review.tizen.org Git - platform/core/security/security-manager.git/log

Fix checking for privileges during obtaining group

Privileges of apps installed for all users also needs to be taken into account.

Change-Id: I1d31a27dc0b718f46b26d654c518d8071bbe4cfb
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Sanitize handling of global application user.

Remove inconsistency with treating both root and tizenglobalapp as global
users. For both cases uid of user TZ_SYS_GLOBALAPP_USER will be saved
in the data base to distinguish globally installed applications.
The whole code for handling global user was refactored by the way.

Change-Id: I5764e1f9675ebf3bb9091ede4fef724d053fed8d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Move some modules to common library

There are modules for handling smack, cynara, privilege db that were
grouped in server code. However, there are upcoming changes (for offline
mode) that will require these modules to be used also i.e. by client
code. Thus it would be better to have these modules in common library.

Change-Id: Ifddd037a159dc142077290c09b7e05da98ce46e5
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>

Don't remove "User" Smack rules on application uninstall

Temporary fix.
After app uninstall and remove app rules, all rules from
files in accesses.d directory are re-loaded.

Change-Id: I7786a356108d17ed948abbc615f22286b251c0b3
Signed-off-by: Janusz Kozerski <j.kozerski@gmail.com>

Use group names instead of group ids (gid)

Database will now contain group names instead of group ids.

Change-Id: I67dc5cf9e853b9b1ca56eeea1c006ce194f1530d

Removal of xattr "security.TIZEN_EXEC_LABEL"

This attribute is a duplication of the SMACKEXEC
mechanism for the links. This duplication is
complicating the security mechanisms that have
to remain simple to be applied and supported
efficiently. The SMACKEXEC mechanism is the only
required mechanism. For the other uses, the function
security_manager_set_process_label_from_appid is
enough.

Change-Id: Ic831547a318942af5603a3609b87f52577109479
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>

Introduce convenience function for setting application security.

There are already three security-manager functions that a launcher should
call before launching the application. In the common case they will just
be called in sequence.
Provide an API function that handles all aspects for application process
preparation: set the Smack label, set additional groups and drop
capabilities.

Change-Id: I5c8346c5f834f8a4fb106169866de42578265da8
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

When setting process Smack label, fix labels of socket file descriptors

File descriptors for sockets get Smack labels when sockets are created.
But if Smack labels is changed for a process with open socket descriptors,
those descriptors keep the old Smack label. This should not happen during
application launch, because launched application could be identified as
a non-app user process.
To avoid this, all open file descriptors which happen to be sockets will
be relabeled inside security_manager_set_process_label_* functions.

Change-Id: I209a7a15edef7a2c20a9a4a00806a5d3876fb9e0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Provide a function for launchers for dropping process capabilities

The functions for launchers, manipulating process Smack label and groups,
require elevated privileges. Since they will be called by launcher after
fork, in the process for the application, privileges should be dropped
before running an actual application.
This patch introduces a convenience function for launchers for dropping
capabilities from a process: security_manager_drop_process_privileges.

Change-Id: Iff06554bdcf2d51d0163e4dcb83ea9b976896740
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Improvement of tagging directories.

The directories are visited two times: in pre-order
and post-order. Here to avoid tagging at both times
we choose to simply tag in post-order (that is for
simplicity of the code.

Change-Id: I866481471d433036ca371035c74e583b3a9dcfda
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>

Adjust libcynara-admin error codes

Cynara integrates error codes in all libraries.
Release 0.4.0 uses new unified error codes.
Old error codes are removed.

This patch changes old error codes into new ones.
Please do not merge this patch until 0.4.0 is released
or patch "35771f4 Use client error codes in admin libraries"
in cynara repository is merged.

Change-Id: I354bd4a4c3a9adea9308efb8ed6f9025d26f92f1

Resolving global application user

The global applications are set using the system
user 'tizenglobalapp'. In fact this name is set in
the tizen configuration variable TZ_SYS_GLOBALAPPUSER
and its uid should be retrieved using tzplatform_getuid.

Change-Id: I01635d1f65add0159b8d73fef60b76d03798fe52
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>

Fix a build error in 64 bits

In 64bits archs, size_t is 64bits while int is 32 bits.
In fact, the type used for length on the sierialiser is int.

Change-Id: I6aa2ee89cd909dcebbf8c5436d586569f5f3875d
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>

Remove obsolete code from security-manager-util

Legacy code inherited from security-server.

Change-Id: I432b46cca9f60879fe9ff9bed811705c8191001b
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Add missing include and link dependencies in cmakes

Change-Id: Ie9095e602134af962ecc231070fbc6f2a86e1ea0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Completely remove dlog remainings

Security-manager uses systemd for logging for some time already, this
code is no longer needed.

Change-Id: I9f099c00422ffeed23f65d8350bf7d8957cc00af
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Implement client API for launcher adding process to supplementary groups

In Tizen some sensitive resources are being accessed by applications
directly. The resources, being file system objects, are owned by
dedicated GIDs and only processes in those UNIX groups can access them.
This function should be used by application launcher for adding
application process to all permitted groups that are assigned to such
privileges.

Change-Id: I608d84e77869378b28c4130443323143b71380c4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Implement fetching group ids assigned to a privilege from data base

Change-Id: I439a710cc203c201426c48866c4ab1d88798dcc7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Implement checking policies with Cynara

Support calling libcynara-client to check for applications permissions.

Change-Id: Icb44dc9a24f0ef519863075203b3be8eb0b07c2c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Fix Cynara policy setting, use Smack label as app identifier

In Tizen Cynara policies should use application Smack label as application
identifier. Services using Cynara will be based on that assumption.
Previously security-manager incorrectly used pkgId as app identifier.

Change-Id: I31f59e3c6a037cc3730936963b10a1e7bcb008e0
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Refactoring: there will be only one service

Security-manager started with installer service implementation. It was
created in a way supporting future creation of other services, working
in separate threads and listening on separate sockets. Such design is
however not planned for this project. The installer service recently
began to implement methods not related to installation, which begged for
some refactoring.
Hereby the installer service is renamed as just "service". There will be
a single socket and single service for all security-manager functions.

Change-Id: I40e939ded1b0e20c4e92c86738fb62ea4acd4a50
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Fix checking whether application path is inside user's home directory.

Internal function installRequestAuthCheck() making this check contained
few bugs. It didn't canonicalize the home directory. It simply checked
for substring instead of subdirectory ("/home/useruser" shouldn't be
considered as subdirectory of "/home/user"). It relied on PATH_MAX for
realpath() calls, which is broken by design according to function manual.
All of the above issues are now corrected.

Change-Id: I446c50e642b38ecbd1b4997ec5e6f7c9b5032291
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Drop libprivilege-control

Change-Id: Ifff71e53ad15d644d50b978bcb979bb492c09f92
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Changed CYNARA_ADMIN_WILDCARD to proper uid string.

Change-Id: Ic4e9b4d26c3c41a983a4db61bbd557c84ff7c542
Signed-off-by: Sebastian Grabowski <s.grabowski@samsung.com>

Set Cynara policies during application installation and uninstallation

Applied policies will have a wildcard in "user" field. Security-manager
will handle app installation per user soon, so this will also be changed.

Change-Id: I41606fb94b7385426debbcf47a57ba1593dbfc5a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Provide move constructor instead of copy constructor for CynaraAdminPolicy

The class stores pointers and owns the memory they point to. Memory is
allocated in constructor and freed in destructor. But copying these
pointers between objects causes double free in destructor. The poiners
should not be copied, only moved.
Now CynaraAdminPolicy will provide custom move constructor. It will be
used by default, since default copy constructor is now deleted.

Change-Id: If6c49184318c54574caff8af74b336dd1c8ddd2f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Change pthread flag settings in CMake to a more generic construct

Modify the previous commit using proper CMake module for thread library
support.

Change-Id: I1eaf2f8bc3b6ac542e5c81deeba14f68e47af381
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Add missing gcc option -pthread to build correctly

Bug-Tizen: TC-1446
Change-Id: I5d2c560a01f867722c3918daa912048f098e3ab6
Signed-off-by: Stephane Desneux <stephane.desneux@open.eurogiciel.org>

Move return codes sent by server to protocols.h

Those codes are not part of security-manager's API
but are used only in communication between client and
server part. Return codes of libsecurity-manager's
functions are defined in enum lib_retcode, so there
is no need in placing additional macros in header file
security-manager.h

Also: fix problems with documentation in those macros

Change-Id: Iaa2f489f2b0a3e9dc3d2aaf74f522451e1b65057
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Change security_manager_app_install return code

So far, security_manager_app_install returned only
SECURITY_MANAGER_SUCCESS or SECURITY_MANAGER_ERROR_UNKNOWN,
which is not enough now.

Now, there is possibility, that security manager would reject
installation of some applciations on the basis of uid and users
home directory.
This function will return information about that now as return code.

Change-Id: I53b23b8318a756a8fbf4b804e49046cfa5acd4e0
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Register only directories inside user's HOME

Change-Id: I546ba542dea481db2efebb24bbe03e5cd87d7220
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Add possibility of installing apps for different users

Uid of installing user will be obtained from peer's socket
and will be stored in database.

Change-Id: I0a0edf726b54fc7b28e5f2063186a97eb29479a9
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Cynara: Change the type of exception in CynaraAdminPolicy constructors

It is better to keep exception types unified. That would minimize the number of
"catch" statements.

Change-Id: Id9e5bafef70c7ffb126a60c595505b644d596729
Signed-off-by: Marcin Lis <m.lis@samsung.com>

Cynara: implement method for setting policies

Change-Id: I65a1c54c6307a60fba383b9e376c8541908ded59
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Logging: Remove the log tag from logs messages

The log tag "SECURITY_MANAGER" and its client's version that were used in dlog
messages are not needed in systemd journal logs, this is redundant information.
It is easy to maintain the source of logs using journalctl.

Change-Id: Ia987cb3e401f46fe15eea210a0c2a9406caa7882
Signed-off-by: Marcin Lis <m.lis@samsung.com>

Logging: Refine security manager log printouts

Some of log traces were redundant, some of them carried unhelpul data. This
commit reorganizes calls to log macros to make them more helpful.

Change-Id: I6b814610e32f4c568ce6c8acfae33da0d1878dd0
Signed-off-by: Marcin Lis <m.lis@samsung.com>

Implement setting process label for the given application

This change introduces functions for setting smack label for
application process. They are intended to be used by the app launcher
on application start.

2 variants have been implemented:
1) security_manager_set_process_label_from_binary
   Function extracts smack label from the given application binary and sets
   it for the current process
2) security_manager_set_process_label_from_appid
   Function computes smack label for given application id and sets it for
   current process

Change-Id: I4dfbaf133ec43e292f4ba54023b96a57df439562
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>

Introduce IPC call for getting pkgid from appid

Change-Id: I9e2c05d15c3c4bad60f5bc3b5631226e9980dc24
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>

Initial code for adding rules to Cynara

Adding new class for interface to cynara-admin. No operations implemented
yet, only initialize and destroy.

Change-Id: I1337ae9586c9767fa51c5ffc30671d6b7a758e4c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Refactoring: put code operating on Smack labels in a separate file

Create smack-labels.cpp, containing code for label assignment and file
labeling. Avoid clutter in installer.cpp.

Change-Id: I97f5251e1bfcd53e242cd0117d48539a378fefde
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Remove code from smack-common.cpp

This code was a legacy from security-server. Contained functions
get_smack_label_from_process() and smack_pid_have_access() won't be used
by security-manager.

Change-Id: I9ddddf4d4d0e4347c7b0b86de96bdcfc0d715b91
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Logging: Change the default log provider to systemd journal.

This change replaces the default logging mechanism in the whole security
manager. The dlog provider is not used anymore and it is also excluded from
being build along with the project. Its sources should stay untouched by now.

To verify, first please install this together with the latest security-tests
package. When installed, run tests:
  # security-manager-tests --output=text

And after that please check for the presence of traces in journal:
  # journalctl --unit=security-manager.service

Please also check for the presence of security-manager-client traces:
  # journalctl /usr/bin/security-manager-tests

Change-Id: I4af35d29a6a61d3a5a0bc4c3508bb872206a2f23
Signed-off-by: Marcin Lis <m.lis@samsung.com>

Logging: Add systemd journal log provider

The logging style inherited from the security-server needs to be adjusted to
Tizen 3.0 logging fashion. The dlog utility is no longer available, the systemd
journal is in use now.

Change-Id: I16c3f7348b60194c31a8bdcc0897f5ee9ec5aea0
Signed-off-by: Marcin Lis <m.lis@samsung.com>

Logging: Remove macros and methods for Secure* logs.

Secure logs, inherited from security-server are no longer needed.
Replace calls to Secure* logs with their non-secure equivalents.

This is an initial commit in logging adaptation series. It should be
verified by successful build.

Change-Id: I908851f8927c46474489a6bf5053f480d65ac22d
Signed-off-by: Marcin Lis <m.lis@samsung.com>

Use PrivilegeDb in installer code

Recently added and tuned PrivilegeDb is finally ready to provide information
for application installation and uninstallation.

Change-Id: Ia6560b4ce7488670f999a57c415c9a402e6b3f2e
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

PrivilegeDb: don't require pkgId argument for application removal

Drop second argument (pkgId) from RemoveApplication() method.
Add new public method GetAppPkgId() for getting application's pkgId and
use it inside RemoveApplication().
This is needed because uninstallation request will contain only appId.

Change-Id: Ic7f618a9c223a501e61a167fb7870e22e1926e20
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

PrivilegeDb: drop TPrivilegesList typedef

The typedef cluttered the code without adding any significant value.

Change-Id: I7dacf9c7b46e68087a248acd907e208e6aa76c52
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Rework PrivilegeDb interface for setting application privileges

While integrating installer code with PrivilegeDb, the existing method for
setting privileges was found to be inadequate. It also would need further
complication to actually do what it was supposed to do.
New UpdateAppPrivileges() method now only updates privileges for application.
To calculate which privileges were added and which removed for the package,
installer will use GetPkgPrivileges() twice: before and after calling
UpdateAppPrivileges(). All three method calls must be done inside transaction.

Change-Id: Ib7e1b8a6b1482c6dcd8b7146c48187797e237bd5
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Unify internal naming convention: permission => privilege

Part 2: rename SQL file.

Change-Id: I76bb618197cb3c744550156fc5a6d58e9266c4ed
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Unify internal naming convention: permission => privilege

Words "permission" and "privilege" were used interchangeably throughout the
code. It was decided that security-manager will manage "application
privileges", as they are called in several Tizen documents.
Places calling them "permissions" were edited for unification.

Change-Id: I7db701ceb55237457258d63b2b7347aae50852ce
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

In PrivilegeDb use function instead of macro for common exception handling

Reuse concept appearing in client-common.h to write repeated exception
handling code only once. It is based on C++11 lamba function feature, which
is superior to legacy macro in terms of type safety and debuggability.

Change-Id: If8f11246b97e7f10aa173d35018f5384527b16ee
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Change return type from bool to void for some methods of PrivilegeDb

Methods GetPkgPermissions, AddApplication, RemoveApplication and
UpdatePermissions had return type set to void. But they didn't return
anything useful. The actual return value was always true or exception
throw.
Changing the types to void will also make usage of these methods simpler.

Change-Id: Id588c314c6aa1af0ea3c17ed02d0f6bf20411193
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Adjust code formatting in privilege_db.cpp

Align formatting of function definitions with the rest of the code.

Change-Id: I10fe2b0f69f3bed1bc459af0c56e57a557c20f32
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

spec: add missing calls do ldconfig on %post and %postun

The main package also contains a library, so it should call ldconfig.
Problem reported by rpmlint.

Change-Id: Id9fdd874f725e1793f155d2766b8a25fee2df4db
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Fix buld break on x86_64, regression in 3e62e851

Unify systemd installation directories between spec and CMake, avoiding
problems on x86_64 (/usr/lib64 vs. /usr/lib).

Change-Id: I5db9cf50978f20d318f7d11349d5437b184b394f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Generate database during build, include it in the package

Initialized, empty sqlite database will be included into security-manager
package to enable integration with the code.

Change-Id: I3e5389d15a9e3a370941ef70f425da765bfc2690
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Don't hardcode path to /etc/smack

Use libtizen-platform-config for getting path of Smack configuration.

Change-Id: I214594931705cd3dafa27a64e7800e82b96c0ced
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Use variables instead of hardcoded paths to /usr/bin and /usr/lib

Change-Id: If329d3346ccb1da5c2c697c5a90d81c77a977077
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Privilege database access implementation

Adding convenience methods for accessing privilege
database and performing queries on it.

Change-Id: I34d8986ec1315ce46f7f5bc462d746df81e7e432
Signed-off-by: Krzysztof Sasiak <k.sasiak@samsung.com>

SQL Schema of privileges database

Schema definition for the priviliges database that will be used
in security manager.

Change-Id: I1fd2516e8d70e00fc32a0ea4f8449a3a85020cf7
Signed-off-by: Krzysztof Sasiak <k.sasiak@samsung.com>

Remove fstream_accessors.h from DPL

- It is not used in security-manager
- In fact it was never a part of DPL, but an addition by security-server

Change-Id: Ia9803ea90cfe8f1a20ab072717c6d9895fb1d89a

Move smack_check from common to server

This function is used only in server. By moving it from common it is now
possible to not link libsecurity-manager-common with libsmack.

Change-Id: If2b8eb8dc252ff21416ab4e075a5471f5647b98a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Build security-manager-common with SqlConnection

Also adding build dependencies on sqlite3, db-util and boost.

Change-Id: I65d55bfd30a600aab19bee489ef20b94b69b45a6
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Refactoring of directory structure and CMake files

Directory structure inherited from security-server is confusing and doesn't
separate components that form the project.
New structure consists of the following directories:
* src/include - public security-manager interface
* src/dpl - sources and includes borrowed from wrt-commons dpl
* src/common - sources of libsecurity-manager-common library
* src/client - sources of libsecurity-manager-client library
* src/server - sources of security-manager binary
* pc - template of pkg-config file

Additionally common, client and server include files have been moved into
"include" subdirectory in each source dir.
CMake files are now more hierarchical, with separete file per component.
Previously not checked dependency on libcap is now checked in server CMake.
Library versioning is aligned with package versioning of security-manager.
Version of libsecurity-manager-common is better parametrized.

Change-Id: I8db728e53f912db2b15109f5502def7fc105f77f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Make generateAppLabel() a static funcion of SmackRules class

Eliminate security-manager-common.cpp containing a single function, which
now logically belongs to SmackRules class.

Change-Id: I5e7c063a5980d97b67c7f9640812d9890e24b2c7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Use std::stringstream for parsing Smack rules

This leads to simpler and more robust implementation of SmackRules class.

Change-Id: I806da78fd6b95b9edcbb21b71c13e9bcb10b10df
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

DPL: changing namespace of imported classes to SecurityManager

DPL code uses DPL namespace, moving it to SecurityManager.

Change-Id: I89f1c6c8b965085546064856045145c9c6d0ac3a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

DPL: work around for build warnings with -Werror

DPL::SqlConnection::ExecCommand() is marked as deprecated to warn it's users.
It's not deprecated, but could cause SQL Injection. This method is also
used internally for transactions.
Such combination causes build warnings. But this repository is built with
-Werror flags and it breaks the build.

Since this method is not needed outside SqlConnection, move it to private
methods and remove the warning.

Change-Id: I088f4736ecca318613b897ef05b12af4cdc1f664
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

DPL: work around for dependency on DPL::Thread

Patch based on work by similar work by Zofia Abramowska.
Include needed parts from DPL::Thread into code of
NaiveSynchronizationObject.
Only NanoSleep() and MiliSleep() methods are needed and the original
DPL::Thread() triggers a large chain of dependencies, including EFL.

Change-Id: Icf8257ca8eeaa5cdbc4d80ceb98d88aceeec7821
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

DPL: import DPL::SqlConnection and dependencies

Import SQLite wrapper class from wrt-commons 0.2.210.
Several dependencies from DPL common imported as needed. Dependency DPL::Thread
has been omitted on purpose, because it caused too many other dependencies.
It will be substituded in a separate patch.

These classes will be used by security-manager. When security-manager gets its
own repository, SqlConnection will be removed from security-server.

Change-Id: I090f73d6912f4ef6b85b313e7b12d20a7fd758a1
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

DPL: udate dpl/core/include/dpl/assert.h from latest wrt-commons

Needed to get AssertMsg macro, used in other DPL modules.

Change-Id: Iaca6c09a52e2f6644580d667a6817cfaa777d0a4
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Set myself as contact person for security-manager

Update contact e-mail in source files with appropriate address.

Change-Id: I51ef49d47d870403720a51857dc5d1384afc4e39
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Remove API for setting allowed users for an app

Removed function security_manager_app_inst_req_add_allowed_user.
It became obsolete when application framework switched to multi-user
support by installing apps for each user separately.

Change-Id: I2c1d3533982d23b45f3226e5eb07619d60b0530f
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Listen on socket passed by systemd

This was previously disabled in security-manager code, because it was
coupled with security-server, which already did that.
Uncommenting the listening code now.

Change-Id: I9e7c5a3a5bde2e29fc74b9918af0a36992533a80
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Remove SmackAudit() from logging facility

This functionality was needed in security-server to log user space Smack
checks consistently with logs generated by kernel.
Security-manager will never perform such checks.

Change-Id: Ifcc67228b85dedba33330710d1e763dbdfadd996
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Bump version number to 0.1.0

Make sure that new security-manager packages will have higher version than
previously built packages, before split from security-server repository.

Change-Id: Id7ad7fbbe19ebce514209ad8e8e6cadae77386f7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

Fix memory leak and add EINTR error handling.

One memory leak was missed in the Installer service.
Introduce retries on EINTR error while trying to open a file.
Also add close() error handling.

This is a cherry pick from security-server repository.

Change-Id: I43b48e12d6e609b24ffda02c7aed199f3b9f02bb
Signed-off-by: Marcin Lis <m.lis@samsung.com>

Update readme file

Change-Id: Ia0d04bdc6b56d7b70737e29e53d8e40f5984805e
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Comments and defines changed to comply with new project name

Change-Id: Ie931b2a4d7f2c5d7fa688fbbd0b8f062cfb9a818
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Change namespace name to SecurityManager

Change-Id: I43070c39da09a67895ec5eda17bf316ff352a6e7
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Move needed declarations from serurity-server.h to security-manager.h

Delete file security-server.h, that is not needed any more.

Change-Id: I2c90610106e58ec55f216c654e09595cf98be3c9
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Change package name to security-manager.

Change filenames according to new package name.
Change server binary file name to security-manager
Update CMake files accordingly

Change-Id: Ic7dbcf5a401055c38a637b8edf4ebdb5b6be8d49
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Remove unnecessary security-server files

This commit starts a fork from security-server repository,
that initially security-manager was part of.
All parts of security-server that was not needed by security-manager
are removed. That means removing security-server-client
and removing all services exept security-manager's ones.

Change-Id: Id9a33033398811b4b5fc36738ff4ca411260315b
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Add smackfs check to Installer service.

The app installation was failing under the non-smack environment.
One additional check for the existence of the smack is now added to
prevent the Installer from applying smack rules to the kernel, when
there is no smack security enabled.

The same kind of check is also added to uninstall-app functionality.

Change-Id: I9ed29e7d60e34639173317ac83c1f5314100d6e4
Signed-off-by: Marcin Lis <m.lis@samsung.com>

security manager: function for labeling dirs

Security manager used libprivilege-control's perm_app_setup_path.
This commit removes this dependency by reimplementing the code
that labels directories as internal function of installer service
in security-manager.

Change-Id: I57738ef310afddda235fe2bb45d95ee54d2ed587
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Installation/uninstallation of package-specific smack rules

On installation rules are generated from predefined template, applied
to the kernel and saved to disk so they are loaded on system boot.
On uninstallation package-specific rules are revoked from kernel and
removed from disk.

Change-Id: Ib3ce4ecf909c4fe3c6bc1f5a77e24737b7acf918

security manager: add generateAppLabel

The similar function was declared as part of libprivilege-control
Now as security manager is going to drop dependency
on privilege-control, there is a need of implementing
this function as part of security-manager.

Change-Id: Ieb06e278fb7938a0a34e7592b5be7efa33af9b2d
Signed-off-by: Jan Cybulski <j.cybulski@samsung.com>

Fix security manager socket path.

Path of socket for installer has been changed incorrectly
during mooving sockets from /tmp to /run

Verification:
-> flash target with new image
-> install security-server
-> install security-tests
-> security-tests.sh security-manager --output=text
(test should pass)

Change-Id: I501206d09c5830892f856acb1807cd18c176e141
Signed-off-by: Adam Malinowski <a.malinowsk2@partner.samsung.com>

Merge changes I3f480808,Ie3102c86 into tizen

* changes:
Change socket paths from /tmp... to /run...
Fixed name mismatch in systemd socket

Change socket paths from /tmp... to /run...

[Cause]        Sockets should not be created in /tmp folder
[Solution]     Change systemd socket description
               and protocol defines

[Verification] Build and install Security Server.
               Check if sockets created by systemd are placed in:
               /run/security-server and /run/security-manager

Change-Id: I3f480808d2d3f1bd78b8713d795602da7ccc7dfb
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>

Fixed name mismatch in systemd socket

Change-Id: Ie3102c8665601a3fe3ddd5d5562bbcaa0e496f63
Signed-off-by: Pawel Polawski <p.polawski@samsung.com>

Adjust security_server_app_has_privilege to Tizen 3.0 model.

[Cause]    security_server_app_has_privilege function
           uses perm_app_has_permission.
           https://review.tizen.org/gerrit/#/c/20519/
           redefined application identifier to smack label.
[Solution] change from app_id to app_label

[Verification] compile and install security-server

Change-Id: If7f3d1b72b26117b2680ce34dd6bd980a4859949
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>

Bring back part of app-permissions service

[Cause]    security_server_app_has_permission function
           is needed for temporary cynara (bootstrap) version
[Solution] roll back part of commit
           ed1815535d0383bc343bb92062fe934b44f4e53d

[Verification] compile and install security-server

Change-Id: I3a51ee09a554a5561d559f0a30dc25f9b74e2d76
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>

Upgrade version number in spec.

Old version number causes dependency errors for new security-manager
package.

Verification:
-> Build and install libsecurity-manager-client-* rpms.

Change-Id: I68e3d23f954ab1535351a76856ce5a0a14f49453

Implement installer service

[Bug/Feature]  Create new Security Server's service interfacing
               with libprivilege-control API.
[Cause]        N/A
[Solution]     Create PrivilegeControlSevice and implement protocol
               supporting libprivilege-control's API used by
               installers.
[Verification] Build and install Security Server.

Change-Id: I95a0e9a7cb69952e8f3b71665fcd7d9867939759
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>

Added security-manager API

Added new header containing set of new API functions and generation
new rpm packages with security-manager-library

Change-Id: I2c01f5f911bbc32ead7082d427762d72bf55b35c
Signed-off-by: Pawel Polawski <p.polawski@samsung.com>

Remove dead code

Remove unnecessary check on memcpy return and thus unused
memory exception type.

Change-Id: I95c47cb36cc178b4219bbfa337aa21991cfc0b67

Signalling attempt to access a non-existent service

[Bug]       Connect function does not notify on nonexisting service
[Cause]     N/A
[Solution]  New return code SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE is used
[Problem]   N/A

[Verification] build, run security-server tests

Change-Id: I1fcf9bf7ba46d02cb43585e3de6095829685d9e9
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>

Fix build break introduced by previous commit.

[Bug]      Last commit left unused parameters in api without marked them
           as unused.
[Cause]    N/A
[Solution] Add all unused parameteres with __attribute__((unused))

[Verificaiton] N/A

Change-Id: I1c035ae968367be778c8ba725e9000d07df078c2

Comment out Security-server API checking privileges of process

Below Security-server APIs can be return 'access deny" by 3-domain smack policy.
And it makes bootting and running issue.
So we should comment out them temporarily untill implement of Cynara.
- security_server_check_privilege_by_sockfd
- security_server_check_privilege_by_pid
- security_server_check_privilege_by_cookie

visit below site:
https://wiki.tizen.org/wiki/Security:Cynara

Change-Id: Idcf379a1cd6ee38c80d21b952cdf52b067813603
Signed-off-by: jooseong.lee <jooseong.lee@samsung.com>