo http://tizen.org/privilege/network.get
+2.3 3.0 http://tizen.org/privilege/systeminfo http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage
+2.3 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set
+2.3 3.0 http://tizen.org/privilege/message.read http://tizen.org/privilege/message.read
+2.3 3.0 http://tizen.org/privilege/network.get http://tizen.org/privilege/network.get
+2.3 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet
+2.3 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification
+2.3 3.0 http://tizen.org/privilege/mediastorage http://tizen.org/privilege/mediastorage
+2.3 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server
+2.3 3.0 http://tizen.org/privilege/packagemanager.admin http://tizen.org/privilege/packagemanager.admin
+2.3 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate
+2.3 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager
+2.3 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read
+2.3 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read
+2.3 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push
+2.3 3.0 http://tizen.org/privilege/nfc http://tizen.org/privilege/nfc
+2.3 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/camera
+2.3 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write
+2.3 3.0 http://tizen.org/privilege/message.write http://tizen.org/privilege/message.write
+2.3 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write
+2.3 3.0 http://tizen.org/privilege/datasharing http://tizen.org/privilege/datasharing
+2.3 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage
+2.3 3.0 http://tizen.org/privilege/display http://tizen.org/privilege/display
+2.3 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin
+2.3 3.0 http://tizen.org/privilege/appmanager.launch http://tizen.org/privilege/appmanager.launch
+2.3 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony
+2.3 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download
+2.3 3.0 http://tizen.org/privilege/recorder http://tizen.org/privilege/recorder
+2.3 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write
+2.3 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read
+2.3 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation
+2.3 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led
+2.3 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read
+2.3 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call
+2.3 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin
+2.3 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen
+2.3 3.0 http://tizen.org/privilege/network.set http://tizen.org/privilege/network.set
+2.3 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set
+2.3 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read
+2.3 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write
+2.3 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location
+2.3 3.0 http://tizen.org/privilege/bookmark.admin http://tizen.org/privilege/bookmark.admin
+2.3 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime
+2.3 3.0 http://tizen.org/privilege/systemsettings.admin http://tizen.org/privilege/systemsettings.admin
+2.3 3.0 http://tizen.org/privilege/packagemanager.info http://tizen.org/privilege/packagemanager.info
+2.3 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client
+2.3 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo
+2.3 3.0 http://tizen.org/privilege/alarm.set http://tizen.org/privilege/alarm.set
+2.3 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill
+2.3 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement
+2.3 3.0 http://tizen.org/privilege/alarm.get http://tizen.org/privilege/alarm.get
+2.3 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write
+2.3 3.0 http://tizen.org/privilege/email http://tizen.org/privilege/email
+2.4 3.0 http://tizen.org/privilege/message.read http://tizen.org/privilege/message.read
+2.4 3.0 http://tizen.org/privilege/network.get http://tizen.org/privilege/network.get
+2.4 3.0 http://tizen.org/privilege/internet http://tizen.org/privilege/internet
+2.4 3.0 http://tizen.org/privilege/notification http://tizen.org/privilege/notification
+2.4 3.0 http://tizen.org/privilege/mediastorage http://tizen.org/privilege/mediastorage
+2.4 3.0 http://tizen.org/privilege/mediacontroller.server http://tizen.org/privilege/mediacontroller.server
+2.4 3.0 http://tizen.org/privilege/packagemanager.admin http://tizen.org/privilege/packagemanager.admin
+2.4 3.0 http://tizen.org/privilege/appmanager.certificate http://tizen.org/privilege/appmanager.certificate
+2.4 3.0 http://tizen.org/privilege/keymanager http://tizen.org/privilege/keymanager
+2.4 3.0 http://tizen.org/privilege/callhistory.read http://tizen.org/privilege/callhistory.read
+2.4 3.0 http://tizen.org/privilege/calendar.read http://tizen.org/privilege/calendar.read
+2.4 3.0 http://tizen.org/privilege/push http://tizen.org/privilege/push
+2.4 3.0 http://tizen.org/privilege/nfc http://tizen.org/privilege/nfc
+2.4 3.0 http://tizen.org/privilege/camera http://tizen.org/privilege/camera
+2.4 3.0 http://tizen.org/privilege/contact.write http://tizen.org/privilege/contact.write
+2.4 3.0 http://tizen.org/privilege/message.write http://tizen.org/privilege/message.write
+2.4 3.0 http://tizen.org/privilege/callhistory.write http://tizen.org/privilege/callhistory.write
+2.4 3.0 http://tizen.org/privilege/datasharing http://tizen.org/privilege/datasharing
+2.4 3.0 http://tizen.org/privilege/unlimitedstorage http://tizen.org/privilege/unlimitedstorage
+2.4 3.0 http://tizen.org/privilege/display http://tizen.org/privilege/display
+2.4 3.0 http://tizen.org/privilege/bluetooth.admin http://tizen.org/privilege/bluetooth.admin
+2.4 3.0 http://tizen.org/privilege/appmanager.launch http://tizen.org/privilege/appmanager.launch
+2.4 3.0 http://tizen.org/privilege/telephony http://tizen.org/privilege/telephony
+2.4 3.0 http://tizen.org/privilege/download http://tizen.org/privilege/download
+2.4 3.0 http://tizen.org/privilege/recorder http://tizen.org/privilege/recorder
+2.4 3.0 http://tizen.org/privilege/account.write http://tizen.org/privilege/account.write
+2.4 3.0 http://tizen.org/privilege/contact.read http://tizen.org/privilege/contact.read
+2.4 3.0 http://tizen.org/privilege/nfc.cardemulation http://tizen.org/privilege/nfc.cardemulation
+2.4 3.0 http://tizen.org/privilege/led http://tizen.org/privilege/led
+2.4 3.0 http://tizen.org/privilege/account.read http://tizen.org/privilege/account.read
+2.4 3.0 http://tizen.org/privilege/call http://tizen.org/privilege/call
+2.4 3.0 http://tizen.org/privilege/nfc.admin http://tizen.org/privilege/nfc.admin
+2.4 3.0 http://tizen.org/privilege/fullscreen http://tizen.org/privilege/fullscreen
+2.4 3.0 http://tizen.org/privilege/network.set http://tizen.org/privilege/network.set
+2.4 3.0 http://tizen.org/privilege/volume.set http://tizen.org/privilege/volume.set
+2.4 3.0 http://tizen.org/privilege/application.read http://tizen.org/privilege/application.read
+2.4 3.0 http://tizen.org/privilege/content.write http://tizen.org/privilege/content.write
+2.4 3.0 http://tizen.org/privilege/location http://tizen.org/privilege/location
+2.4 3.0 http://tizen.org/privilege/bookmark.admin http://tizen.org/privilege/bookmark.admin
+2.4 3.0 http://tizen.org/privilege/ime http://tizen.org/privilege/ime
+2.4 3.0 http://tizen.org/privilege/systemsettings.admin http://tizen.org/privilege/systemsettings.admin
+2.4 3.0 http://tizen.org/privilege/packagemanager.info http://tizen.org/privilege/packagemanager.info
+2.4 3.0 http://tizen.org/privilege/mediacontroller.client http://tizen.org/privilege/mediacontroller.client
+2.4 3.0 http://tizen.org/privilege/healthinfo http://tizen.org/privilege/healthinfo
+2.4 3.0 http://tizen.org/privilege/alarm.set http://tizen.org/privilege/alarm.set
+2.4 3.0 http://tizen.org/privilege/appmanager.kill http://tizen.org/privilege/appmanager.kill
+2.4 3.0 http://tizen.org/privilege/secureelement http://tizen.org/privilege/secureelement
+2.4 3.0 http://tizen.org/privilege/alarm.get http://tizen.org/privilege/alarm.get
+2.4 3.0 http://tizen.org/privilege/calendar.write http://tizen.org/privilege/calendar.write
+2.4 3.0 http://tizen.org/privilege/email http://tizen.org/privilege/email
diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload

index 274c49c..b131f4d 100755 (executable)
--- a/policy/security-manager-policy-reload
+++ b/policy/security-manager-policy-reload
@@ -2,6 +2,8 @@
  
  POLICY_PATH=/usr/share/security-manager/policy
  PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list
+PRIVILEGE_MAPPING=$POLICY_PATH/privilege-mapping.list
+
  DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db
  
  # Create default buckets
@@ -70,3 +72,15 @@ do
  done
  echo "COMMIT;"
  ) | sqlite3 "$DB_FILE"
+
+# Load privilege-privilege mappings
+(
+echo "BEGIN;"
+echo "DELETE FROM privilege_mapping;"
+grep -v '^#' "$PRIVILEGE_MAPPING" |
+while read version_from version_to privilege mapping
+do
+    echo "INSERT INTO privilege_mapping_view (version_from_name, version_to_name, privilege_name, privilege_mapping_name) VALUES ('$version_from', '$version_to', '$privilege', '$mapping');"
+done
+echo "COMMIT;"
+) | sqlite3 "$DB_FILE"
author	Zofia Abramowska <z.abramowska@samsung.com>
	Tue, 11 Aug 2015 15:25:28 +0000 (17:25 +0200)
committer	Zofia Abramowska <z.abramowska@samsung.com>
	Wed, 12 Aug 2015 09:48:18 +0000 (11:48 +0200)
policy/CMakeLists.txt		patch \| blob \| history
policy/privilege-mapping.list	[new file with mode: 0644]	patch \| blob
policy/security-manager-policy-reload		patch \| blob \| history